下面列出了io.grpc.testing.protobuf.SimpleServiceGrpc#SimpleServiceBlockingStub ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/** TLS channel - no mTLS. */
@Test
public void tlsClientServer_noClientAuthentication() throws IOException, URISyntaxException {
DownstreamTlsContext downstreamTlsContext =
CommonTlsContextTestsUtil.buildDownstreamTlsContextFromFilenames(
SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, null);
buildServerWithTlsContext(downstreamTlsContext);
// for TLS, client only needs trustCa
UpstreamTlsContext upstreamTlsContext =
CommonTlsContextTestsUtil.buildUpstreamTlsContextFromFilenames(
/* privateKey= */ null, /* certChain= */ null, CA_PEM_FILE);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ "foo.test.google.fr");
assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
}
@Test
public void requireClientAuth_noClientCert_expectException()
throws IOException, URISyntaxException {
DownstreamTlsContext downstreamTlsContext =
CommonTlsContextTestsUtil.buildDownstreamTlsContextFromFilenamesWithClientCertRequired(
SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, CA_PEM_FILE);
buildServerWithTlsContext(downstreamTlsContext);
// for TLS, client only uses trustCa
UpstreamTlsContext upstreamTlsContext =
CommonTlsContextTestsUtil.buildUpstreamTlsContextFromFilenames(
/* privateKey= */ null, /* certChain= */ null, CA_PEM_FILE);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ "foo.test.google.fr");
try {
unaryRpc(/* requestMessage= */ "buddy", blockingStub);
fail("exception expected");
} catch (StatusRuntimeException sre) {
assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class);
assertThat(sre).hasCauseThat().hasMessageThat().contains("HANDSHAKE_FAILURE");
}
}
@Test
public void tlsServer_plaintextClient_expectException() throws IOException, URISyntaxException {
DownstreamTlsContext downstreamTlsContext =
CommonTlsContextTestsUtil.buildDownstreamTlsContextFromFilenames(
SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, null);
buildServerWithTlsContext(downstreamTlsContext);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(/* upstreamTlsContext= */ null, /* overrideAuthority= */ null);
try {
unaryRpc("buddy", blockingStub);
fail("exception expected");
} catch (StatusRuntimeException sre) {
assertThat(sre.getStatus().getCode()).isEqualTo(Status.UNAVAILABLE.getCode());
assertThat(sre.getStatus().getDescription()).contains("Network closed");
}
}
/**
* Tests that a client and a server configured using GrpcSslContexts can successfully
* communicate with each other.
*/
@Test
public void basicClientServerIntegrationTest() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client.
File clientCertChainFile = TestUtils.loadCert("client.pem");
File clientPrivateKeyFile = TestUtils.loadCert("client.key");
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.keyManager(clientCertChainFile, clientPrivateKeyFile)
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Send an actual request, via the full GRPC & network stack, and check that a proper
// response comes back.
client.unaryRpc(SimpleRequest.getDefaultInstance());
}
/**
* Tests that a server configured to require client authentication actually does require client
* authentication.
*/
@Test
public void noClientAuthFailure() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client. It has no credentials.
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
/**
* Tests that a client configured using GrpcSslContexts refuses to talk to a server that has an
* an untrusted certificate.
*/
@Test
public void clientRejectsUntrustedServerCert() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("badserver.pem");
File serverPrivateKeyFile = TestUtils.loadCert("badserver.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client.
File clientCertChainFile = TestUtils.loadCert("client.pem");
File clientPrivateKeyFile = TestUtils.loadCert("client.key");
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.keyManager(clientCertChainFile, clientPrivateKeyFile)
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
// TODO(carl-mastrangelo): eventually replace this with a hamcrest matcher.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
/**
* Tests that a client configured using GrpcSslContexts refuses to talk to a server that has an
* an untrusted certificate.
