clean up

Quinn-With-Two-Ns · Quinn-With-Two-Ns · commit 7fe87a178f79 · 2025-09-14T23:48:10.000-07:00
diff --git a/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigProfile.java b/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigProfile.java
@@ -2,6 +2,7 @@
 
 import io.grpc.Metadata;
 import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
+import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.temporal.client.WorkflowClientOptions;
 import io.temporal.common.Experimental;
 import io.temporal.serviceclient.WorkflowServiceStubsOptions;
@@ -30,6 +31,7 @@ public static Builder newBuilder(ClientConfigProfile profile) {
     return new Builder(profile);
   }
 
+  /** Returns a default instance of ClientConfigProfile with all fields unset. */
   public static ClientConfigProfile getDefaultInstance() {
     return new Builder().build();
   }
@@ -100,11 +102,14 @@ public WorkflowServiceStubsOptions toWorkflowServiceStubsOptions() {
           trustCertCollectionInputStream = null;
         }
 
-        builder.setSslContext(
-            SslContextBuilder.forClient()
-                .trustManager(trustCertCollectionInputStream)
-                .keyManager(clientCertStream, keyFile)
-                .build());
+        SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
+        if (trustCertCollectionInputStream != null) {
+          sslContextBuilder.trustManager(trustCertCollectionInputStream);
+        } else if (this.tls.isDisableHostVerification()) {
+          sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+        }
+        sslContextBuilder.keyManager(clientCertStream, keyFile);
+        builder.setSslContext(sslContextBuilder.build());
       } catch (IOException e) {
         throw new RuntimeException("Unable to create SSL context", e);
       }
@@ -273,15 +278,8 @@ private void applyEnvOverrides(Map<String, String> overrideEnvVars) {
         if (tlsBuilder == null) {
           tlsBuilder = ClientConfigTLS.newBuilder();
         }
-        // tlsBuilder.setDisableHostVerification(v);
-      }
-    }
-    if (env.containsKey("TEMPORAL_TLS_SERVER_NAME")) {
-      String s = env.get("TEMPORAL_TLS_SERVER_NAME");
-      if (tlsBuilder == null) {
-        tlsBuilder = ClientConfigTLS.newBuilder();
+        tlsBuilder.setDisableHostVerification(v);
       }
-      tlsBuilder.setServerName(s);
     }
     // Apply the TLS changes if any
     if (tlsBuilder != null) {
@@ -335,9 +333,9 @@ public static final class Builder {
     private Metadata metadata;
     private ClientConfigTLS tls;
 
-    public Builder() {}
+    private Builder() {}
 
-    public Builder(ClientConfigProfile profile) {
+    private Builder(ClientConfigProfile profile) {
       this.namespace = profile.namespace;
       this.address = profile.address;
       this.apiKey = profile.apiKey;
diff --git a/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigTLS.java b/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigTLS.java
@@ -5,10 +5,16 @@
 /** TLS configuration for a client. */
 @Experimental
 public class ClientConfigTLS {
+  /** Create a builder for {@link ClientConfigTLS}. */
   public static Builder newBuilder() {
     return new Builder();
   }
 
+  /** Create a builder from an existing {@link ClientConfigTLS}. */
+  public static Builder newBuilder(ClientConfigTLS config) {
+    return new Builder(config);
+  }
+
   private final boolean disabled;
   private final String clientCertPath;
   private final byte[] clientCertData;
@@ -17,8 +23,9 @@ public static Builder newBuilder() {
   private final String serverCACertPath;
   private final byte[] serverCACertData;
   private final String serverName;
+  private final boolean disableHostVerification;
 
-  public ClientConfigTLS(
+  private ClientConfigTLS(
       boolean disabled,
       String clientCertPath,
       byte[] clientCertData,
@@ -36,6 +43,7 @@ public ClientConfigTLS(
     this.serverCACertPath = serverCACertPath;
     this.serverCACertData = serverCACertData;
     this.serverName = serverName;
+    this.disableHostVerification = disableHostVerification;
   }
 
   public boolean isDisabled() {
@@ -70,19 +78,37 @@ public String getServerName() {
     return serverName;
   }
 
+  public boolean isDisableHostVerification() {
+    return disableHostVerification;
+  }
+
   public Builder toBuilder() {
     return new Builder(this);
   }
 
   public static class Builder {
+    private String clientCertPath;
+    private byte[] clientCertData;
+    private String clientKeyPath;
+    private byte[] clientKeyData;
+    private String serverCACertPath;
+    private byte[] serverCACertData;
     private boolean disabled;
     private String serverName;
+    private boolean disableHostVerification;
 
