Feature/TLS cert configuration (#1660)

* expose client tls for dls config

* expose client tls for dls config (code formatting fixes)

* expose client tls for dls config (annotation, default value and formatting fixes)

* expose client tls for dls config (HttpExportConfigurationTest changes)

Author: brsgina

android-agent/api/android-agent.api

@@ -7,6 +7,12 @@ public final class io/opentelemetry/android/agent/OpenTelemetryRumInitializer {
 	public static synthetic fun initialize$default (Landroid/content/Context;Lkotlin/jvm/functions/Function1;ILjava/lang/Object;)Lio/opentelemetry/android/OpenTelemetryRum;
 }
 
+public final class io/opentelemetry/android/agent/connectivity/ClientTlsConnectivity {
+	public fun <init> ([B[B)V
+	public final fun getCertificatePem ()[B
+	public final fun getPrivateKeyPem ()[B
+}
+
 public final class io/opentelemetry/android/agent/connectivity/Compression : java/lang/Enum {
 	public static final field GZIP Lio/opentelemetry/android/agent/connectivity/Compression;
 	public static final field NONE Lio/opentelemetry/android/agent/connectivity/Compression;
@@ -37,12 +43,14 @@ public final class io/opentelemetry/android/agent/dsl/EndpointConfiguration {
 public final class io/opentelemetry/android/agent/dsl/HttpExportConfiguration {
 	public final fun getBaseHeaders ()Ljava/util/Map;
 	public final fun getBaseUrl ()Ljava/lang/String;
+	public final fun getClientTls ()Lio/opentelemetry/android/agent/connectivity/ClientTlsConnectivity;
 	public final fun getCompression ()Lio/opentelemetry/android/agent/connectivity/Compression;
 	public final fun getSslContext ()Lio/opentelemetry/android/agent/connectivity/SSLContextConnectivity;
 	public final fun logs (Lkotlin/jvm/functions/Function1;)V
 	public final fun metrics (Lkotlin/jvm/functions/Function1;)V
 	public final fun setBaseHeaders (Ljava/util/Map;)V
 	public final fun setBaseUrl (Ljava/lang/String;)V
+	public final fun setClientTls (Lio/opentelemetry/android/agent/connectivity/ClientTlsConnectivity;)V
 	public final fun setCompression (Lio/opentelemetry/android/agent/connectivity/Compression;)V
 	public final fun setSslContext (Lio/opentelemetry/android/agent/connectivity/SSLContextConnectivity;)V
 	public final fun spans (Lkotlin/jvm/functions/Function1;)V

android-agent/src/main/kotlin/io/opentelemetry/android/agent/OpenTelemetryRumInitializer.kt

