Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable support for adding KeyManager #1811

Open
Hakky54 opened this issue Apr 20, 2020 · 1 comment
Open

Enable support for adding KeyManager #1811

Hakky54 opened this issue Apr 20, 2020 · 1 comment
Assignees
Labels

Comments

@Hakky54
Copy link
Contributor

Hakky54 commented Apr 20, 2020

Subsystem
Client, CIO module

Is your feature request related to a problem? Please describe.
I am currently configuring the client to communicate over mutual tls/mutual authentication. The server will require the client to identify itself. To enable this feature a client needs a sslcontext with a preconfigured keymanager initialized. With the Apache or OkHttp module this is already possible with ktor, because it accepts a custom sslcontext or sslsocketfactory, see below:

For Apache HttpClient

import io.ktor.client.HttpClient
import io.ktor.client.engine.apache.Apache

class ApacheExampleClient {

    val client = HttpClient(Apache) {
        engine {
            sslContext = //custom sslcontext
        }
    }

}

For OkHttp

import io.ktor.client.HttpClient
import io.ktor.client.engine.okhttp.OkHttp

class OkHttpExampleClient {

    val client = HttpClient(OkHttp) {
        engine {
            config {
                sslSocketFactory(socketFactory, trustManager)
                hostnameVerifier(hostnameVerifier)
            }
        }
    }

}

The CIO module accepts couple of https parameters, such as trustmanager and secure random. I am assuming that the CIO module will use these values to create a custom sslcontext. With the current options available in the TLSConfigBuilder, which is being used by the CIOEngineConfig, it is not possible to provide the keymaterial.

Describe the solution you'd like
I would like to have the possibility to also provide a keymanager within the TLSConfigBuilder. In that way the client can identify itself when the server is requesting the client to provide client-certificate during the handshake process.

With KeyManager and TrustManager

import io.ktor.client.HttpClient
import io.ktor.client.engine.cio.CIO

class CioExampleClient {

    val client = HttpClient(CIO) {
        engine {
            https {
                keyManager = //keymanager
                trustManager = //trustmanager
            }
        }
    }

}

Motivation to include to ktor
This option will enable the end-user to get the same behaviour as other clients like apache and okhttp for mutual authentication. I am not quite sure if it is easy to implement or even possible, but it would be a cool feature to have it.

@e5l e5l self-assigned this Apr 21, 2020
@Hakky54 Hakky54 changed the title Enable support for adding KeyManager and/or custom SSLContext Enable support for adding KeyManager May 17, 2020
@oleg-larshin
Copy link

Please check the following ticket on YouTrack for follow-ups to this issue. GitHub issues will be closed in the coming weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants