-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re-add custom certificate support #7739
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for reviving this!
...lm-library/src/androidTestObjectServer/kotlin/io/realm/mongodb/sync/SSLConfigurationTests.kt
Outdated
Show resolved
Hide resolved
.modules(DefaultSyncSchema()) | ||
.trustedRootCA("untrusted_ca.pem") | ||
.build() | ||
// waitForInitialRemoteData will throw an Internal error (125): Operation Canceled |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still throwing?
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/Sync.java
Show resolved
Hide resolved
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/Sync.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am a bit uncomfortable with amount of ignored tests due to expired test certificates and no test for the happy path ... and I am not even able to see how the asset file is copied to the internal location (but it might just be me that can't find it 🤪)
There are also numerous references to Realm Object Server in the docs
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/SyncConfiguration.java
Outdated
Show resolved
Hide resolved
realm/realm-library/src/objectServer/java/io/realm/mongodb/sync/SyncConfiguration.java
Outdated
Show resolved
Hide resolved
@@ -1283,6 +1381,19 @@ public SyncConfiguration build() { | |||
String absolutePathForRealm = user.getApp().getSync().getAbsolutePathForRealm(user.getId(), partitionValue, filename); | |||
File realmFile = new File(absolutePathForRealm); | |||
|
|||
if (!Util.isEmptyString(serverCertificateAssetName)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is the certificate copied from the asset location to the internal location? ... can't seem to find it 👀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code was left in RealmCache, so isn't part of this PR. But i discovered a bug in it while testing 🙈 (it failed if you had both an certificate and disableSsl enabled).
val syncConfigSSL: SyncConfiguration = configFactory.createSyncConfigurationBuilder(user, partition) | ||
.modules(DefaultSyncSchema()) | ||
.waitForInitialRemoteData() | ||
.disableSSLVerification() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this test? Is there anything else in the setup that would make this fail if you didn't include this option? Maybe if you added an otherwise failling certificate you would show that we are bypassing that 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a manual test to this class that runs against an prod Atlas app. It requires that you run it manually, but does verify that things work.
This PR re-adds custom certificate code that was assumed to not be needed anymore. We where wrong. It was mostly the public API's and tests that had been removed. Most of the internal plumbing was still present in the code base.
It has not been possible to test the success case, but since the code has just been re-added it is assumed to work. The error case is tested by the tests and these also verify that we correctly load the certificate from assets and call the validate functions.
TODO