Example 16 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class SslSocketFactoryChannelCredentialsTest method withoutBearTokenGivesItself.
@Test
public void withoutBearTokenGivesItself() {
ChannelCredentials sslSocketFactoryCreds = SslSocketFactoryChannelCredentials.create(mock(SSLSocketFactory.class));
assertThat(sslSocketFactoryCreds.withoutBearerTokens()).isEqualTo(sslSocketFactoryCreds);
}
Also used :
ChannelCredentials(io.grpc.ChannelCredentials)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Test(org.junit.Test)
Example 17 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class ManagedChannelImplTest method oobChannelWithOobChannelCredsHasChannelCallCredentials.
@Test
public void oobChannelWithOobChannelCredsHasChannelCallCredentials() {
Metadata.Key<String> metadataKey = Metadata.Key.of("token", Metadata.ASCII_STRING_MARSHALLER);
String channelCredValue = "channel-provided call cred";
when(mockTransportFactory.swapChannelCredentials(any(CompositeChannelCredentials.class))).thenAnswer(new Answer<SwapChannelCredentialsResult>() {
@Override
public SwapChannelCredentialsResult answer(InvocationOnMock invocation) {
CompositeChannelCredentials c = invocation.getArgument(0, CompositeChannelCredentials.class);
return new SwapChannelCredentialsResult(mockTransportFactory, c.getCallCredentials());
}
});
channelBuilder = new ManagedChannelImplBuilder(TARGET, InsecureChannelCredentials.create(), new FakeCallCredentials(metadataKey, channelCredValue), new UnsupportedClientTransportFactoryBuilder(), new FixedPortProvider(DEFAULT_PORT));
channelBuilder.disableRetry();
configureBuilder(channelBuilder);
createChannel();
// Verify that the normal channel has call creds, to validate configuration
Subchannel subchannel = createSubchannelSafely(helper, addressGroup, Attributes.EMPTY, subchannelStateListener);
requestConnectionSafely(helper, subchannel);
MockClientTransportInfo transportInfo = transports.poll();
transportInfo.listener.transportReady();
when(mockPicker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(PickResult.withSubchannel(subchannel));
updateBalancingStateSafely(helper, READY, mockPicker);
String callCredValue = "per-RPC call cred";
CallOptions callOptions = CallOptions.DEFAULT.withCallCredentials(new FakeCallCredentials(metadataKey, callCredValue));
Metadata headers = new Metadata();
ClientCall<String, Integer> call = channel.newCall(method, callOptions);
call.start(mockCallListener, headers);
verify(transportInfo.transport).newStream(same(method), same(headers), same(callOptions), ArgumentMatchers.<ClientStreamTracer[]>any());
assertThat(headers.getAll(metadataKey)).containsExactly(channelCredValue, callCredValue).inOrder();
// Verify that resolving oob channel with oob channel creds provides call creds
String oobChannelCredValue = "oob-channel-provided call cred";
ChannelCredentials oobChannelCreds = CompositeChannelCredentials.create(InsecureChannelCredentials.create(), new FakeCallCredentials(metadataKey, oobChannelCredValue));
ManagedChannel oob = helper.createResolvingOobChannelBuilder("fake://oobauthority/", oobChannelCreds).nameResolverFactory(new FakeNameResolverFactory.Builder(URI.create("fake://oobauthority/")).build()).defaultLoadBalancingPolicy(MOCK_POLICY_NAME).idleTimeout(ManagedChannelImplBuilder.IDLE_MODE_MAX_TIMEOUT_DAYS, TimeUnit.DAYS).disableRetry().build();
oob.getState(true);
ArgumentCaptor<Helper> helperCaptor = ArgumentCaptor.forClass(Helper.class);
verify(mockLoadBalancerProvider, times(2)).newLoadBalancer(helperCaptor.capture());
Helper oobHelper = helperCaptor.getValue();
subchannel = createSubchannelSafely(oobHelper, addressGroup, Attributes.EMPTY, subchannelStateListener);
requestConnectionSafely(oobHelper, subchannel);
transportInfo = transports.poll();
transportInfo.listener.transportReady();
SubchannelPicker mockPicker2 = mock(SubchannelPicker.class);
when(mockPicker2.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(PickResult.withSubchannel(subchannel));
updateBalancingStateSafely(oobHelper, READY, mockPicker2);
headers = new Metadata();
call = oob.newCall(method, callOptions);
call.start(mockCallListener2, headers);
// CallOptions may contain StreamTracerFactory for census that is added by default.
