Example 31 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilderTest method sslSocketFactoryFrom_tls_mtls.
@Test
public void sslSocketFactoryFrom_tls_mtls() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(TestUtils.TEST_SERVER_HOST);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
keyStore.setKeyEntry("mykey", cert.key(), new char[0], new Certificate[] { cert.cert() });
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, new char[0]);
KeyStore certStore = KeyStore.getInstance(KeyStore.getDefaultType());
certStore.load(null);
certStore.setCertificateEntry("mycert", cert.cert());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(certStore);
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
final SSLServerSocket serverListenSocket = (SSLServerSocket) serverContext.getServerSocketFactory().createServerSocket(0);
serverListenSocket.setNeedClientAuth(true);
final SettableFuture<SSLSocket> serverSocket = SettableFuture.create();
new Thread(new Runnable() {
@Override
public void run() {
try {
SSLSocket socket = (SSLSocket) serverListenSocket.accept();
// Force handshake
socket.getSession();
serverSocket.set(socket);
serverListenSocket.close();
} catch (Throwable t) {
serverSocket.setException(t);
}
}
}).start();
ChannelCredentials creds = TlsChannelCredentials.newBuilder().keyManager(keyManagerFactory.getKeyManagers()).trustManager(trustManagerFactory.getTrustManagers()).build();
OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(creds);
SSLSocket socket = (SSLSocket) result.factory.createSocket("localhost", serverListenSocket.getLocalPort());
// Force handshake
socket.getSession();
assertThat(((X500Principal) serverSocket.get().getSession().getPeerPrincipal()).getName()).isEqualTo("CN=" + TestUtils.TEST_SERVER_HOST);
socket.close();
serverSocket.get().close();
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X500Principal(javax.security.auth.x500.X500Principal)
Test(org.junit.Test)
Example 32 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilderTest method sslSocketFactoryFrom_tls_mtls_byteKeyUnsupported.
@Test
public void sslSocketFactoryFrom_tls_mtls_byteKeyUnsupported() throws Exception {
ChannelCredentials creds = TlsChannelCredentials.newBuilder().keyManager(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key")).build();
OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(creds);
assertThat(result.error).contains("unsupported");
assertThat(result.callCredentials).isNull();
assertThat(result.factory).isNull();
}
Also used :
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
Test(org.junit.Test)
Example 33 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilderTest method sslSocketFactoryFrom_choice.
@Test
public void sslSocketFactoryFrom_choice() {
OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(ChoiceChannelCredentials.create(new ChannelCredentials() {
@Override
public ChannelCredentials withoutBearerTokens() {
throw new UnsupportedOperationException();
}
}, TlsChannelCredentials.create(), InsecureChannelCredentials.create()));
assertThat(result.error).isNull();
assertThat(result.callCredentials).isNull();
assertThat(result.factory).isNotNull();
result = OkHttpChannelBuilder.sslSocketFactoryFrom(ChoiceChannelCredentials.create(InsecureChannelCredentials.create(), new ChannelCredentials() {
@Override
public ChannelCredentials withoutBearerTokens() {
throw new UnsupportedOperationException();
}
}, TlsChannelCredentials.create()));
assertThat(result.error).isNull();
assertThat(result.callCredentials).isNull();
assertThat(result.factory).isNull();
}
Also used :
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
Test(org.junit.Test)
Example 34 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilderTest method sslSocketFactoryFrom_tls_customRoots.
