Applying SSL context and trust manager to "/token" call #1524
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Discovered this while doing some manual testing. The main ML Cloud instance that has been used for testing is not verifying certificates, and thus this line of code for configuring an SSL socket factory was not required. But if certificates are verified (which I ran into while doing some local testing using an emulated ML Cloud instance), we'll presumably want to construct an SSL socket factory using the same SSLContext and TrustManager that the Java Client uses when it constructs a DatabaseClient. Can only test this via manual testing, until we have a way to run automated tests against an ML Cloud instance.
rjrudin
commented
Jan 25, 2023
| private Response callTokenEndpoint(MarkLogicCloudAuthContext securityContext) { | ||
| final HttpUrl tokenUrl = buildTokenUrl(securityContext); | ||
| OkHttpClient.Builder clientBuilder = OkHttpUtil.newClientBuilder(); | ||
| // Initial testing has shown that neither the OkHttp socket factory nor hostname verifier need to be configured |
Contributor
Author
There was a problem hiding this comment.
This comment is likely wrong; it was only due to the "test" cloud instance I was using not doing any certificate verification.
rjrudin
commented
Jan 25, 2023
| * @param trustManager | ||
| */ | ||
| private static void configureSocketFactory(OkHttpClient.Builder clientBuilder, SSLContext sslContext, X509TrustManager trustManager) { | ||
| static void configureSocketFactory(OkHttpClient.Builder clientBuilder, SSLContext sslContext, X509TrustManager trustManager) { |
Contributor
Author
There was a problem hiding this comment.
Opened this up for package-level access so that MarkLogicCloudAuthenticationConfigurer can reuse it. It's also used when constructing the OkHttpClient used for talking to MarkLogic.
BillFarber
approved these changes
Jan 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Discovered this while doing some manual testing. The main ML Cloud instance that has been used for testing is not verifying certificates, and thus this line of code for configuring an SSL socket factory was not required. But if certificates are verified (which I ran into while doing some local testing using an emulated ML Cloud instance), we'll presumably want to construct an SSL socket factory using the same SSLContext and TrustManager that the Java Client uses when it constructs a DatabaseClient.
Can only test this via manual testing, until we have a way to run automated tests against an ML Cloud instance.