@@ -12,6 +12,7 @@ import io.opentelemetry.android.Incubating
 import io.opentelemetry.android.OpenTelemetryRum
 import io.opentelemetry.android.RumBuilder
 import io.opentelemetry.android.agent.connectivity.Compression
+import io.opentelemetry.android.agent.connectivity.HttpEndpointConnectivity
 import io.opentelemetry.android.agent.dsl.OpenTelemetryConfiguration
 import io.opentelemetry.android.agent.session.SessionConfig
 import io.opentelemetry.android.agent.session.SessionIdTimeoutHandler
@@ -66,42 +67,57 @@ object OpenTelemetryRumInitializer {
             .setSessionProvider(createSessionProvider(ctx, cfg))
             .setResource(resource)
             .setClock(cfg.clock)
-            .addSpanExporterCustomizer {
-                OtlpHttpSpanExporter
-                    .builder()
-                    .setEndpoint(spansEndpoint.getUrl())
-                    .setHeaders(spansEndpoint::getHeaders)
-                    .setCompression(spansEndpoint.getCompression().getUpstreamName())
-                    .apply {
-                        spansEndpoint.getSslContext()?.let {
-                            setSslContext(it.sslContext, it.sslX509TrustManager)
-                        }
-                    }.build()
-            }.addLogRecordExporterCustomizer {
-                OtlpHttpLogRecordExporter
-                    .builder()
-                    .setEndpoint(logsEndpoints.getUrl())
-                    .setHeaders(logsEndpoints::getHeaders)
-                    .setCompression(logsEndpoints.getCompression().getUpstreamName())
-                    .apply {
-                        logsEndpoints.getSslContext()?.let {
-                            setSslContext(it.sslContext, it.sslX509TrustManager)
-                        }
-                    }.build()
-            }.addMetricExporterCustomizer {
-                OtlpHttpMetricExporter
-                    .builder()
-                    .setEndpoint(metricsEndpoint.getUrl())
-                    .setHeaders(metricsEndpoint::getHeaders)
-                    .setCompression(metricsEndpoint.getCompression().getUpstreamName())
-                    .apply {
-                        metricsEndpoint.getSslContext()?.let {
-                            setSslContext(it.sslContext, it.sslX509TrustManager)
-                        }
-                    }.build()
-            }.build()
+            .addSpanExporterCustomizer { createSpanExporter(spansEndpoint) }
+            .addLogRecordExporterCustomizer { createLogExporter(logsEndpoints) }
+            .addMetricExporterCustomizer { createMetricExporter(metricsEndpoint) }
+            .build()
     }
 
+    private fun createSpanExporter(endpoint: HttpEndpointConnectivity): OtlpHttpSpanExporter =
+        OtlpHttpSpanExporter
+            .builder()
+            .setEndpoint(endpoint.getUrl())
+            .setHeaders(endpoint::getHeaders)
+            .setCompression(endpoint.getCompression().getUpstreamName())
+            .apply {
+                endpoint.getClientTls()?.let {
+                    setClientTls(it.privateKeyPem, it.certificatePem)
+                }
+                endpoint.getSslContext()?.let {
+                    setSslContext(it.sslContext, it.sslX509TrustManager)
+                }
+            }.build()
+
+    private fun createLogExporter(endpoint: HttpEndpointConnectivity): OtlpHttpLogRecordExporter =
+        OtlpHttpLogRecordExporter
+            .builder()
+            .setEndpoint(endpoint.getUrl())
+            .setHeaders(endpoint::getHeaders)
+            .setCompression(endpoint.getCompression().getUpstreamName())
+            .apply {
+                endpoint.getClientTls()?.let {
+                    setClientTls(it.privateKeyPem, it.certificatePem)
+                }
+                endpoint.getSslContext()?.let {
+                    setSslContext(it.sslContext, it.sslX509TrustManager)
+                }
+            }.build()
+
+    private fun createMetricExporter(endpoint: HttpEndpointConnectivity): OtlpHttpMetricExporter =
+        OtlpHttpMetricExporter
+            .builder()
+            .setEndpoint(endpoint.getUrl())
+            .setHeaders(endpoint::getHeaders)
+            .setCompression(endpoint.getCompression().getUpstreamName())
+            .apply {
+                endpoint.getClientTls()?.let {
+                    setClientTls(it.privateKeyPem, it.certificatePem)
+                }
+                endpoint.getSslContext()?.let {
+                    setSslContext(it.sslContext, it.sslX509TrustManager)
+                }
+            }.build()
+
     private fun Compression.getUpstreamName(): String =
         when (this) {
             Compression.GZIP -> "gzip"

android-agent/src/main/kotlin/io/opentelemetry/android/agent/connectivity/ClientTlsConnectivity.kt

@@ -0,0 +1,16 @@
+package io.opentelemetry.android.agent.connectivity
+
+import io.opentelemetry.android.Incubating
+
+/**
+ * The client key and the certificate chain to use for verifying client when TLS is enabled.
+ *
+ * @param privateKeyPem client key PKCS8 in PEM format.
+ * @param certificatePem client certificate chain in PEM format.
+ */
+
+@Incubating
+class ClientTlsConnectivity(
+    val privateKeyPem: ByteArray,
+    val certificatePem: ByteArray,
+)

android-agent/src/main/kotlin/io/opentelemetry/android/agent/connectivity/EndpointConnectivity.kt

