getindata
diff --git a/‎CHANGELOG.md
Lines changed: 9 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 49 additions & 22 deletions b/‎README.md
Lines changed: 49 additions & 22 deletions
diff --git a/‎pom.xml
Lines changed: 1 addition & 4 deletions b/‎pom.xml
Lines changed: 1 addition & 4 deletions
diff --git a/‎src/main/java/com/getindata/connectors/http/internal/SinkHttpClientResponse.java
Lines changed: 2 additions & 0 deletions b/‎src/main/java/com/getindata/connectors/http/internal/SinkHttpClientResponse.java
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/main/java/com/getindata/connectors/http/internal/config/HttpConnectorConfigConstants.java
Lines changed: 22 additions & 1 deletion b/‎src/main/java/com/getindata/connectors/http/internal/config/HttpConnectorConfigConstants.java
Lines changed: 22 additions & 1 deletion
@@ -2,6 +2,15 @@
 
 ## [Unreleased]
 
+### Added
+
+- Add TLS and mTLS support for Http Sink and Lookup Source connectors.  
+New properties are:
+  - `gid.connector.http.security.cert.server` - path to server's certificate.
+  - `gid.connector.http.security.cert.client` - path to connector's certificate.
+  - `gid.connector.http.security.key.client` - path to connector's private key.
+  - `gid.connector.http.security.cert.server.allowSelfSigned` - allowing for self signed certificates without adding them to KeyStore (not recommended for a production).
+
 ## [0.4.0] - 2022-08-31
 
 ### Added
 
@@ -211,33 +211,60 @@ An example of such a mask would be `3XX, 4XX, 5XX`. In this case, all 300s, 400s
    Many status codes can be defined in one value, where each code should be separated with comma, for example:
   `401, 402, 403`. In this example, codes 401, 402 and 403 would not be interpreted as error codes.
 
+## TLS and mTLS support
+Both Http Sink and Lookup Source connectors supports Https communication using TLS 1.2 and mTLS.
+To enable Https communication simply use `https` protocol in endpoint's URL.
+If certificate used by HTTP server is self-signed, or it is signed byt not globally recognize CA
+you would have to add this certificate to connector's keystore as trusted certificate.
+In order to do so, use `gid.connector.http.security.cert.server` connector property,
+which value is a path to the certificate. You can also use your organization's CA Root certificate.
+You can specify many certificate, separating each path with `,`.
+
+You can also configure connector to use mTLS. For this simply use `gid.connector.http.security.cert.client`
+and `gid.connector.http.security.key.client` connector properties to specify path to certificate and
+private key that should be used by connector. Key MUST be in `PCKS8` format. Both PEM and DER keys are
+allowed.
+
+All properties can be set via Sink's builder `.setProperty(...)` method or through Sink and Source table DDL.
+
+For non production environments it is sometimes necessary to use Https connection and accept all certificates.
+In this special case, you can configure connector to trust all certificates without adding them to keystore.
+To enable this option use `gid.connector.http.security.cert.server.allowSelfSigned` property setting its value to `true`.
 
