minio
diff --git a/‎api/src/main/java/io/minio/BaseS3Client.java‎
Lines changed: 15 additions & 50 deletions b/‎api/src/main/java/io/minio/BaseS3Client.java‎
Lines changed: 15 additions & 50 deletions
diff --git a/‎api/src/main/java/io/minio/Checksum.java‎
Lines changed: 20 additions & 1 deletion b/‎api/src/main/java/io/minio/Checksum.java‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎api/src/main/java/io/minio/Http.java‎
Lines changed: 36 additions & 67 deletions b/‎api/src/main/java/io/minio/Http.java‎
Lines changed: 36 additions & 67 deletions
@@ -111,14 +111,12 @@ public abstract class BaseS3Client implements AutoCloseable {
 
   protected Http.BaseUrl baseUrl;
   protected Provider provider;
-  protected OkHttpClient httpClient;
+  protected volatile OkHttpClient httpClient;
   protected boolean closeHttpClient;
 
   /**
-   * Maximum attempts per S3 request. Default {@link Retry#MAX_RETRY}. Read on every request via the
-   * retry interceptor's supplier so runtime tuning via {@link #setMaxRetries(int)} takes immediate
-   * effect. Package-private so the {@code Builder} classes in this package can seed it via the
-   * setter; subclasses must go through {@link #setMaxRetries(int)}.
+   * Maximum attempts per S3 request. Effective only on the SDK-default {@link OkHttpClient};
+   * caller-supplied clients are used verbatim and the SDK does not modify their retry policy.
    */
   volatile int maxRetries = Retry.MAX_RETRY;
 
@@ -127,40 +125,27 @@ protected BaseS3Client(
     this.baseUrl = baseUrl;
     this.provider = provider;
     this.closeHttpClient = closeHttpClient;
-    this.httpClient = wrapWithRetry(httpClient);
+    this.httpClient = httpClient;
   }
 
+  /**
+   * Copies share the source's {@link OkHttpClient} (and its retry interceptor binding), so {@link
+   * #setMaxRetries(int)} on a copy does not affect the shared retry budget.
+   */
   protected BaseS3Client(BaseS3Client client) {
     this.baseUrl = client.baseUrl;
     this.provider = client.provider;
     this.closeHttpClient = client.closeHttpClient;
     this.maxRetries = client.maxRetries;
-    this.httpClient = wrapWithRetry(client.httpClient);
-  }
-
-  /**
-   * Re-wires the retry interceptor on {@code client} so it reads {@link #maxRetries} from this
-   * instance. Strips any prior {@link Http.RetryInterceptor} from BOTH the application-interceptor
-   * and network-interceptor chains (e.g. one bound to a different instance via the copy
-   * constructor, or accidentally registered on the network chain) before installing this one as an
-   * application interceptor.
-   *
-   * <p>Also forces {@code retryOnConnectionFailure(false)} on the underlying client. The SDK's own
-   * {@link Http.RetryInterceptor} is the single source of retry policy; layering OkHttp's
-   * connection-level retry on top would double-count attempts and obscure the {@link #maxRetries}
-   * budget. This silently overrides any {@code retryOnConnectionFailure(true)} that a
-   * caller-supplied client was configured with — by design.
-   */
-  private OkHttpClient wrapWithRetry(OkHttpClient client) {
-    OkHttpClient.Builder builder = client.newBuilder().retryOnConnectionFailure(false);
-    builder.interceptors().removeIf(i -> i instanceof Http.RetryInterceptor);
-    builder.networkInterceptors().removeIf(i -> i instanceof Http.RetryInterceptor);
-    return builder.addInterceptor(new Http.RetryInterceptor(() -> this.maxRetries)).build();
+    this.httpClient = client.httpClient;
   }
 
   /**
    * Sets the maximum number of attempts for transient HTTP failures. Pass {@code 1} to disable
-   * automatic retries. Defaults to {@code 10}.
+   * automatic retries. Default {@code 10}.
+   *
+   * <p>Effective only on the SDK-default {@link OkHttpClient}; caller-supplied clients are used
+   * verbatim.
    *
    * @param maxRetries maximum attempts (must be {@code >= 1}).
    */
@@ -315,11 +300,8 @@ private String[] handleRedirectResponse(
   }
 