@@ -13,4 +13,6 @@ internal interface EndpointConnectivity {
     fun getCompression(): Compression
 
     fun getSslContext(): SSLContextConnectivity?
+
+    fun getClientTls(): ClientTlsConnectivity?
 }

android-agent/src/main/kotlin/io/opentelemetry/android/agent/connectivity/HttpEndpointConnectivity.kt

@@ -10,28 +10,50 @@ internal class HttpEndpointConnectivity private constructor(
     private val headers: Map<String, String>,
     private val compression: Compression,
     private val sslContext: SSLContextConnectivity?,
+    private val clientTls: ClientTlsConnectivity? = null
 ) : EndpointConnectivity {
     companion object {
         fun forTraces(
             baseUrl: String,
             headers: Map<String, String>,
             compression: Compression,
             sslContext: SSLContextConnectivity?,
-        ): HttpEndpointConnectivity = HttpEndpointConnectivity(baseUrl.trimEnd('/') + "/v1/traces", headers, compression, sslContext)
+            clientTls: ClientTlsConnectivity?
+        ): HttpEndpointConnectivity = HttpEndpointConnectivity(
+            baseUrl.trimEnd('/') + "/v1/traces",
+            headers,
+            compression,
+            sslContext,
+            clientTls
+        )
 
         fun forLogs(
             baseUrl: String,
             headers: Map<String, String>,
             compression: Compression,
             sslContext: SSLContextConnectivity?,
-        ): HttpEndpointConnectivity = HttpEndpointConnectivity(baseUrl.trimEnd('/') + "/v1/logs", headers, compression, sslContext)
+            clientTls: ClientTlsConnectivity?
+        ): HttpEndpointConnectivity = HttpEndpointConnectivity(
+            baseUrl.trimEnd('/') + "/v1/logs",
+            headers,
+            compression,
+            sslContext,
+            clientTls
+        )
 
         fun forMetrics(
             baseUrl: String,
             headers: Map<String, String>,
             compression: Compression,
             sslContext: SSLContextConnectivity?,
-        ): HttpEndpointConnectivity = HttpEndpointConnectivity(baseUrl.trimEnd('/') + "/v1/metrics", headers, compression, sslContext)
+            clientTls: ClientTlsConnectivity?
+        ): HttpEndpointConnectivity = HttpEndpointConnectivity(
+            baseUrl.trimEnd('/') + "/v1/metrics",
+            headers,
+            compression,
+            sslContext,
+            clientTls
+        )
     }
 
     override fun getUrl(): String = url
@@ -41,4 +63,6 @@ internal class HttpEndpointConnectivity private constructor(
     override fun getCompression(): Compression = compression
 
     override fun getSslContext(): SSLContextConnectivity? = sslContext
+
+    override fun getClientTls(): ClientTlsConnectivity? = clientTls
 }

android-agent/src/main/kotlin/io/opentelemetry/android/agent/dsl/HttpExportConfiguration.kt

@@ -5,6 +5,8 @@
 
 package io.opentelemetry.android.agent.dsl
 
+import io.opentelemetry.android.Incubating
+import io.opentelemetry.android.agent.connectivity.ClientTlsConnectivity
 import io.opentelemetry.android.agent.connectivity.Compression
 import io.opentelemetry.android.agent.connectivity.HttpEndpointConnectivity
 import io.opentelemetry.android.agent.connectivity.SSLContextConnectivity
@@ -34,6 +36,13 @@ class HttpExportConfiguration internal constructor() {
      */
     var sslContext: SSLContextConnectivity? = null
 
