Search in sources :

Example 16 with ServerCredentials

use of io.grpc.ServerCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method trustManagerInsecurelySkipAllTest.

@Test
public void trustManagerInsecurelySkipAllTest() throws Exception {
    AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
    // Even if we provide bad credentials for the server, the test should still pass, because we
    // will configure the client to skip all checks later.
    serverKeyManager.updateIdentityCredentials(serverKeyBad, serverCertBad);
    AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
        }
    }).build();
    serverTrustManager.updateTrustCredentials(caCert);
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
    clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0);
    // Set the client to skip all checks, including traditional certificate verification.
    // Note this is very dangerous in production environment - only do so if you are confident on
    // what you are doing!
    AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
        }
    }).build();
    clientTrustManager.updateTrustCredentials(caCert);
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        fail("Failed to make a connection");
        e.printStackTrace();
    }
}
Also used : AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager) SslSocketAndEnginePeerVerifier(io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier) SSLEngine(javax.net.ssl.SSLEngine) TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) ChannelCredentials(io.grpc.ChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) Socket(java.net.Socket) Test(org.junit.Test)

Example 17 with ServerCredentials

use of io.grpc.ServerCredentials in project grpc-java by grpc.

the class AdvancedTlsTest method onFileReloadingKeyManagerTrustManagerTest.

@Test
public void onFileReloadingKeyManagerTrustManagerTest() throws Exception {
    // Create & start a server.
    AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
    Closeable serverKeyShutdown = serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File, 100, TimeUnit.MILLISECONDS, executor);
    AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
    Closeable serverTrustShutdown = serverTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
    ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
    server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
    // Create a client to connect.
    AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
    Closeable clientKeyShutdown = clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File, 100, TimeUnit.MILLISECONDS, executor);
    AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
    Closeable clientTrustShutdown = clientTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
    ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
    channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
    // Start the connection.
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
        // Send an actual request, via the full GRPC & network stack, and check that a proper
        // response comes back.
        client.unaryRpc(SimpleRequest.getDefaultInstance());
    } catch (StatusRuntimeException e) {
        e.printStackTrace();
        fail("Find error: " + e.getMessage());
    }
    // Clean up.
    serverKeyShutdown.close();
    serverTrustShutdown.close();
    clientKeyShutdown.close();
    clientTrustShutdown.close();
}
Also used : AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager) TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) ChannelCredentials(io.grpc.ChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) Closeable(java.io.Closeable) AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) Test(org.junit.Test)

Example 18 with ServerCredentials

use of io.grpc.ServerCredentials in project grpc-java by grpc.

the class AltsHandshakerTest method startAltsServer.

private void startAltsServer() throws Exception {
    ServerCredentials serverCredentials = AltsServerCredentials.newBuilder().enableUntrustedAltsForTesting().setHandshakerAddressForTesting("localhost:" + handshakerServer.getPort()).build();
    testServer = grpcCleanup.register(Grpc.newServerBuilderForPort(0, serverCredentials).addService(new TestServiceGrpc.TestServiceImplBase() {

        @Override
        public void unaryCall(SimpleRequest request, StreamObserver<SimpleResponse> so) {
            so.onNext(SimpleResponse.getDefaultInstance());
            so.onCompleted();
        }
    }).build()).start();
}
Also used : ServerCredentials(io.grpc.ServerCredentials) AltsServerCredentials(io.grpc.alts.AltsServerCredentials) SimpleResponse(io.grpc.testing.integration.Messages.SimpleResponse) SimpleRequest(io.grpc.testing.integration.Messages.SimpleRequest)

Example 19 with ServerCredentials

use of io.grpc.ServerCredentials in project grpc-java by grpc.

the class Http2OkHttpTest method getServerBuilder.

@Override
protected ServerBuilder<?> getServerBuilder() {
    // Starts the server with HTTPS.
    try {
        ServerCredentials serverCreds = TlsServerCredentials.create(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
        NettyServerBuilder builder = NettyServerBuilder.forPort(0, serverCreds).flowControlWindow(AbstractInteropTest.TEST_FLOW_CONTROL_WINDOW).maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE);
        // Disable the default census stats tracer, use testing tracer instead.
        InternalNettyServerBuilder.setStatsEnabled(builder, false);
        return builder.addStreamTracerFactory(createCustomCensusTracerFactory());
    } catch (IOException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : NettyServerBuilder(io.grpc.netty.NettyServerBuilder) InternalNettyServerBuilder(io.grpc.netty.InternalNettyServerBuilder) TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) IOException(java.io.IOException)

Example 20 with ServerCredentials

use of io.grpc.ServerCredentials in project grpc-java by grpc.

the class ShadingTest method tcnative.

@Test
public void tcnative() throws Exception {
    ServerCredentials serverCreds = TlsServerCredentials.create(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    server = Grpc.newServerBuilderForPort(0, serverCreds).addService(new SimpleServiceImpl()).build().start();
    ChannelCredentials creds = NettySslContextChannelCredentials.create(GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.OPENSSL).trustManager(TestUtils.loadCert("ca.pem")).build());
    channel = Grpc.newChannelBuilder("localhost:" + server.getPort(), creds).overrideAuthority("foo.test.google.fr").build();
    SimpleServiceBlockingStub stub = SimpleServiceGrpc.newBlockingStub(channel);
    assertThat(SimpleResponse.getDefaultInstance()).isEqualTo(stub.unaryRpc(SimpleRequest.getDefaultInstance()));
}
Also used : TlsServerCredentials(io.grpc.TlsServerCredentials) ServerCredentials(io.grpc.ServerCredentials) InsecureServerCredentials(io.grpc.InsecureServerCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) ChannelCredentials(io.grpc.ChannelCredentials) NettySslContextChannelCredentials(io.grpc.netty.shaded.io.grpc.netty.NettySslContextChannelCredentials) SimpleServiceBlockingStub(io.grpc.testing.protobuf.SimpleServiceGrpc.SimpleServiceBlockingStub) Test(org.junit.Test)

Aggregations

ServerCredentials (io.grpc.ServerCredentials)27 TlsServerCredentials (io.grpc.TlsServerCredentials)21 InsecureServerCredentials (io.grpc.InsecureServerCredentials)16 Test (org.junit.Test)16 ChannelCredentials (io.grpc.ChannelCredentials)14 TlsChannelCredentials (io.grpc.TlsChannelCredentials)13 ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)10 InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)8 ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)7 CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)7 StatusRuntimeException (io.grpc.StatusRuntimeException)7 InternalChannelz (io.grpc.InternalChannelz)6 SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)6 AdvancedTlsX509KeyManager (io.grpc.util.AdvancedTlsX509KeyManager)5 AdvancedTlsX509TrustManager (io.grpc.util.AdvancedTlsX509TrustManager)5 NettyServerBuilder (io.grpc.netty.NettyServerBuilder)4 InternalNettyServerBuilder (io.grpc.netty.InternalNettyServerBuilder)3 AltsServerCredentials (io.grpc.alts.AltsServerCredentials)2 SslSocketAndEnginePeerVerifier (io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier)2 LocalAddress (io.netty.channel.local.LocalAddress)2