Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add mtls support for NetHttpTransport #1147

Merged
merged 17 commits into from Oct 30, 2020
Merged

feat: add mtls support for NetHttpTransport #1147

merged 17 commits into from Oct 30, 2020

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Oct 15, 2020
edited

go/java-apiary-client-mtls (section 2.2.2.1)

Support
(1) passing keystore to SslContext constructor for client certificate and private key.
(2) creating keystore from certAndKey input stream.

Summary of new functions:

// In google-http-client/src/main/java/com/google/api/client/util/SecurityUtils.java
// create mtls key store from client cert and key input stream
public static KeyStore createMtlsKeyStore(InputStream certAndKey)

// In google-http-client/src/main/java/com/google/api/client/util/SslUtils.java
// init sslcontext with trust store and mtls key store
public static SSLContext initSslContext(
      SSLContext sslContext,
      KeyStore trustStore,
      TrustManagerFactory trustManagerFactory,
      KeyStore mtlsKeyStore,
      String mtlsKeystorePassword,
      KeyManagerFactory keyManagerFactory)

// In google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java
public Builder trustCertificates(
        KeyStore trustStore, KeyStore mtlsKeyStore, String mtlsKeystorePassword)

// Indict if transport is mtls.
public boolean isMtls() {
    return this.isMtls;
}
``

@arithmetic1728 arithmetic1728 requested a review from as a code owner Oct 15, 2020
@google-cla google-cla bot added the cla: yes label Oct 15, 2020
chingor13
chingor13 requested changes Oct 15, 2020
View changes
Copy link
Collaborator

@chingor13 chingor13 left a comment

We also need to add tests for this

google-http-client/src/main/java/com/google/api/client/http/HttpTransport.java Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/util/SslUtils.java Outdated Show resolved Hide resolved
@arithmetic1728
Copy link
Contributor Author

@arithmetic1728 arithmetic1728 commented Oct 16, 2020

We also need to add tests for this

Tests are added now.

chingor13
chingor13 requested changes Oct 16, 2020
View changes
Copy link
Collaborator

@chingor13 chingor13 left a comment

We're going to hold off on approving and merging this approach (especially the isMtls() accessor) until the whole design is complete and approved.

google-http-client/src/test/java/com/google/api/client/http/javanet/NetHttpTransportTest.java Outdated Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java Show resolved Hide resolved
@chingor13 chingor13 added the do not merge label Oct 16, 2020
chingor13
chingor13 requested changes Oct 27, 2020
View changes
Copy link
Collaborator

@chingor13 chingor13 left a comment

Looking really close.

google-http-client/src/test/java/com/google/api/client/util/SecurityUtilsTest.java Outdated Show resolved Hide resolved
@chingor13 chingor13 changed the title feat: support keystore in transport for mtls feat: add mtls support for NetHttpTransport Oct 27, 2020
elharo
elharo reviewed Oct 27, 2020
View changes
Copy link
Collaborator

@elharo elharo left a comment

For open source projects like this one, it's very helpful to have designs and issues on Github rather than in corp.

@chanseokoh
Copy link
Contributor

@chanseokoh chanseokoh commented Oct 27, 2020

Looks like this is to enable mutual TLS for NetHttpTransport. How about #904 (ApacheHttpTransport)? Is it that #904 should eventually be fixed?

@chingor13
Copy link
Collaborator

@chingor13 chingor13 commented Oct 27, 2020

MTLS support will also need to be implemented for the Apache transport as well.

@arithmetic1728
Copy link
Contributor Author

@arithmetic1728 arithmetic1728 commented Oct 27, 2020

For open source projects like this one, it's very helpful to have designs and issues on Github rather than in corp.

I added a summary of the new functions added, I think they are self explanatory. The design doc is for client libs, http client is just a building block.