@Test
public void sslSocketFactoryFrom_tls_customRoots() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(TestUtils.TEST_SERVER_HOST);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
keyStore.setKeyEntry("mykey", cert.key(), new char[0], new Certificate[] { cert.cert() });
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, new char[0]);
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(keyManagerFactory.getKeyManagers(), null, null);
final SSLServerSocket serverListenSocket = (SSLServerSocket) serverContext.getServerSocketFactory().createServerSocket(0);
final SettableFuture<SSLSocket> serverSocket = SettableFuture.create();
new Thread(new Runnable() {
@Override
public void run() {
try {
SSLSocket socket = (SSLSocket) serverListenSocket.accept();
// Force handshake
socket.getSession();
serverSocket.set(socket);
serverListenSocket.close();
} catch (Throwable t) {
serverSocket.setException(t);
}
}
}).start();
ChannelCredentials creds = TlsChannelCredentials.newBuilder().trustManager(cert.certificate()).build();
OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(creds);
SSLSocket socket = (SSLSocket) result.factory.createSocket("localhost", serverListenSocket.getLocalPort());
// Force handshake
socket.getSession();
socket.close();
serverSocket.get().close();
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
Test(org.junit.Test)
Example 35 with ChannelCredentials
use of io.grpc.ChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilder method sslSocketFactoryFrom.
static SslSocketFactoryResult sslSocketFactoryFrom(ChannelCredentials creds) {
if (creds instanceof TlsChannelCredentials) {
TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
if (!incomprehensible.isEmpty()) {
return SslSocketFactoryResult.error("TLS features not understood: " + incomprehensible);
}
KeyManager[] km = null;
if (tlsCreds.getKeyManagers() != null) {
km = tlsCreds.getKeyManagers().toArray(new KeyManager[0]);
} else if (tlsCreds.getPrivateKey() != null) {
return SslSocketFactoryResult.error("byte[]-based private key unsupported. Use KeyManager");
}
// else don't have a client cert
TrustManager[] tm = null;
if (tlsCreds.getTrustManagers() != null) {
tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
} else if (tlsCreds.getRootCertificates() != null) {
try {
tm = createTrustManager(tlsCreds.getRootCertificates());
} catch (GeneralSecurityException gse) {
log.log(Level.FINE, "Exception loading root certificates from credential", gse);
return SslSocketFactoryResult.error("Unable to load root certificates: " + gse.getMessage());
}
}
// else use system default
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
sslContext.init(km, tm, null);
} catch (GeneralSecurityException gse) {
throw new RuntimeException("TLS Provider failure", gse);
}
return SslSocketFactoryResult.factory(sslContext.getSocketFactory());
} else if (creds instanceof InsecureChannelCredentials) {
return SslSocketFactoryResult.plaintext();
} else if (creds instanceof CompositeChannelCredentials) {
CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
return sslSocketFactoryFrom(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
} else if (creds instanceof SslSocketFactoryChannelCredentials.ChannelCredentials) {
SslSocketFactoryChannelCredentials.ChannelCredentials factoryCreds = (SslSocketFactoryChannelCredentials.ChannelCredentials) creds;
return SslSocketFactoryResult.factory(factoryCreds.getFactory());
} else if (creds instanceof ChoiceChannelCredentials) {
ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
StringBuilder error = new StringBuilder();
for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
SslSocketFactoryResult result = sslSocketFactoryFrom(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return SslSocketFactoryResult.error(error.substring(2));
} else {
return SslSocketFactoryResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
Also used :
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
GeneralSecurityException(java.security.GeneralSecurityException)
SSLContext(javax.net.ssl.SSLContext)
TrustManager(javax.net.ssl.TrustManager)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
KeyManager(javax.net.ssl.KeyManager)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
Aggregations
ChannelCredentials (io.grpc.ChannelCredentials)35
TlsChannelCredentials (io.grpc.TlsChannelCredentials)28
Test (org.junit.Test)24
InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)22
CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)18
ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)16
ServerCredentials (io.grpc.ServerCredentials)14
TlsServerCredentials (io.grpc.TlsServerCredentials)14
InsecureServerCredentials (io.grpc.InsecureServerCredentials)8
ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)7
InternalChannelz (io.grpc.InternalChannelz)6
StatusRuntimeException (io.grpc.StatusRuntimeException)6
SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)6
AdvancedTlsX509KeyManager (io.grpc.util.AdvancedTlsX509KeyManager)5
AdvancedTlsX509TrustManager (io.grpc.util.AdvancedTlsX509TrustManager)5
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)3
KeyStore (java.security.KeyStore)3
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3
SSLContext (javax.net.ssl.SSLContext)3
ManagedChannel (io.grpc.ManagedChannel)2
