下面列出了怎么用io.grpc.okhttp.internal.Platform的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* Override {@link Platform}'s configureTlsExtensions for Android older than 5.0, since OkHttp
* (2.3+) only support such function for Android 5.0+.
*/
@Override
protected void configureTlsExtensions(
SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
// Enable SNI and session tickets.
if (hostname != null) {
SET_USE_SESSION_TICKETS.invokeOptionalWithoutCheckedException(sslSocket, true);
SET_HOSTNAME.invokeOptionalWithoutCheckedException(sslSocket, hostname);
}
Object[] parameters = {Platform.concatLengthPrefixed(protocols)};
if (platform.getTlsExtensionType() == TlsExtensionType.ALPN_AND_NPN) {
SET_ALPN_PROTOCOLS.invokeWithoutCheckedException(sslSocket, parameters);
}
if (platform.getTlsExtensionType() != TlsExtensionType.NONE) {
SET_NPN_PROTOCOLS.invokeWithoutCheckedException(sslSocket, parameters);
} else {
throw new RuntimeException("We can not do TLS handshake on this Android version, please"
+ " install the Google Play Services Dynamic Security Provider to use TLS");
}
}
private OkHttpChannelBuilder createChannelBuilder() {
OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", getPort())
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.connectionSpec(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
.build())
.overrideAuthority(GrpcUtil.authorityFromHostAndPort(
TestUtils.TEST_SERVER_HOST, getPort()));
io.grpc.internal.TestingAccessor.setStatsImplementation(
builder, createClientCensusStatsModule());
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
return builder;
}
private static OkHttpChannelBuilder newOkHttpClientChannel(
SocketAddress address, boolean tls, boolean testca) {
InetSocketAddress addr = (InetSocketAddress) address;
OkHttpChannelBuilder builder =
OkHttpChannelBuilder.forAddress(addr.getHostName(), addr.getPort());
if (!tls) {
builder.usePlaintext();
} else if (testca) {
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return builder;
}
@Override
protected ManagedChannel createChannel() {
try {
final int port = server.httpsPort();
return OkHttpChannelBuilder
.forAddress("localhost", port)
.useTransportSecurity()
.maxInboundMessageSize(16 * 1024 * 1024)
.connectionSpec(ConnectionSpec.MODERN_TLS)
.overrideAuthority("example.com:" + port)
.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(), ssc.certificateFile()))
.build();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
@VisibleForTesting
@Nullable
SSLSocketFactory createSslSocketFactory() {
switch (negotiationType) {
case TLS:
try {
if (sslSocketFactory == null) {
SSLContext sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
sslSocketFactory = sslContext.getSocketFactory();
}
return sslSocketFactory;
} catch (GeneralSecurityException gse) {
throw new RuntimeException("TLS Provider failure", gse);
}
case PLAINTEXT:
return null;
default:
throw new RuntimeException("Unknown negotiation type: " + negotiationType);
}
}
private OkHttpChannelBuilder createChannelBuilder() {
int port = ((InetSocketAddress) getListenAddress()).getPort();
OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", port)
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.connectionSpec(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
.build())
.overrideAuthority(GrpcUtil.authorityFromHostAndPort(
TestUtils.TEST_SERVER_HOST, port));
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
// Disable the default census stats interceptor, use testing interceptor instead.
io.grpc.internal.TestingAccessor.setStatsEnabled(builder, false);
return builder.intercept(createCensusStatsClientInterceptor());
}
private static OkHttpChannelBuilder newOkHttpClientChannel(
SocketAddress address, boolean tls, boolean testca) {
InetSocketAddress addr = (InetSocketAddress) address;
OkHttpChannelBuilder builder =
OkHttpChannelBuilder.forAddress(addr.getHostName(), addr.getPort());
if (!tls) {
builder.usePlaintext();
} else if (testca) {
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return builder;
}
@VisibleForTesting
@Nullable
SSLSocketFactory createSocketFactory() {
switch (negotiationType) {
case TLS:
try {
if (sslSocketFactory == null) {
SSLContext sslContext;
if (GrpcUtil.IS_RESTRICTED_APPENGINE) {
// The following auth code circumvents the following AccessControlException:
// access denied ("java.util.PropertyPermission" "javax.net.ssl.keyStore" "read")
// Conscrypt will attempt to load the default KeyStore if a trust manager is not
// provided, which is forbidden on AppEngine
sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
sslContext.init(
null,
trustManagerFactory.getTrustManagers(),
// Use an algorithm that doesn't need /dev/urandom
SecureRandom.getInstance("SHA1PRNG", Platform.get().getProvider()));
} else {
sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
}
sslSocketFactory = sslContext.getSocketFactory();
}
return sslSocketFactory;
} catch (GeneralSecurityException gse) {
throw new RuntimeException("TLS Provider failure", gse);
}
case PLAINTEXT:
return null;
default:
