下面列出了io.grpc.netty.shaded.io.grpc.netty.NegotiationType#io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Test
public void tcnative() throws Exception {
server = NettyServerBuilder.forPort(0)
.useTransportSecurity(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
.addService(new SimpleServiceImpl())
.build().start();
channel = NettyChannelBuilder
.forAddress("localhost", server.getPort())
.sslContext(
GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.OPENSSL)
.trustManager(TestUtils.loadCert("ca.pem")).build())
.overrideAuthority("foo.test.google.fr")
.build();
SimpleServiceBlockingStub stub = SimpleServiceGrpc.newBlockingStub(channel);
assertThat(SimpleResponse.getDefaultInstance())
.isEqualTo(stub.unaryRpc(SimpleRequest.getDefaultInstance()));
}
@Override
public PubSubSubscriber getSubscriber(Credentials credentials) throws IOException {
ManagedChannel channel = NettyChannelBuilder.forTarget(SubscriberStubSettings.getDefaultEndpoint())
.negotiationType(NegotiationType.TLS)
.sslContext(GrpcSslContexts.forClient().ciphers(null).build())
.build();
PullRequest pullRequest = PullRequest.newBuilder()
.setMaxMessages(maxMessagesPerPull)
.setReturnImmediately(false)
.setSubscription(projectSubscriptionName)
.build();
SubscriberGrpc.SubscriberBlockingStub stub = SubscriberGrpc.newBlockingStub(channel)
.withCallCredentials(MoreCallCredentials.from(credentials));
return new BlockingGrpcPubSubSubscriber(projectSubscriptionName, channel, stub, pullRequest, retries, timeout);
}
public static NettyServerBuilder getServerBuilder()
{
final NettyServerBuilder serverBuilder =
NettyServerBuilder.forAddress(new InetSocketAddress(getServerHost(), getServerPort()));
if (getBoolean(TLS))
{
final Path certificatesDir = Configuration.certificatesDirectory();
final SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(
certificatesDir.resolve("server.pem").toFile(), certificatesDir.resolve("server.key").toFile())
.trustManager(certificatesDir.resolve("ca.pem").toFile())
.clientAuth(ClientAuth.REQUIRE);
GrpcSslContexts.configure(sslClientContextBuilder);
try
{
serverBuilder.sslContext(sslClientContextBuilder.build());
}
catch (final SSLException ex)
{
LangUtil.rethrowUnchecked(ex);
}
}
return serverBuilder;
}
@Override
public PubSubSubscriber getSubscriber(Credentials credentials) throws IOException {
ManagedChannel channel = NettyChannelBuilder.forTarget(SubscriberStubSettings.getDefaultEndpoint())
.negotiationType(NegotiationType.TLS)
.sslContext(GrpcSslContexts.forClient().ciphers(null).build())
.build();
PullRequest pullRequest = PullRequest.newBuilder()
.setMaxMessages(maxMessagesPerPull)
.setReturnImmediately(false)
.setSubscription(projectSubscriptionName)
.build();
SubscriberGrpc.SubscriberBlockingStub stub = SubscriberGrpc.newBlockingStub(channel)
.withCallCredentials(MoreCallCredentials.from(credentials));
return new BlockingGrpcPubSubSubscriber(projectSubscriptionName, channel, stub, pullRequest, retries, timeout);
}
@Test
public void tcnative() throws Exception {
server = NettyServerBuilder.forPort(0)
.useTransportSecurity(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
.addService(new SimpleServiceImpl())
.build().start();
channel = NettyChannelBuilder
.forAddress("localhost", server.getPort())
.sslContext(
GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.OPENSSL)
.trustManager(TestUtils.loadCert("ca.pem")).build())
.overrideAuthority("foo.test.google.fr")
.build();
SimpleServiceBlockingStub stub = SimpleServiceGrpc.newBlockingStub(channel);
assertThat(SimpleResponse.getDefaultInstance())
.isEqualTo(stub.unaryRpc(SimpleRequest.getDefaultInstance()));
}
private static NettyChannelBuilder createSecureChannel(
String host, int port, Optional<Path> certPath, Optional<Path> keyPath, Optional<Path> caPath)
throws SSLException {
SslContextBuilder contextBuilder = GrpcSslContexts.forClient();
if (certPath.isPresent() && keyPath.isPresent()) {
contextBuilder.keyManager(certPath.get().toFile(), keyPath.get().toFile());
}
if (caPath.isPresent()) {
contextBuilder.trustManager(caPath.get().toFile());
}
return channelBuilder(host, port)
.sslContext(contextBuilder.build())
.negotiationType(NegotiationType.TLS);
}
private SslContextBuilder getSslContextBuilder() {
log.info("Grpc config: Configuring ssl cert {} key {} trust {}",
grpcProperties.getTls().getCertChainFile(), grpcProperties.getTls().getPrivateKeyFile(), grpcProperties.getTls().getTrustCertCollectionFile());
SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(
new File(grpcProperties.getTls().getCertChainFile()),
new File(grpcProperties.getTls().getPrivateKeyFile())
);
if (grpcProperties.getTls().getTrustCertCollectionFile() != null) {
sslClientContextBuilder.trustManager(new File(grpcProperties.getTls().getTrustCertCollectionFile()));
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
return GrpcSslContexts.configure(sslClientContextBuilder, SslProvider.OPENSSL);
}
private static SslContext buildSslContext(String trustCertCollectionFilePath,
String clientCertChainFilePath,
String clientPrivateKeyFilePath) throws SSLException {