+    /**
+     * Sets ths client key and the certificate chain to use for verifying client
+     * for all requests when TLS is enabled.
+     */
+    @Incubating
+    var clientTls: ClientTlsConnectivity? = null
+
     private val spansConfig: EndpointConfiguration = EndpointConfiguration("")
     private val logsConfig: EndpointConfiguration = EndpointConfiguration("")
     private val metricsConfig: EndpointConfiguration = EndpointConfiguration("")
@@ -44,6 +53,7 @@ class HttpExportConfiguration internal constructor() {
             spansConfig.headers + baseHeaders,
             chooseCompression(spansConfig.compression),
             sslContext,
+            clientTls
         )
 
     internal fun logsEndpoint(): HttpEndpointConnectivity =
@@ -52,6 +62,7 @@ class HttpExportConfiguration internal constructor() {
             logsConfig.headers + baseHeaders,
             chooseCompression(logsConfig.compression),
             sslContext,
+            clientTls
         )
 
     internal fun metricsEndpoint(): HttpEndpointConnectivity =
@@ -60,6 +71,7 @@ class HttpExportConfiguration internal constructor() {
             metricsConfig.headers + baseHeaders,
             chooseCompression(metricsConfig.compression),
             sslContext,
+            clientTls
         )
 
     private fun chooseUrlSource(cfg: EndpointConfiguration): String = cfg.url.ifBlank { baseUrl }

android-agent/src/test/kotlin/io/opentelemetry/android/agent/connectivity/HttpEndpointConnectivityTest.kt

@@ -15,24 +15,28 @@ class HttpEndpointConnectivityTest {
         val headers = mapOf("Authorization" to "Basic something")
         val compression = Compression.NONE
         val sslContext = SSLContextConnectivity(mockk(), mockk())
+        val clientTls: ClientTlsConnectivity = mockk()
         val tracesConnectivity =
-            HttpEndpointConnectivity.forTraces("http://some.endpoint", headers, compression, sslContext)
+            HttpEndpointConnectivity.forTraces("http://some.endpoint", headers, compression, sslContext, clientTls)
         val logsConnectivity =
-            HttpEndpointConnectivity.forLogs("http://some.endpoint/", headers, compression, sslContext)
+            HttpEndpointConnectivity.forLogs("http://some.endpoint/", headers, compression, sslContext, clientTls)
         val metricsConnectivity =
-            HttpEndpointConnectivity.forMetrics("http://some.endpoint", headers, compression, sslContext)
+            HttpEndpointConnectivity.forMetrics("http://some.endpoint", headers, compression, sslContext, clientTls)
 
         assertThat(tracesConnectivity.getUrl()).isEqualTo("http://some.endpoint/v1/traces")
         assertThat(tracesConnectivity.getHeaders()).isEqualTo(headers)
         assertThat(tracesConnectivity.getCompression()).isEqualTo(Compression.NONE)
         assertThat(tracesConnectivity.getSslContext()).isEqualTo(sslContext)
+        assertThat(tracesConnectivity.getClientTls()).isEqualTo(clientTls)
         assertThat(logsConnectivity.getUrl()).isEqualTo("http://some.endpoint/v1/logs")
         assertThat(logsConnectivity.getHeaders()).isEqualTo(headers)
         assertThat(logsConnectivity.getCompression()).isEqualTo(Compression.NONE)
         assertThat(logsConnectivity.getSslContext()).isEqualTo(sslContext)
+        assertThat(logsConnectivity.getClientTls()).isEqualTo(clientTls)
         assertThat(metricsConnectivity.getUrl()).isEqualTo("http://some.endpoint/v1/metrics")
         assertThat(metricsConnectivity.getHeaders()).isEqualTo(headers)
         assertThat(metricsConnectivity.getCompression()).isEqualTo(Compression.NONE)
         assertThat(metricsConnectivity.getSslContext()).isEqualTo(sslContext)
+        assertThat(metricsConnectivity.getClientTls()).isEqualTo(clientTls)
     }
 }