throw new RuntimeException("Unknown negotiation type: " + negotiationType);
}
}
@Test
public void negotiate_noSelectedProtocol() throws Exception {
Platform platform = mock(Platform.class);
OkHttpProtocolNegotiator negotiator = new OkHttpProtocolNegotiator(platform);
thrown.expect(RuntimeException.class);
thrown.expectMessage("TLS ALPN negotiation failed");
negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2));
}
@Test
public void negotiate_noSelectedProtocol() throws Exception {
Platform platform = mock(Platform.class);
OkHttpProtocolNegotiator negotiator = new OkHttpProtocolNegotiator(platform);
thrown.expect(RuntimeException.class);
thrown.expectMessage("TLS ALPN negotiation failed");
negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2));
}
@VisibleForTesting
OkHttpProtocolNegotiator(Platform platform) {
this.platform = checkNotNull(platform, "platform");
}
AndroidNegotiator(Platform platform) {
super(platform);
}
@Override
protected ManagedChannel createChannel() {
if (customCredentialsType != null
&& customCredentialsType.equals("google_default_credentials")) {
return GoogleDefaultChannelBuilder.forAddress(serverHost, serverPort).build();
}
if (useAlts) {
return AltsChannelBuilder.forAddress(serverHost, serverPort).build();
}
AbstractManagedChannelImplBuilder<?> builder;
if (!useOkHttp) {
SslContext sslContext = null;
if (useTestCa) {
try {
sslContext = GrpcSslContexts.forClient().trustManager(
TestUtils.loadCert("ca.pem")).build();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
NettyChannelBuilder nettyBuilder =
NettyChannelBuilder.forAddress(serverHost, serverPort)
.flowControlWindow(65 * 1024)
.negotiationType(useTls ? NegotiationType.TLS : NegotiationType.PLAINTEXT)
.sslContext(sslContext);
if (serverHostOverride != null) {
nettyBuilder.overrideAuthority(serverHostOverride);
}
if (fullStreamDecompression) {
nettyBuilder.enableFullStreamDecompression();
}
builder = nettyBuilder;
} else {
OkHttpChannelBuilder okBuilder = OkHttpChannelBuilder.forAddress(serverHost, serverPort);
if (serverHostOverride != null) {
// Force the hostname to match the cert the server uses.
okBuilder.overrideAuthority(
GrpcUtil.authorityFromHostAndPort(serverHostOverride, serverPort));
}
if (useTls) {
try {
SSLSocketFactory factory = useTestCa
? TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem"))
: (SSLSocketFactory) SSLSocketFactory.getDefault();
okBuilder.sslSocketFactory(factory);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
okBuilder.usePlaintext();
}
if (fullStreamDecompression) {
okBuilder.enableFullStreamDecompression();
}
builder = okBuilder;
}
io.grpc.internal.TestingAccessor.setStatsImplementation(
builder, createClientCensusStatsModule());
return builder.build();
}
@VisibleForTesting
OkHttpProtocolNegotiator(Platform platform) {
this.platform = checkNotNull(platform, "platform");
}
AndroidNegotiator(Platform platform) {
super(platform);
}
@Override
protected ManagedChannel createChannel() {
if (customCredentialsType != null
&& customCredentialsType.equals("google_default_credentials")) {
return GoogleDefaultChannelBuilder.forAddress(serverHost, serverPort).build();
}
if (customCredentialsType != null
&& customCredentialsType.equals("compute_engine_channel_creds")) {
return ComputeEngineChannelBuilder.forAddress(serverHost, serverPort).build();
}
if (useAlts) {
return AltsChannelBuilder.forAddress(serverHost, serverPort).build();
}
AbstractManagedChannelImplBuilder<?> builder;
if (!useOkHttp) {
SslContext sslContext = null;
if (useTestCa) {
try {
sslContext = GrpcSslContexts.forClient().trustManager(
TestUtils.loadCert("ca.pem")).build();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
NettyChannelBuilder nettyBuilder =
NettyChannelBuilder.forAddress(serverHost, serverPort)
.flowControlWindow(65 * 1024)
.negotiationType(useTls ? NegotiationType.TLS :
(useH2cUpgrade ? NegotiationType.PLAINTEXT_UPGRADE : NegotiationType.PLAINTEXT))
.sslContext(sslContext);
if (serverHostOverride != null) {
nettyBuilder.overrideAuthority(serverHostOverride);
}
if (fullStreamDecompression) {
nettyBuilder.enableFullStreamDecompression();
}
builder = nettyBuilder;
} else {
OkHttpChannelBuilder okBuilder = OkHttpChannelBuilder.forAddress(serverHost, serverPort);
if (serverHostOverride != null) {
// Force the hostname to match the cert the server uses.
okBuilder.overrideAuthority(
GrpcUtil.authorityFromHostAndPort(serverHostOverride, serverPort));
}
if (useTls) {
if (useTestCa) {
try {
SSLSocketFactory factory = TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(), TestUtils.loadCert("ca.pem"));
okBuilder.sslSocketFactory(factory);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
} else {
okBuilder.usePlaintext();
}
if (fullStreamDecompression) {
okBuilder.enableFullStreamDecompression();
}
builder = okBuilder;
}
// Disable the default census stats interceptor, use testing interceptor instead.
io.grpc.internal.TestingAccessor.setStatsEnabled(builder, false);
return builder.intercept(createCensusStatsClientInterceptor()).build();
}