SslContextBuilder builder = GrpcSslContexts.forClient();
if (trustCertCollectionFilePath != null) {
builder.trustManager(new File(trustCertCollectionFilePath));
}
if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
builder.keyManager(new File(clientCertChainFilePath), new File(clientPrivateKeyFilePath));
}
return builder.build();
}
private SslContextBuilder getSslContextBuilder() {
String certChainFilePath = AppSettings.getInstance().getString(AppSettings.TLS_CERTIFICATE_PATH);
String privateKeyFilePath = AppSettings.getInstance().getString(AppSettings.TLS_PRIVATE_KEY_PATH);
SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(
new File(certChainFilePath),
new File(privateKeyFilePath));
return GrpcSslContexts.configure(
sslClientContextBuilder,
SslProvider.OPENSSL);
}
public static ManagedChannel getServerChannel()
{
final NettyChannelBuilder channelBuilder =
NettyChannelBuilder.forAddress(getServerHost(), getServerPort());
if (getBoolean(TLS))
{
final Path certificatesDir = Configuration.certificatesDirectory();
final SslContextBuilder sslClientContextBuilder = GrpcSslContexts.forClient()
.trustManager(certificatesDir.resolve("ca.pem").toFile())
.keyManager(
certificatesDir.resolve("client.pem").toFile(), certificatesDir.resolve("client.key").toFile());
try
{
channelBuilder.sslContext(sslClientContextBuilder.build());
}
catch (final SSLException ex)
{
LangUtil.rethrowUnchecked(ex);
}
}
else
{
channelBuilder.usePlaintext();
}
return channelBuilder.build();
}
public MetaStep(String... args) throws IOException, ArgumentParserException {
ArgumentParser parser = ArgumentParsers.newFor("metastep").build();
Subparsers subparsers = parser.addSubparsers().help("sub-command help");
Subparser submitParser = subparsers.addParser("publish").help("publish help");
submitParser.setDefault("sub-command", "publish");
submitParser.addArgument("--package_prefix").required(false);
submitParser.addArgument("--package_name").required(false);
submitParser.addArgument("--file_name").required(false);
submitParser.addArgument("--descriptor_set").required(false);
submitParser.addArgument("--profile").required(false);
submitParser.addArgument("--workspace").required(false);
submitParser.addArgument("--server").required(true);
submitParser.addArgument("--registry").required(false);
submitParser.addArgument("--tls").required(false);
submitParser.addArgument("--tls_env").required(false);
submitParser.addArgument("--source").required(false);
submitParser.addArgument("--comment").required(true);
submitParser.addArgument("--user").required(false);
submitParser.addArgument("--email").required(false);
submitParser.addArgument("--include").nargs("*").required(false);
Subparser validateParser = subparsers.addParser("validate").help("validate help");
validateParser.setDefault("sub-command", "validate");
validateParser.addArgument("--package_prefix").required(false);
validateParser.addArgument("--package_name").required(false);
validateParser.addArgument("--file_name").required(false);
validateParser.addArgument("--descriptor_set").required(false);
validateParser.addArgument("--profile").required(false);
validateParser.addArgument("--workspace").required(false);
validateParser.addArgument("--server").required(true);
validateParser.addArgument("--registry").required(false);
validateParser.addArgument("--tls").required(false);
validateParser.addArgument("--tls_env").required(false);
validateParser.addArgument("--source").required(false);
validateParser.addArgument("--include").nargs("*").required(false);
res = parser.parseArgs(args);
descriptorFile = File.createTempFile("descriptor", ".pb");
String server = res.getString("server");
String[] sp = server.split(":");
String host = sp[0];
int port = Integer.parseInt(sp[1]);
String protoWorkspace = res.getString("workspace");
if (protoWorkspace == null) {
protoWorkspace = "/var/workspace";
}
workspace = new File(protoWorkspace);
System.out.println("Workspace set to: " + workspace);
protoIncludes = res.getList("include");
if (protoIncludes == null) {
protoIncludes = new ArrayList<>();
}
protoIncludes.add("/usr/include");
if (res.get("source") != null) {
includeSource = true;
}
String tlsFileName = res.getString("tls");
if (tlsFileName == null) {
String tlsEnv = res.getString("tls_env");
if (tlsEnv != null) {
File tlsFile = File.createTempFile("tls", ".pem");
tlsFileName = tlsFile.getAbsolutePath();
String tlsBase64 = System.getenv(tlsEnv);
if (tlsBase64 == null) {
throw new RuntimeException("No ENVIRONMENT_VARIABLE of name " + tlsEnv + " found.");
}
try (FileOutputStream writer = new FileOutputStream(tlsFile)) {
writer.write(Base64.getDecoder().decode(tlsBase64));
}
}
}
NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(host, port);
if (tlsFileName != null) {
SslContext sslContext =
GrpcSslContexts.forClient().trustManager(new File(tlsFileName)).build();
channelBuilder.sslContext(sslContext).useTransportSecurity().build();
} else {
channelBuilder.usePlaintext();
}
schemaRegistry = RegistryGrpc.newBlockingStub(channelBuilder.build());
}