Search in sources :

Example 1 with TlsServerCredentials

use of io.grpc.TlsServerCredentials in project grpc-java by grpc.

the class ProtocolNegotiators method from.

public static FromServerCredentialsResult from(ServerCredentials creds) {
    if (creds instanceof TlsServerCredentials) {
        TlsServerCredentials tlsCreds = (TlsServerCredentials) creds;
        Set<TlsServerCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodServerTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return FromServerCredentialsResult.error("TLS features not understood: " + incomprehensible);
        }
        SslContextBuilder builder;
        if (tlsCreds.getKeyManagers() != null) {
            builder = GrpcSslContexts.configure(SslContextBuilder.forServer(new FixedKeyManagerFactory(tlsCreds.getKeyManagers())));
        } else if (tlsCreds.getPrivateKey() != null) {
            builder = GrpcSslContexts.forServer(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
        } else {
            throw new AssertionError("BUG! No key");
        }
        if (tlsCreds.getTrustManagers() != null) {
            builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
        } else if (tlsCreds.getRootCertificates() != null) {
            builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
        }
        // else use system default
        switch(tlsCreds.getClientAuth()) {
            case OPTIONAL:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.OPTIONAL);
                break;
            case REQUIRE:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
                break;
            case NONE:
                builder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
                break;
            default:
                return FromServerCredentialsResult.error("Unknown TlsServerCredentials.ClientAuth value: " + tlsCreds.getClientAuth());
        }
        SslContext sslContext;
        try {
            sslContext = builder.build();
        } catch (SSLException ex) {
            throw new IllegalArgumentException("Unexpected error converting ServerCredentials to Netty SslContext", ex);
        }
        return FromServerCredentialsResult.negotiator(serverTlsFactory(sslContext));
    } else if (creds instanceof InsecureServerCredentials) {
        return FromServerCredentialsResult.negotiator(serverPlaintextFactory());
    } else if (creds instanceof NettyServerCredentials) {
        NettyServerCredentials nettyCreds = (NettyServerCredentials) creds;
        return FromServerCredentialsResult.negotiator(nettyCreds.getNegotiator());
    } else if (creds instanceof ChoiceServerCredentials) {
        ChoiceServerCredentials choiceCreds = (ChoiceServerCredentials) creds;
        StringBuilder error = new StringBuilder();
        for (ServerCredentials innerCreds : choiceCreds.getCredentialsList()) {
            FromServerCredentialsResult result = from(innerCreds);
            if (result.error == null) {
                return result;
            }
            error.append(", ");
            error.append(result.error);
        }
        return FromServerCredentialsResult.error(error.substring(2));
    } else {
        return FromServerCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
    }
}
Also used : ChoiceServerCredentials(io.grpc.ChoiceServerCredentials) ServerCredentials(io.grpc.ServerCredentials) InsecureServerCredentials(io.grpc.InsecureServerCredentials) TlsServerCredentials(io.grpc.TlsServerCredentials) ChoiceServerCredentials(io.grpc.ChoiceServerCredentials) SSLException(javax.net.ssl.SSLException) ByteArrayInputStream(java.io.ByteArrayInputStream) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) InsecureServerCredentials(io.grpc.InsecureServerCredentials) TlsServerCredentials(io.grpc.TlsServerCredentials) SslContext(io.netty.handler.ssl.SslContext)

Aggregations

ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)1 InsecureServerCredentials (io.grpc.InsecureServerCredentials)1 ServerCredentials (io.grpc.ServerCredentials)1 TlsServerCredentials (io.grpc.TlsServerCredentials)1 SslContext (io.netty.handler.ssl.SslContext)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 SSLException (javax.net.ssl.SSLException)1