   /**
-   * Execute HTTP request asynchronously for given parameters. Retries on retryable IOException,
-   * HTTP status, and S3 error code are handled by {@link Http.RetryInterceptor}, which {@link
-   * #wrapWithRetry} installs on the underlying {@link OkHttpClient} regardless of whether the
-   * client is the default or caller-supplied. The attempt budget is read from {@link #maxRetries}
-   * on every request.
+   * Execute HTTP request asynchronously. Retry handling is delegated to {@link
+   * Http.RetryInterceptor} on the {@link OkHttpClient}, so this method itself never loops.
    */
   protected CompletableFuture<Response> executeAsync(Http.S3Request s3request, String region) {
     Credentials credentials = (provider == null) ? null : provider.fetch();
@@ -1269,15 +1251,6 @@ private Object[] createBody(PutObjectAPIBaseArgs args, MediaType contentType)
     boolean checksumHeader = headers.namePrefixAny("x-amz-checksum-");
     String md5Hash = headers.getFirst(Http.Headers.CONTENT_MD5);
 
-    long fileStartPos = 0;
-    if (args.file() != null) {
-      try {
-        fileStartPos = args.file().getFilePointer();
-      } catch (IOException e) {
-        throw new MinioException(e);
-      }
-    }
-
     if (sha256HexString == null && sha256Base64String == null) {
       if (!baseUrl.isHttps()) {
         Checksum.Hasher hasher = Checksum.Algorithm.SHA256.hasher();
@@ -1333,14 +1306,6 @@ private Object[] createBody(PutObjectAPIBaseArgs args, MediaType contentType)
       }
     }
 
-    if (args.file() != null) {
-      try {
-        args.file().seek(fileStartPos);
-      } catch (IOException e) {
-        throw new MinioException(e);
-      }
-    }
-
     Http.Body body = null;
     if (args.file() != null) {
       body = new Http.Body(args.file(), args.length(), contentType, sha256HexString, md5Hash);
 
@@ -104,12 +104,31 @@ private static void update(
       size = buffer.length();
     }
 
+    // Positional reads keep this method side-effect-free on the file pointer; callers don't need
+    // to bracket with seek/restore.
+    long filePos = 0L;
+    java.nio.channels.FileChannel channel = null;
+    if (file != null) {
+      try {
+        filePos = file.getFilePointer();
+        channel = file.getChannel();
+      } catch (IOException e) {
+        throw new MinioException(e);
+      }
+    }
+
     byte[] buf16k = new byte[16384];
     long bytesRead = 0;
     while (bytesRead != size) {
       try {
         int length = (int) Math.min(size - bytesRead, buf16k.length);
-        int n = file != null ? file.read(buf16k, 0, length) : stream.read(buf16k, 0, length);
+        int n;
+        if (file != null) {
+          java.nio.ByteBuffer dst = java.nio.ByteBuffer.wrap(buf16k, 0, length);
+          n = channel.read(dst, filePos + bytesRead);
+        } else {
+          n = stream.read(buf16k, 0, length);
+        }
         if (n < 0) throw new MinioException("unexpected EOF");
         if (n != 0) {
           bytesRead += n;
 
@@ -55,7 +55,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.function.IntSupplier;
 import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import javax.annotation.Nonnull;
@@ -612,10 +611,18 @@ public static OkHttpClient enableExternalCertificatesFromEnv(OkHttpClient client
   }
 
