grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
grpc-java/examples/example-tls
History
Eric Anderson efd968bcbb Upgrade Protobuf to 3.19.1 and Guava to 30.1.1 
Protobuf uses Guava 30.1.1, so I upgrade it at the same time. It also
caused an update to rules_jvm_external and reworking the Bazel build.
Protobuf no longer requires bind() so they were dropped. Although
Protobuf's protobuf_deps() brings in rules_jvm_external, and so we don't
need to define it ourselves, it seems better to define it directly and
not depend on transitive deps since we use it directly.

Protobuf now has support for maven_install() by exposing
PROTOBUF_MAVEN_ARTIFACTS, which required reorganizing the WORKSPACE to
use maven_install() after loading protobuf. Protobuf still doesn't
define target overrides for itself so we still maintain those. When
reorganizing the WORKSPACE I noticed http_archive should ideally be
above io_grpc_grpc_java as most users will need it there, so I fixed
that since there were lots of other load()-reordering already.
 		2021-12-09 10:35:39 -08:00
..
src/main example-tls: Port to Tls{Channel,Server}Credentials 2021-03-12 15:46:59 -08:00
BUILD.bazel bazel: Support maven_install 2019-12-30 12:08:42 -08:00
README.md examples: Highlight the suggestion to checkout a tag 2021-01-20 15:40:51 -05:00
build.gradle Upgrade Protobuf to 3.19.1 and Guava to 30.1.1 2021-12-09 10:35:39 -08:00
pom.xml Upgrade Protobuf to 3.19.1 and Guava to 30.1.1 2021-12-09 10:35:39 -08:00
settings.gradle Swap to new Google Maven Central mirror URL 2020-07-10 08:45:49 -05:00

README.md

Hello World Example with TLS

The example require grpc-java to already be built. You are strongly encouraged to check out a git release tag, since there will already be a build of grpc available:

git checkout v<major>.<minor>.<patch>

Otherwise you must follow COMPILING.

To build the example,

  1. Install gRPC Java library SNAPSHOT locally, including code generation plugin (Only need this step for non-released versions, e.g. master HEAD).

  2. Run in this directory:

$ ../gradlew installDist

This creates the scripts hello-world-tls-server, hello-world-tls-client, in the build/install/example-tls/bin/ directory that run the example. The example requires the server to be running before starting the client.

Running the hello world with TLS is the same as the normal hello world, but takes additional args:

hello-world-tls-server:

USAGE: HelloWorldServerTls port certChainFilePath privateKeyFilePath [trustCertCollectionFilePath]
  Note: You only need to supply trustCertCollectionFilePath if you want to enable Mutual TLS.

hello-world-tls-client:

USAGE: HelloWorldClientTls host port [trustCertCollectionFilePath [clientCertChainFilePath clientPrivateKeyFilePath]]
  Note: clientCertChainFilePath and clientPrivateKeyFilePath are only needed if mutual auth is desired.
  • Note trustCertCollectionFilePath is not needed if you are using system default certificate authority.

You can run this example with our test credentials with .overrideAuthority("foo.test.google.fr") for ManagedChannelBuilder to match the Subject Alternative Names in the test certificates. You can generate your own self-signed certificates with commands in the test certs README.

  • Note you can use system default certificate authority if you are using a real server certificate.

Hello world example with TLS (no mutual auth):

# Run the server:
./build/install/example-tls/bin/hello-world-tls-server 50440 ../../testing/src/main/resources/certs/server1.pem ../../testing/src/main/resources/certs/server1.key
# In another terminal run the client
./build/install/example-tls/bin/hello-world-tls-client localhost 50440 ../../testing/src/main/resources/certs/ca.pem

Hello world example with TLS with mutual auth:

# Run the server:
./build/install/example-tls/bin/hello-world-tls-server 50440 ../../testing/src/main/resources/certs/server1.pem ../../testing/src/main/resources/certs/server1.key ../../testing/src/main/resources/certs/ca.pem
# In another terminal run the client
./build/install/example-tls/bin/hello-world-tls-client localhost 50440 ../../testing/src/main/resources/certs/ca.pem ../../testing/src/main/resources/certs/client.pem ../../testing/src/main/resources/certs/client.key

That's it!

Maven

If you prefer to use Maven:

  1. Install gRPC Java library SNAPSHOT locally, including code generation plugin (Only need this step for non-released versions, e.g. master HEAD).

  2. Run in this directory:

$ mvn verify
$ # Run the server
$ mvn exec:java -Dexec.mainClass=io.grpc.examples.helloworldtls.HelloWorldServerTls -Dexec.args="50440 ../../testing/src/main/resources/certs/server1.pem ../../testing/src/main/resources/certs/server1.key"
$ # In another terminal run the client
$ mvn exec:java -Dexec.mainClass=io.grpc.examples.helloworldtls.HelloWorldClientTls -Dexec.args="localhost 50440 ../../testing/src/main/resources/certs/ca.pem"

Bazel

If you prefer to use Bazel:

$ bazel build :hello-world-tls-server :hello-world-tls-client
$ # Run the server
$ ../bazel-bin/hello-world-tls-server 50440 ../../testing/src/main/resources/certs/server1.pem ../../testing/src/main/resources/certs/server1.key
$ # In another terminal run the client
$ ../bazel-bin/hello-world-tls-client localhost 50440 ../../testing/src/main/resources/certs/ca.pem