Examples with ChannelCredentials io.grpc.ChannelCredentials used on opensource projects

Search in sources :

Example 11 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class OkHttpChannelBuilderTest method sslSocketFactoryFrom_unknown.

@Test
public void sslSocketFactoryFrom_unknown() {
    OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(new ChannelCredentials() {

        @Override
        public ChannelCredentials withoutBearerTokens() {
            throw new UnsupportedOperationException();
        }
    });
    assertThat(result.error).isNotNull();
    assertThat(result.callCredentials).isNull();
    assertThat(result.factory).isNull();
}
Also used : InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) ChannelCredentials(io.grpc.ChannelCredentials) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) Test(org.junit.Test)

Example 12 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method advancedTlsKeyManagerTrustManagerMutualTlsTest.

@Test
public void advancedTlsKeyManagerTrustManagerMutualTlsTest() throws Exception {
    // Create a server with the key manager and trust manager.
    AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
    serverKeyManager.updateIdentityCredentials(serverKey0, serverCert0);
    AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
    serverTrustManager.updateTrustCredentials(caCert);
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    // Create a client with the key manager and trust manager.
    AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
    clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0);
    AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
    clientTrustManager.updateTrustCredentials(caCert);
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        fail("Failed to make a connection");
        e.printStackTrace();
    }
}
Also used : AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager) TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) ChannelCredentials(io.grpc.ChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) Test(org.junit.Test)

Example 13 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method trustManagerCustomVerifierMutualTlsTest.

@Test
public void trustManagerCustomVerifierMutualTlsTest() throws Exception {
    AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
    serverKeyManager.updateIdentityCredentials(serverKey0, serverCert0);
    // Set server's custom verification based on the information of clientCert0.
    AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
            if (peerCertChain == null || peerCertChain.length == 0) {
                throw new CertificateException("peerCertChain is empty");
            }
            X509Certificate leafCert = peerCertChain[0];
            if (!leafCert.getSubjectDN().getName().contains("testclient")) {
                throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
            }
        }

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
            if (peerCertChain == null || peerCertChain.length == 0) {
                throw new CertificateException("peerCertChain is empty");
            }
            X509Certificate leafCert = peerCertChain[0];
            if (!leafCert.getSubjectDN().getName().contains("testclient")) {
                throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
            }
        }
    }).build();
    serverTrustManager.updateTrustCredentials(caCert);
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
    clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0);
    // Set client's custom verification based on the information of serverCert0.
    AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
            if (peerCertChain == null || peerCertChain.length == 0) {
                throw new CertificateException("peerCertChain is empty");
            }
            X509Certificate leafCert = peerCertChain[0];
            if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
                throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
            }
        }

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
            if (peerCertChain == null || peerCertChain.length == 0) {
                throw new CertificateException("peerCertChain is empty");
            }
            X509Certificate leafCert = peerCertChain[0];
            if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
                throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
            }
        }
    }).build();
    clientTrustManager.updateTrustCredentials(caCert);
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        fail("Failed to make a connection");
        e.printStackTrace();
    }
}
Also used : AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager) SSLEngine(javax.net.ssl.SSLEngine) TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager) CertificateException(java.security.cert.CertificateException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) X509Certificate(java.security.cert.X509Certificate) SslSocketAndEnginePeerVerifier(io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier) ChannelCredentials(io.grpc.ChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) StatusRuntimeException(io.grpc.StatusRuntimeException) Socket(java.net.Socket) Test(org.junit.Test)

Example 14 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method basicMutualTlsTest.

@Test
public void basicMutualTlsTest() throws Exception {
    // Create & start a server.
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverCert0File, serverKey0File).trustManager(caCertFile).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    // Create a client to connect.
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientCert0File, clientKey0File).trustManager(caCertFile).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        // Send an actual request, via the full GRPC & network stack, and check that a proper
        // response comes back.
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        e.printStackTrace();
        fail("Failed to make a connection");
        e.printStackTrace();
    }
}
Also used : TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) ChannelCredentials(io.grpc.ChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) Test(org.junit.Test)

Example 15 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class ProtocolNegotiators method from.

public static FromChannelCredentialsResult from(ChannelCredentials creds) {
    if (creds instanceof TlsChannelCredentials) {
        TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
        Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return FromChannelCredentialsResult.error("TLS features not understood: " + incomprehensible);
        }
        SslContextBuilder builder = GrpcSslContexts.forClient();
        if (tlsCreds.getKeyManagers() != null) {
            builder.keyManager(new FixedKeyManagerFactory(tlsCreds.getKeyManagers()));
        } else if (tlsCreds.getPrivateKey() != null) {
            builder.keyManager(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
        }
        if (tlsCreds.getTrustManagers() != null) {
            builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
        } else if (tlsCreds.getRootCertificates() != null) {
            builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
        }
        // else use system default
        try {
            return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build()));
        } catch (SSLException ex) {
            log.log(Level.FINE, "Exception building SslContext", ex);
            return FromChannelCredentialsResult.error("Unable to create SslContext: " + ex.getMessage());
        }
    } else if (creds instanceof InsecureChannelCredentials) {
        return FromChannelCredentialsResult.negotiator(plaintextClientFactory());
    } else if (creds instanceof CompositeChannelCredentials) {
        CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
        return from(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
    } else if (creds instanceof NettyChannelCredentials) {
        NettyChannelCredentials nettyCreds = (NettyChannelCredentials) creds;
        return FromChannelCredentialsResult.negotiator(nettyCreds.getNegotiator());
    } else if (creds instanceof ChoiceChannelCredentials) {
        ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
        StringBuilder error = new StringBuilder();
        for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
            FromChannelCredentialsResult result = from(innerCreds);
            if (result.error == null) {
                return result;
            }
            error.append(", ");
            error.append(result.error);
        }
        return FromChannelCredentialsResult.error(error.substring(2));
    } else {
        return FromChannelCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
    }
}
Also used : CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) SSLException(javax.net.ssl.SSLException) ByteArrayInputStream(java.io.ByteArrayInputStream) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) ChannelCredentials(io.grpc.ChannelCredentials) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)

Aggregations

ChannelCredentials (io.grpc.ChannelCredentials)35 TlsChannelCredentials (io.grpc.TlsChannelCredentials)28 Test (org.junit.Test)24 InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)22 CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)18 ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)16 ServerCredentials (io.grpc.ServerCredentials)14 TlsServerCredentials (io.grpc.TlsServerCredentials)14 InsecureServerCredentials (io.grpc.InsecureServerCredentials)8 ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)7 InternalChannelz (io.grpc.InternalChannelz)6 StatusRuntimeException (io.grpc.StatusRuntimeException)6 SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)6 AdvancedTlsX509KeyManager (io.grpc.util.AdvancedTlsX509KeyManager)5 AdvancedTlsX509TrustManager (io.grpc.util.AdvancedTlsX509TrustManager)5 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)3 KeyStore (java.security.KeyStore)3 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3 SSLContext (javax.net.ssl.SSLContext)3 ManagedChannel (io.grpc.ManagedChannel)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial