From 2c7536c8fd7f670cbdb2e95ebeb356e74ffc25d9 Mon Sep 17 00:00:00 2001
From: Xudong Ma <simonma@google.com>
Date: Thu, 14 May 2015 18:45:26 -0700
Subject: [PATCH] okhttp: Enable TLS for Http2OkHttpTest.

---
 .../integration/TestServiceClient.java        | 36 +++----------------
 .../io/grpc/testing/integration/Util.java     | 32 +++++++++++++++++
 .../testing/integration/Http2OkHttpTest.java  | 21 +++++++++--
 3 files changed, 55 insertions(+), 34 deletions(-)

diff --git a/integration-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java b/integration-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
index 9fd0ce745e..85c79103a9 100644
--- a/integration-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
+++ b/integration-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
@@ -38,20 +38,11 @@ import io.grpc.transport.netty.NettyChannelBuilder;
 import io.grpc.transport.okhttp.OkHttpChannelBuilder;
 import io.netty.handler.ssl.SslContext;
 
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
-import java.security.KeyStore;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManagerFactory;
-import javax.security.auth.x500.X500Principal;
 
 /**
  * Application that starts a client for the {@link TestServiceGrpc.TestService} and runs through a
@@ -242,7 +233,10 @@ public class TestServiceClient {
         }
         if (useTls) {
           try {
-            builder.sslSocketFactory(getSslSocketFactory());
+            SSLSocketFactory factory = useTestCa
+                ? Util.getSslSocketFactoryForCertainCert(Util.loadCert("ca.pem"))
+                : (SSLSocketFactory) SSLSocketFactory.getDefault();
+            builder.sslSocketFactory(factory);
           } catch (Exception e) {
             throw new RuntimeException(e);
           }
@@ -250,27 +244,5 @@ public class TestServiceClient {
         return builder.build();
       }
     }
-
-    private SSLSocketFactory getSslSocketFactory() throws Exception {
-      if (!useTestCa) {
-        return (SSLSocketFactory) SSLSocketFactory.getDefault();
-      }
-      File certChainFile = Util.loadCert("ca.pem");
-      KeyStore ks = KeyStore.getInstance("JKS");
-      ks.load(null, null);
-      CertificateFactory cf = CertificateFactory.getInstance("X.509");
-      X509Certificate cert = (X509Certificate) cf.generateCertificate(
-          new BufferedInputStream(new FileInputStream(certChainFile)));
-      X500Principal principal = cert.getSubjectX500Principal();
-      ks.setCertificateEntry(principal.getName("RFC2253"), cert);
-
-      // Set up trust manager factory to use our key store.
-      TrustManagerFactory trustManagerFactory =
-          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-      trustManagerFactory.init(ks);
-      SSLContext context = SSLContext.getInstance("TLS");
-      context.init(null, trustManagerFactory.getTrustManagers(), null);
-      return context.getSocketFactory();
-    }
   }
 }
diff --git a/integration-testing/src/main/java/io/grpc/testing/integration/Util.java b/integration-testing/src/main/java/io/grpc/testing/integration/Util.java
index d264ecf19c..4912b659f9 100644
--- a/integration-testing/src/main/java/io/grpc/testing/integration/Util.java
+++ b/integration-testing/src/main/java/io/grpc/testing/integration/Util.java
@@ -38,14 +38,24 @@ import io.grpc.protobuf.ProtoUtils;
 
 import org.junit.Assert;
 
+import java.io.BufferedInputStream;
 import java.io.BufferedWriter;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.ServerSocket;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.List;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+import javax.security.auth.x500.X500Principal;
+
 /**
  * Utility methods to support integration testing.
  */
@@ -119,4 +129,26 @@ public class Util {
       }
     }
   }
+
+  /**
+   * Returns a SSLSocketFactory which uses the certificate specified in certChainFile.
+   */
+  public static SSLSocketFactory getSslSocketFactoryForCertainCert(File certChainFile)
+      throws Exception {
+    KeyStore ks = KeyStore.getInstance("JKS");
+    ks.load(null, null);
+    CertificateFactory cf = CertificateFactory.getInstance("X.509");
+    X509Certificate cert = (X509Certificate) cf.generateCertificate(
+        new BufferedInputStream(new FileInputStream(certChainFile)));
+    X500Principal principal = cert.getSubjectX500Principal();
+    ks.setCertificateEntry(principal.getName("RFC2253"), cert);
+
+    // Set up trust manager factory to use our key store.
+    TrustManagerFactory trustManagerFactory =
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    trustManagerFactory.init(ks);
+    SSLContext context = SSLContext.getInstance("TLS");
+    context.init(null, trustManagerFactory.getTrustManagers(), null);
+    return context.getSocketFactory();
+  }
 }
diff --git a/integration-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java b/integration-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
index 22573387f9..57d1d39c00 100644
--- a/integration-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
+++ b/integration-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
@@ -32,6 +32,7 @@
 package io.grpc.testing.integration;
 
 import io.grpc.ChannelImpl;
+import io.grpc.transport.netty.GrpcSslContexts;
 import io.grpc.transport.netty.NettyServerBuilder;
 import io.grpc.transport.okhttp.OkHttpChannelBuilder;
 
@@ -40,6 +41,8 @@ import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.io.IOException;
+
 /**
  * Integration tests for GRPC over Http2 using the OkHttp framework.
  */
@@ -47,9 +50,16 @@ import org.junit.runners.JUnit4;
 public class Http2OkHttpTest extends AbstractTransportTest {
   private static int serverPort = Util.pickUnusedPort();
 
+  /** Starts the server with HTTPS. */
   @BeforeClass
   public static void startServer() throws Exception {
-    startStaticServer(NettyServerBuilder.forPort(serverPort));
+    try {
+      startStaticServer(NettyServerBuilder.forPort(serverPort)
+          .sslContext(GrpcSslContexts.forServer(
+              Util.loadCert("server1.pem"), Util.loadCert("server1.key")).build()));
+    } catch (IOException ex) {
+      throw new RuntimeException(ex);
+    }
   }
 
   @AfterClass
@@ -59,6 +69,13 @@ public class Http2OkHttpTest extends AbstractTransportTest {
 
   @Override
   protected ChannelImpl createChannel() {
-    return OkHttpChannelBuilder.forAddress("127.0.0.1", serverPort).build();
+    OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("127.0.0.1", serverPort)
+        .overrideHostForAuthority("foo.test.google.fr");
+    try {
+      builder.sslSocketFactory(Util.getSslSocketFactoryForCertainCert(Util.loadCert("ca.pem")));
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+    return builder.build();
   }
 }