tessl/maven-com-squareup-okhttp3--okhttp-tls
OkHttp Transport Layer Security (TLS) library providing approachable APIs for using TLS, including certificate handling, certificate authorities, and client authentication
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-com-squareup-okhttp3--okhttp-tls@4.12.0index.mddocs/
OkHttp TLS
OkHttp TLS provides approachable APIs for using TLS, including certificate handling, certificate authorities, and client authentication. It enables developers to easily create self-signed certificates for testing, configure certificate authorities for production, and handle complex TLS scenarios like mutual authentication without compromising security practices.
Package Information
- Package Name: okhttp-tls
- Package Type: maven
- Group ID: com.squareup.okhttp3
- Artifact ID: okhttp-tls
- Language: Kotlin/Java
- Installation:
implementation("com.squareup.okhttp3:okhttp-tls:4.12.0")
Core Imports
import okhttp3.tls.HeldCertificate
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.certificatePem
import okhttp3.tls.decodeCertificatePemFor Java:
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.HandshakeCertificates;
import static okhttp3.tls.CertificatesKt.certificatePem;
import static okhttp3.tls.CertificatesKt.decodeCertificatePem;Basic Usage
import okhttp3.tls.HeldCertificate
import okhttp3.tls.HandshakeCertificates
import java.net.InetAddress
// Create a self-signed certificate for localhost
val localhost = InetAddress.getByName("localhost").canonicalHostName
val localhostCertificate = HeldCertificate.Builder()
.addSubjectAlternativeName(localhost)
.build()
// Create server handshake certificates
val serverCertificates = HandshakeCertificates.Builder()
.heldCertificate(localhostCertificate)
.build()
// Create client handshake certificates that trust the server
val clientCertificates = HandshakeCertificates.Builder()
.addTrustedCertificate(localhostCertificate.certificate)
.build()
// Use with OkHttp
val client = OkHttpClient.Builder()
.sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
.build()Architecture
OkHttp TLS is built around three core components:
- Certificate Management:
HeldCertificateclass representing a certificate and its private key, with a fluent builder for creation - Handshake Configuration:
HandshakeCertificatesclass managing trust relationships between clients and servers - PEM Utilities: Extension functions for encoding/decoding certificates in PEM format
- Builder Pattern: Consistent builder pattern throughout for configurable, secure defaults
- Security Focus: Designed to eliminate common TLS misconfigurations and insecure practices
Capabilities
Certificate Creation and Management
Create certificates with private keys for TLS authentication. Supports self-signed certificates, certificate authorities, and complete certificate chains.
class HeldCertificate(
val keyPair: KeyPair,
val certificate: X509Certificate
) {
fun certificatePem(): String
fun privateKeyPkcs8Pem(): String
fun privateKeyPkcs1Pem(): String
companion object {
fun decode(certificateAndPrivateKeyPem: String): HeldCertificate
}
}TLS Handshake Configuration
Configure TLS handshakes with proper certificate validation and trust relationships. Handles both server authentication and mutual client authentication.
class HandshakeCertificates private constructor(
val keyManager: X509KeyManager,
val trustManager: X509TrustManager
) {
fun sslSocketFactory(): SSLSocketFactory
fun sslContext(): SSLContext
}PEM Certificate Utilities
Utility functions for encoding and decoding X.509 certificates in PEM format, enabling easy certificate persistence and exchange.
fun String.decodeCertificatePem(): X509Certificate
fun X509Certificate.certificatePem(): StringTypes
// Java standard library types used throughout
import java.security.KeyPair
import java.security.cert.X509Certificate
import javax.net.ssl.X509KeyManager
import javax.net.ssl.X509TrustManager
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.SSLContext