Search in sources :

Example 1 with TlsChannelCredentials

use of io.grpc.TlsChannelCredentials in project grpc-java by grpc.

the class ProtocolNegotiators method from.

public static FromChannelCredentialsResult from(ChannelCredentials creds) {
    if (creds instanceof TlsChannelCredentials) {
        TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
        Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return FromChannelCredentialsResult.error("TLS features not understood: " + incomprehensible);
        }
        SslContextBuilder builder = GrpcSslContexts.forClient();
        if (tlsCreds.getKeyManagers() != null) {
            builder.keyManager(new FixedKeyManagerFactory(tlsCreds.getKeyManagers()));
        } else if (tlsCreds.getPrivateKey() != null) {
            builder.keyManager(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
        }
        if (tlsCreds.getTrustManagers() != null) {
            builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
        } else if (tlsCreds.getRootCertificates() != null) {
            builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
        }
        // else use system default
        try {
            return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build()));
        } catch (SSLException ex) {
            log.log(Level.FINE, "Exception building SslContext", ex);
            return FromChannelCredentialsResult.error("Unable to create SslContext: " + ex.getMessage());
        }
    } else if (creds instanceof InsecureChannelCredentials) {
        return FromChannelCredentialsResult.negotiator(plaintextClientFactory());
    } else if (creds instanceof CompositeChannelCredentials) {
        CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
        return from(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
    } else if (creds instanceof NettyChannelCredentials) {
        NettyChannelCredentials nettyCreds = (NettyChannelCredentials) creds;
        return FromChannelCredentialsResult.negotiator(nettyCreds.getNegotiator());
    } else if (creds instanceof ChoiceChannelCredentials) {
        ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
        StringBuilder error = new StringBuilder();
        for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
            FromChannelCredentialsResult result = from(innerCreds);
            if (result.error == null) {
                return result;
            }
            error.append(", ");
            error.append(result.error);
        }
        return FromChannelCredentialsResult.error(error.substring(2));
    } else {
        return FromChannelCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
    }
}
Also used : CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) SSLException(javax.net.ssl.SSLException) ByteArrayInputStream(java.io.ByteArrayInputStream) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) ChannelCredentials(io.grpc.ChannelCredentials) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)

Example 2 with TlsChannelCredentials

use of io.grpc.TlsChannelCredentials in project grpc-java by grpc.

the class OkHttpChannelBuilder method sslSocketFactoryFrom.

static SslSocketFactoryResult sslSocketFactoryFrom(ChannelCredentials creds) {
    if (creds instanceof TlsChannelCredentials) {
        TlsChannelCredentials tlsCreds = (TlsChannelCredentials) creds;
        Set<TlsChannelCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return SslSocketFactoryResult.error("TLS features not understood: " + incomprehensible);
        }
        KeyManager[] km = null;
        if (tlsCreds.getKeyManagers() != null) {
            km = tlsCreds.getKeyManagers().toArray(new KeyManager[0]);
        } else if (tlsCreds.getPrivateKey() != null) {
            return SslSocketFactoryResult.error("byte[]-based private key unsupported. Use KeyManager");
        }
        // else don't have a client cert
        TrustManager[] tm = null;
        if (tlsCreds.getTrustManagers() != null) {
            tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
        } else if (tlsCreds.getRootCertificates() != null) {
            try {
                tm = createTrustManager(tlsCreds.getRootCertificates());
            } catch (GeneralSecurityException gse) {
                log.log(Level.FINE, "Exception loading root certificates from credential", gse);
                return SslSocketFactoryResult.error("Unable to load root certificates: " + gse.getMessage());
            }
        }
        // else use system default
        SSLContext sslContext;
        try {
            sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
            sslContext.init(km, tm, null);
        } catch (GeneralSecurityException gse) {
            throw new RuntimeException("TLS Provider failure", gse);
        }
        return SslSocketFactoryResult.factory(sslContext.getSocketFactory());
    } else if (creds instanceof InsecureChannelCredentials) {
        return SslSocketFactoryResult.plaintext();
    } else if (creds instanceof CompositeChannelCredentials) {
        CompositeChannelCredentials compCreds = (CompositeChannelCredentials) creds;
        return sslSocketFactoryFrom(compCreds.getChannelCredentials()).withCallCredentials(compCreds.getCallCredentials());
    } else if (creds instanceof SslSocketFactoryChannelCredentials.ChannelCredentials) {
        SslSocketFactoryChannelCredentials.ChannelCredentials factoryCreds = (SslSocketFactoryChannelCredentials.ChannelCredentials) creds;
        return SslSocketFactoryResult.factory(factoryCreds.getFactory());
    } else if (creds instanceof ChoiceChannelCredentials) {
        ChoiceChannelCredentials choiceCreds = (ChoiceChannelCredentials) creds;
        StringBuilder error = new StringBuilder();
        for (ChannelCredentials innerCreds : choiceCreds.getCredentialsList()) {
            SslSocketFactoryResult result = sslSocketFactoryFrom(innerCreds);
            if (result.error == null) {
                return result;
            }
            error.append(", ");
            error.append(result.error);
        }
        return SslSocketFactoryResult.error(error.substring(2));
    } else {
        return SslSocketFactoryResult.error("Unsupported credential type: " + creds.getClass().getName());
    }
}
Also used : CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) TrustManager(javax.net.ssl.TrustManager) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials) TlsChannelCredentials(io.grpc.TlsChannelCredentials) InsecureChannelCredentials(io.grpc.InsecureChannelCredentials) CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) ChannelCredentials(io.grpc.ChannelCredentials) KeyManager(javax.net.ssl.KeyManager) ChoiceChannelCredentials(io.grpc.ChoiceChannelCredentials)

Aggregations

ChannelCredentials (io.grpc.ChannelCredentials)2 ChoiceChannelCredentials (io.grpc.ChoiceChannelCredentials)2 CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)2 InsecureChannelCredentials (io.grpc.InsecureChannelCredentials)2 TlsChannelCredentials (io.grpc.TlsChannelCredentials)2 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyManager (javax.net.ssl.KeyManager)1 SSLContext (javax.net.ssl.SSLContext)1 SSLException (javax.net.ssl.SSLException)1 TrustManager (javax.net.ssl.TrustManager)1