mirror of https://github.com/grpc/grpc-java.git
Avoid GCM in unit tests
GCM is very slow, and doesn't provide any benefit in unit tests. Even if we were using tcnative and GCM is fast, using more available ciphers in tests still makes sense. With this change building with Java 7 works again, although that isn't the reason for the change. On my machine with parallel building, it cuts full build time from 92 seconds to 39 seconds. For an incremental build after only changing an interop test, the build time is cut from 73 seconds to 15 seconds.
This commit is contained in:
Eric Anderson
parent
cb486e461d
commit
424c7e64c3
|
|
@ -36,6 +36,7 @@ import io.grpc.testing.TestUtils;
|
|||
import io.grpc.transport.netty.GrpcSslContexts;
|
||||
import io.grpc.transport.netty.NettyChannelBuilder;
|
||||
import io.grpc.transport.netty.NettyServerBuilder;
|
||||
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
|
||||
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
|
|
@ -56,8 +57,10 @@ public class Http2NettyTest extends AbstractTransportTest {
|
|||
public static void startServer() {
|
||||
try {
|
||||
startStaticServer(NettyServerBuilder.forPort(serverPort)
|
||||
.sslContext(GrpcSslContexts.forServer(
|
||||
TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key")).build()));
|
||||
.sslContext(GrpcSslContexts
|
||||
.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
|
||||
.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
|
||||
.build()));
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
|
|
@ -73,8 +76,10 @@ public class Http2NettyTest extends AbstractTransportTest {
|
|||
try {
|
||||
return NettyChannelBuilder
|
||||
.forAddress(TestUtils.testServerAddress(serverPort))
|
||||
.sslContext(GrpcSslContexts.forClient().trustManager(
|
||||
TestUtils.loadCert("ca.pem")).build())
|
||||
.sslContext(GrpcSslContexts.forClient()
|
||||
.trustManager(TestUtils.loadCert("ca.pem"))
|
||||
.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
|
||||
.build())
|
||||
.build();
|
||||
} catch (Exception ex) {
|
||||
throw new RuntimeException(ex);
|
||||
|
|
|
|||
|
|
@ -31,11 +31,16 @@
|
|||
|
||||
package io.grpc.testing.integration;
|
||||
|
||||
import com.squareup.okhttp.ConnectionSpec;
|
||||
import com.squareup.okhttp.TlsVersion;
|
||||
|
||||
import io.grpc.ChannelImpl;
|
||||
import io.grpc.testing.TestUtils;
|
||||
import io.grpc.transport.netty.GrpcSslContexts;
|
||||
import io.grpc.transport.netty.NettyServerBuilder;
|
||||
import io.grpc.transport.okhttp.OkHttpChannelBuilder;
|
||||
import io.grpc.transport.okhttp.OkHttpClientTransport;
|
||||
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
|
||||
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
|
|
@ -56,8 +61,10 @@ public class Http2OkHttpTest extends AbstractTransportTest {
|
|||
public static void startServer() throws Exception {
|
||||
try {
|
||||
startStaticServer(NettyServerBuilder.forPort(serverPort)
|
||||
.sslContext(GrpcSslContexts.forServer(
|
||||
TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key")).build()));
|
||||
.sslContext(GrpcSslContexts
|
||||
.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
|
||||
.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
|
||||
.build()));
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
|
|
@ -71,6 +78,10 @@ public class Http2OkHttpTest extends AbstractTransportTest {
|
|||
@Override
|
||||
protected ChannelImpl createChannel() {
|
||||
OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("127.0.0.1", serverPort)
|
||||
.setConnectionSpec(new ConnectionSpec.Builder(OkHttpClientTransport.DEFAULT_CONNECTION_SPEC)
|
||||
.cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
|
||||
.tlsVersions(ConnectionSpec.MODERN_TLS.tlsVersions().toArray(new TlsVersion[0]))
|
||||
.build())
|
||||
.overrideHostForAuthority(TestUtils.TEST_SERVER_HOST);
|
||||
try {
|
||||
builder.sslSocketFactory(TestUtils.getSslSocketFactoryForCertainCert(
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ import io.netty.channel.nio.NioEventLoopGroup;
|
|||
import io.netty.channel.socket.nio.NioServerSocketChannel;
|
||||
import io.netty.channel.socket.nio.NioSocketChannel;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
|
@ -174,7 +175,8 @@ public class NettyClientTransportTest {
|
|||
private NettyClientTransport newTransport() throws IOException {
|
||||
// Create the protocol negotiator.
|
||||
File clientCert = TestUtils.loadCert("ca.pem");
|
||||
SslContext clientContext = GrpcSslContexts.forClient().trustManager(clientCert).build();
|
||||
SslContext clientContext = GrpcSslContexts.forClient().trustManager(clientCert)
|
||||
.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE).build();
|
||||
ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, address);
|
||||
|
||||
NettyClientTransport transport = new NettyClientTransport(address, NioSocketChannel.class,
|
||||
|
|
@ -186,7 +188,8 @@ public class NettyClientTransportTest {
|
|||
private void startServer(int maxStreamsPerConnection) throws IOException {
|
||||
File serverCert = TestUtils.loadCert("server1.pem");
|
||||
File key = TestUtils.loadCert("server1.key");
|
||||
SslContext serverContext = GrpcSslContexts.forServer(serverCert, key).build();
|
||||
SslContext serverContext = GrpcSslContexts.forServer(serverCert, key)
|
||||
.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE).build();
|
||||
server = new NettyServer(address, NioServerSocketChannel.class,
|
||||
group, group, serverContext, maxStreamsPerConnection,
|
||||
DEFAULT_WINDOW_SIZE, DEFAULT_WINDOW_SIZE);
|
||||
|
|
|
|||
|
|
@ -50,10 +50,14 @@ import java.net.InetSocketAddress;
|
|||
import java.net.ServerSocket;
|
||||
import java.net.UnknownHostException;
|
||||
import java.security.KeyStore;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
|
@ -149,6 +153,30 @@ public class TestUtils {
|
|||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the ciphers preferred to use during tests. They may be chosen because they are widely
|
||||
* available or because they are fast. There is no requirement that they provide confidentiality
|
||||
* or integrity.
|
||||
*/
|
||||
public static List<String> preferredTestCiphers() {
|
||||
String[] ciphers;
|
||||
try {
|
||||
ciphers = SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites();
|
||||
} catch (NoSuchAlgorithmException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
List<String> ciphersMinusGcm = new ArrayList<String>();
|
||||
for (String cipher : ciphers) {
|
||||
// The GCM implementation in Java is _very_ slow (~1 MB/s)
|
||||
if (cipher.contains("_GCM_")) {
|
||||
continue;
|
||||
}
|
||||
ciphersMinusGcm.add(cipher);
|
||||
}
|
||||
return Collections.unmodifiableList(ciphersMinusGcm);
|
||||
}
|
||||
|
||||
/**
|
||||
* Load a file from the resources folder.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue