grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix selection of security Provider to conscruct SSLContext 

Cleanup redundant API un TestUtils
Fix TlsTest to be ignored on JKD7 correctly
This commit is contained in:
Louis Ryan 2016-07-15 12:02:53 -07:00
parent 0099657b5e
commit c1ef8061d1
6 changed files with 22 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
benchmarks/src/main/java/io/grpc/benchmarks/Utils.java
View File

@ -45,6 +45,7 @@ import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NegotiationType; import io.grpc.netty.NegotiationType;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.grpc.okhttp.OkHttpChannelBuilder; import io.grpc.okhttp.OkHttpChannelBuilder;
import io.grpc.okhttp.internal.Platform;
import io.grpc.testing.TestUtils; import io.grpc.testing.TestUtils;
import io.netty.channel.EventLoopGroup; import io.netty.channel.EventLoopGroup;
import io.netty.channel.epoll.EpollDomainSocketChannel; import io.netty.channel.epoll.EpollDomainSocketChannel;
@ -148,7 +149,9 @@ public final class Utils {
builder.overrideAuthority( builder.overrideAuthority(
GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort())); GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort()));
try { try {
factory = TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem")); factory = TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(),
TestUtils.loadCert("ca.pem"));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }

4
interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
View File

@ -39,6 +39,7 @@ import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NegotiationType; import io.grpc.netty.NegotiationType;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.grpc.okhttp.OkHttpChannelBuilder; import io.grpc.okhttp.OkHttpChannelBuilder;
import io.grpc.okhttp.internal.Platform;
import io.grpc.testing.TestUtils; import io.grpc.testing.TestUtils;
import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContext;
@ -324,7 +325,8 @@ public class TestServiceClient {
if (useTls) { if (useTls) {
try { try {
SSLSocketFactory factory = useTestCa SSLSocketFactory factory = useTestCa
? TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem")) ? TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem"))
: (SSLSocketFactory) SSLSocketFactory.getDefault(); : (SSLSocketFactory) SSLSocketFactory.getDefault();
builder.sslSocketFactory(factory); builder.sslSocketFactory(factory);
} catch (Exception e) { } catch (Exception e) {

5
interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
View File

@ -61,7 +61,6 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.junit.runners.JUnit4; import org.junit.runners.JUnit4;
import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPeerUnverifiedException;
@ -112,7 +111,7 @@ public class Http2OkHttpTest extends AbstractInteropTest {
TestUtils.TEST_SERVER_HOST, getPort())); TestUtils.TEST_SERVER_HOST, getPort()));
try { try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(), builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
new FileInputStream(TestUtils.loadCert("ca.pem")))); TestUtils.loadCert("ca.pem")));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
@ -153,7 +152,7 @@ public class Http2OkHttpTest extends AbstractInteropTest {
"I.am.a.bad.hostname", getPort())); "I.am.a.bad.hostname", getPort()));
ManagedChannel channel = builder.sslSocketFactory( ManagedChannel channel = builder.sslSocketFactory(
TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(), TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
new FileInputStream(TestUtils.loadCert("ca.pem")))).build(); TestUtils.loadCert("ca.pem"))).build();
TestServiceGrpc.TestServiceBlockingStub blockingStub = TestServiceGrpc.TestServiceBlockingStub blockingStub =
TestServiceGrpc.newBlockingStub(channel); TestServiceGrpc.newBlockingStub(channel);

11
interop-testing/src/test/java/io/grpc/testing/integration/TlsTest.java
View File

@ -65,12 +65,15 @@ import org.junit.runners.Parameterized.Parameters;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.Arrays;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
/** /**
* Integration tests for GRPC's TLS support. * Integration tests for GRPC's TLS support.
@ -97,11 +100,17 @@ public class TlsTest {
private SslContextBuilder clientContextBuilder; private SslContextBuilder clientContextBuilder;
@Before @Before
public void setUp() { public void setUp() throws NoSuchAlgorithmException {
executor = Executors.newSingleThreadScheduledExecutor(); executor = Executors.newSingleThreadScheduledExecutor();
if (sslProvider == SslProvider.OPENSSL) { if (sslProvider == SslProvider.OPENSSL) {
Assume.assumeTrue(OpenSsl.isAvailable()); Assume.assumeTrue(OpenSsl.isAvailable());
} }
if (sslProvider == SslProvider.JDK) {
Assume.assumeTrue(Arrays.asList(
SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites())
.contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
}
clientContextBuilder = GrpcSslContexts.configure(SslContextBuilder.forClient(), sslProvider); clientContextBuilder = GrpcSslContexts.configure(SslContextBuilder.forClient(), sslProvider);
} }

3
okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
View File

@ -271,8 +271,7 @@ public class OkHttpChannelBuilder extends
case TLS: case TLS:
try { try {
if (sslSocketFactory == null) { if (sslSocketFactory == null) {
SSLContext sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider()); SSLContext sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
sslContext.init(null, null, null);
sslSocketFactory = sslContext.getSocketFactory(); sslSocketFactory = sslContext.getSocketFactory();
} }
return sslSocketFactory; return sslSocketFactory;

25
testing/src/main/java/io/grpc/testing/TestUtils.java
View File

@ -52,7 +52,6 @@ import java.net.UnknownHostException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.Provider; import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -233,36 +232,16 @@ public class TestUtils {
} }
} }
/**
* Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
*/
public static SSLSocketFactory newSslSocketFactoryForCa(File certChainFile) throws Exception {
InputStream is = new FileInputStream(certChainFile);
try {
return newSslSocketFactoryForCa(is);
} finally {
is.close();
}
}
/**
* Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
*/
public static SSLSocketFactory newSslSocketFactoryForCa(
InputStream certChain) throws Exception {
return newSslSocketFactoryForCa(Security.getProviders()[0], certChain);
}
/** /**
* Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate. * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
*/ */
public static SSLSocketFactory newSslSocketFactoryForCa(Provider provider, public static SSLSocketFactory newSslSocketFactoryForCa(Provider provider,
InputStream certChain) throws Exception { File certChainFile) throws Exception {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null); ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate( X509Certificate cert = (X509Certificate) cf.generateCertificate(
new BufferedInputStream(certChain)); new BufferedInputStream(new FileInputStream(certChainFile)));
X500Principal principal = cert.getSubjectX500Principal(); X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert); ks.setCertificateEntry(principal.getName("RFC2253"), cert);