Example 1 with InsecureChannelCredentials
use of io.grpc.InsecureChannelCredentials in project grpc-java by grpc.
the class ProtocolNegotiators method from.
public static FromChannelCredentialsResult from(ChannelCredentials creds) {
if (creds instanceof TlsChannelCredentials) {
TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
if (!incomprehensible.isEmpty()) {
return FromChannelCredentialsResult.error("TLS features not understood: " + incomprehensible);
}
SslContextBuilder builder = GrpcSslContexts.forClient();
if (tlsCreds.getKeyManagers() != null) {
builder.keyManager(new FixedKeyManagerFactory(tlsCreds.getKeyManagers()));
} else if (tlsCreds.getPrivateKey() != null) {
builder.keyManager(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
}
if (tlsCreds.getTrustManagers() != null) {
builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
} else if (tlsCreds.getRootCertificates() != null) {
builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
}
// else use system default
try {
return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build()));
} catch (SSLException ex) {
log.log(Level.FINE, "Exception building SslContext", ex);
return FromChannelCredentialsResult.error("Unable to create SslContext: " + ex.getMessage());
}
} else if (creds instanceof InsecureChannelCredentials) {
return FromChannelCredentialsResult.negotiator(plaintextClientFactory());
} else if (creds instanceof CompositeChannelCredentials) {
CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
return from(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
} else if (creds instanceof NettyChannelCredentials) {
NettyChannelCredentials nettyCreds = (NettyChannelCredentials) creds;
return FromChannelCredentialsResult.negotiator(nettyCreds.getNegotiator());
} else if (creds instanceof ChoiceChannelCredentials) {
ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
StringBuilder error = new StringBuilder();
for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
FromChannelCredentialsResult result = from(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return FromChannelCredentialsResult.error(error.substring(2));
} else {
return FromChannelCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
Also used :
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
SSLException(javax.net.ssl.SSLException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
Example 2 with InsecureChannelCredentials
use of io.grpc.InsecureChannelCredentials in project grpc-java by grpc.
the class XdsHelloWorldClient method main.
/**
* Greet server. If provided, the first element of {@code args} is the name to use in the
* greeting. The second argument is the target server. A {@code --xds-creds} flag is also accepted.
*/
public static void main(String[] args) throws Exception {
String user = "xds world";
// The example defaults to the same behavior as the hello world example. To enable xDS, pass an
// "xds:"-prefixed string as the target.
String target = "localhost:50051";
ChannelCredentials credentials = InsecureChannelCredentials.create();
if (args.length > 0) {
if ("--help".equals(args[0])) {
System.out.println("Usage: [--xds-creds] [NAME [TARGET]]");
System.out.println("");
System.err.println(" --xds-creds Use credentials provided by xDS. Defaults to insecure");
System.out.println("");
System.err.println(" NAME The name you wish to be greeted by. Defaults to " + user);
System.err.println(" TARGET The server to connect to. Defaults to " + target);
System.exit(1);
} else if ("--xds-creds".equals(args[0])) {
// The xDS credentials use the security configured by the xDS server when available. When
// xDS is not used or when xDS does not provide security configuration, the xDS credentials
// fall back to other credentials (in this case, InsecureChannelCredentials).
credentials = XdsChannelCredentials.create(InsecureChannelCredentials.create());
args = Arrays.copyOfRange(args, 1, args.length);
}
}
if (args.length > 0) {
user = args[0];
}
if (args.length > 1) {
target = args[1];
}
// This uses the new ChannelCredentials API. Grpc.newChannelBuilder() is the same as
// ManagedChannelBuilder.forTarget(), except that it is passed credentials. When using this API,
// you don't use methods like `managedChannelBuilder.usePlaintext()`, as that configuration is
// provided by the ChannelCredentials.
ManagedChannel channel = Grpc.newChannelBuilder(target, credentials).build();
try {
XdsHelloWorldClient client = new XdsHelloWorldClient(channel);
client.greet(user);
} finally {
channel.shutdownNow().awaitTermination(5, TimeUnit.SECONDS);
}
}
Also used :
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
XdsChannelCredentials(io.grpc.xds.XdsChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
ManagedChannel(io.grpc.ManagedChannel)
Example 3 with InsecureChannelCredentials
use of io.grpc.InsecureChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilder method sslSocketFactoryFrom.
static SslSocketFactoryResult sslSocketFactoryFrom(ChannelCredentials creds) {
if (creds instanceof TlsChannelCredentials) {
TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
if (!incomprehensible.isEmpty()) {
return SslSocketFactoryResult.error("TLS features not understood: " + incomprehensible);
}
KeyManager[] km = null;
if (tlsCreds.getKeyManagers() != null) {
km = tlsCreds.getKeyManagers().toArray(new KeyManager[0]);
} else if (tlsCreds.getPrivateKey() != null) {
return SslSocketFactoryResult.error("byte[]-based private key unsupported. Use KeyManager");
}
// else don't have a client cert
TrustManager[] tm = null;
if (tlsCreds.getTrustManagers() != null) {
tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
} else if (tlsCreds.getRootCertificates() != null) {
try {
tm = createTrustManager(tlsCreds.getRootCertificates());
} catch (GeneralSecurityException gse) {
log.log(Level.FINE, "Exception loading root certificates from credential", gse);
return SslSocketFactoryResult.error("Unable to load root certificates: " + gse.getMessage());
}
}
// else use system default
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
sslContext.init(km, tm, null);
} catch (GeneralSecurityException gse) {
throw new RuntimeException("TLS Provider failure", gse);
}
return SslSocketFactoryResult.factory(sslContext.getSocketFactory());
} else if (creds instanceof InsecureChannelCredentials) {
return SslSocketFactoryResult.plaintext();
} else if (creds instanceof CompositeChannelCredentials) {
CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
return sslSocketFactoryFrom(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
} else if (creds instanceof SslSocketFactoryChannelCredentials.ChannelCredentials) {
SslSocketFactoryChannelCredentials.ChannelCredentials factoryCreds = (SslSocketFactoryChannelCredentials.ChannelCredentials) creds;
return SslSocketFactoryResult.factory(factoryCreds.getFactory());
} else if (creds instanceof ChoiceChannelCredentials) {
ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
StringBuilder error = new StringBuilder();
for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
SslSocketFactoryResult result = sslSocketFactoryFrom(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return SslSocketFactoryResult.error(error.substring(2));
} else {
return SslSocketFactoryResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
Also used :
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
GeneralSecurityException(java.security.GeneralSecurityException)
SSLContext(javax.net.ssl.SSLContext)
TrustManager(javax.net.ssl.TrustManager)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
InsecureChannelCredentials(io.grpc.InsecureChannelCredentials)
CompositeChannelCredentials(io.grpc.CompositeChannelCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
KeyManager(javax.net.ssl.KeyManager)
ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)
Aggregations
ChannelCredentials (io.grpc.ChannelCredentials)3
InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)3
ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)2
CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)2
TlsChannelCredentials (io.grpc.TlsChannelCredentials)2
ManagedChannel (io.grpc.ManagedChannel)1
XdsChannelCredentials (io.grpc.xds.XdsChannelCredentials)1
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyManager (javax.net.ssl.KeyManager)1
SSLContext (javax.net.ssl.SSLContext)1
SSLException (javax.net.ssl.SSLException)1
TrustManager (javax.net.ssl.TrustManager)1
