@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }
@Override // Keep this in sync with NettyGrpcServerFactory#configureSecurity protected void configureSecurity(final NettyServerBuilder builder) { final Security security = this.properties.getSecurity(); if (security.isEnabled()) { final File certificateChainFile = toCheckedFile("certificateChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); final SslContextBuilder sslContextBuilder = GrpcSslContexts.forServer(certificateChainFile, privateKeyFile); if (security.getClientAuth() != ClientAuth.NONE) { sslContextBuilder.clientAuth(of(security.getClientAuth())); final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc server", e); } } }
@Override public GoogleDefaultProtocolNegotiator buildProtocolNegotiator() { TsiHandshakerFactory altsHandshakerFactory = new TsiHandshakerFactory() { @Override public TsiHandshaker newHandshaker(String authority) { // Used the shared grpc channel to connecting to the ALTS handshaker service. // TODO: Release the channel if it is not used. // https://github.com/grpc/grpc-java/issues/4755. Channel channel = SharedResourceHolder.get(HandshakerServiceChannel.SHARED_HANDSHAKER_CHANNEL); AltsClientOptions handshakerOptions = new AltsClientOptions.Builder() .setRpcProtocolVersions(RpcProtocolVersionsUtil.getRpcProtocolVersions()) .setTargetName(authority) .build(); return AltsTsiHandshaker.newClient( HandshakerServiceGrpc.newStub(channel), handshakerOptions); } }; SslContext sslContext; try { sslContext = GrpcSslContexts.forClient().build(); } catch (SSLException ex) { throw new RuntimeException(ex); } return negotiatorForTest = new GoogleDefaultProtocolNegotiator(altsHandshakerFactory, sslContext); } }
@Override // Keep this in sync with NettyGrpcServerFactory#configureSecurity protected void configureSecurity(final NettyServerBuilder builder) { final Security security = this.properties.getSecurity(); if (security.isEnabled()) { final File certificateChainFile = toCheckedFile("certificateChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); final SslContextBuilder sslContextBuilder = GrpcSslContexts.forServer(certificateChainFile, privateKeyFile); if (security.getClientAuth() != ClientAuth.NONE) { sslContextBuilder.clientAuth(of(security.getClientAuth())); final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc server", e); } } }
@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }
SslContextBuilder sslContextBuilder = GrpcSslContexts.forServer(serverCrt, serverKey) .trustManager(caCrt);
LOGGER.info("use secure channel to {}", toStringUtils.toOneLineString(endpoint)); sslContext = GrpcSslContexts.forClient() .trustManager(caCrt) .keyManager(serverCrt, serverKey)