feat: ability to set connect-rpc protocol (#285)

Author: strantalis

sdk/src/main/java/io/opentdf/platform/sdk/ProtocolType.java

@@ -0,0 +1,46 @@
+package io.opentdf.platform.sdk;
+
+import com.connectrpc.protocols.NetworkProtocol;
+
+/**
+ * Enumeration of supported network protocols for SDK communication.
+ * 
+ * This enum provides a mapping between SDK protocol types and the underlying
+ * Connect-RPC NetworkProtocol values, allowing flexible configuration of the
+ * communication protocol used for platform services.
+ */
+public enum ProtocolType {
+    /**
+     * Connect's native protocol - HTTP-based with support for HTTP/1.1, HTTP/2, and HTTP/3.
+     * Supports both JSON and binary Protobuf encoding with streaming capabilities.
+     * This is the recommended default for new applications.
+     */
+    CONNECT(NetworkProtocol.CONNECT),
+    
+    /**
+     * Standard gRPC protocol - requires HTTP/2 and uses binary Protobuf encoding.
+     * Provides full gRPC compatibility including streaming, trailers, and error details.
+     */
+    GRPC(NetworkProtocol.GRPC),
+    
+    /**
+     * gRPC-Web protocol - designed for web browsers, works over HTTP/1.1 and HTTP/2.
+     * Eliminates the need for a translating proxy like Envoy.
+     */
+    GRPC_WEB(NetworkProtocol.GRPC_WEB);
+    
+    private final NetworkProtocol networkProtocol;
+    
+    ProtocolType(NetworkProtocol networkProtocol) {
+        this.networkProtocol = networkProtocol;
+    }
+    
+    /**
+     * Get the underlying Connect-RPC NetworkProtocol value.
+     * 
+     * @return the NetworkProtocol corresponding to this ProtocolType
+     */
+    public NetworkProtocol getNetworkProtocol() {
+        return networkProtocol;
+    }
+}

sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java

@@ -65,6 +65,7 @@ public class SDKBuilder {
     private Boolean usePlainText;
     private SSLFactory sslFactory;
     private AuthorizationGrant authzGrant;
+    private ProtocolType protocolType = ProtocolType.CONNECT;
 
     private static final Logger logger = LoggerFactory.getLogger(SDKBuilder.class);
 
@@ -160,6 +161,22 @@ public SDKBuilder useInsecurePlaintextConnection(Boolean usePlainText) {
         return this;
     }
 
+    /**
+     * Set the network protocol to use for communication with platform services.
+     * 
+     * @param protocolType the protocol type to use (CONNECT, GRPC, or GRPC_WEB)
+     * @return this builder instance for method chaining
+     * @throws IllegalArgumentException if protocolType is null
+     * @see ProtocolType for available protocol options
+     */
+    public SDKBuilder protocol(ProtocolType protocolType) {
+        if (protocolType == null) {
+            throw new IllegalArgumentException("ProtocolType cannot be null");
+        }
+        this.protocolType = protocolType;
+        return this;
+    }
+
     private Interceptor getAuthInterceptor(RSAKey rsaKey) {
         if (platformEndpoint == null) {
             throw new SDKException("cannot build an SDK without specifying the platform endpoint");
@@ -231,6 +248,13 @@ static class ServicesAndInternals {
     }
 