*/
@Test
public void clientRejectsUntrustedServerCert() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("badserver.pem");
File serverPrivateKeyFile = TestUtils.loadCert("badserver.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client.
File clientCertChainFile = TestUtils.loadCert("client.pem");
File clientPrivateKeyFile = TestUtils.loadCert("client.key");
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.keyManager(clientCertChainFile, clientPrivateKeyFile)
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
// TODO(carl-mastrangelo): eventually replace this with a hamcrest matcher.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
@Test
public void plaintextClientServer() throws IOException, URISyntaxException {
buildServerWithTlsContext(/* downstreamTlsContext= */ null);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(/* upstreamTlsContext= */ null, /* overrideAuthority= */ null);
assertThat(unaryRpc("buddy", blockingStub)).isEqualTo("Hello buddy");
}
@Test
public void plaintextClientServer_withDefaultTlsContext() throws IOException, URISyntaxException {
DownstreamTlsContext defaultTlsContext =
EnvoyServerProtoData.DownstreamTlsContext.fromEnvoyProtoDownstreamTlsContext(
io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext.getDefaultInstance());
buildServerWithTlsContext(/* downstreamTlsContext= */ defaultTlsContext);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(/* upstreamTlsContext= */ null, /* overrideAuthority= */ null);
assertThat(unaryRpc("buddy", blockingStub)).isEqualTo("Hello buddy");
}
@Test
public void nullFallbackProtocolNegotiator_expectException()
throws IOException, URISyntaxException {
buildServerWithTlsContext(/* downstreamTlsContext= */ null,
/* fallbackProtocolNegotiator= */ null);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(/* upstreamTlsContext= */ null, /* overrideAuthority= */ null);
try {
unaryRpc("buddy", blockingStub);
fail("exception expected");
} catch (StatusRuntimeException sre) {
assertThat(sre.getStatus().getCode()).isEqualTo(Status.UNAVAILABLE.getCode());
}
}
@Test
public void noClientAuth_sendBadClientCert_passes() throws IOException, URISyntaxException {
DownstreamTlsContext downstreamTlsContext =
CommonTlsContextTestsUtil.buildDownstreamTlsContextFromFilenames(
SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, /* trustCa= */ null);
buildServerWithTlsContext(downstreamTlsContext);
UpstreamTlsContext upstreamTlsContext =
CommonTlsContextTestsUtil.buildUpstreamTlsContextFromFilenames(
BAD_CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, CA_PEM_FILE);
SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ "foo.test.google.fr");
assertThat(unaryRpc("buddy", blockingStub)).isEqualTo("Hello buddy");
}
/**
* Tests that a server configured to require client authentication actually does require client
* authentication.
*/
@Test
public void noClientAuthFailure() throws Exception {
// Create & start a server.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client. It has no credentials.
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
/**
* Tests that a server configured to require client authentication refuses to accept connections
* from a client that has an untrusted certificate.
*/
@Test
public void serverRejectsUntrustedClientCert() throws Exception {
// Create & start a server. It requires client authentication and trusts only the test CA.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client. Its credentials come from a CA that the server does not trust. The client
// trusts both test CAs, so we can be sure that the handshake failure is due to the server
// rejecting the client's cert, not the client rejecting the server's cert.
