Example 6 with AdvancedTlsX509TrustManager
use of io.grpc.util.AdvancedTlsX509TrustManager in project grpc-java by grpc.
the class AdvancedTlsTest method onFileLoadingKeyManagerTrustManagerTest.
@Test
public void onFileLoadingKeyManagerTrustManagerTest() throws Exception {
// Create & start a server.
AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File);
AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
serverTrustManager.updateTrustCredentialsFromFile(caCertFile);
ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
// Create a client to connect.
AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File);
AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
clientTrustManager.updateTrustCredentialsFromFile(caCertFile);
ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
// Start the connection.
try {
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Send an actual request, via the full GRPC & network stack, and check that a proper
// response comes back.
client.unaryRpc(SimpleRequest.getDefaultInstance());
} catch (StatusRuntimeException e) {
e.printStackTrace();
fail("Find error: " + e.getMessage());
}
}
Also used :
AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
StatusRuntimeException(io.grpc.StatusRuntimeException)
SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc)
Test(org.junit.Test)
Example 7 with AdvancedTlsX509TrustManager
use of io.grpc.util.AdvancedTlsX509TrustManager in project grpc-java by grpc.
the class AdvancedTlsTest method trustManagerInsecurelySkipAllTest.
@Test
public void trustManagerInsecurelySkipAllTest() throws Exception {
AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
// Even if we provide bad credentials for the server, the test should still pass, because we
// will configure the client to skip all checks later.
serverKeyManager.updateIdentityCredentials(serverKeyBad, serverCertBad);
AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
}
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
}
}).build();
serverTrustManager.updateTrustCredentials(caCert);
ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
clientKeyManager.updateIdentityCredentials(clientKey0, clientCert0);
// Set the client to skip all checks, including traditional certificate verification.
// Note this is very dangerous in production environment - only do so if you are confident on
// what you are doing!
AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).setSslSocketAndEnginePeerVerifier(new SslSocketAndEnginePeerVerifier() {
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, Socket socket) throws CertificateException {
}
@Override
public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authType, SSLEngine engine) throws CertificateException {
}
}).build();
clientTrustManager.updateTrustCredentials(caCert);
ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).build();
// Start the connection.
try {
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
client.unaryRpc(SimpleRequest.getDefaultInstance());
} catch (StatusRuntimeException e) {
fail("Failed to make a connection");
e.printStackTrace();
}
}
Also used :
AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager)
SslSocketAndEnginePeerVerifier(io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier)
SSLEngine(javax.net.ssl.SSLEngine)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
StatusRuntimeException(io.grpc.StatusRuntimeException)
SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc)
Socket(java.net.Socket)
Test(org.junit.Test)
Example 8 with AdvancedTlsX509TrustManager
use of io.grpc.util.AdvancedTlsX509TrustManager in project grpc-java by grpc.
the class AdvancedTlsTest method onFileReloadingTrustManagerBadInitialContentTest.
@Test
public void onFileReloadingTrustManagerBadInitialContentTest() throws Exception {
exceptionRule.expect(GeneralSecurityException.class);
AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
// We pass in a key as the trust certificates to intentionally create an exception.
Closeable trustShutdown = trustManager.updateTrustCredentialsFromFile(serverKey0File, 100, TimeUnit.MILLISECONDS, executor);
trustShutdown.close();
}
Also used :
Closeable(java.io.Closeable)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
Test(org.junit.Test)
Example 9 with AdvancedTlsX509TrustManager
use of io.grpc.util.AdvancedTlsX509TrustManager in project grpc-java by grpc.
the class AdvancedTlsTest method trustManagerCheckServerTrustedWithoutParameterTest.
