Open Anikate-De opened 2 weeks ago
I would assume that the implementation requires that you use sslSocketFactory
? Does that limit the connection to not be HTTP/QUIC?
It might make sense to think of this in terms of what functionality from OkHttpClient.Build
we want to make available in the client?
Please see https://github.com/dart-lang/sdk/issues/50669, it serves as a starting point for this feature implementation.
The Android KeyStore System prohibits the application from extracting key material.
This essentially prevents HTTP client users from supplying the
ByteArray
of Key Material into theSecurityContext
usingsetTrustedCertificatesBytes
However, since OkHttp can interact with native APIs, we can let the
OkHttpClient
use anSSLSocketFactory
and pass the Key Material usingjavax.net.ssl.X509TrustManager
Proposal
Expose a new API in
OkHttpClient
:See https://github.com/dart-lang/sdk/issues/50669#issuecomment-1352800017
If this is what we're going for, do you think that it would be better to write native code and then generate bindings of that (much like what we have for
RedirectInterceptor
andAsyncInputStreamReader
) , rather than generating bindings for too many classes and then implementing it in Dart using JNITests
What tests would be required to check if this is working correctly?
Setup a mock HTTPS Server with a CertificateChain and PrivateKey. Then, setup valid and invalid certificates in the
KeyStore
and make requests fromOkHttpClient
?cc @brianquinlan @camsim99