use of io.grpc.InsecureServerCredentials in project grpc-java by grpc.
the class ProtocolNegotiators method from.
public static FromServerCredentialsResult from(ServerCredentials creds) {
if (creds instanceof TlsServerCredentials) {
TlsServerCredentials tlsCreds = (TlsServerCredentials) creds;
Set<TlsServerCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodServerTlsFeatures);
if (!incomprehensible.isEmpty()) {
return FromServerCredentialsResult.error("TLS features not understood: " + incomprehensible);
}
SslContextBuilder builder;
if (tlsCreds.getKeyManagers() != null) {
builder = GrpcSslContexts.configure(SslContextBuilder.forServer(new FixedKeyManagerFactory(tlsCreds.getKeyManagers())));
} else if (tlsCreds.getPrivateKey() != null) {
builder = GrpcSslContexts.forServer(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
} else {
throw new AssertionError("BUG! No key");
}
if (tlsCreds.getTrustManagers() != null) {
builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
} else if (tlsCreds.getRootCertificates() != null) {
builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
}
// else use system default
switch(tlsCreds.getClientAuth()) {
case OPTIONAL:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.OPTIONAL);
break;
case REQUIRE:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
break;
case NONE:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
break;
default:
return FromServerCredentialsResult.error("Unknown TlsServerCredentials.ClientAuth value: " + tlsCreds.getClientAuth());
}
SslContext sslContext;
try {
sslContext = builder.build();
} catch (SSLException ex) {
throw new IllegalArgumentException("Unexpected error converting ServerCredentials to Netty SslContext", ex);
}
return FromServerCredentialsResult.negotiator(serverTlsFactory(sslContext));
} else if (creds instanceof InsecureServerCredentials) {
return FromServerCredentialsResult.negotiator(serverPlaintextFactory());
} else if (creds instanceof NettyServerCredentials) {
NettyServerCredentials nettyCreds = (NettyServerCredentials) creds;
return FromServerCredentialsResult.negotiator(nettyCreds.getNegotiator());
} else if (creds instanceof ChoiceServerCredentials) {
ChoiceServerCredentials choiceCreds = (ChoiceServerCredentials) creds;
StringBuilder error = new StringBuilder();
for (ServerCredentials innerCreds : choiceCreds.getCredentialsList()) {
FromServerCredentialsResult result = from(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return FromServerCredentialsResult.error(error.substring(2));
} else {
return FromServerCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
use of io.grpc.InsecureServerCredentials in project grpc-java by grpc.
the class XdsHelloWorldServer method main.
public static void main(String[] args) throws IOException, InterruptedException {
int port = 50051;
String hostname = null;
ServerCredentials credentials = InsecureServerCredentials.create();
if (args.length >= 1 && "--xds-creds".equals(args[0])) {
// The xDS credentials use the security configured by the xDS server when available. When xDS
// is not used or when xDS does not provide security configuration, the xDS credentials fall
// back to other credentials (in this case, InsecureServerCredentials).
credentials = XdsServerCredentials.create(InsecureServerCredentials.create());
args = Arrays.copyOfRange(args, 1, args.length);
}
if (args.length >= 1) {
try {
port = Integer.parseInt(args[0]);
} catch (NumberFormatException ex) {
System.err.println("Usage: [--xds-creds] [PORT [HOSTNAME]]");
System.err.println("");
System.err.println(" --xds-creds Use credentials provided by xDS. Defaults to insecure");
System.err.println("");
System.err.println(" PORT The listen port. Defaults to " + port);
System.err.println(" HOSTNAME The name clients will see in greet responses. ");
System.err.println(" Defaults to the machine's hostname");
System.exit(1);
}
}
if (args.length >= 2) {
hostname = args[1];
}
// Since the main server may be using TLS, we start a second server just for plaintext health
// checks
int healthPort = port + 1;
final HealthStatusManager health = new HealthStatusManager();
final Server server = XdsServerBuilder.forPort(port, credentials).addService(new HostnameGreeter(hostname)).addService(// convenient for command line tools
ProtoReflectionService.newInstance()).addService(// allow management servers to monitor health
health.getHealthService()).build().start();
final Server healthServer = XdsServerBuilder.forPort(healthPort, InsecureServerCredentials.create()).addService(// allow management servers to monitor health
health.getHealthService()).build().start();
System.out.println("Listening on port " + port);
System.out.println("Plaintext health service listening on port " + healthPort);
Runtime.getRuntime().addShutdownHook(new Thread() {
@Override
public void run() {
health.setStatus("", ServingStatus.NOT_SERVING);
// Start graceful shutdown
server.shutdown();
try {
// Wait for RPCs to complete processing
if (!server.awaitTermination(30, TimeUnit.SECONDS)) {
// That was plenty of time. Let's cancel the remaining RPCs
server.shutdownNow();
// shutdownNow isn't instantaneous, so give a bit of time to clean resources up
// gracefully. Normally this will be well under a second.
server.awaitTermination(5, TimeUnit.SECONDS);
}
healthServer.shutdownNow();
healthServer.awaitTermination(5, TimeUnit.SECONDS);
} catch (InterruptedException ex) {
server.shutdownNow();
healthServer.shutdownNow();
}
}
});
// This would normally be tied to the service's dependencies. For example, if HostnameGreeter
// used a Channel to contact a required service, then when 'channel.getState() ==
// TRANSIENT_FAILURE' we'd want to set NOT_SERVING. But HostnameGreeter has no dependencies, so
// hard-coding SERVING is appropriate.
health.setStatus("", ServingStatus.SERVING);
server.awaitTermination();
}
Aggregations