   /**
-   * Creates new HTTP client with default timeout with additional TLS certificates from
-   * SSL_CERT_FILE and SSL_CERT_DIR environment variables if present.
+   * Creates the SDK's default HTTP client with a fixed retry budget of {@link Retry#MAX_RETRY}. For
+   * a runtime-tunable budget, use {@link #newDefaultClient(IntSupplier)}.
    */
   public static OkHttpClient newDefaultClient() {
+    return newDefaultClient(() -> Retry.MAX_RETRY);
+  }
+
+  /**
+   * Creates the SDK's default HTTP client; the {@link RetryInterceptor}'s attempt budget is read
+   * from {@code maxAttemptsSupplier} on each call so it can track a runtime-tunable value.
+   */
+  public static OkHttpClient newDefaultClient(IntSupplier maxAttemptsSupplier) {
     OkHttpClient client =
         new OkHttpClient()
             .newBuilder()
@@ -624,7 +631,7 @@ public static OkHttpClient newDefaultClient() {
             .readTimeout(DEFAULT_TIMEOUT, TimeUnit.MILLISECONDS)
             .protocols(Arrays.asList(Protocol.HTTP_1_1))
             .retryOnConnectionFailure(false)
-            .addInterceptor(new RetryInterceptor())
+            .addInterceptor(new RetryInterceptor(maxAttemptsSupplier))
             .build();
     try {
       return enableExternalCertificatesFromEnv(client);
@@ -691,72 +698,54 @@ public static OkHttpClient setTimeout(
   /**
    * OkHttp interceptor that retries transient HTTP failures with full-jitter exponential backoff.
    *
-   * <p>This is part of the SDK's supported public API: it is installed automatically by {@link
-   * BaseS3Client} on every supplied {@link OkHttpClient} (default or caller-provided), and may also
-   * be registered explicitly on a stand-alone {@link OkHttpClient} via {@code .addInterceptor(new
-   * Http.RetryInterceptor())}.
+   * <p>Installed automatically by {@link Http#newDefaultClient(IntSupplier)} on the SDK-default
+   * client. <em>Not</em> installed on caller-supplied clients passed via {@code
+   * MinioClient.Builder.httpClient(...)} — those are used verbatim. To opt into the SDK retry
+   * policy on a custom client, register this interceptor and pair it with {@code
+   * retryOnConnectionFailure(false)}.
    *
    * <p>Retries on:
    *
    * <ul>
    *   <li>retryable IOException — connection reset, EOF, socket timeout, idle-connection close.
    *       Excludes TLS handshake / unknown-CA / HTTPS protocol mismatch.
    *   <li>retryable HTTP status code — 408, 429, 499, 500, 502, 503, 504, 520.
-   *   <li>retryable S3 error code in a non-2xx response body — {@code SlowDown}, {@code
-   *       InternalError}, {@code ExpiredToken}, etc.
    * </ul>
    *
    * <p>Backoff is full-jitter exponential, with a 200&nbsp;ms unit and a 1&nbsp;s per-attempt cap.
-   * The maximum number of attempts is supplied per intercept call via {@link IntSupplier} so that
-   * an SDK client can expose runtime tuning while keeping the interceptor itself stateless. The
-   * no-arg constructor uses the package default of 10 attempts.
+   * Attempt budget is read from an {@link IntSupplier} on every call so SDK clients can expose
+   * runtime tuning while the interceptor itself stays stateless.
    *
-   * <p><b>Threading.</b> Backoff sleeps on the OkHttp dispatcher thread that owns the call. Under
-   * sustained 5xx/429 storms this can hold dispatcher slots idle while waiting. Callers that need
-   * higher concurrency under widespread retry should size the dispatcher worker pool accordingly
-   * (see {@link okhttp3.Dispatcher#setMaxRequests} / {@code setMaxRequestsPerHost}).
+   * <p><b>Threading.</b> Backoff sleeps on the OkHttp dispatcher thread that owns the call; under
+   * sustained 5xx/429 storms this can hold dispatcher slots idle. Size {@link
+   * okhttp3.Dispatcher#setMaxRequests} / {@code setMaxRequestsPerHost} accordingly.
    *
-   * <p><b>Cancellation.</b> The interceptor checks {@code chain.call().isCanceled()} before each
-   * attempt and after any thrown {@link IOException}, so a {@code Call.cancel()} from the caller
-   * (or an upstream interceptor) terminates the retry loop instead of treating the cancellation as
-   * a retryable transport error.
+   * <p><b>Cancellation.</b> {@code Call.cancel()} short-circuits the retry loop instead of being
+   * mistaken for a retryable transport error.
    *
-   * <p><b>Replayability.</b> Retries call {@code chain.proceed(request)} again, which re-invokes
-   * {@code request.body().writeTo(sink)}. Callers using the SDK's own body types ({@link Body} for
-   * {@code byte[]}, {@link ByteBuffer}, or {@link RandomAccessFile}) are safe — those bodies are
-   * replayable. A caller-supplied {@link okhttp3.RequestBody} that overrides {@code isOneShot()} to
-   * return {@code true} (or otherwise consumes its source on the first {@code writeTo}) MUST NOT be
-   * retried; either disable retries via {@link BaseS3Client#setMaxRetries(int)} {@code (1)} for
-   * those calls, or wrap the body in a replayable form before submission.
+   * <p><b>Replayability.</b> SDK-owned body types ({@link Body} over {@code byte[]}, {@link
+   * ByteBuffer}, {@link RandomAccessFile}) are retry-safe. A caller-supplied {@link
+   * okhttp3.RequestBody} that overrides {@code isOneShot()} to {@code true} MUST NOT be retried;
+   * either disable retries for those calls via {@link BaseS3Client#setMaxRetries(int)} {@code (1)}
+   * or wrap the body in a replayable form.
    *
-   * <p><b>Request reuse.</b> The interceptor passes the same signed {@link okhttp3.Request} on
-   * every attempt, so the {@code X-Amz-Date} / {@code Authorization} headers are not refreshed
-   * between attempts. This is harmless for the default attempt budget (worst-case wall-clock
-   * &lt;&nbsp;10&nbsp;s, well inside the 15-minute S3 signing window) but extreme {@code
-   * maxRetries} values combined with high backoff caps could outlast either the signing window or a
-   * short-lived STS credential. minio-go's request-level retry rebuilds and re-signs each attempt;
-   * that semantic is intentionally not replicated here in exchange for the simpler interceptor
-   * model.
-   *
-   * <p>To opt out of retries on a stand-alone {@link OkHttpClient}, simply do not register this
-   * interceptor.
+   * <p><b>Request reuse.</b> Each attempt sends the same signed {@link okhttp3.Request}, so {@code
+   * X-Amz-Date}/{@code Authorization} are not refreshed. Harmless at the default budget; an extreme
+   * {@code maxRetries} combined with high backoff could outlast the 15-minute signing window or a
+   * short-lived STS credential. (minio-go re-signs per attempt; this Java implementation
+   * deliberately does not, in exchange for a simpler interceptor model.)
    */
   public static class RetryInterceptor implements Interceptor {
-    /** Maximum body bytes inspected when probing for an S3 {@code <Code>} value. */
-    private static final long MAX_PEEK_BYTES = 5L * 1024L * 1024L;
-
-    private static final Pattern S3_ERROR_CODE_PATTERN = Pattern.compile("<Code>([^<]+)</Code>");
-
     private final IntSupplier maxAttemptsSupplier;
 
