Example 1 with TlsServerCredentials
use of io.grpc.TlsServerCredentials in project grpc-java by grpc.
the class ProtocolNegotiators method from.
public static FromServerCredentialsResult from(ServerCredentials creds) {
if (creds instanceof TlsServerCredentials) {
TlsServerCredentials tlsCreds = (TlsServerCredentials) creds;
Set<TlsServerCredentials.Feature> incomprehensible = tlsCreds.incomprehensible(understoodServerTlsFeatures);
if (!incomprehensible.isEmpty()) {
return FromServerCredentialsResult.error("TLS features not understood: " + incomprehensible);
}
SslContextBuilder builder;
if (tlsCreds.getKeyManagers() != null) {
builder = GrpcSslContexts.configure(SslContextBuilder.forServer(new FixedKeyManagerFactory(tlsCreds.getKeyManagers())));
} else if (tlsCreds.getPrivateKey() != null) {
builder = GrpcSslContexts.forServer(new ByteArrayInputStream(tlsCreds.getCertificateChain()), new ByteArrayInputStream(tlsCreds.getPrivateKey()), tlsCreds.getPrivateKeyPassword());
} else {
throw new AssertionError("BUG! No key");
}
if (tlsCreds.getTrustManagers() != null) {
builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
} else if (tlsCreds.getRootCertificates() != null) {
builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
}
// else use system default
switch(tlsCreds.getClientAuth()) {
case OPTIONAL:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.OPTIONAL);
break;
case REQUIRE:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
break;
case NONE:
builder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
break;
default:
return FromServerCredentialsResult.error("Unknown TlsServerCredentials.ClientAuth value: " + tlsCreds.getClientAuth());
}
SslContext sslContext;
try {
sslContext = builder.build();
} catch (SSLException ex) {
throw new IllegalArgumentException("Unexpected error converting ServerCredentials to Netty SslContext", ex);
}
return FromServerCredentialsResult.negotiator(serverTlsFactory(sslContext));
} else if (creds instanceof InsecureServerCredentials) {
return FromServerCredentialsResult.negotiator(serverPlaintextFactory());
} else if (creds instanceof NettyServerCredentials) {
NettyServerCredentials nettyCreds = (NettyServerCredentials) creds;
return FromServerCredentialsResult.negotiator(nettyCreds.getNegotiator());
} else if (creds instanceof ChoiceServerCredentials) {
ChoiceServerCredentials choiceCreds = (ChoiceServerCredentials) creds;
StringBuilder error = new StringBuilder();
for (ServerCredentials innerCreds : choiceCreds.getCredentialsList()) {
FromServerCredentialsResult result = from(innerCreds);
if (result.error == null) {
return result;
}
error.append(", ");
error.append(result.error);
}
return FromServerCredentialsResult.error(error.substring(2));
} else {
return FromServerCredentialsResult.error("Unsupported credential type: " + creds.getClass().getName());
}
}
Also used :
ChoiceServerCredentials(io.grpc.ChoiceServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
InsecureServerCredentials(io.grpc.InsecureServerCredentials)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ChoiceServerCredentials(io.grpc.ChoiceServerCredentials)
SSLException(javax.net.ssl.SSLException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
InsecureServerCredentials(io.grpc.InsecureServerCredentials)
TlsServerCredentials(io.grpc.TlsServerCredentials)
SslContext(io.netty.handler.ssl.SslContext)
Aggregations
ChoiceServerCredentials (io.grpc.ChoiceServerCredentials)1
InsecureServerCredentials (io.grpc.InsecureServerCredentials)1
ServerCredentials (io.grpc.ServerCredentials)1
TlsServerCredentials (io.grpc.TlsServerCredentials)1
SslContext (io.netty.handler.ssl.SslContext)1
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
SSLException (javax.net.ssl.SSLException)1
