Examples with DownstreamTlsContext io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext used on opensource projects

Search in sources :

Example 11 with DownstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext in project grpc-java by grpc.

the class TlsContextManagerTest method createServerSslContextProvider_differentInstance.

@Test
public void createServerSslContextProvider_differentInstance() {
    Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils.buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, CA_PEM_FILE, "cert-instance2", SERVER_0_KEY_FILE, SERVER_0_PEM_FILE, CA_PEM_FILE);
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildDownstreamTlsContext("google_cloud_private_spiffe-server", false, false);
    TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
    SslContextProvider serverSecretProvider = tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
    assertThat(serverSecretProvider).isNotNull();
    DownstreamTlsContext downstreamTlsContext1 = CommonTlsContextTestsUtil.buildDownstreamTlsContext("cert-instance2", true, true);
    SslContextProvider serverSecretProvider1 = tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext1);
    assertThat(serverSecretProvider1).isNotNull();
    assertThat(serverSecretProvider1).isNotSameInstanceAs(serverSecretProvider);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) Test(org.junit.Test)

Example 12 with DownstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext in project grpc-java by grpc.

the class TlsContextManagerTest method createServerSslContextProvider.

@Test
public void createServerSslContextProvider() {
    Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils.buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null);
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildDownstreamTlsContext("google_cloud_private_spiffe-server", false, false);
    TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
    SslContextProvider serverSecretProvider = tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
    assertThat(serverSecretProvider).isNotNull();
    SslContextProvider serverSecretProvider1 = tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
    assertThat(serverSecretProvider1).isSameInstanceAs(serverSecretProvider);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) Test(org.junit.Test)

Example 13 with DownstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext in project grpc-java by grpc.

the class TlsContextManagerTest method createServerSslContextProvider_releaseInstance.

@Test
public void createServerSslContextProvider_releaseInstance() {
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildDownstreamTlsContext("google_cloud_private_spiffe-server", false, false);
    TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(mockClientFactory, mockServerFactory);
    SslContextProvider mockProvider = mock(SslContextProvider.class);
    when(mockServerFactory.create(downstreamTlsContext)).thenReturn(mockProvider);
    SslContextProvider serverSecretProvider = tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
    assertThat(serverSecretProvider).isSameInstanceAs(mockProvider);
    verify(mockProvider, never()).close();
    when(mockProvider.getDownstreamTlsContext()).thenReturn(downstreamTlsContext);
    tlsContextManagerImpl.releaseServerSslContextProvider(mockProvider);
    verify(mockProvider, times(1)).close();
}
Also used : DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) Test(org.junit.Test)

Example 14 with DownstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext in project grpc-java by grpc.

the class XdsSdsClientServerTest method requireClientAuth_noClientCert_expectException.

@Test
public void requireClientAuth_noClientCert_expectException() throws Exception {
    DownstreamTlsContext downstreamTlsContext = setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, true, true);
    buildServerWithTlsContext(downstreamTlsContext);
    // for TLS, client only uses trustCa
    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(CLIENT_KEY_FILE, CLIENT_PEM_FILE, false);
    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = getBlockingStub(upstreamTlsContext, /* overrideAuthority= */
    OVERRIDE_AUTHORITY);
    try {
        unaryRpc(/* requestMessage= */
        "buddy", blockingStub);
        fail("exception expected");
    } catch (StatusRuntimeException sre) {
        if (sre.getCause() instanceof SSLHandshakeException) {
            assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class);
            assertThat(sre).hasCauseThat().hasMessageThat().contains("HANDSHAKE_FAILURE");
        } else {
            // Client cert verification is after handshake in TLSv1.3
            assertThat(sre).hasCauseThat().hasCauseThat().isInstanceOf(SSLException.class);
            assertThat(sre).hasCauseThat().hasMessageThat().contains("CERTIFICATE_REQUIRED");
        }
    }
}
Also used : DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) SSLException(javax.net.ssl.SSLException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Test(org.junit.Test)

Example 15 with DownstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext in project grpc-java by grpc.

the class XdsSdsClientServerTest method mtlsClientServer_changeServerContext_expectException.

/**
 * mTLS - client auth enabled then update server certs to untrusted.
 */
@Test
public void mtlsClientServer_changeServerContext_expectException() throws Exception {
    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(CLIENT_KEY_FILE, CLIENT_PEM_FILE, true);
    performMtlsTestAndGetListenerWatcher(upstreamTlsContext, "cert-instance-name2", BAD_SERVER_KEY_FILE, BAD_SERVER_PEM_FILE, CA_PEM_FILE);
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildDownstreamTlsContext("cert-instance-name2", true, true);
    EnvoyServerProtoData.Listener listener = buildListener("listener1", "0.0.0.0", downstreamTlsContext, tlsContextManagerForServer);
    xdsClient.deliverLdsUpdate(LdsUpdate.forTcpListener(listener));
    try {
        SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = getBlockingStub(upstreamTlsContext, OVERRIDE_AUTHORITY);
        assertThat(unaryRpc("buddy", blockingStub)).isEqualTo("Hello buddy");
        fail("exception expected");
    } catch (StatusRuntimeException sre) {
        assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class);
        assertThat(sre).hasCauseThat().hasMessageThat().isEqualTo("General OpenSslEngine problem");
    }
}
Also used : UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) StatusRuntimeException(io.grpc.StatusRuntimeException) SimpleServiceGrpc(io.grpc.testing.protobuf.SimpleServiceGrpc) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Test(org.junit.Test)

Aggregations

DownstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext)18 Test (org.junit.Test)15 Bootstrapper (io.grpc.xds.Bootstrapper)9 SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)6 CertProviderServerSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider)6 UpstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext)4 StatusRuntimeException (io.grpc.StatusRuntimeException)3 CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)2 CommonTlsContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext)2 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)2 Attributes (io.grpc.Attributes)1 FakeClock (io.grpc.internal.FakeClock)1 InternalProtocolNegotiationEvent (io.grpc.netty.InternalProtocolNegotiationEvent)1 ProtocolNegotiationEvent (io.grpc.netty.ProtocolNegotiationEvent)1 EnvoyServerProtoData (io.grpc.xds.EnvoyServerProtoData)1 InternalXdsAttributes (io.grpc.xds.InternalXdsAttributes)1 EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)1 SslContext (io.netty.handler.ssl.SslContext)1 InetSocketAddress (java.net.InetSocketAddress)1 SocketAddress (java.net.SocketAddress)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial