Azure · ealsur · Apr 7, 2023 · Mar 14, 2023 · Mar 14, 2023 · Mar 15, 2023
@@ -5,17 +5,17 @@ namespace Microsoft.Azure.Cosmos
 {
  using System;
  using System.Collections.Generic;
- using System.Diagnostics;
  using System.Linq;
  using System.Net;
  using System.Net.Http;
  using System.Net.Http.Headers;
  using System.Net.Security;
+ using System.Reflection;
  using System.Security.Cryptography.X509Certificates;
  using System.Threading;
  using System.Threading.Tasks;
+ using Microsoft.Azure.Cosmos.Core.Trace;
  using Microsoft.Azure.Cosmos.Resource.CosmosExceptions;
- using Microsoft.Azure.Cosmos.Tracing;
  using Microsoft.Azure.Cosmos.Tracing.TraceData;
  using Microsoft.Azure.Documents;
  using Microsoft.Azure.Documents.Collections;
@@ -99,7 +99,93 @@ public static CosmosHttpClient CreateWithConnectionPolicy(
  eventSource: eventSource);
  }
 
- public static HttpMessageHandler CreateHttpClientHandler(int gatewayModeMaxConnectionLimit, IWebProxy webProxy, Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback)
+ public static HttpMessageHandler CreateHttpClientHandler(
+ int gatewayModeMaxConnectionLimit, 
+ IWebProxy webProxy, 
+ Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback)
+ {
+ // TODO: Remove type check and use #if NET6_0_OR_GREATER when multitargetting is possible
+ Type socketHandlerType = Type.GetType("System.Net.Http.SocketsHttpHandler, System.Net.Http");
+
+ if (socketHandlerType != null)
+ {
+ try
+ { 
+ return CosmosHttpClientCore.CreateSocketsHttpHandlerHelper(gatewayModeMaxConnectionLimit, webProxy, serverCertificateCustomValidationCallback);
+ }
+ catch (Exception e)
+ {
+ DefaultTrace.TraceError("Failed to create SocketsHttpHandler: {0}", e);
+ }
+ }
+
+ return CosmosHttpClientCore.CreateHttpClientHandlerHelper(gatewayModeMaxConnectionLimit, webProxy, serverCertificateCustomValidationCallback);
+ }
+
+ public static HttpMessageHandler CreateSocketsHttpHandlerHelper(
+ int gatewayModeMaxConnectionLimit, 
+ IWebProxy webProxy, 
+ Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback)
+ {
+ // TODO: Remove Reflection when multitargetting is possible
+ Type socketHandlerType = Type.GetType("System.Net.Http.SocketsHttpHandler, System.Net.Http");
+
+ object socketHttpHandler = Activator.CreateInstance(socketHandlerType);
+
+ PropertyInfo pooledConnectionLifetimeInfo = socketHandlerType.GetProperty("PooledConnectionLifetime");
+
+ //Sets the timeout for unused connections to a random time between 5 minutes and 5 minutes and 30 seconds.
+ //This is to avoid the issue where a large number of connections are closed at the same time.
+ Type threadSafeRandomType = Type.GetType("System.Random+ThreadSafeRandom, System.Private.CoreLib");
+
+ object random = Activator.CreateInstance(threadSafeRandomType);
+
+ MethodInfo nextDoubleInfo = threadSafeRandomType.GetMethod("NextDouble");
+
+ TimeSpan connectionTimeSpan = TimeSpan.FromMinutes(5) + TimeSpan.FromSeconds(30 * (double)nextDoubleInfo.Invoke(random, null));
+ pooledConnectionLifetimeInfo.SetValue(socketHttpHandler, connectionTimeSpan);
+
+ // Proxy is only set by users and can cause not supported exception on some platforms
+ if (webProxy != null)
+ {
+ PropertyInfo webProxyInfo = socketHandlerType.GetProperty("Proxy");
+ webProxyInfo.SetValue(socketHttpHandler, webProxy);
+ }
+
+ // https://docs.microsoft.com/en-us/archive/blogs/timomta/controlling-the-number-of-outgoing-connections-from-httpclient-net-core-or-full-framework
+ try
+ {
+ PropertyInfo maxConnectionsPerServerInfo = socketHandlerType.GetProperty("MaxConnectionsPerServer");
+ maxConnectionsPerServerInfo.SetValue(socketHttpHandler, gatewayModeMaxConnectionLimit);
+
+ if (serverCertificateCustomValidationCallback != null)
+ { 
+ //Get SslOptions Property
+ PropertyInfo sslOptionsInfo = socketHandlerType.GetProperty("SslOptions");
+ object sslOptions = sslOptionsInfo.GetValue(socketHttpHandler);
+
+ //Set SslOptions Property with custom certificate validation
+ PropertyInfo remoteCertificateValidationCallbackInfo = sslOptions.GetType().GetProperty("RemoteCertificateValidationCallback");
+ remoteCertificateValidationCallbackInfo.SetValue(
+ sslOptions,
+ new RemoteCertificateValidationCallback((object _, X509Certificate certificate, X509Chain x509Chain, SslPolicyErrors sslPolicyErrors) => serverCertificateCustomValidationCallback(
+ certificate is { } ? new X509Certificate2(certificate) : null,
+ x509Chain,
+ sslPolicyErrors))); 
+ }
+ }
+ // MaxConnectionsPerServer is not supported on some platforms.
+ catch (PlatformNotSupportedException)
+ {
+ }
+
+ return (HttpMessageHandler)socketHttpHandler;
+ }
+
+ public static HttpMessageHandler CreateHttpClientHandlerHelper(
+ int gatewayModeMaxConnectionLimit, 
+ IWebProxy webProxy, 
+ Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback)
  {
  HttpClientHandler httpClientHandler = new HttpClientHandler();
 