 ## Table API Connector Options
 ### HTTP TableLookup Source
-| Option                                       | Required | Description/Value                                                                                                             |
-|----------------------------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------|
-| connector                                    | required | The Value should be set to _rest-lookup_                                                                                      |
-| format                                       | required | Flink's format name that should be used to decode REST response, Use `json` for a typical REST endpoint.                      |
-| url                                          | required | The base URL that should be use for GET requests. For example _http://localhost:8080/client_                                  |
-| asyncPolling                                 | optional | true/false - determines whether Async Pooling should be used. Mechanism is based on Flink's Async I/O.                        |
-| gid.connector.http.lookup.error.code         | optional | List of HTTP status codes that should be treated as errors by HTTP Source, separated with comma.                              |
-| gid.connector.http.lookup.error.code.exclude | optional | List of HTTP status codes that should be excluded from the `gid.connector.http.lookup.error.code` list, separated with comma. |
+| Option                                                  | Required | Description/Value                                                                                                                                    |
+|---------------------------------------------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------|
+| connector                                               | required | The Value should be set to _rest-lookup_                                                                                                             |
+| format                                                  | required | Flink's format name that should be used to decode REST response, Use `json` for a typical REST endpoint.                                             |
+| url                                                     | required | The base URL that should be use for GET requests. For example _http://localhost:8080/client_                                                         |
+| asyncPolling                                            | optional | true/false - determines whether Async Pooling should be used. Mechanism is based on Flink's Async I/O.                                               |
+| gid.connector.http.lookup.error.code                    | optional | List of HTTP status codes that should be treated as errors by HTTP Source, separated with comma.                                                     |
+| gid.connector.http.lookup.error.code.exclude            | optional | List of HTTP status codes that should be excluded from the `gid.connector.http.lookup.error.code` list, separated with comma.                        |
+| gid.connector.http.security.cert.server                 | optional | Path to trusted HTTP server certificate that should be add to connectors key store. More than one path can be specified using `,` as path delimiter. |
+| gid.connector.http.security.cert.client                 | optional | Path to trusted certificate that should be used by connector's HTTP client for mTLS communication.                                                   |
+| gid.connector.http.security.key.client                  | optional | Path to trusted private key that should be used by connector's HTTP client for mTLS communication.                                                   |
+| gid.connector.http.security.cert.server.allowSelfSigned | optional | Accept untrusted certificates for TLS communication.                                                                                                 |
 
 ### HTTP Sink
-| Option                                     | Required | Description/Value                                                                                                                                                                                  |
-|--------------------------------------------|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| connector                                  | required | Specify what connector to use. For HTTP Sink it should be set to _'http-sink'_.                                                                                                                    |
-| url                                        | required | The base URL that should be use for HTTP requests. For example _http://localhost:8080/client_.                                                                                                     |
-| format                                     | required | Specify what format to use.                                                                                                                                                                        |
-| insert-method                              | optional | Specify which HTTP method to use in the request. The value should be set either to `POST` or `PUT`.                                                                                                |
-| sink.batch.max-size                        | optional | Maximum number of elements that may be passed in a batch to be written downstream.                                                                                                                 |
-| sink.requests.max-inflight                 | optional | The maximum number of in flight requests that may exist, if any more in flight requests need to be initiated once the maximum has been reached, then it will be blocked until some have completed. |
-| sink.requests.max-buffered                 | optional | Maximum number of buffered records before applying backpressure.                                                                                                                                   |
-| sink.flush-buffer.size                     | optional | The maximum size of a batch of entries that may be sent to the HTTP endpoint measured in bytes.                                                                                                    |
-| sink.flush-buffer.timeout                  | optional | Threshold time in milliseconds for an element to be in a buffer before being flushed.                                                                                                              |
-| gid.connector.http.sink.request-callback   | optional | Specify which `HttpPostRequestCallback` implementation to use. By default, it is set to `slf4j-logger` corresponding to `Slf4jHttpPostRequestCallback`.                                            |
-| gid.connector.http.sink.error.code         | optional | List of HTTP status codes that should be treated as errors by HTTP Sink, separated with comma.                                                                                                     |
-| gid.connector.http.sink.error.code.exclude | optional | List of HTTP status codes that should be excluded from the `gid.connector.http.sink.error.code` list, separated with comma.                                                                        |
+| Option                                                  | Required | Description/Value                                                                                                                                                                                  |
+|---------------------------------------------------------|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| connector                                               | required | Specify what connector to use. For HTTP Sink it should be set to _'http-sink'_.                                                                                                                    |
+| url                                                     | required | The base URL that should be use for HTTP requests. For example _http://localhost:8080/client_.                                                                                                     |
+| format                                                  | required | Specify what format to use.                                                                                                                                                                        |
+| insert-method                                           | optional | Specify which HTTP method to use in the request. The value should be set either to `POST` or `PUT`.                                                                                                |
+| sink.batch.max-size                                     | optional | Maximum number of elements that may be passed in a batch to be written downstream.                                                                                                                 |
+| sink.requests.max-inflight                              | optional | The maximum number of in flight requests that may exist, if any more in flight requests need to be initiated once the maximum has been reached, then it will be blocked until some have completed. |
+| sink.requests.max-buffered                              | optional | Maximum number of buffered records before applying backpressure.                                                                                                                                   |
+| sink.flush-buffer.size                                  | optional | The maximum size of a batch of entries that may be sent to the HTTP endpoint measured in bytes.                                                                                                    |
+| sink.flush-buffer.timeout                               | optional | Threshold time in milliseconds for an element to be in a buffer before being flushed.                                                                                                              |
+| gid.connector.http.sink.request-callback                | optional | Specify which `HttpPostRequestCallback` implementation to use. By default, it is set to `slf4j-logger` corresponding to `Slf4jHttpPostRequestCallback`.                                            |
+| gid.connector.http.sink.error.code                      | optional | List of HTTP status codes that should be treated as errors by HTTP Sink, separated with comma.                                                                                                     |
+| gid.connector.http.sink.error.code.exclude              | optional | List of HTTP status codes that should be excluded from the `gid.connector.http.sink.error.code` list, separated with comma.                                                                        |
+| gid.connector.http.security.cert.server                 | optional | Path to trusted HTTP server certificate that should be add to connectors key store. More than one path can be specified using `,` as path delimiter.                                               |
+| gid.connector.http.security.cert.client                 | optional | Path to trusted certificate that should be used by connector's HTTP client for mTLS communication.                                                                                                 |
+| gid.connector.http.security.key.client                  | optional | Path to trusted private key that should be used by connector's HTTP client for mTLS communication.                                                                                                 |
+| gid.connector.http.security.cert.server.allowSelfSigned | optional | Accept untrusted certificates for TLS communication.                                                                                                                                               |
 
