use of io.grpc.TlsChannelCredentials in project grpc-java by grpc.
the class ProtocolNegotiators method from.
public static FromChannelCredentialsResult from(ChannelCredentials creds) {
if (creds instanceof TlsChannelCredentials) {
TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
if (!incomprehensible.isEmpty()) {
return FromChannelCredentialsResult.error("TLS features not understood: " + incomprehensible);
}
SslContextBuilder builder = GrpcSslContexts.forClient();
if (tlsCreds.getKeyManagers() != null) {
builder.keyManager(new FixedKeyManagerFactory(tlsCreds.getKeyManagers()));
} else if (tlsCreds.getPrivateKey() != null) {
builder.keyManager(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
}
if (tlsCreds.getTrustManagers() != null) {
builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
} else if (tlsCreds.getRootCertificates() != null) {
builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
}
// else use system default
try {
return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build()));
} catch (SSLException ex) {
log.log(Level.FINE, "Exception building SslContext", ex);
return FromChannelCredentialsResult.error("Unable to create SslContext: " + ex.getMessage());
}
} else if (creds instanceof InsecureChannelCredentials) {
return FromChannelCredentialsResult.negotiator(plaintextClientFactory());
} else if (creds instanceof CompositeChannelCredentials) {
CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
return from(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
} else if (creds instanceof NettyChannelCredentials) {
NettyChannelCredentials nettyCreds = (NettyChannelCredentials) creds;
return FromChannelCredentialsResult.negotiator(nettyCreds.getNegotiator());
} else if (creds instanceof ChoiceChannelCredentials) {
ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
StringBuilder error = new StringBuilder();
for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
FromChannelCredentialsResult result = from(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return FromChannelCredentialsResult.error(error.substring(2));
} else {
return FromChannelCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
use of io.grpc.TlsChannelCredentials in project grpc-java by grpc.
the class OkHttpChannelBuilder method sslSocketFactoryFrom.
static SslSocketFactoryResult sslSocketFactoryFrom(ChannelCredentials creds) {
if (creds instanceof TlsChannelCredentials) {
TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
if (!incomprehensible.isEmpty()) {
return SslSocketFactoryResult.error("TLS features not understood: " + incomprehensible);
}
KeyManager[] km = null;
if (tlsCreds.getKeyManagers() != null) {
km = tlsCreds.getKeyManagers().toArray(new KeyManager[0]);
} else if (tlsCreds.getPrivateKey() != null) {
return SslSocketFactoryResult.error("byte[]-based private key unsupported. Use KeyManager");
}
// else don't have a client cert
TrustManager[] tm = null;
if (tlsCreds.getTrustManagers() != null) {
tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
} else if (tlsCreds.getRootCertificates() != null) {
try {
tm = createTrustManager(tlsCreds.getRootCertificates());
} catch (GeneralSecurityException gse) {
log.log(Level.FINE, "Exception loading root certificates from credential", gse);
return SslSocketFactoryResult.error("Unable to load root certificates: " + gse.getMessage());
}
}
// else use system default
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
sslContext.init(km, tm, null);
} catch (GeneralSecurityException gse) {
throw new RuntimeException("TLS Provider failure", gse);
}
return SslSocketFactoryResult.factory(sslContext.getSocketFactory());
} else if (creds instanceof InsecureChannelCredentials) {
return SslSocketFactoryResult.plaintext();
} else if (creds instanceof CompositeChannelCredentials) {
CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
return sslSocketFactoryFrom(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
} else if (creds instanceof SslSocketFactoryChannelCredentials.ChannelCredentials) {
SslSocketFactoryChannelCredentials.ChannelCredentials factoryCreds = (SslSocketFactoryChannelCredentials.ChannelCredentials) creds;
return SslSocketFactoryResult.factory(factoryCreds.getFactory());
} else if (creds instanceof ChoiceChannelCredentials) {
ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
StringBuilder error = new StringBuilder();
for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
SslSocketFactoryResult result = sslSocketFactoryFrom(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return SslSocketFactoryResult.error(error.substring(2));
} else {
return SslSocketFactoryResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
Aggregations