@@ -486,7 +486,6 @@ public async Task Verify_CertificateCallBackGetsCalled_ForTCP_HTTP()
  {
  await database?.DeleteStreamAsync();
  }
-
  }
 
  [TestMethod]
@@ -878,7 +877,7 @@ public async Task HttpClientConnectionLimitTest()
  ))
  {
  CosmosHttpClient cosmosHttpClient = cosmosClient.DocumentClient.httpClient;
- HttpClientHandler httpClientHandler = (HttpClientHandler)cosmosHttpClient.HttpMessageHandler;
+ SocketsHttpHandler httpClientHandler = (SocketsHttpHandler)cosmosHttpClient.HttpMessageHandler;
  Assert.AreEqual(gatewayConnectionLimit, httpClientHandler.MaxConnectionsPerServer);
 
  Cosmos.Database database = await cosmosClient.CreateDatabaseAsync(Guid.NewGuid().ToString());
@@ -895,7 +894,7 @@ public async Task HttpClientConnectionLimitTest()
 
  await Task.WhenAll(creates);
 
- // Clean up the database and container
+ // Clean up the database
  await database.DeleteAsync();
  }
 
@@ -907,6 +906,20 @@ public async Task HttpClientConnectionLimitTest()
  $"Before connections: {JsonConvert.SerializeObject(excludeConnections)}; After connections: {JsonConvert.SerializeObject(afterConnections)}");
  }
 
+ [TestMethod]
+ public void PooledConnectionLifetimeTest()
+ {
+ //Create Cosmos Client
+ using CosmosClient cosmosClient = new CosmosClient(
+ accountEndpoint: "https://localhost:8081",
+ authKeyOrResourceToken: Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())));
+
+ //Assert type of message handler
+ Type socketHandlerType = Type.GetType("System.Net.Http.SocketsHttpHandler, System.Net.Http");
+ Type clientMessageHandlerType = cosmosClient.ClientContext.DocumentClient.httpClient.HttpMessageHandler.GetType();
+ Assert.AreEqual(socketHandlerType, clientMessageHandlerType);
+ }
+
  public static IReadOnlyList<string> GetActiveConnections()
  {
  string testPid = Process.GetCurrentProcess().Id.ToString();

@@ -398,7 +398,7 @@ public void VerifyHttpClientHandlerIsSet()
 
  CosmosClient cosmosClient = cosmosClientBuilder.Build();
  CosmosHttpClient cosmosHttpClient = cosmosClient.DocumentClient.httpClient;
- HttpClientHandler handler = (HttpClientHandler)cosmosHttpClient.HttpMessageHandler;
+ SocketsHttpHandler handler = (SocketsHttpHandler)cosmosHttpClient.HttpMessageHandler;
 
