diff options
author | Eric Anderson <ejona@google.com> | 2018-03-20 16:34:22 -0700 |
---|---|---|
committer | Eric Anderson <ejona@google.com> | 2018-03-20 17:15:04 -0700 |
commit | 7b111d2d001458f7cd17a03f10962afc77ebf5bc (patch) | |
tree | 93c6388c82a6ecfa09833614bb5a6193519a82d7 /benchmarks | |
parent | 1e0875dff717c65beb95f96760add4992fbebee6 (diff) | |
download | grpc-grpc-java-7b111d2d001458f7cd17a03f10962afc77ebf5bc.tar.gz |
benchmarks: Modernize TLS configuration
NIO does not mean to use Jetty ALPN; the only reason to use Jetty ALPN
is to test OkHttp. We don't need to disable ciphers to test Java 7
(except for OkHttp, which we don't care about on Java 7 and it wasn't
plumbed already) and we _really_ don't want people to copy the code to
do so. useTransportSecurity()/usePlaintext() are preferred over the
transport-specific NegotiationType.
Diffstat (limited to 'benchmarks')
8 files changed, 32 insertions, 99 deletions
diff --git a/benchmarks/build.gradle b/benchmarks/build.gradle index 11d943ddb..a0499e3ac 100644 --- a/benchmarks/build.gradle +++ b/benchmarks/build.gradle @@ -72,7 +72,6 @@ task openloop_client(type: CreateStartScripts) { task qps_server(type: CreateStartScripts) { mainClassName = "io.grpc.benchmarks.qps.AsyncServer" applicationName = "qps_server" - defaultJvmOpts = ["-javaagent:" + configurations.alpnagent.asPath] + vmArgs outputDir = new File(project.buildDir, 'tmp') classpath = jar.outputs.files + project.configurations.runtime } diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java b/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java index b2b54436b..d696ef427 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java @@ -27,10 +27,8 @@ import io.grpc.benchmarks.proto.Messages; import io.grpc.benchmarks.proto.Messages.Payload; import io.grpc.benchmarks.proto.Messages.SimpleRequest; import io.grpc.benchmarks.proto.Messages.SimpleResponse; -import io.grpc.internal.GrpcUtil; import io.grpc.internal.testing.TestUtils; import io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.NegotiationType; import io.grpc.netty.NettyChannelBuilder; import io.grpc.okhttp.OkHttpChannelBuilder; import io.grpc.okhttp.internal.Platform; @@ -40,9 +38,6 @@ import io.netty.channel.epoll.EpollSocketChannel; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.channel.unix.DomainSocketAddress; -import io.netty.handler.ssl.SslContext; -import io.netty.handler.ssl.SslContextBuilder; -import io.netty.handler.ssl.SslProvider; import io.netty.util.concurrent.DefaultThreadFactory; import java.io.File; import java.io.FileOutputStream; @@ -57,7 +52,6 @@ import java.util.concurrent.ForkJoinPool.ForkJoinWorkerThreadFactory; import java.util.concurrent.ForkJoinWorkerThread; import java.util.concurrent.atomic.AtomicInteger; import javax.annotation.Nullable; -import javax.net.ssl.SSLSocketFactory; import org.HdrHistogram.Histogram; /** @@ -117,59 +111,35 @@ public final class Utils { } } - private static OkHttpChannelBuilder newOkhttpClientChannel( - SocketAddress address, boolean tls, boolean testca, @Nullable String authorityOverride) { + private static OkHttpChannelBuilder newOkHttpClientChannel( + SocketAddress address, boolean tls, boolean testca) { InetSocketAddress addr = (InetSocketAddress) address; OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress(addr.getHostName(), addr.getPort()); - if (tls) { - builder.negotiationType(io.grpc.okhttp.NegotiationType.TLS); - SSLSocketFactory factory; - if (testca) { - builder.overrideAuthority( - GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort())); - try { - factory = TestUtils.newSslSocketFactoryForCa( - Platform.get().getProvider(), - TestUtils.loadCert("ca.pem")); - } catch (Exception e) { - throw new RuntimeException(e); - } - } else { - factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + if (!tls) { + builder.usePlaintext(); + } else if (testca) { + try { + builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa( + Platform.get().getProvider(), + TestUtils.loadCert("ca.pem"))); + } catch (Exception e) { + throw new RuntimeException(e); } - builder.sslSocketFactory(factory); - } else { - builder.negotiationType(io.grpc.okhttp.NegotiationType.PLAINTEXT); } return builder; } private static NettyChannelBuilder newNettyClientChannel(Transport transport, - SocketAddress address, boolean tls, boolean testca, int flowControlWindow, - boolean useDefaultCiphers) throws IOException { + SocketAddress address, boolean tls, boolean testca, int flowControlWindow) + throws IOException { NettyChannelBuilder builder = NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow); - if (tls) { - builder.negotiationType(NegotiationType.TLS); - SslContext