Skip to content

flohealth/ok-ohttp-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
buildSrc
buildSrc
 
 
gradle
gradle
 
 
lib-ohttp-plugin
lib-ohttp-plugin
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
build.gradle.kts
build.gradle.kts
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
jitpack.yml
jitpack.yml
 
 
settings.gradle.kts
settings.gradle.kts
 
 

Repository files navigation

Oblivious HTTP Implementation for OkHttp

This project is a set of OkHttp Interceptors that brings Oblivious HTTP support to Android apps with OkHttp client.
Requests to an OHTTP Gateway are serialized into Binary HTTP format by ok-bhttp and encapsulated/decapsulated by ok-ohttp-encapsulator.
It is compatible with the OHTTP relay and corresponding server implementations from Cloudflare.

Download

Declare Gradle dependencies

dependencies {
    implementation("com.github.flohealth:ok-ohttp-plugin:0.1.0")
}

Download artifacts

You can download the following artifacts:

Usage

Setup OkHttp client

import okhttp3.cache

val configRequestsCache: Cache

// provide your IsOhttpEnabledProvider implementation if you need to enable/disable OHTTP in runtime
val isOhttpEnabled: IsOhttpEnabledProvider = IsOhttpEnabledProvider { true }

val ohttpConfig = OhttpConfig(
     relayUrl = "https://example.com/ohttp-relay".toHttpUrl(), // relay server
     userAgent = "Minimal User Agent", // user agent for OHTTP requests to the relay server
     configServerConfig = OhttpConfig.ConfigServerConfig(
         configUrl = "https://example.com/ohttp-config".toHttpUrl(), // crypto config
         configCache = configRequestsCache,
     ),
)

val okHttpClient: OkHttpClient = OkHttpClient.Builder()
     .addInterceptor(myInterceptor) // add all your interceptors
     .addNetworkInterceptor(myNetworkInterceptor) // add all your network interceptors
     .setupOhttp( // setup OHTTP as the final step
         config=ohttpConfig,
         isOhttpEnabled = isOhttpEnabled,
     )

// use your OkHttpClient as usual

The IsOhttpEnabledProvider is called on every request; keep in mind the potential performance penalty during implementation.

Call setupOhttp after adding any other interceptors. Any Network Interceptor added after setupOhttp will modify not your API call request but the request to OHTTP Relay. This could bring unexpected behavior in work with OHTTP Relay and expose unwanted information about the user.

If you build several OkHttp clients, we suggest creating a single instance of OhttpConfigurator and configuring all your OkHttp clients with it. This will reduce the amount of OHTTP CryptoConfig requests.

By the nature of Oblivious HTTP, you can't inspect OHTTP traffic using sniffers. For debugging purposes, you can still use logs to see the requests & response content ( e.g. OkHttp Logging Interceptor)

Though all OHTTP requests are transformed into POST requests, user requests are still cached by the OkHttp cache.

Limitations

As OHTTP Plugin significantly changes the client-server interaction and protocol, we can't prove that every feature of the HTTP protocol & OkHttp client will correctly work with OHTTP enabled. Please perform proper testing for your cases before use.

All limitations of ok-bhttp and ok-ohttp-encapsulator are applied .

License

Released under MIT License.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

15 stars

Watchers

15 watching

Forks

2 forks
Report repository

Releases 1

0.1.0 Latest
Jun 28, 2023

Packages

No packages published

Contributors 2

  •  
  •  

Languages