Enable Mutual SSL Authentication #904

atgjack · 2019-12-05T15:56:50Z

It seems that the current implentations for SSL request do not support Mutual SSL authentication. Current outgoing requests do not use the javax.net.ssl.keyStore when making requests, which prevents the 2-way ssl handshake from going through.

The ~~Apache ApacheHttpTransport~~ (UPDATE: this should really have been referred to v2 ApacheHttpTransport, although the same question applies to v1. see #904 (comment)) not using getSystemSocketFactory. That version takes into account the javax.net.ssl properties, and would most likely allow for the 2way ssl connection to complete. Is there a reason this is not being used?

The text was updated successfully, but these errors were encountered:

chanseokoh · 2019-12-05T16:19:33Z

At least it's possible to override the SSLSocketFactory to whatever you like on the client side, if it helps at all. Some bad example (taken from Jib code) to make an insecure connection:

          ApacheHttpTransport.newDefaultHttpClientBuilder()
              .setSSLSocketFactory(null) // creates new factory with the SSLContext given below
              .setSSLContext(SslUtils.trustAllSSLContext())
              .setSSLHostnameVerifier(new NoopHostnameVerifier());

elharo · 2019-12-11T16:18:09Z

ApacheHttpTransport is deprecated and scheduled to be removed in about a year.

chanseokoh · 2019-12-11T16:30:57Z

I have some context. This is when using Jib, which uses the new v2 ApacheHttpTransport (com.google.api.client.http.apache.v2.ApacheHttpTransport). @atgjack should have referred to the v2 instead of the deprecated v1. I think @atgjack just searched the class at HEAD instead of searching on the v2 branch.

chanseokoh · 2019-12-11T16:34:02Z

In any case, I think the general question as to whether it should have used getSystemSocketFactory remains valid regardless of v1 or v2. Although I haven't looked into the code, but if what @atgjack said is right, perhaps this library should use the system socket factory?

chingor13 · 2020-12-07T20:30:03Z

This should be available in 1.38.0

Fixes #904 Source-Author: Neenu Shaji <Neenu1995@users.noreply.github.com> Source-Date: Wed Mar 24 15:50:02 2021 -0400 Source-Repo: googleapis/synthtool Source-Sha: bb854b6c048619e3be4e8b8ce8ed10aa74ea78ef Source-Link: googleapis/synthtool@bb854b6

* changes without context autosynth cannot find the source of changes triggered by earlier changes in this repository, or by version upgrades to tools such as linters. * chore(java): detect sample-secrets in build.sh Fixes googleapis#904 Source-Author: Neenu Shaji <Neenu1995@users.noreply.github.com> Source-Date: Wed Mar 24 15:50:02 2021 -0400 Source-Repo: googleapis/synthtool Source-Sha: bb854b6c048619e3be4e8b8ce8ed10aa74ea78ef Source-Link: googleapis/synthtool@bb854b6 * chore: remove staging bucket v2 not needed since we removed v2 solution - googleapis/synthtool#964 Source-Author: Emily Ball <emilyball@google.com> Source-Date: Mon Mar 29 14:47:37 2021 -0700 Source-Repo: googleapis/synthtool Source-Sha: 572ef8f70edd9041f5bcfa71511aed6aecfc2098 Source-Link: googleapis/synthtool@572ef8f

….8 (googleapis#904) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.jacoco:jacoco-maven-plugin](https://www.jacoco.org/jacoco/trunk/doc/maven.html) ([source](https://togithub.com/jacoco/jacoco)) | `0.8.7` -> `0.8.8` | [![age](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/compatibility-slim/0.8.7)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/confidence-slim/0.8.7)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>jacoco/jacoco</summary> ### [`v0.8.8`](https://togithub.com/jacoco/jacoco/releases/v0.8.8) [Compare Source](https://togithub.com/jacoco/jacoco/compare/v0.8.7...v0.8.8) ##### New Features - JaCoCo now officially supports Java 17 and 18 (GitHub [#1282](https://togithub.com/jacoco/jacoco/issues/1282), [#1198](https://togithub.com/jacoco/jacoco/issues/1198)). - Experimental support for Java 19 class files (GitHub [#1264](https://togithub.com/jacoco/jacoco/issues/1264)). - Part of bytecode generated by the Java compilers for assert statement is filtered out during generation of report (GitHub [#1196](https://togithub.com/jacoco/jacoco/issues/1196)). - Branch added by the Kotlin compiler version 1.6.0 and above for "unsafe" cast operator is filtered out during generation of report (GitHub [#1266](https://togithub.com/jacoco/jacoco/issues/1266)). - Improved support for multiple JaCoCo runtimes in the same VM (GitHub [#1057](https://togithub.com/jacoco/jacoco/issues/1057)). ##### Fixed bugs - Fixed `NullPointerException` during filtering (GitHub [#1189](https://togithub.com/jacoco/jacoco/issues/1189)). - Fix range for debug symbols of method parameters (GitHub [#1246](https://togithub.com/jacoco/jacoco/issues/1246)). ##### Non-functional Changes - JaCoCo now depends on ASM 9.2 (GitHub [#1206](https://togithub.com/jacoco/jacoco/issues/1206)). - Messages of exceptions occurring during analysis or instrumentation now include JaCoCo version (GitHub [#1217](https://togithub.com/jacoco/jacoco/issues/1217)). </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/google-auth-library-java).

yoshi-automation added the triage me I really want to be triaged. label Dec 6, 2019

chingor13 added the type: question Request for information or clarification. Not an issue. label Dec 10, 2019

yoshi-automation removed the triage me I really want to be triaged. label Dec 10, 2019

chanseokoh mentioned this issue Jan 29, 2020

Jib may be unable to send client certificate GoogleContainerTools/jib#2226

Closed

jacksierkstra mentioned this issue Jul 15, 2020

Jib is not sending client certificate regardless of the javax.net.ssl.keyStore property. GoogleContainerTools/jib#2585

Closed

chanseokoh mentioned this issue Oct 27, 2020

feat: add mtls support for NetHttpTransport #1147

Merged

chingor13 closed this as completed Dec 7, 2020

JustinBeckwith assigned chingor13 Feb 1, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable Mutual SSL Authentication #904

Enable Mutual SSL Authentication #904

Enable Mutual SSL Authentication #904

Enable Mutual SSL Authentication #904

Comments