  Assert.IsTrue(object.ReferenceEquals(webProxy, handler.Proxy));
  }

@@ -4,18 +4,20 @@
 
 namespace Microsoft.Azure.Cosmos.Tests
 {
- using System.Threading.Tasks;
- using Microsoft.VisualStudio.TestTools.UnitTesting;
- using Microsoft.Azure.Documents;
  using System;
- using System.Net.Http;
+ using System.Collections.Generic;
+ using System.IO;
  using System.Net;
+ using System.Net.Http;
+ using System.Net.Security;
+ using System.Security.Cryptography;
+ using System.Security.Cryptography.X509Certificates;
  using System.Threading;
- using System.IO;
- using System.Net.Sockets;
- using System.Collections.Generic;
+ using System.Threading.Tasks;
  using Microsoft.Azure.Cosmos.Tracing;
  using Microsoft.Azure.Cosmos.Tracing.TraceData;
+ using Microsoft.Azure.Documents;
+ using Microsoft.VisualStudio.TestTools.UnitTesting;
 
  [TestClass]
  public class CosmosHttpClientCoreTests
@@ -410,6 +412,55 @@ async Task<HttpResponseMessage> sendFunc(HttpRequestMessage request, Cancellatio
  Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode);
  }
 
+ [TestMethod]
+ public void CreateSocketsHttpHandlerCreatesCorrectValueType()
+ {
+ int gatewayLimit = 10;
+ IWebProxy webProxy = null;
+ Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback = (certificate2, x509Chain, sslPolicyErrors) => false;
+
+ HttpMessageHandler handler = CosmosHttpClientCore.CreateSocketsHttpHandlerHelper(
+ gatewayLimit, 
+ webProxy, 
+ serverCertificateCustomValidationCallback);
+
+ Assert.AreEqual(Type.GetType("System.Net.Http.SocketsHttpHandler, System.Net.Http"), handler.GetType());
+ SocketsHttpHandler socketsHandler = (SocketsHttpHandler)handler;
+
+ Assert.IsTrue(TimeSpan.FromMinutes(5.5) >= socketsHandler.PooledConnectionLifetime);
+ Assert.IsTrue(TimeSpan.FromMinutes(5) <= socketsHandler.PooledConnectionLifetime);
+ Assert.AreEqual(webProxy, socketsHandler.Proxy);
+ Assert.AreEqual(gatewayLimit, socketsHandler.MaxConnectionsPerServer);
+
+ //Create cert for test
+ X509Certificate2 x509Certificate2 = new CertificateRequest("cn=www.test", ECDsa.Create(), HashAlgorithmName.SHA256).CreateSelfSigned(DateTime.Now, DateTime.Now.AddYears(1));
+ X509Chain x509Chain = new X509Chain();
+ SslPolicyErrors sslPolicyErrors = new SslPolicyErrors();
+ Assert.IsFalse(socketsHandler.SslOptions.RemoteCertificateValidationCallback.Invoke(new object(), x509Certificate2, x509Chain, sslPolicyErrors));
+ }
+
+ [TestMethod]
+ public void CreateHttpClientHandlerCreatesCorrectValueType()
+ {
+ int gatewayLimit = 10;
+ IWebProxy webProxy = null;
+ Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> serverCertificateCustomValidationCallback = (certificate2, x509Chain, sslPolicyErrors) => false;
+
+ HttpMessageHandler handler = CosmosHttpClientCore.CreateHttpClientHandlerHelper(gatewayLimit, webProxy, serverCertificateCustomValidationCallback);
+
+ Assert.AreEqual(Type.GetType("System.Net.Http.HttpClientHandler, System.Net.Http"), handler.GetType());
+ HttpClientHandler clientHandler = (HttpClientHandler)handler;
+
+ Assert.AreEqual(webProxy, clientHandler.Proxy);
+ Assert.AreEqual(gatewayLimit, clientHandler.MaxConnectionsPerServer);
+
+ //Create cert for test
+ X509Certificate2 x509Certificate2 = new CertificateRequest("cn=www.test", ECDsa.Create(), HashAlgorithmName.SHA256).CreateSelfSigned(DateTime.Now, DateTime.Now.AddYears(1));
+ X509Chain x509Chain = new X509Chain();
+ SslPolicyErrors sslPolicyErrors = new SslPolicyErrors();
+ Assert.IsFalse(clientHandler.ServerCertificateCustomValidationCallback.Invoke(new HttpRequestMessage(), x509Certificate2, x509Chain, sslPolicyErrors));
+ }
+
  private class MockMessageHandler : HttpMessageHandler
  {
  private readonly Func<HttpRequestMessage, CancellationToken, Task<HttpResponseMessage>> sendFunc;