verify(transportInfo.transport).newStream(same(method), same(headers), any(CallOptions.class), ArgumentMatchers.<ClientStreamTracer[]>any());
assertThat(headers.getAll(metadataKey)).containsExactly(oobChannelCredValue, callCredValue).inOrder();
oob.shutdownNow();
}
Also used :
ClientStreamTracer(io.grpc.ClientStreamTracer)
UnsupportedClientTransportFactoryBuilder(io.grpc.internal.ManagedChannelImplBuilder.UnsupportedClientTransportFactoryBuilder)
ClientTransportFactoryBuilder(io.grpc.internal.ManagedChannelImplBuilder.ClientTransportFactoryBuilder)
Metadata(io.grpc.Metadata)
CallOptions(io.grpc.CallOptions)
Helper(io.grpc.LoadBalancer.Helper)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ManagedChannel(io.grpc.ManagedChannel)
PickSubchannelArgs(io.grpc.LoadBalancer.PickSubchannelArgs)
UnsupportedClientTransportFactoryBuilder(io.grpc.internal.ManagedChannelImplBuilder.UnsupportedClientTransportFactoryBuilder)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
SwapChannelCredentialsResult(io.grpc.internal.ClientTransportFactory.SwapChannelCredentialsResult)
MockClientTransportInfo(io.grpc.internal.TestUtils.MockClientTransportInfo)
SubchannelPicker(io.grpc.LoadBalancer.SubchannelPicker)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
ForwardingSubchannel(io.grpc.util.ForwardingSubchannel)
Subchannel(io.grpc.LoadBalancer.Subchannel)
FixedPortProvider(io.grpc.internal.ManagedChannelImplBuilder.FixedPortProvider)
Test(org.junit.Test)
Example 18 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class NettyChannelCredentialsTest method withoutBearTokenGivesItself.
@Test
public void withoutBearTokenGivesItself() {
ChannelCredentials nettyChannelCreds = NettyChannelCredentials.create(mock(ClientFactory.class));
assertThat(nettyChannelCreds.withoutBearerTokens()).isEqualTo(nettyChannelCreds);
}
Also used :
ChannelCredentials(io.grpc.ChannelCredentials)
ClientFactory(io.grpc.netty.ProtocolNegotiator.ClientFactory)
Test(org.junit.Test)
Example 19 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class AdvancedTlsTest method onFileLoadingKeyManagerTrustManagerTest.
@Test
public void onFileLoadingKeyManagerTrustManagerTest() throws Exception {
// Create & start a server.
AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File);
AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
serverTrustManager.updateTrustCredentialsFromFile(caCertFile);
ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
// Create a client to connect.
AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File);
AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
clientTrustManager.updateTrustCredentialsFromFile(caCertFile);
ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
// Start the connection.
try {
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Send an actual request, via the full GRPC & network stack, and check that a proper
// response comes back.
client.unaryRpc(SimpleRequest.getDefaultInstance());
} catch (StatusRuntimeException e) {
e.printStackTrace();
fail("Find error: " + e.getMessage());
}
}
Also used :
AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
StatusRuntimeException(io.grpc.StatusRuntimeException)
SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc)
Test(org.junit.Test)
Example 20 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class AdvancedTlsTest method trustManagerInsecurelySkipAllTest.
@Test
public void trustManagerInsecurelySkipAllTest() throws Exception {
AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
// Even if we provide bad credentials for the server, the test should still pass, because we
// will configure the client to skip all checks later.
serverKeyManager.updateIdentityCredentials(serverKeyBad, serverCertBad);
AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
}
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
}
}).build();
serverTrustManager.updateTrustCredentials(caCert);
ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0);
// Set the client to skip all checks, including traditional certificate verification.
// Note this is very dangerous in production environment - only do so if you are confident on
// what you are doing!
AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
}
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
}
}).build();
clientTrustManager.updateTrustCredentials(caCert);
ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).build();
// Start the connection.
try {
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
client.unaryRpc(SimpleRequest.getDefaultInstance());
} catch (StatusRuntimeException e) {
fail("Failed to make a connection");
e.printStackTrace();
}
}
Also used :
AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager)
SslSocketAndEnginePeerVerifier(io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier)
SSLEngine(javax.net.ssl.SSLEngine)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
StatusRuntimeException(io.grpc.StatusRuntimeException)
SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc)
Socket(java.net.Socket)
Test(org.junit.Test)
Aggregations
ChannelCredentials (io.grpc.ChannelCredentials)35
TlsChannelCredentials (io.grpc.TlsChannelCredentials)28
Test (org.junit.Test)24
InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)22
CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)18
ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)16
ServerCredentials (io.grpc.ServerCredentials)14
TlsServerCredentials (io.grpc.TlsServerCredentials)14
InsecureServerCredentials (io.grpc.InsecureServerCredentials)8
ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)7
InternalChannelz (io.grpc.InternalChannelz)6
StatusRuntimeException (io.grpc.StatusRuntimeException)6
SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)6
AdvancedTlsX509KeyManager (io.grpc.util.AdvancedTlsX509KeyManager)5
AdvancedTlsX509TrustManager (io.grpc.util.AdvancedTlsX509TrustManager)5
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)3
KeyStore (java.security.KeyStore)3
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3
SSLContext (javax.net.ssl.SSLContext)3
ManagedChannel (io.grpc.ManagedChannel)2