     ServicesAndInternals buildServices() {
+        // Validate configuration compatibility
+        if (Boolean.TRUE.equals(usePlainText) && protocolType == ProtocolType.GRPC_WEB) {
+            throw new SDKException("gRPC-Web protocol is not compatible with useInsecurePlaintextConnection(true). " +
+                    "gRPC-Web is designed for web browsers and typically operates over HTTP/1.1, " +
+                    "while plaintext connections force HTTP/2 prior knowledge.");
+        }
+        
         RSAKey dpopKey;
         try {
             dpopKey = new RSAKeyGenerator(2048)
@@ -329,7 +353,7 @@ private ProtocolClient getProtocolClient(String endpoint, OkHttpClient httpClien
         var protocolClientConfig = new ProtocolClientConfig(
                 endpoint,
                 new GoogleJavaProtobufStrategy(),
-                NetworkProtocol.GRPC,
+                protocolType.getNetworkProtocol(),
                 null,
                 GETConfiguration.Enabled.INSTANCE,
                 authInterceptor == null ? Collections.emptyList() : List.of(ignoredConfig -> authInterceptor)
@@ -343,7 +367,8 @@ private OkHttpClient getHttpClient() {
         // have the same protocols
         var httpClient = new OkHttpClient.Builder();
         if (usePlainText) {
-            // we can only connect using HTTP/2 without any negotiation when using plain test
+            // For plaintext connections, we need HTTP/2 prior knowledge because gRPC servers
+            // expect HTTP/2, and Connect protocol can communicate with gRPC servers over HTTP/2
             httpClient.protocols(List.of(Protocol.H2_PRIOR_KNOWLEDGE));
         }
         if (sslFactory != null) {

sdk/src/test/java/io/opentdf/platform/sdk/KASClientTest.java

@@ -45,7 +45,7 @@ public class KASClientTest {
     BiFunction<OkHttpClient, String, ProtocolClient> aclientFactory = (OkHttpClient client, String endpoint) -> {
         return new ProtocolClient(
                 new ConnectOkHttpClient(httpClient),
-                new ProtocolClientConfig(endpoint, new GoogleJavaProtobufStrategy(), NetworkProtocol.GRPC, null, GETConfiguration.Enabled.INSTANCE)
+                new ProtocolClientConfig(endpoint, new GoogleJavaProtobufStrategy(), ProtocolType.GRPC.getNetworkProtocol(), null, GETConfiguration.Enabled.INSTANCE)
         );
     };
 

sdk/src/test/java/io/opentdf/platform/sdk/SDKBuilderTest.java

@@ -249,7 +249,8 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
             SDKBuilder servicesBuilder = SDKBuilder
                     .newBuilder()
                     .clientSecret("client-id", "client-secret")
-                    .platformEndpoint("http" + (useSSLPlatform ? "s" : "") + "://localhost:" + platformServicesServer.getPort());
+                    .platformEndpoint("http" + (useSSLPlatform ? "s" : "") + "://localhost:" + platformServicesServer.getPort())
+                    .protocol(ProtocolType.GRPC); // Use gRPC protocol for test servers
 
             if (!useSSLPlatform) {
                 servicesBuilder = servicesBuilder.useInsecurePlaintextConnection(true);
@@ -396,6 +397,7 @@ public void getNamespace(GetNamespaceRequest request,
                     .clientSecret("user", "password")
                     .platformEndpoint("http://localhost:" + platformServices.getPort())
                     .useInsecurePlaintextConnection(true)
+                    .protocol(ProtocolType.GRPC) // Use gRPC protocol for test server
                     .build();
             assertThat(sdk.getAuthInterceptor()).isEmpty();
 
@@ -412,6 +414,32 @@ public void getNamespace(GetNamespaceRequest request,
         }
     }
 
+    @Test
+    void testProtocolConfiguration() {
+        // Test protocol setter and getter functionality
+        SDKBuilder builder = SDKBuilder.newBuilder();
+        
+        // Test setting different protocol types
+        builder.protocol(ProtocolType.GRPC);
+        builder.protocol(ProtocolType.GRPC_WEB);
+        builder.protocol(ProtocolType.CONNECT);
+        
+        // Test null validation
+        assertThrows(IllegalArgumentException.class, () -> {
+            builder.protocol(null);
+        });
+        
+        // Test invalid configuration validation
+        assertThrows(SDKException.class, () -> {
+            SDKBuilder.newBuilder()
+                    .clientSecret("user", "password")
+                    .platformEndpoint("http://localhost:8080")
+                    .useInsecurePlaintextConnection(true)
+                    .protocol(ProtocolType.GRPC_WEB)
+                    .buildServices();
+        });
+    }
+
     public static int getRandomPort() throws IOException {
         int randomPort;
         try (ServerSocket socket = new ServerSocket(0)) {