fix: Issue #115 - fix for SSL Context for IDP and plaintext platform (#116)

ttschampel · web-flow · commit 36a29dfd6666 · 2024-08-15T14:42:51.000-07:00
fix for #115 Note, to repro the error run the new test _testPlatformPlainTextAndIDPWithSSL_ without the fix in SDKBuilder.
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java b/sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java
@@ -224,7 +224,7 @@ public SDK build() {
      */
     private ManagedChannelBuilder<?> getManagedChannelBuilder(String endpoint) {
         ManagedChannelBuilder<?> channelBuilder;
-        if (sslFactory != null) {
+        if (sslFactory != null && !usePlainText) {
             channelBuilder = Grpc.newChannelBuilder(endpoint, TlsChannelCredentials.newBuilder()
                     .trustManager(sslFactory.getTrustManager().get()).build());
         }else{
diff --git a/sdk/src/test/java/io/opentdf/platform/sdk/SDKBuilderTest.java b/sdk/src/test/java/io/opentdf/platform/sdk/SDKBuilderTest.java
@@ -2,7 +2,6 @@
 
 import com.google.protobuf.Struct;
 import com.google.protobuf.Value;
-import io.grpc.ClientInterceptor;
 import io.grpc.Metadata;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
@@ -89,17 +88,23 @@ void testKeystoreSSLContext() throws Exception{
 
     }
 
+
+    @Test
+    public void testPlatformPlainTextAndIDPWithSSL() throws Exception{
+        sdkServicesSetup(false, true);
+    }
+
     @Test
     void testSDKServicesWithTruststore() throws Exception{
-        sdkServicesSetup(true);
+        sdkServicesSetup(true, true);
     }
 
     @Test
     void testCreatingSDKServicesPlainText() throws Exception {
-        sdkServicesSetup(false);
+        sdkServicesSetup(false, false);
     }
 
-    void sdkServicesSetup(boolean useSSL) throws Exception{
+    void sdkServicesSetup(boolean useSSLPlatform, boolean useSSLIDP) throws Exception{
 
         HeldCertificate rootCertificate = new HeldCertificate.Builder()
                 .certificateAuthority(0)
@@ -122,7 +127,7 @@ void sdkServicesSetup(boolean useSSL) throws Exception{
         // * it returns the OIDC configuration we use at bootstrapping time
         // * it fakes out being an IDP and returns an access token when need to retrieve an access token
         try (MockWebServer httpServer = new MockWebServer()) {
-            if (useSSL){
+            if (useSSLIDP){
                 httpServer.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
             }
             String oidcConfig;
@@ -179,7 +184,7 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
                             return next.startCall(call, headers);
                         }
                     });
-            if (useSSL){
+            if (useSSLPlatform){
                  platformServicesServerBuilder = platformServicesServerBuilder.useTransportSecurity(
                         new ByteArrayInputStream(serverCertificate.certificatePem().getBytes()),
                         new ByteArrayInputStream(serverCertificate.privateKeyPkcs8Pem().getBytes()));
@@ -207,7 +212,7 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
                         }
                     });
 
-            if(useSSL){
+            if(useSSLPlatform){
                 kasServerBuilder = kasServerBuilder.useTransportSecurity(
                         new ByteArrayInputStream(serverCertificate.certificatePem().getBytes()),
                         new ByteArrayInputStream(serverCertificate.privateKeyPkcs8Pem().getBytes()));
@@ -220,15 +225,16 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
                     .clientSecret("client-id", "client-secret")
                     .platformEndpoint("localhost:" + platformServicesServer.getPort());
 
-            if(!useSSL) {
+            if(!useSSLPlatform) {
                 servicesBuilder = servicesBuilder.useInsecurePlaintextConnection(true);
-            }else{
+            }
+            if (useSSLPlatform || useSSLIDP){
                 servicesBuilder = servicesBuilder.sslFactory(SSLFactory.builder().withTrustMaterial(rootCertificate.
                         certificate()).build());
             }
 
             var servicesAndComponents = servicesBuilder.buildServices();
-            if (useSSL) {
+            if (useSSLPlatform || useSSLIDP) {
                 assertThat(servicesAndComponents.trustManager).isNotNull();
             }
             assertThat(servicesAndComponents.interceptor).isNotNull();
