Examples with ChannelCredentials io.grpc.ChannelCredentials used on opensource projects

Example 21 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method onFileReloadingKeyManagerTrustManagerTest.

@Test
public void onFileReloadingKeyManagerTrustManagerTest() throws Exception {
    // Create & start a server.
    AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
    Closeable serverKeyShutdown = serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File, 100, TimeUnit.MILLISECONDS, executor);
    AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
    Closeable serverTrustShutdown = serverTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    // Create a client to connect.
    AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
    Closeable clientKeyShutdown = clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File, 100, TimeUnit.MILLISECONDS, executor);
    AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
    Closeable clientTrustShutdown = clientTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        // Send an actual request, via the full GRPC & network stack, and check that a proper
        // response comes back.
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        e.printStackTrace();
        fail("Find error: " + e.getMessage());
    }
    // Clean up.
    serverKeyShutdown.close();
    serverTrustShutdown.close();
    clientKeyShutdown.close();
    clientTrustShutdown.close();
}

Example 22 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class ShadingTest method tcnative.

@Test
public void tcnative() throws Exception {
    ServerCredentials serverCreds = TlsServerCredentials.create(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    server = Grpc.newServerBuilderForPort(0, serverCreds).addService(new SimpleServiceImpl()).build().start();
    ChannelCredentials creds = NettySslContextChannelCredentials.create(GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.OPENSSL).trustManager(TestUtils.loadCert("ca.pem")).build());
    channel = Grpc.newChannelBuilder("localhost:" + server.getPort(), creds).overrideAuthority("foo.test.google.fr").build();
    SimpleServiceBlockingStub stub = SimpleServiceGrpc.newBlockingStub(channel);
    assertThat(SimpleResponse.getDefaultInstance()).isEqualTo(stub.unaryRpc(SimpleRequest.getDefaultInstance()));
}

Example 23 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class ConcurrencyTest method newClientChannel.

private ManagedChannel newClientChannel() throws IOException {
    File clientCertChainFile = TestUtils.loadCert("client.pem");
    File clientPrivateKeyFile = TestUtils.loadCert("client.key");
    File clientTrustedCaCerts = TestUtils.loadCert("ca.pem");
    ChannelCredentials channelCreds = TlsChannelCredentials.newBuilder().keyManager(clientCertChainFile, clientPrivateKeyFile).trustManager(clientTrustedCaCerts).build();
    return Grpc.newChannelBuilder("localhost:" + server.getPort(), channelCreds).overrideAuthority(TestUtils.TEST_SERVER_HOST).build();
}

Example 24 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class Http2OkHttpTest method createChannelBuilder.

@Override
protected OkHttpChannelBuilder createChannelBuilder() {
    int port = ((InetSocketAddress) getListenAddress()).getPort();
    ChannelCredentials channelCreds;
    try {
        channelCreds = TlsChannelCredentials.newBuilder().trustManager(TestUtils.loadCert("ca.pem")).build();
    } catch (IOException ex) {
        throw new RuntimeException(ex);
    }
    OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", port, channelCreds).maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE).overrideAuthority(GrpcUtil.authorityFromHostAndPort(TestUtils.TEST_SERVER_HOST, port));
    // Disable the default census stats interceptor, use testing interceptor instead.
    InternalOkHttpChannelBuilder.setStatsEnabled(builder, false);
    return builder.intercept(createCensusStatsClientInterceptor());
}

Example 25 with ChannelCredentials

use of io.grpc.ChannelCredentials in project grpc-java by grpc.

the class XdsHelloWorldClient method main.

/**
 * Greet server. If provided, the first element of {@code args} is the name to use in the
 * greeting. The second argument is the target server. A {@code --xds-creds} flag is also accepted.
 */
public static void main(String[] args) throws Exception {
    String user = "xds world";
    // The example defaults to the same behavior as the hello world example. To enable xDS, pass an
    // "xds:"-prefixed string as the target.
    String target = "localhost:50051";
    ChannelCredentials credentials = InsecureChannelCredentials.create();
    if (args.length > 0) {
        if ("--help".equals(args[0])) {
            System.out.println("Usage: [--xds-creds] [NAME [TARGET]]");
            System.out.println("");
            System.err.println("  --xds-creds  Use credentials provided by xDS. Defaults to insecure");
            System.out.println("");
            System.err.println("  NAME    The name you wish to be greeted by. Defaults to " + user);
            System.err.println("  TARGET  The server to connect to. Defaults to " + target);
            System.exit(1);
        } else if ("--xds-creds".equals(args[0])) {
            // The xDS credentials use the security configured by the xDS server when available. When
            // xDS is not used or when xDS does not provide security configuration, the xDS credentials
            // fall back to other credentials (in this case, InsecureChannelCredentials).
            credentials = XdsChannelCredentials.create(InsecureChannelCredentials.create());
            args = Arrays.copyOfRange(args, 1, args.length);
        }
    }
    if (args.length > 0) {
        user = args[0];
    }
    if (args.length > 1) {
        target = args[1];
    }
    // This uses the new ChannelCredentials API. Grpc.newChannelBuilder() is the same as
    // ManagedChannelBuilder.forTarget(), except that it is passed credentials. When using this API,
    // you don't use methods like `managedChannelBuilder.usePlaintext()`, as that configuration is
    // provided by the ChannelCredentials.
    ManagedChannel channel = Grpc.newChannelBuilder(target, credentials).build();
    try {
        XdsHelloWorldClient client = new XdsHelloWorldClient(channel);
        client.greet(user);
    } finally {
        channel.shutdownNow().awaitTermination(5, TimeUnit.SECONDS);
    }
}