Re-add custom certificate support #7739
Conversation
...lm-library/src/androidTestObjectServer/kotlin/io/realm/mongodb/sync/SSLConfigurationTests.kt
Outdated
Show resolved
Hide resolved
| .modules(DefaultSyncSchema()) | ||
| .trustedRootCA("untrusted_ca.pem") | ||
| .build() | ||
| // waitForInitialRemoteData will throw an Internal error (125): Operation Canceled |
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/Sync.java
Show resolved
Hide resolved
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/Sync.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
I am a bit uncomfortable with amount of ignored tests due to expired test certificates and no test for the happy path ... and I am not even able to see how the asset file is copied to the internal location (but it might just be me that can't find it 🤪)
There are also numerous references to Realm Object Server in the docs
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/SyncConfiguration.java
Outdated
Show resolved
Hide resolved
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/SyncConfiguration.java
Outdated
Show resolved
Hide resolved
| @@ -1283,6 +1381,19 @@ public SyncConfiguration build() { | |||
| String absolutePathForRealm = user.getApp().getSync().getAbsolutePathForRealm(user.getId(), partitionValue, filename); | |||
| File realmFile = new File(absolutePathForRealm); | |||
|
|
|||
| if (!Util.isEmptyString(serverCertificateAssetName)) { | |||
There was a problem hiding this comment.
Where is the certificate copied from the asset location to the internal location? ... can't seem to find it 👀
There was a problem hiding this comment.
The code was left in RealmCache, so isn't part of this PR. But i discovered a bug in it while testing 🙈 (it failed if you had both an certificate and disableSsl enabled).
| val syncConfigSSL: SyncConfiguration = configFactory.createSyncConfigurationBuilder(user, partition) | ||
| .modules(DefaultSyncSchema()) | ||
| .waitForInitialRemoteData() | ||
| .disableSSLVerification() |
There was a problem hiding this comment.
What does this test? Is there anything else in the setup that would make this fail if you didn't include this option? Maybe if you added an otherwise failling certificate you would show that we are bypassing that 🤔
There was a problem hiding this comment.
I added a manual test to this class that runs against an prod Atlas app. It requires that you run it manually, but does verify that things work.
...lm-library/src/androidTestObjectServer/kotlin/io/realm/mongodb/sync/SSLConfigurationTests.kt
Outdated
Show resolved
Hide resolved
...lm-library/src/androidTestObjectServer/kotlin/io/realm/mongodb/sync/SSLConfigurationTests.kt
Outdated
Show resolved
Hide resolved
...lm-library/src/androidTestObjectServer/kotlin/io/realm/mongodb/sync/SSLConfigurationTests.kt
Outdated
Show resolved
Hide resolved
This PR re-adds custom certificate code that was assumed to not be needed anymore. We where wrong. It was mostly the public API's and tests that had been removed. Most of the internal plumbing was still present in the code base.
It has not been possible to test the success case, but since the code has just been re-added it is assumed to work. The error case is tested by the tests and these also verify that we correctly load the certificate from assets and call the validate functions.
TODO