Example 1 with Empty
use of com.google.protobuf.EmptyProtos.Empty in project grpc-java by grpc.
the class TlsTest method basicClientServerIntegrationTest.
/**
* Tests that a client and a server configured using GrpcSslContexts can successfully
* communicate with each other.
*/
@Test
public void basicClientServerIntegrationTest() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts).addService(new TestServiceImpl(executor)).build().start();
// Create a client.
File clientCertChainFile = TestUtils.loadCert("client.pem");
File clientPrivateKeyFile = TestUtils.loadCert("client.key");
X509Certificate[] clientTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
channel = clientChannel(server.getPort(), clientContextBuilder.keyManager(clientCertChainFile, clientPrivateKeyFile).trustManager(clientTrustedCaCerts).build());
TestServiceGrpc.TestServiceBlockingStub client = TestServiceGrpc.newBlockingStub(channel);
// Send an actual request, via the full GRPC & network stack, and check that a proper
// response comes back.
Empty request = Empty.getDefaultInstance();
client.emptyCall(request);
}
Also used :
Empty(com.google.protobuf.EmptyProtos.Empty)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 2 with Empty
use of com.google.protobuf.EmptyProtos.Empty in project grpc-java by grpc.
the class TlsTest method clientRejectsUntrustedServerCert.
/**
* Tests that a client configured using GrpcSslContexts refuses to talk to a server that has an
* an untrusted certificate.
*/
@Test
public void clientRejectsUntrustedServerCert() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("badserver.pem");
File serverPrivateKeyFile = TestUtils.loadCert("badserver.key");
X509Certificate[] serverTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts).addService(new TestServiceImpl(executor)).build().start();
// Create a client.
File clientCertChainFile = TestUtils.loadCert("client.pem");
File clientPrivateKeyFile = TestUtils.loadCert("client.key");
X509Certificate[] clientTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
channel = clientChannel(server.getPort(), clientContextBuilder.keyManager(clientCertChainFile, clientPrivateKeyFile).trustManager(clientTrustedCaCerts).build());
TestServiceGrpc.TestServiceBlockingStub client = TestServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
Empty request = Empty.getDefaultInstance();
try {
client.emptyCall(request);
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
// TODO(carl-mastrangelo): eventually replace this with a hamcrest matcher.
assertEquals(Throwables.getStackTraceAsString(e), Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
Also used :
Empty(com.google.protobuf.EmptyProtos.Empty)
StatusRuntimeException(io.grpc.StatusRuntimeException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 3 with Empty
use of com.google.protobuf.EmptyProtos.Empty in project grpc-java by grpc.
the class TlsTest method noClientAuthFailure.
/**
* Tests that a server configured to require client authentication actually does require client
* authentication.
*/
@Test
public void noClientAuthFailure() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts).addService(new TestServiceImpl(executor)).build().start();
// Create a client. It has no credentials.
X509Certificate[] clientTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
channel = clientChannel(server.getPort(), clientContextBuilder.trustManager(clientTrustedCaCerts).build());
TestServiceGrpc.TestServiceBlockingStub client = TestServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
Empty request = Empty.getDefaultInstance();
try {
client.emptyCall(request);
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(Throwables.getStackTraceAsString(e), Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
Also used :
Empty(com.google.protobuf.EmptyProtos.Empty)
StatusRuntimeException(io.grpc.StatusRuntimeException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 4 with Empty
use of com.google.protobuf.EmptyProtos.Empty in project grpc-java by grpc.
the class TlsTest method serverRejectsUntrustedClientCert.
/**
* Tests that a server configured to require client authentication refuses to accept connections
* from a client that has an untrusted certificate.
*/
@Test
public void serverRejectsUntrustedClientCert() throws Exception {
// Create & start a server. It requires client authentication and trusts only the test CA.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts).addService(new TestServiceImpl(executor)).build().start();
// Create a client. Its credentials come from a CA that the server does not trust. The client
// trusts both test CAs, so we can be sure that the handshake failure is due to the server
// rejecting the client's cert, not the client rejecting the server's cert.
File clientCertChainFile = TestUtils.loadCert("badclient.pem");
File clientPrivateKeyFile = TestUtils.loadCert("badclient.key");
X509Certificate[] clientTrustedCaCerts = { TestUtils.loadX509Cert("ca.pem") };
channel = clientChannel(server.getPort(), clientContextBuilder.keyManager(clientCertChainFile, clientPrivateKeyFile).trustManager(clientTrustedCaCerts).build());
TestServiceGrpc.TestServiceBlockingStub client = TestServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
Empty request = Empty.getDefaultInstance();
try {
client.emptyCall(request);
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(Throwables.getStackTraceAsString(e), Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
Also used :
Empty(com.google.protobuf.EmptyProtos.Empty)
StatusRuntimeException(io.grpc.StatusRuntimeException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Aggregations
Empty (com.google.protobuf.EmptyProtos.Empty)4
File (java.io.File)4
X509Certificate (java.security.cert.X509Certificate)4
Test (org.junit.Test)4
StatusRuntimeException (io.grpc.StatusRuntimeException)3