@Test
public void trustManagerCheckServerTrustedWithoutParameterTest() throws Exception {
exceptionRule.expect(CertificateException.class);
exceptionRule.expectMessage("Not enough information to validate peer. SSLEngine or Socket required.");
AdvancedTlsX509TrustManager tm = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.INSECURELY_SKIP_ALL_VERIFICATION).build();
tm.checkServerTrusted(serverCert0, "RSA");
}
Also used :
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
Test(org.junit.Test)
Example 10 with AdvancedTlsX509TrustManager
use of io.grpc.util.AdvancedTlsX509TrustManager in project grpc-java by grpc.
the class AdvancedTlsTest method onFileReloadingKeyManagerTrustManagerTest.
@Test
public void onFileReloadingKeyManagerTrustManagerTest() throws Exception {
// Create & start a server.
AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
Closeable serverKeyShutdown = serverKeyManager.updateIdentityCredentialsFromFile(serverKey0File, serverCert0File, 100, TimeUnit.MILLISECONDS, executor);
AdvancedTlsX509TrustManager serverTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_ONLY_VERIFICATION).build();
Closeable serverTrustShutdown = serverTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
ServerCredentials serverCredentials = TlsServerCredentials.newBuilder().keyManager(serverKeyManager).trustManager(serverTrustManager).clientAuth(ClientAuth.REQUIRE).build();
server = Grpc.newServerBuilderForPort(0, serverCredentials).addService(new SimpleServiceImpl()).build().start();
// Create a client to connect.
AdvancedTlsX509KeyManager clientKeyManager = new AdvancedTlsX509KeyManager();
Closeable clientKeyShutdown = clientKeyManager.updateIdentityCredentialsFromFile(clientKey0File, clientCert0File, 100, TimeUnit.MILLISECONDS, executor);
AdvancedTlsX509TrustManager clientTrustManager = AdvancedTlsX509TrustManager.newBuilder().setVerification(Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION).build();
Closeable clientTrustShutdown = clientTrustManager.updateTrustCredentialsFromFile(caCertFile, 100, TimeUnit.MILLISECONDS, executor);
ChannelCredentials channelCredentials = TlsChannelCredentials.newBuilder().keyManager(clientKeyManager).trustManager(clientTrustManager).build();
channel = Grpc.newChannelBuilderForAddress("localhost", server.getPort(), channelCredentials).overrideAuthority("foo.test.google.com.au").build();
// Start the connection.
try {
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Send an actual request, via the full GRPC & network stack, and check that a proper
// response comes back.
client.unaryRpc(SimpleRequest.getDefaultInstance());
} catch (StatusRuntimeException e) {
e.printStackTrace();
fail("Find error: " + e.getMessage());
}
// Clean up.
serverKeyShutdown.close();
serverTrustShutdown.close();
clientKeyShutdown.close();
clientTrustShutdown.close();
}
Also used :
AdvancedTlsX509KeyManager(io.grpc.util.AdvancedTlsX509KeyManager)
TlsServerCredentials(io.grpc.TlsServerCredentials)
ServerCredentials(io.grpc.ServerCredentials)
ChannelCredentials(io.grpc.ChannelCredentials)
TlsChannelCredentials(io.grpc.TlsChannelCredentials)
Closeable(java.io.Closeable)
AdvancedTlsX509TrustManager(io.grpc.util.AdvancedTlsX509TrustManager)
StatusRuntimeException(io.grpc.StatusRuntimeException)
SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc)
Test(org.junit.Test)
Aggregations
AdvancedTlsX509TrustManager (io.grpc.util.AdvancedTlsX509TrustManager)11
Test (org.junit.Test)11
ChannelCredentials (io.grpc.ChannelCredentials)5
ServerCredentials (io.grpc.ServerCredentials)5
StatusRuntimeException (io.grpc.StatusRuntimeException)5
TlsChannelCredentials (io.grpc.TlsChannelCredentials)5
TlsServerCredentials (io.grpc.TlsServerCredentials)5
SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)5
AdvancedTlsX509KeyManager (io.grpc.util.AdvancedTlsX509KeyManager)5
Socket (java.net.Socket)4
SslSocketAndEnginePeerVerifier (io.grpc.util.AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier)3
SSLEngine (javax.net.ssl.SSLEngine)3
Closeable (java.io.Closeable)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)1
