Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Created trusted http client for SSL/TLS and client cert authentication. #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Created trusted http client for SSL/TLS and client cert authentication. #10

wants to merge 1 commit into from

Conversation

and-hom
Copy link

@and-hom and-hom commented Dec 17, 2013

  • Added TrustedApacheClient for retrofit (delegation pattern on ApacheClient using custom params for HttpClient)
  • Added method newTrustedInstance for EtcdClientFactory
  • Added new constructor for EtcdClientImpl with custom retrofit client
  • Added test for https and all necessary certificates

Why do I override retrofit.client.Client in the jetcd project, not in retrofit? Retrofit already supports SSL/TLS Auth in ApacheClient, but it requires quitely preconfigured apache http client. So, we have to configure apache http client somewhere, for example, in factory class. But there is too much code to initialize ssl apache http client properly. So, I think It well be good idea to hide all this work in the client proxy class TrustedApacheClient and use simple call new TrustedApacheClient(credentials). Credentials object contains client key, client cert and ca cert.

@and-hom
Created trusted http client for SSL/TLS and client cert authentication.
0d1aa90 
* Added TrustedApacheClient for retrofit (delegation pattern on ApacheClient using custom params for HttpClient)
* Added method newTrustedInstance for EtcdClientFactory
* Added new constructor for EtcdClientImpl with custom retrofit client
* Added test for https and all necessary certificates

Why do I override retrofit.client.Client in the jetcd project, not in retrofit? Retrofit already supports SSL/TLS Auth in ApacheClient, but it requires quitely preconfigured apache http client. So, we have to configure apache http client somewhere, for example, in factory class. But there is too much code to initialize ssl apache http client properly. So, I think It well be good idea to hide all this work in the client proxy class TrustedApacheClient and use simple call new TrustedApacheClient(credentials). Credentials object contains client key, client cert and ca cert.
@diwakergupta
Copy link
Owner

Thanks @and-hom! Besides the CI failure (likely due to no running etcd), I do have a few high-level comments about this PR:

  • Rather than force an HTTP client, ideally we'd let users choose the client they want. This would require some tweaking of the EtcdFactory API
  • This would also let users configure trust domains and certificates as they see fit, instead of blindly trusting certs under them. I'd like jetcd to follow the principle of least surprise.

What do you think?

@and-hom
Copy link
Author

and-hom commented Dec 20, 2013

Good idea. It's better way to setup setup http client separately, but we have only one configuration of http client to work with etcd. So it may be useful to create an utility for http client ssl/tls setup

@diwakergupta diwakergupta force-pushed the master branch 3 times, most recently from 581d5dd to 103a78f Compare October 24, 2014 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@and-hom @diwakergupta