@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }
@Override protected NettyChannelBuilder newChannelBuilder(final String name) { return NettyChannelBuilder.forTarget(name) .loadBalancerFactory(this.loadBalancerFactory) .nameResolverFactory(this.nameResolverFactory); }
private ManagedChannel createChannel(BasicMeta.Endpoint endpoint) { String target = endpoint.getIp(); if (Strings.isNullOrEmpty(target)) { target = endpoint.getHostname(); } NettyChannelBuilder builder = NettyChannelBuilder .forAddress(target, endpoint.getPort()) .executor((Executor) applicationContext.getBean("grpcClientExecutor")) .keepAliveTime(6, TimeUnit.MINUTES) .keepAliveTimeout(24, TimeUnit.HOURS) .keepAliveWithoutCalls(true) .idleTimeout(1, TimeUnit.HOURS) .perRpcBufferLimit(128 << 20) .flowControlWindow(32 << 20) .maxInboundMessageSize(32 << 20) .enableRetry() .retryBufferSize(16 << 20) .maxRetryAttempts(20); // todo: configurable LOGGER.info("[COMMON][CHANNEL][CREATE] use insecure channel to {}", toStringUtils.toOneLineString(endpoint)); builder.negotiationType(NegotiationType.PLAINTEXT) .usePlaintext(); ManagedChannel managedChannel = builder .build(); LOGGER.info("[COMMON][CHANNEL][CREATE] created channel to {}", toStringUtils.toOneLineString(endpoint)); return managedChannel; }
public RemoteDataSet(final HostAndPort serverEndpoint, final int remoteHandle) { this.serverEndpoint = serverEndpoint; this.remoteHandle = remoteHandle; this.stub = HillviewServerGrpc.newStub(NettyChannelBuilder .forAddress(serverEndpoint.getHost(), serverEndpoint.getPort()) .maxInboundMessageSize(HillviewServer.MAX_MESSAGE_SIZE) .executor(executorService) .eventLoopGroup(workerElg) .usePlaintext() // channel is unencrypted. .build()); }
@Override public Channel create() { /* Use its own event loop thread pool to avoid blocking. */ EventLoopGroup eventGroup = new NioEventLoopGroup(1, new DefaultThreadFactory("handshaker pool", true)); ManagedChannel channel = NettyChannelBuilder.forTarget(target) .directExecutor() .eventLoopGroup(eventGroup) .usePlaintext() .build(); return new EventLoopHoldingChannel(channel, eventGroup); }
@Override public synchronized void init(Properties properties) { final Metadata metadata = new Metadata(); metadata.put(MetaConstants.STORE_TYPE.asMetaKey(), storeInfo.getType()); metadata.put(MetaConstants.TABLE_NAME.asMetaKey(), storeInfo.getTableName()); metadata.put(MetaConstants.NAME_SPACE.asMetaKey(), storeInfo.getNameSpace()); metadata.put(MetaConstants.FRAGMENT.asMetaKey(), storeInfo.getFragment() + ""); String host = properties.getProperty("host"); int port = -1; Object portObj = properties.get("port"); if (portObj instanceof String) { port = Integer.valueOf(portObj.toString()); } else { port = (int) properties.get("port"); } channel = NettyChannelBuilder.forAddress(host, port).usePlaintext().maxInboundMessageSize(maxMessageSize).build(); blockingStub = MetadataUtils.attachHeaders(KVServiceGrpc.newBlockingStub(channel), metadata); stub = MetadataUtils.attachHeaders(KVServiceGrpc.newStub(channel), metadata); }
private AltsChannelBuilder(String target) { delegate = NettyChannelBuilder.forTarget(target) .keepAliveTime(20, TimeUnit.SECONDS) .keepAliveTimeout(10, TimeUnit.SECONDS) .keepAliveWithoutCalls(true); InternalNettyChannelBuilder.setProtocolNegotiatorFactory( delegate(), new ProtocolNegotiatorFactory()); }
@Override public ManagedChannel build() { if (!CheckGcpEnvironment.isOnGcp()) { if (enableUntrustedAlts) { logger.log( Level.WARNING, "Untrusted ALTS mode is enabled and we cannot guarantee the trustworthiness of the " + "ALTS handshaker service"); } else { Status status = Status.INTERNAL.withDescription("ALTS is only allowed to run on Google Cloud Platform"); delegate().intercept(new FailingClientInterceptor(status)); } } return delegate().build(); }
private GoogleDefaultChannelBuilder(String target) { delegate = NettyChannelBuilder.forTarget(target); InternalNettyChannelBuilder.setProtocolNegotiatorFactory( delegate(), new ProtocolNegotiatorFactory()); @Nullable CallCredentials credentials = null; Status status = Status.OK; try { credentials = MoreCallCredentials.from(GoogleCredentials.getApplicationDefault()); } catch (IOException e) { status = Status.UNAUTHENTICATED .withDescription("Failed to get Google default credentials") .withCause(e); } delegate().intercept(new GoogleDefaultInterceptor(credentials, status)); }
.forAddress(target, endpoint.getPort()) .executor((Executor) applicationContext.getBean("grpcClientExecutor")) .keepAliveTime(6, TimeUnit.MINUTES) .keepAliveTimeout(24, TimeUnit.HOURS) .keepAliveWithoutCalls(true) .idleTimeout(1, TimeUnit.HOURS) .perRpcBufferLimit(16 << 20) .flowControlWindow(32 << 20) .maxInboundMessageSize(32 << 20) .enableRetry() .retryBufferSize(16 << 20) .maxRetryAttempts(20); // todo: configurable throw new SecurityException(e); builder.sslContext(sslContext).useTransportSecurity().negotiationType(NegotiationType.TLS); } else { LOGGER.info("use insecure channel to {}", toStringUtils.toOneLineString(endpoint)); builder.negotiationType(NegotiationType.PLAINTEXT); .build();
@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }
@Override protected NettyChannelBuilder newChannelBuilder(final String name) { return NettyChannelBuilder.forTarget(name) .loadBalancerFactory(this.loadBalancerFactory) .nameResolverFactory(this.nameResolverFactory); }