@arithmetic1728
Copy link
Contributor Author

@arithmetic1728 arithmetic1728 commented Oct 27, 2020

Looks like this is to enable mutual TLS for NetHttpTransport. How about #904 (ApacheHttpTransport)? Is it that #904 should eventually be fixed?

yes, mTLS support will be added to apache transport.

chingor13
chingor13 requested changes Oct 29, 2020
View changes
Copy link
Collaborator

@chingor13 chingor13 left a comment

A few nits

google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java Outdated Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java Outdated Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/util/SecurityUtils.java Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/util/SslUtils.java Outdated Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/util/SslUtils.java Outdated Show resolved Hide resolved
google-http-client/src/main/java/com/google/api/client/util/SslUtils.java Outdated Show resolved Hide resolved
google-http-client/src/test/java/com/google/api/client/util/SecurityUtilsTest.java Outdated Show resolved Hide resolved
google-http-client/src/test/java/com/google/api/client/util/SecurityUtilsTest.java Outdated Show resolved Hide resolved
google-http-client/src/test/java/com/google/api/client/util/SecurityUtilsTest.java Outdated Show resolved Hide resolved
arithmetic1728 and others added 7 commits Oct 29, 2020
@arithmetic1728 @chingor13
Update google-http-client/src/main/java/com/google/api/client/http/ja…
c4bc00d 
…vanet/NetHttpTransport.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728 @chingor13
Update google-http-client/src/main/java/com/google/api/client/http/ja…
a97ea3d 
…vanet/NetHttpTransport.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728 @chingor13
Update google-http-client/src/main/java/com/google/api/client/util/Ss…
7469467 
…lUtils.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728 @chingor13
Update google-http-client/src/main/java/com/google/api/client/util/Ss…
a61ed1a 
…lUtils.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728 @chingor13
Update google-http-client/src/test/java/com/google/api/client/util/Se…
93c3452 
…curityUtilsTest.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728 @chingor13
Update google-http-client/src/main/java/com/google/api/client/util/Ss…
d195f65 
…lUtils.java

Co-authored-by: Jeff Ching <chingor@google.com>
@arithmetic1728
update the code
13d7d19
@chingor13
Copy link
Collaborator

@chingor13 chingor13 commented Oct 30, 2020

@arithmetic1728 Let's follow up with a PR to add @Beta annotations to the new APIs and @since 1.38 to the javadoc of the new APIs

@chingor13 chingor13 merged commit 51762f2 into googleapis:master Oct 30, 2020
10 checks passed
@arithmetic1728 arithmetic1728 mentioned this pull request Nov 1, 2020
Merged
gcf-merge-on-green bot pushed a commit that referenced this issue Nov 3, 2020
@release-please
chore: release 1.38.0 (#1165)
8b31308 
🤖 I have created a release \*beep\* \*boop\* 
---
## [1.38.0](https://www.github.com/googleapis/google-http-java-client/compare/v1.37.0...v1.38.0) (2020-11-02)


### Features

* add isMtls property to ApacheHttpTransport ([#1168](https://www.github.com/googleapis/google-http-java-client/issues/1168)) ([c416e20](https://www.github.com/googleapis/google-http-java-client/commit/c416e201c92a5c5fc1b1c59c5dd63e8ec1463f5f))
* add mtls support for NetHttpTransport ([#1147](https://www.github.com/googleapis/google-http-java-client/issues/1147)) ([51762f2](https://www.github.com/googleapis/google-http-java-client/commit/51762f221ec8ab38da03149c8012e63aec0433dc))


### Dependencies

* guava 30.0-android ([#1151](https://www.github.com/googleapis/google-http-java-client/issues/1151)) ([969dbbf](https://www.github.com/googleapis/google-http-java-client/commit/969dbbf127708aff16309f82538aca6f0a651638))


### Documentation

* libraries-bom 13.4.0 ([#1170](https://www.github.com/googleapis/google-http-java-client/issues/1170)) ([6818a02](https://www.github.com/googleapis/google-http-java-client/commit/6818a02a15e1bef8e9f5ea56a4ecc2b8d0646f9b))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elharo elharo

@chingor13 chingor13

Assignees
No one assigned
Labels
cla: yes do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@arithmetic1728 @chanseokoh @chingor13 @elharo