chore: support mtls settings

[rajcspsg]

closes #2211

[codecov-commenter]

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (f2f5378) 64.30% compared to head (9350eec) 64.27%.

Files	Patch %	Lines
zio-http/src/main/scala/zio/http/SSLConfig.scala	18.18%	9 Missing ⚠️
...scala/zio/http/netty/server/ServerSSLDecoder.scala	50.00%	3 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2443      +/-   ##
==========================================
- Coverage   64.30%   64.27%   -0.04%     
==========================================
  Files         139      139              
  Lines        8198     8207       +9     
  Branches     1530     1497      -33     
==========================================
+ Hits         5272     5275       +3     
- Misses       2926     2932       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rajcspsg]

@adamgfraser still I need to write test. could you have quick glance whether the approach is correct.

[jdegoes]

@danestig Can you review and ensure this meets your needs?

[danestig]

Hello! Thanks for taking a stab at this @rajcspsg.

I have 2 concerns:

1. How do I provide both client keytstore/key/certificate and a truststore/ca-certificate? Looking at the ClientSSLConfig they look mutually exclusive to me.
2. Since I could not figure out 1 I have not tried this yet. Will mTLS be used to connect to both the proxy and the server, or only one of them? Client proxy mTLS support #2211 Is specifically about authenticating with mTLS with the proxy, I expected that to be configured in the proxy setting.

[rajcspsg]

@danestig Sorry I missed your comment. I did mistake I updating the ClientSSLConfig config instead of ServerSSLConfig.
I going to configure only the proxy server verifies the client certificates, does that work for you?

[danestig]

@rajcspsg Yes, I believe that would solve my issue. Thank you.

[jdegoes]

@rajcspsg Can you put these in the companion object of ClientAuth?

[jdegoes]

Also, once you put them there, they can have shorter names, e.g.:

object ClientAuth {
  case object Required extends ClientAuth
  case object None extends ClientAuth
  case object Optional extends ClientAuth
}

[rajcspsg]

@jdegoes sure. I've to set this config on ServerSslContext not on ClientSSLContext

[rajcspsg]

I'll update my PR shortly

[jdegoes]

Just one minor suggestion, then looks good to merge. Thankk you!

[rajcspsg]

@jdegoes @danestig @adamgfraser I updated the PR to add clientAuth config on SSLServerContext.
Please review again and let me know if you have any questions.

[rajcspsg]

@jdegoes @adamgfraser I tried to combine both the apply (and other duplicate functions below)
into single function like

def apply(data: Data, clientAuth: Option[ClientAuth] = None): SSLConfig =
    new SSLConfig(HttpBehaviour.Redirect, data, Provider.JDK, clientAuth)

But I'm getting below error -

/home/raj/Coding/scala/zio-http/zio-http/src/main/scala/zio/http/SSLConfig.scala:39:8: in object SSLConfig, multiple overloaded alternatives of method fromFile define default arguments.

I did workaround to make it compile. Not sure why the first option didn't work