-    public Builder() {}
+    private Builder() {}
 
-    public Builder(ClientConfigTLS clientConfigTLS) {
+    private Builder(ClientConfigTLS clientConfigTLS) {
       this.disabled = clientConfigTLS.disabled;
       this.serverName = clientConfigTLS.serverName;
+      this.clientCertPath = clientConfigTLS.clientCertPath;
+      this.clientCertData = clientConfigTLS.clientCertData;
+      this.clientKeyPath = clientConfigTLS.clientKeyPath;
+      this.clientKeyData = clientConfigTLS.clientKeyData;
+      this.serverCACertPath = clientConfigTLS.serverCACertPath;
+      this.serverCACertData = clientConfigTLS.serverCACertData;
+      this.disableHostVerification = clientConfigTLS.disableHostVerification;
     }
 
     /** Disable TLS. Default: false. */
@@ -102,36 +128,57 @@ public Builder setServerName(String serverName) {
 
     /** Path to client mTLS certificate. Mutually exclusive with ClientCertData. */
     public Builder setClientCertPath(String clientCertPath) {
+      this.clientCertPath = clientCertPath;
       return this;
     }
 
     /** PEM bytes for client mTLS certificate. Mutually exclusive with ClientCertPath. */
     public Builder setClientCertData(byte[] bytes) {
+      this.clientCertData = bytes;
       return this;
     }
 
     /** Path to client mTLS key. Mutually exclusive with ClientKeyData. */
     public Builder setClientKeyPath(String clientKeyPath) {
+      this.clientKeyPath = clientKeyPath;
       return this;
     }
 
     /** PEM bytes for client mTLS key. Mutually exclusive with ClientKeyPath. */
-    public Builder setClientKeyData(byte[] bytes) {
+    public Builder setClientKeyData(byte[] clientKeyData) {
+      this.clientKeyData = clientKeyData;
       return this;
     }
 
     /** Path to server CA cert override. Mutually exclusive with ServerCACertData. */
-    public Builder setServerCACertPath(String s) {
+    public Builder setServerCACertPath(String serverCACertPath) {
+      this.serverCACertPath = serverCACertPath;
       return this;
     }
 
     /** PEM bytes for server CA cert override. Mutually exclusive with ServerCACertPath. */
-    public Builder setServerCACertData(byte[] bytes) {
+    public Builder setServerCACertData(byte[] serverCACertData) {
+      this.serverCACertData = serverCACertData;
+      return this;
+    }
+
+    /** Disable server host verification. Default: false */
+    public Builder setDisableHostVerification(boolean disableHostVerification) {
+      this.setDisableHostVerification(disableHostVerification);
       return this;
     }
 
     public ClientConfigTLS build() {
-      return new ClientConfigTLS(disabled, null, null, null, null, null, null, serverName, false);
+      return new ClientConfigTLS(
+          disabled,
+          clientCertPath,
+          clientCertData,
+          clientKeyPath,
+          clientKeyData,
+          serverCACertPath,
+          serverCACertData,
+          serverName,
+          disableHostVerification);
     }
   }
 }
diff --git a/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigToml.java b/temporal-envconfig/src/main/java/io/temporal/envconfig/ClientConfigToml.java
@@ -4,6 +4,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.grpc.Metadata;
 import io.temporal.common.Experimental;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Map;
 import javax.annotation.Nullable;
@@ -119,16 +120,26 @@ static ClientConfigTLS getClientConfigTLS(ClientConfigToml.TomlClientConfigProfi
     ClientConfigTLS tls = null;
     if (tomlProfile.tls != null) {
       tls =
-          new ClientConfigTLS(
-              tomlProfile.tls.disabled,
-              tomlProfile.tls.clientCertPath,
-              tomlProfile.tls.clientCertData.getBytes(),
-              tomlProfile.tls.clientKeyPath,
-              tomlProfile.tls.clientKeyData.getBytes(),
-              tomlProfile.tls.serverCACertPath,
-              tomlProfile.tls.serverCACertData.getBytes(),
-              tomlProfile.tls.serverName,
-              tomlProfile.tls.disableHostVerification);
+          ClientConfigTLS.newBuilder()
+              .setClientCertData(
+                  tomlProfile.tls.clientCertData != null
+                      ? tomlProfile.tls.clientCertData.getBytes(StandardCharsets.UTF_8)
+                      : null)
+              .setClientCertPath(tomlProfile.tls.clientCertPath)
+              .setClientKeyData(
+                  tomlProfile.tls.clientKeyData != null
+                      ? tomlProfile.tls.clientKeyData.getBytes(StandardCharsets.UTF_8)
+                      : null)
+              .setClientKeyPath(tomlProfile.tls.clientKeyPath)
+              .setServerCACertData(
+                  tomlProfile.tls.serverCACertData != null
+                      ? tomlProfile.tls.serverCACertData.getBytes(StandardCharsets.UTF_8)
+                      : null)
+              .setServerCACertPath(tomlProfile.tls.serverCACertPath)
+              .setDisabled(tomlProfile.tls.disabled)
+              .setServerName(tomlProfile.tls.serverName)
+              .setDisableHostVerification(tomlProfile.tls.disableHostVerification)
+              .build();
     }
     return tls;
   }
diff --git a/temporal-envconfig/src/main/java/io/temporal/envconfig/LoadClientConfigOptions.java b/temporal-envconfig/src/main/java/io/temporal/envconfig/LoadClientConfigOptions.java
@@ -10,6 +10,10 @@ public static Builder newBuilder() {
     return new Builder();
   }
 
