tessl/maven-com-squareup-okhttp3--okhttp-tls
OkHttp Transport Layer Security (TLS) library providing approachable APIs for using TLS, including certificate handling, certificate authorities, and client authentication
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-com-squareup-okhttp3--okhttp-tls@4.12.00
# OkHttp TLS
1
2
OkHttp TLS provides approachable APIs for using TLS, including certificate handling, certificate authorities, and client authentication. It enables developers to easily create self-signed certificates for testing, configure certificate authorities for production, and handle complex TLS scenarios like mutual authentication without compromising security practices.
3
4
## Package Information
5
6
- **Package Name**: okhttp-tls
7
- **Package Type**: maven
8
- **Group ID**: com.squareup.okhttp3
9
- **Artifact ID**: okhttp-tls
10
- **Language**: Kotlin/Java
11
- **Installation**: `implementation("com.squareup.okhttp3:okhttp-tls:4.12.0")`
12
13
## Core Imports
14
15
```kotlin
16
import okhttp3.tls.HeldCertificate
17
import okhttp3.tls.HandshakeCertificates
18
import okhttp3.tls.certificatePem
19
import okhttp3.tls.decodeCertificatePem
20
```
21
22
For Java:
23
24
```java
25
import okhttp3.tls.HeldCertificate;
26
import okhttp3.tls.HandshakeCertificates;
27
import static okhttp3.tls.CertificatesKt.certificatePem;
28
import static okhttp3.tls.CertificatesKt.decodeCertificatePem;
29
```
30
31
## Basic Usage
32
33
```kotlin
34
import okhttp3.tls.HeldCertificate
35
import okhttp3.tls.HandshakeCertificates
36
import java.net.InetAddress
37
38
// Create a self-signed certificate for localhost
39
val localhost = InetAddress.getByName("localhost").canonicalHostName
40
val localhostCertificate = HeldCertificate.Builder()
41
.addSubjectAlternativeName(localhost)
42
.build()
43
44
// Create server handshake certificates
45
val serverCertificates = HandshakeCertificates.Builder()
46
.heldCertificate(localhostCertificate)
47
.build()
48
49
// Create client handshake certificates that trust the server
50
val clientCertificates = HandshakeCertificates.Builder()
51
.addTrustedCertificate(localhostCertificate.certificate)
52
.build()
53
54
// Use with OkHttp
55
val client = OkHttpClient.Builder()
56
.sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
57
.build()
58
```
59
60
## Architecture
61
62
OkHttp TLS is built around three core components:
63
64
- **Certificate Management**: `HeldCertificate` class representing a certificate and its private key, with a fluent builder for creation
65
- **Handshake Configuration**: `HandshakeCertificates` class managing trust relationships between clients and servers
66
- **PEM Utilities**: Extension functions for encoding/decoding certificates in PEM format
67
- **Builder Pattern**: Consistent builder pattern throughout for configurable, secure defaults
68
- **Security Focus**: Designed to eliminate common TLS misconfigurations and insecure practices
69
70
## Capabilities
71
72
### Certificate Creation and Management
73
74
Create certificates with private keys for TLS authentication. Supports self-signed certificates, certificate authorities, and complete certificate chains.
75
76
```kotlin { .api }
77
class HeldCertificate(
78
val keyPair: KeyPair,
79
val certificate: X509Certificate
80
) {
81
fun certificatePem(): String
82
fun privateKeyPkcs8Pem(): String
83
fun privateKeyPkcs1Pem(): String
84
85
companion object {
86
fun decode(certificateAndPrivateKeyPem: String): HeldCertificate
87
}
88
}
89
```
90
91
[Certificate Management](./certificate-management.md)
92
93
### TLS Handshake Configuration
94
95
Configure TLS handshakes with proper certificate validation and trust relationships. Handles both server authentication and mutual client authentication.
96
97
```kotlin { .api }
98
class HandshakeCertificates private constructor(
99
val keyManager: X509KeyManager,
100
val trustManager: X509TrustManager
101
) {
102
fun sslSocketFactory(): SSLSocketFactory
103
fun sslContext(): SSLContext
104
}
105
```
106
107
[Handshake Configuration](./handshake-configuration.md)
108
109
### PEM Certificate Utilities
110
111
Utility functions for encoding and decoding X.509 certificates in PEM format, enabling easy certificate persistence and exchange.
112
113
```kotlin { .api }
114
fun String.decodeCertificatePem(): X509Certificate
115
fun X509Certificate.certificatePem(): String
116
```
117
118
[PEM Utilities](./pem-utilities.md)
119
120
## Types
121
122
```kotlin { .api }
123
// Java standard library types used throughout
124
import java.security.KeyPair
125
import java.security.cert.X509Certificate
126
import javax.net.ssl.X509KeyManager
127
import javax.net.ssl.X509TrustManager
128
import javax.net.ssl.SSLSocketFactory
129
import javax.net.ssl.SSLContext
130
```