 ## Build and deployment
 To build the project locally you need to have `maven 3` and Java 11+. </br>
 
@@ -320,12 +320,9 @@ under the License.
         <version>${jacoco.plugin.version}</version>
         <configuration>
           <excludes>
-            <exclude>**/*Mock*.*</exclude>
             <exclude>**/HttpLookupConnectorOptions.class</exclude>
-            <exclude>**/HttpLookupConnectorOptionsUtil.class</exclude>
-            <exclude>**/HttpTableSourceFactoryHelper.class</exclude>
-            <exclude>**/HttpPollTableSource.class</exclude>
             <exclude>**/Slf4jHttpPostRequestCallback.class</exclude>
+            <exclude>**/SelfSignedTrustManager.class</exclude>
           </excludes>
         </configuration>
         <executions>
 
@@ -4,6 +4,7 @@
 
 import lombok.Data;
 import lombok.NonNull;
+import lombok.ToString;
 
 import com.getindata.connectors.http.internal.sink.HttpSinkRequestEntry;
 
@@ -12,6 +13,7 @@
  * to write, divided into two lists &mdash; successful and failed ones.
  */
 @Data
+@ToString
 public class SinkHttpClientResponse {
 
     /**
 
@@ -11,7 +11,7 @@
 @NoArgsConstructor(access = AccessLevel.NONE)
 public final class HttpConnectorConfigConstants {
 
-    public static final String ERROR_CODE_DELIM = ",";
+    public static final String PROP_DELIM = ",";
 
     /**
      * A property prefix for http connector.
@@ -41,4 +41,25 @@ public final class HttpConnectorConfigConstants {
 
     public static final String SINK_REQUEST_CALLBACK_IDENTIFIER =
         GID_CONNECTOR_HTTP + "sink.request-callback";
+
+    // -------------- HTTPS security settings --------------
+    public static final String ALLOW_SELF_SIGNED =
+        GID_CONNECTOR_HTTP + "security.cert.server.allowSelfSigned";
+
+    public static final String SERVER_TRUSTED_CERT = GID_CONNECTOR_HTTP + "security.cert.server";
+
+    public static final String CLIENT_CERT = GID_CONNECTOR_HTTP + "security.cert.client";
+
+    public static final String CLIENT_PRIVATE_KEY = GID_CONNECTOR_HTTP + "security.key.client";
+
+    public static final String KEY_STORE_PATH = GID_CONNECTOR_HTTP
+        + "security.keystore.path";
+
+    public static final String KEY_STORE_PASSWORD = GID_CONNECTOR_HTTP
+        + "security.keystore.password";
+
+    public static final String KEY_STORE_TYPE = GID_CONNECTOR_HTTP
+        + "security.keystore.type";
+
+    // -----------------------------------------------------
 }