refactor: streamline OkHttpClient creation and SSL configuration handling

Author: lakernote

easy-postman-app/src/main/java/com/laker/postman/service/http/HttpService.java

@@ -119,8 +119,17 @@ private static Request buildRequestByType(PreparedRequest req) {
      */
     private static OkHttpClient buildCustomClient(PreparedRequest req) {
         String baseUri = extractBaseUri(req.url);
-        OkHttpClient baseClient = OkHttpClientManager.getClient(baseUri, req.followRedirects);
-        return buildDynamicClient(baseClient, req, req.requestTimeoutMs, shouldIsolateConnectionPool(req));
+        boolean isolateSslConfiguration = shouldIsolateConnectionPool(req);
+        OkHttpClient baseClient = isolateSslConfiguration
+                // When request-level SSL mode differs from the cached global client,
+                // rebuild the base client in the target mode instead of inheriting SSL state.
+                ? OkHttpClientManager.createClientForSslMode(
+                        baseUri,
+                        req.followRedirects,
+                        resolveSslVerificationMode(req)
+                )
+                : OkHttpClientManager.getClient(baseUri, req.followRedirects);
+        return buildDynamicClient(baseClient, req, req.requestTimeoutMs, false);
     }
 
     private static void applyRequestSettings(OkHttpClient.Builder builder,

easy-postman-app/src/main/java/com/laker/postman/service/http/okhttp/OkHttpClientManager.java

@@ -145,41 +145,20 @@ public static OkHttpClient getClient(String baseUri, boolean followRedirects) {
         String proxyKey = getProxyConfigKey(baseUri);
         String key = baseUri + "|" + followRedirects + "|" + proxyKey;
 
-        return clientMap.computeIfAbsent(key, k -> {
-            // 配置 Dispatcher 并发参数
-            Dispatcher dispatcher = new Dispatcher();
-            dispatcher.setMaxRequests(maxRequests);
-            dispatcher.setMaxRequestsPerHost(maxRequestsPerHost);
-
-            OkHttpClient.Builder builder = new OkHttpClient.Builder()
-                    // 连接超时
-                    .connectTimeout(0, TimeUnit.MILLISECONDS)
-                    // 读超时
-                    .readTimeout(0, TimeUnit.MILLISECONDS)
-                    // 写超时
-                    .writeTimeout(0, TimeUnit.MILLISECONDS)
-                    // 配置 Dispatcher
-                    .dispatcher(dispatcher)
-                    // 连接池配置
-                    .connectionPool(new ConnectionPool(maxIdleConnections, keepAliveDuration, TimeUnit.SECONDS))
-                    // 失败自动重试
-                    .retryOnConnectionFailure(true)
-                    // 是否自动跟随重定向
-                    .followRedirects(followRedirects)
-                    .cache(null)
-                    .pingInterval(30, TimeUnit.SECONDS);
-
-            // 使用全局 JavaNetCookieJar
-            builder.cookieJar(GLOBAL_COOKIE_JAR);
-
-            // 配置网络代理
-            configureProxy(builder, baseUri);
-
-            // 配置SSL设置
-            configureSSLSettings(builder, baseUri);
-
-            return builder.build();
-        });
+        return clientMap.computeIfAbsent(key, k -> createClient(
+                baseUri,
+                followRedirects,
+                resolveSslVerificationMode(baseUri)
+        ));
+    }
+
+    /**
+     * 创建一个不参与缓存的客户端，用于请求级 SSL 模式覆盖。
+     */
+    public static OkHttpClient createClientForSslMode(String baseUri,
+                                                      boolean followRedirects,
+                                                      SSLConfigurationUtil.SSLVerificationMode sslMode) {
+        return createClient(baseUri, followRedirects, sslMode);
     }
 
     /**
@@ -270,13 +249,38 @@ private static void configureProxyAuthenticator(OkHttpClient.Builder builder) {
     /**
      * 配置SSL设置（统一处理所有HTTPS连接的SSL配置）
      */
-    private static void configureSSLSettings(OkHttpClient.Builder builder, String baseUri) {
+    private static OkHttpClient createClient(String baseUri,
+                                             boolean followRedirects,
+                                             SSLConfigurationUtil.SSLVerificationMode sslMode) {
+        Dispatcher dispatcher = new Dispatcher();
+        dispatcher.setMaxRequests(maxRequests);
+        dispatcher.setMaxRequestsPerHost(maxRequestsPerHost);
+
+        OkHttpClient.Builder builder = new OkHttpClient.Builder()
+                .connectTimeout(0, TimeUnit.MILLISECONDS)
+                .readTimeout(0, TimeUnit.MILLISECONDS)
+                .writeTimeout(0, TimeUnit.MILLISECONDS)
+                .dispatcher(dispatcher)
+                .connectionPool(new ConnectionPool(maxIdleConnections, keepAliveDuration, TimeUnit.SECONDS))
+                .retryOnConnectionFailure(true)
+                .followRedirects(followRedirects)
+                .cache(null)
+                .pingInterval(30, TimeUnit.SECONDS);
+
+        builder.cookieJar(GLOBAL_COOKIE_JAR);
+        configureProxy(builder, baseUri);
+        configureSSLSettings(builder, baseUri, sslMode);
+        return builder.build();
+    }
+
+    private static void configureSSLSettings(OkHttpClient.Builder builder,
+                                             String baseUri,
+                                             SSLConfigurationUtil.SSLVerificationMode mode) {
         URI uri = tryParseUri(baseUri, "SSL configuration");
         if (uri == null || !isSecureScheme(uri.getScheme())) {
             return;
         }
 
