Search in sources :

Example 1 with InsecureServerCredentials

use of io.grpc.InsecureServerCredentials in project grpc-java by grpc.

the class ProtocolNegotiators method from.

public static FromServerCredentialsResult from(ServerCredentials creds) {
    if (creds instanceof TlsServerCredentials) {
        TlsServerCredentials tlsCreds = (TlsServerCredentials) creds;
        Set<TlsServerCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodServerTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return FromServerCredentialsResult.error("TLS features not understood: " + incomprehensible);
        }
        SslContextBuilder builder;
        if (tlsCreds.getKeyManagers() != null) {
            builder = GrpcSslContexts.configure(SslContextBuilder.forServer(new FixedKeyManagerFactory(tlsCreds.getKeyManagers())));
        } else if (tlsCreds.getPrivateKey() != null) {
            builder = GrpcSslContexts.forServer(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
        } else {
            throw new AssertionError("BUG! No key");
        }
        if (tlsCreds.getTrustManagers() != null) {
            builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
        } else if (tlsCreds.getRootCertificates() != null) {
            builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
        }
        // else use system default
        switch(tlsCreds.getClientAuth()) {
            case OPTIONAL:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.OPTIONAL);
                break;
            case REQUIRE:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
                break;
            case NONE:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
                break;
            default:
                return FromServerCredentialsResult.error("Unknown TlsServerCredentials.ClientAuth value: " + tlsCreds.getClientAuth());
        }
        SslContext sslContext;
        try {
            sslContext = builder.build();
        } catch (SSLException ex) {
            throw new IllegalArgumentException("Unexpected error converting ServerCredentials to Netty SslContext", ex);
        }
        return FromServerCredentialsResult.negotiator(serverTlsFactory(sslContext));
    } else if (creds instanceof InsecureServerCredentials) {
        return FromServerCredentialsResult.negotiator(serverPlaintextFactory());
    } else if (creds instanceof NettyServerCredentials) {
        NettyServerCredentials nettyCreds = (NettyServerCredentials) creds;
        return FromServerCredentialsResult.negotiator(nettyCreds.getNegotiator());
    } else if (creds instanceof ChoiceServerCredentials) {
        ChoiceServerCredentials choiceCreds = (ChoiceServerCredentials) creds;
        StringBuilder error = new StringBuilder();
        for (ServerCredentials innerCreds : choiceCreds.getCredentialsList()) {
            FromServerCredentialsResult result = from(innerCreds);
            if (result.error == null) {
                return result;
            }
            error.append(", ");
            error.append(result.error);
        }
        return FromServerCredentialsResult.error(error.substring(2));
    } else {
        return FromServerCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
    }
}
Also used : ChoiceServerCredentials(io.grpc.ChoiceServerCredentials) ServerCredentials(io.grpc.ServerCredentials) InsecureServerCredentials(io.grpc.InsecureServerCredentials) TlsServerCredentials(io.grpc.TlsServerCredentials) ChoiceServerCredentials(io.grpc.ChoiceServerCredentials) SSLException(javax.net.ssl.SSLException) ByteArrayInputStream(java.io.ByteArrayInputStream) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) InsecureServerCredentials(io.grpc.InsecureServerCredentials) TlsServerCredentials(io.grpc.TlsServerCredentials) SslContext(io.netty.handler.ssl.SslContext)

Example 2 with InsecureServerCredentials

use of io.grpc.InsecureServerCredentials in project grpc-java by grpc.

the class XdsHelloWorldServer method main.

public static void main(String[] args) throws IOException, InterruptedException {
    int port = 50051;
    String hostname = null;
    ServerCredentials credentials = InsecureServerCredentials.create();
    if (args.length >= 1 && "--xds-creds".equals(args[0])) {
        // The xDS credentials use the security configured by the xDS server when available. When xDS
        // is not used or when xDS does not provide security configuration, the xDS credentials fall
        // back to other credentials (in this case, InsecureServerCredentials).
        credentials = XdsServerCredentials.create(InsecureServerCredentials.create());
        args = Arrays.copyOfRange(args, 1, args.length);
    }
    if (args.length >= 1) {
        try {
            port = Integer.parseInt(args[0]);
        } catch (NumberFormatException ex) {
            System.err.println("Usage: [--xds-creds] [PORT [HOSTNAME]]");
            System.err.println("");
            System.err.println("  --xds-creds  Use credentials provided by xDS. Defaults to insecure");
            System.err.println("");
            System.err.println("  PORT      The listen port. Defaults to " + port);
            System.err.println("  HOSTNAME  The name clients will see in greet responses. ");
            System.err.println("            Defaults to the machine's hostname");
            System.exit(1);
        }
    }
    if (args.length >= 2) {
        hostname = args[1];
    }
    // Since the main server may be using TLS, we start a second server just for plaintext health
    // checks
    int healthPort = port + 1;
    final HealthStatusManager health = new HealthStatusManager();
    final Server server = XdsServerBuilder.forPort(port, credentials).addService(new HostnameGreeter(hostname)).addService(// convenient for command line tools
    ProtoReflectionService.newInstance()).addService(// allow management servers to monitor health
    health.getHealthService()).build().start();
    final Server healthServer = XdsServerBuilder.forPort(healthPort, InsecureServerCredentials.create()).addService(// allow management servers to monitor health
    health.getHealthService()).build().start();
    System.out.println("Listening on port " + port);
    System.out.println("Plaintext health service listening on port " + healthPort);
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            health.setStatus("", ServingStatus.NOT_SERVING);
            // Start graceful shutdown
            server.shutdown();
            try {
                // Wait for RPCs to complete processing
                if (!server.awaitTermination(30, TimeUnit.SECONDS)) {
                    // That was plenty of time. Let's cancel the remaining RPCs
                    server.shutdownNow();
                    // shutdownNow isn't instantaneous, so give a bit of time to clean resources up
                    // gracefully. Normally this will be well under a second.
                    server.awaitTermination(5, TimeUnit.SECONDS);
                }
                healthServer.shutdownNow();
                healthServer.awaitTermination(5, TimeUnit.SECONDS);
            } catch (InterruptedException ex) {
                server.shutdownNow();
                healthServer.shutdownNow();
            }
        }
    });
    // This would normally be tied to the service's dependencies. For example, if HostnameGreeter
    // used a Channel to contact a required service, then when 'channel.getState() ==
    // TRANSIENT_FAILURE' we'd want to set NOT_SERVING. But HostnameGreeter has no dependencies, so
    // hard-coding SERVING is appropriate.
    health.setStatus("", ServingStatus.SERVING);
    server.awaitTermination();
}
Also used : HealthStatusManager(io.grpc.services.HealthStatusManager) Server(io.grpc.Server) ServerCredentials(io.grpc.ServerCredentials) InsecureServerCredentials(io.grpc.InsecureServerCredentials) XdsServerCredentials(io.grpc.xds.XdsServerCredentials)

Aggregations

InsecureServerCredentials (io.grpc.InsecureServerCredentials)2 ServerCredentials (io.grpc.ServerCredentials)2 ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)1 Server (io.grpc.Server)1 TlsServerCredentials (io.grpc.TlsServerCredentials)1 HealthStatusManager (io.grpc.services.HealthStatusManager)1 XdsServerCredentials (io.grpc.xds.XdsServerCredentials)1 SslContext (io.netty.handler.ssl.SslContext)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 SSLException (javax.net.ssl.SSLException)1