+  public static Builder newBuilder(LoadClientConfigOptions options) {
+    return new Builder(options);
+  }
+
   private final String configFilePath;
   private final byte[] configFileData;
   private final boolean strictConfigFile;
@@ -48,7 +52,14 @@ public static class Builder {
     private boolean strictConfigFile;
     private Map<String, String> envOverrides;
 
-    public Builder() {}
+    private Builder() {}
+
+    private Builder(LoadClientConfigOptions options) {
+      this.configFilePath = options.configFilePath;
+      this.configFileData = options.configFileData;
+      this.strictConfigFile = options.strictConfigFile;
+      this.envOverrides = options.envOverrides;
+    }
 
     public LoadClientConfigOptions build() {
       return new LoadClientConfigOptions(
diff --git a/temporal-envconfig/src/main/java/io/temporal/envconfig/LoadClientConfigProfileOptions.java b/temporal-envconfig/src/main/java/io/temporal/envconfig/LoadClientConfigProfileOptions.java
@@ -13,6 +13,10 @@ public static Builder newBuilder() {
     return new Builder();
   }
 
+  public static Builder newBuilder(LoadClientConfigProfileOptions options) {
+    return new Builder(options);
+  }
+
   private final String configFileProfile;
   private final String configFilePath;
   private final byte[] configFileData;
@@ -21,7 +25,7 @@ public static Builder newBuilder() {
   private final boolean disableEnv;
   private final Map<String, String> envOverrides;
 
-  public LoadClientConfigProfileOptions(
+  private LoadClientConfigProfileOptions(
       String configFileProfile,
       String configFilePath,
       byte[] configFileData,
@@ -75,15 +79,16 @@ public static class Builder {
     private boolean disableEnv;
     private Map<String, String> envOverrides;
 
-    public LoadClientConfigProfileOptions build() {
-      return new LoadClientConfigProfileOptions(
-          configFileProfile,
-          configFilePath,
-          configFileData,
-          configFileStrict,
-          disableFile,
-          disableEnv,
-          envOverrides);
+    private Builder() {}
+
+    private Builder(LoadClientConfigProfileOptions options) {
+      this.configFileProfile = options.configFileProfile;
+      this.configFilePath = options.configFilePath;
+      this.configFileData = options.configFileData;
+      this.configFileStrict = options.configFileStrict;
+      this.disableFile = options.disableFile;
+      this.disableEnv = options.disableEnv;
+      this.envOverrides = options.envOverrides;
     }
 
     /** If true, will error if there are unrecognized keys. Defaults to false. */
@@ -150,5 +155,16 @@ public Builder setEnvOverrides(Map<String, String> envOverrides) {
       this.envOverrides = envOverrides;
       return this;
     }
+
+    public LoadClientConfigProfileOptions build() {
+      return new LoadClientConfigProfileOptions(
+          configFileProfile,
+          configFilePath,
+          configFileData,
+          configFileStrict,
+          disableFile,
+          disableEnv,
+          envOverrides);
+    }
   }
 }