File clientCertChainFile = TestUtils.loadCert("badclient.pem");
File clientPrivateKeyFile = TestUtils.loadCert("badclient.key");
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.keyManager(clientCertChainFile, clientPrivateKeyFile)
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
@Test
public void serverAllowsServicesToBeAddedViaServiceRegistry_withoutDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule1.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule1.getChannel());
SimpleRequest request1 = SimpleRequest.getDefaultInstance();
SimpleRequest request2 = SimpleRequest.newBuilder().build();
stub.unaryRpc(request1);
stub.unaryRpc(request2);
assertThat(testService.unaryCallRequests).containsExactly(request1, request2);
}
@Test
public void serverAllowsServicesToBeAddedViaServiceRegistry_withDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule2.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule2.getChannel());
SimpleRequest request1 = SimpleRequest.getDefaultInstance();
SimpleRequest request2 = SimpleRequest.newBuilder().build();
stub.unaryRpc(request1);
stub.unaryRpc(request2);
assertThat(testService.unaryCallRequests).containsExactly(request1, request2);
}
@Test
public void serverAllowsServicesToBeAddedViaServiceRegistry_withoutDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule.getChannel());
SimpleRequest request1 = SimpleRequest.getDefaultInstance();
SimpleRequest request2 = SimpleRequest.newBuilder().build();
stub.unaryRpc(request1);
stub.unaryRpc(request2);
assertThat(testService.unaryCallRequests).containsExactly(request1, request2);
}
/**
* Tests that a server configured to require client authentication refuses to accept connections
* from a client that has an untrusted certificate.
*/
@Test
public void serverRejectsUntrustedClientCert() throws Exception {
// Create & start a server. It requires client authentication and trusts only the test CA.
File serverCertFile = TestUtils.loadCert("server1.pem");
File serverPrivateKeyFile = TestUtils.loadCert("server1.key");
X509Certificate[] serverTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
server = serverBuilder(0, serverCertFile, serverPrivateKeyFile, serverTrustedCaCerts)
.addService(new SimpleServiceImpl())
.build()
.start();
// Create a client. Its credentials come from a CA that the server does not trust. The client
// trusts both test CAs, so we can be sure that the handshake failure is due to the server
// rejecting the client's cert, not the client rejecting the server's cert.
File clientCertChainFile = TestUtils.loadCert("badclient.pem");
File clientPrivateKeyFile = TestUtils.loadCert("badclient.key");
X509Certificate[] clientTrustedCaCerts = {
TestUtils.loadX509Cert("ca.pem")
};
channel = clientChannel(server.getPort(), clientContextBuilder
.keyManager(clientCertChainFile, clientPrivateKeyFile)
.trustManager(clientTrustedCaCerts)
.build());
SimpleServiceGrpc.SimpleServiceBlockingStub client = SimpleServiceGrpc.newBlockingStub(channel);
// Check that the TLS handshake fails.
try {
client.unaryRpc(SimpleRequest.getDefaultInstance());
fail("TLS handshake should have failed, but didn't; received RPC response");
} catch (StatusRuntimeException e) {
// GRPC reports this situation by throwing a StatusRuntimeException that wraps either a
// javax.net.ssl.SSLHandshakeException or a java.nio.channels.ClosedChannelException.
// Thus, reliably detecting the underlying cause is not feasible.
assertEquals(
Throwables.getStackTraceAsString(e),
Status.Code.UNAVAILABLE, e.getStatus().getCode());
}
}
@Test
public void serviceIsRunOnSameThreadAsTest_withDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule2.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule2.getChannel());
stub.serverStreamingRpc(SimpleRequest.getDefaultInstance());
assertThat(testService.lastServerStreamingRpcThread).isEqualTo(Thread.currentThread());
}
@Test
public void serviceIsNotRunOnSameThreadAsTest_withoutDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule.getChannel());
stub.serverStreamingRpc(SimpleRequest.getDefaultInstance());
assertThat(testService.lastServerStreamingRpcThread).isNotEqualTo(Thread.currentThread());
}
@Test
public void serviceIsNotRunOnSameThreadAsTest_withoutDirectExecutor() {
TestServiceImpl testService = new TestServiceImpl();
grpcServerRule1.getServiceRegistry().addService(testService);
SimpleServiceGrpc.SimpleServiceBlockingStub stub =
SimpleServiceGrpc.newBlockingStub(grpcServerRule1.getChannel());
stub.serverStreamingRpc(SimpleRequest.getDefaultInstance());
assertThat(testService.lastServerStreamingRpcThread).isNotEqualTo(Thread.currentThread());
}