-        SSLConfigurationUtil.SSLVerificationMode mode = resolveSslVerificationMode(baseUri);
         if (mode == SSLConfigurationUtil.SSLVerificationMode.LENIENT) {
             log.warn("SSL verification disabled by user settings");
         }

easy-postman-app/src/main/java/com/laker/postman/service/http/ssl/SSLConfigurationUtil.java

@@ -11,7 +11,6 @@
 import okhttp3.OkHttpClient;
 
 import javax.net.ssl.*;
-import javax.net.ssl.HttpsURLConnection;
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -96,14 +95,14 @@ public static void configureSSL(OkHttpClient.Builder builder, SSLVerificationMod
     public static void configureSSL(OkHttpClient.Builder builder, SSLVerificationMode mode,
                                     String host, int port) {
         try {
-            builder.hostnameVerifier(createHostnameVerifier(mode));
-
             // 查找并加载匹配的客户端证书
             KeyManager[] keyManagers = loadClientCertificate(host, port);
 
             // 配置 TrustManager
             X509TrustManager trustManager = configureTrustManager(mode, keyManagers);
 
+            applyHostnameVerifier(builder, mode);
+
             // 严格模式且没有客户端证书：使用默认配置
             if (trustManager == null) {
                 return;
@@ -318,7 +317,14 @@ private static HostnameVerifier createHostnameVerifier(SSLVerificationMode mode)
         } else if (mode == SSLVerificationMode.LENIENT) {
             return new LenientHostnameVerifier();
         }
-        return HttpsURLConnection.getDefaultHostnameVerifier();
+        return new OkHttpClient().hostnameVerifier();
+    }
+
+    private static void applyHostnameVerifier(OkHttpClient.Builder builder, SSLVerificationMode mode) {
+        if (builder == null) {
+            return;
+        }
+        builder.hostnameVerifier(createHostnameVerifier(mode));
     }
 
     /**

easy-postman-app/src/test/java/com/laker/postman/service/http/HttpServiceTest.java

@@ -15,6 +15,7 @@
 import java.util.Properties;
 
 import static org.testng.Assert.assertSame;
+import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
 import static org.testng.Assert.assertTrue;
 
@@ -140,6 +141,51 @@ public void connectFailed(URI uri, java.net.SocketAddress sa, java.io.IOExceptio
         }
     }
 
+    @Test
+    public void strictRequestShouldNotReuseLenientSslComponents() throws Exception {
+        Properties props = getSettingsProperties();
+        Properties backup = new Properties();
+        backup.putAll(props);
+
+        try {
+            props.clear();
+            props.setProperty("proxy_enabled", "false");
+            props.setProperty("ssl_verification_enabled", "false");
+            props.setProperty("proxy_ssl_verification_disabled", "false");
+            OkHttpClientManager.clearClientCache();
+
+            PreparedRequest request = new PreparedRequest();
+            request.url = "https://api.example.com/data";
+            request.followRedirects = true;
+            request.sslVerificationEnabled = true;
+
+            OkHttpClient lenientBaseClient = OkHttpClientManager.getClient("https://api.example.com", true);
+            OkHttpClient strictClient = invokeBuildCustomClient(request);
+            OkHttpClient strictDefaultClient = new OkHttpClient();
+
+            assertEquals(
+                    strictClient.hostnameVerifier().getClass().getName(),
+                    strictDefaultClient.hostnameVerifier().getClass().getName()
+            );
+            assertEquals(
+                    strictClient.sslSocketFactory().getClass().getName(),
+                    strictDefaultClient.sslSocketFactory().getClass().getName()
+            );
+            assertFalse(
+                    strictClient.hostnameVerifier().getClass().getName()
+                            .equals(lenientBaseClient.hostnameVerifier().getClass().getName())
+            );
+            assertFalse(
+                    strictClient.sslSocketFactory().getClass().getName()
+                            .equals(lenientBaseClient.sslSocketFactory().getClass().getName())
+            );
+        } finally {
+            props.clear();
+            props.putAll(backup);
+            OkHttpClientManager.clearClientCache();
+        }
+    }
+
     private static Properties getSettingsProperties() throws Exception {
         Field propsField = SettingManager.class.getDeclaredField("props");
         propsField.setAccessible(true);

easy-postman-app/src/test/java/com/laker/postman/service/http/ssl/SSLConfigurationUtilTest.java

@@ -13,6 +13,7 @@
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 
+import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertNotSame;
 import static org.testng.Assert.assertTrue;
@@ -52,11 +53,13 @@ public void shouldRestoreDefaultHostnameVerifierInStrictMode() {
         HostnameVerifier lenientVerifier = (hostname, session) -> true;
         OkHttpClient.Builder builder = new OkHttpClient.Builder()
                 .hostnameVerifier(lenientVerifier);
+        String expectedVerifierClass = new OkHttpClient().hostnameVerifier().getClass().getName();
 
         SSLConfigurationUtil.configureSSL(builder, SSLConfigurationUtil.SSLVerificationMode.STRICT, null, 0);
 
         OkHttpClient client = builder.build();
         assertNotSame(client.hostnameVerifier(), lenientVerifier);
+        assertEquals(client.hostnameVerifier().getClass().getName(), expectedVerifierClass);
     }
 
     private static X509TrustManager getDefaultTrustManager() throws Exception {