fix: release the JDK exchange when async dispatch wiring fails

JdkHttpTransport.executeAsync guards the whole post-adaptation dispatch
path so a synchronous throw becomes a failed future. But if sendAsync had
already returned a live in-flight exchange when a later step threw, that
exchange kept running on a future nothing would await, leaking its
connection.

Hoist the in-flight handle out of the try and cancel it from the catch so
the exchange is aborted on the failure path; the cancel is a no-op when
the throw happened at or before dispatch (handle still null).

Also document on the test's HttpClient double why its sslContext() and
send() stubs are inert: executeAsync only ever calls sendAsync, so neither
is reached on the path under test.

Author: OmarAlJarrah

sdk-transport-jdkhttp/src/main/kotlin/org/dexpace/sdk/transport/jdkhttp/JdkHttpTransport.kt

@@ -138,6 +138,10 @@ public class JdkHttpTransport private constructor(
      * completions to release the body's connection back to the pool.
      */
     override fun executeAsync(request: Request): CompletableFuture<Response> {
+        // Held outside the try so the catch can release the JDK exchange if dispatch succeeded but a
+        // later step threw (see the catch). Null until `sendAsync` returns: a throw at or before
+        // dispatch leaves nothing to clean up.
+        var inFlight: CompletableFuture<HttpResponse<InputStream>>? = null
         return try {
             val jdkRequest = requestAdapter.adapt(request, responseTimeout)
             // `sendAsync` is inside the guard too. Its contract does not promise that every failure
@@ -148,7 +152,7 @@ public class JdkHttpTransport private constructor(
             // intact whichever way a failure surfaces. (Today's stock JDK client packages such
             // failures into an already-failed future — e.g. on a closed client — which the bridge
             // propagates and so never reaches this catch; the guard is for the throwing case.)
-            val inFlight = client.sendAsync(jdkRequest, HttpResponse.BodyHandlers.ofInputStream())
+            inFlight = client.sendAsync(jdkRequest, HttpResponse.BodyHandlers.ofInputStream())
             bridgeAsyncResponse(inFlight) { jdkResponse -> responseAdapter.adapt(request, jdkResponse) }
         } catch (e: Exception) {
             // The async contract is that errors arrive through the returned future. The dispatch
@@ -160,6 +164,13 @@ public class JdkHttpTransport private constructor(
             // keeps a future adapter step's checked exception on the future too. Only `Error` (OOM
             // and other JVM-fatal conditions) is left to propagate up the caller's stack rather
             // than be packaged into a future that may never be awaited.
+            //
+            // If `sendAsync` already returned an in-flight exchange, the only way control reaches
+            // here is `bridgeAsyncResponse` throwing before it wired that future's cancellation
+            // propagation — its result is never returned, so cancel the exchange directly to release
+            // its connection rather than leak it on a future nothing will await. The cancel is a
+            // no-op when `inFlight` is null (the throw happened at or before dispatch).
+            inFlight?.cancel(true)
             CompletableFuture.failedFuture<Response>(e)
         }
     }

sdk-transport-jdkhttp/src/test/kotlin/org/dexpace/sdk/transport/jdkhttp/JdkHttpTransportTest.kt

@@ -888,7 +888,11 @@ class JdkHttpTransportTest {
      * A minimal [HttpClient] whose async dispatch throws synchronously on the caller's thread,
      * modelling a client (or a future JDK) that does not package every `sendAsync` failure into the
      * returned future. Only [sendAsync] is exercised by [JdkHttpTransport.executeAsync]; the rest
-     * are inert stubs that are never invoked on the dispatch path under test.
+     * are inert stubs that are never invoked on the dispatch path under test. In particular
+     * [sslContext] returns `SSLContext.getDefault()` only to satisfy the abstract member — its
+     * checked `NoSuchAlgorithmException` and the cost of materialising the JVM default SSL context
+     * never apply here because the path under test never reads the context; likewise [send] throws
+     * rather than returning a stub response, as the synchronous path is never reached.
      */
     private class SyncThrowingDispatchClient(
         private val failure: RuntimeException,