-    /** Creates a retry interceptor that uses {@link Retry#MAX_RETRY} attempts. */
+    /** Uses a fixed budget of {@link Retry#MAX_RETRY} attempts. */
     public RetryInterceptor() {
       this(() -> Retry.MAX_RETRY);
     }
 
     /**
-     * Creates a retry interceptor that reads its attempt budget from the supplier on every
-     * intercept call. Supplier values less than 1 are clamped to 1 (single attempt = retry off).
+     * Reads the attempt budget from {@code maxAttemptsSupplier} on every call so it can track a
+     * runtime-tunable value. Values below 1 are clamped to 1 (= retry off).
      */
     public RetryInterceptor(IntSupplier maxAttemptsSupplier) {
       this.maxAttemptsSupplier = Objects.requireNonNull(maxAttemptsSupplier, "maxAttemptsSupplier");
@@ -812,32 +801,12 @@ public okhttp3.Response intercept(Chain chain) throws IOException {
           continue;
         }
 
-        if (!response.isSuccessful()) {
-          String s3Code = peekS3ErrorCode(response);
-          if (Retry.isS3CodeRetryable(s3Code)) {
-            lastException = null;
-            continue;
-          }
-        }
-
         return response;
       }
 
       if (lastException != null) throw lastException;
       return response;
     }
-
-    /** Returns the S3 {@code <Code>} value if the body is XML containing one, else null. */
-    private static String peekS3ErrorCode(okhttp3.Response response) {
-      try {
-        String body = response.peekBody(MAX_PEEK_BYTES).string();
-        if (body.isEmpty() || !body.contains("<Error")) return null;
-        Matcher m = S3_ERROR_CODE_PATTERN.matcher(body);
-        return m.find() ? m.group(1) : null;
-      } catch (IOException e) {
-        return null;
-      }
-    }
   }
 
   /** HTTP body of {@link RandomAccessFile}, {@link ByteBuffer} or {@link byte} array. */