sslContext = null; - if (testca) { - File cert = TestUtils.loadCert("ca.pem"); - SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert); - if (transport == Transport.NETTY_NIO) { - sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK); - } else { - // Native transport with OpenSSL - sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL); - } - if (useDefaultCiphers) { - sslContextBuilder.ciphers(null); - } - sslContext = sslContextBuilder.build(); - } - builder.sslContext(sslContext); - } else { - builder.negotiationType(NegotiationType.PLAINTEXT); + if (!tls) { + builder.usePlaintext(); + } else if (testca) { + File cert = TestUtils.loadCert("ca.pem"); + builder.sslContext(GrpcSslContexts.forClient().trustManager(cert).build()); } DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true /*daemon */); @@ -225,15 +195,14 @@ public final class Utils { * Create a {@link ManagedChannel} for the given parameters. */ public static ManagedChannel newClientChannel(Transport transport, SocketAddress address, - boolean tls, boolean testca, @Nullable String authorityOverride, boolean useDefaultCiphers, + boolean tls, boolean testca, @Nullable String authorityOverride, int flowControlWindow, boolean directExecutor) { ManagedChannelBuilder<?> builder; if (transport == Transport.OK_HTTP) { - builder = newOkhttpClientChannel(address, tls, testca, authorityOverride); + builder = newOkHttpClientChannel(address, tls, testca); } else { try { - builder = newNettyClientChannel( - transport, address, tls, testca, flowControlWindow, useDefaultCiphers); + builder = newNettyClientChannel(transport, address, tls, testca, flowControlWindow); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/driver/LoadClient.java b/benchmarks/src/main/java/io/grpc/benchmarks/driver/LoadClient.java index 25ebd6193..259b43ffe 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/driver/LoadClient.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/driver/LoadClient.java @@ -88,7 +88,6 @@ class LoadClient { config.hasSecurityParams() ? config.getSecurityParams().getServerHostOverride() : null, - true, Utils.DEFAULT_FLOW_CONTROL_WINDOW, false); } diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncClient.java b/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncClient.java index 4acca5850..7561a9686 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncClient.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncClient.java @@ -32,7 +32,6 @@ import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.STREAMING_R import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TESTCA; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TLS; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TRANSPORT; -import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.USE_DEFAULT_CIPHERS; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.WARMUP_DURATION; import com.google.common.base.Preconditions; @@ -308,7 +307,7 @@ public class AsyncClient { public static void main(String... args) throws Exception { ClientConfiguration.Builder configBuilder = ClientConfiguration.newBuilder( ADDRESS, CHANNELS, OUTSTANDING_RPCS, CLIENT_PAYLOAD, SERVER_PAYLOAD, - TLS, TESTCA, USE_DEFAULT_CIPHERS, TRANSPORT, DURATION, WARMUP_DURATION, DIRECTEXECUTOR, + TLS, TESTCA, TRANSPORT, DURATION, WARMUP_DURATION, DIRECTEXECUTOR, SAVE_HISTOGRAM, STREAMING_RPCS, FLOW_CONTROL_WINDOW); ClientConfiguration config; try { diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncServer.java b/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncServer.java index 340eb01fc..fb990e9f4 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncServer.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/qps/AsyncServer.java @@ -24,7 +24,6 @@ import io.grpc.benchmarks.Utils; import io.grpc.benchmarks.proto.BenchmarkServiceGrpc; import io.grpc.benchmarks.proto.Messages; import io.grpc.internal.testing.TestUtils; -import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyServerBuilder; import io.grpc.stub.ServerCallStreamObserver; import io.grpc.stub.StreamObserver; @@ -33,9 +32,6 @@ import io.netty.channel.EventLoopGroup; import io.netty.channel.ServerChannel; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioServerSocketChannel; -import io.netty.handler.ssl.SslContext; -import io.netty.handler.ssl.SslContextBuilder; -import io.netty.handler.ssl.SslProvider; import io.netty.util.concurrent.DefaultThreadFactory; import java.io.File; import java.io.IOException; @@ -94,26 +90,6 @@ public class AsyncServer { @SuppressWarnings("LiteralClassName") // Epoll is not available on windows static Server newServer(ServerConfiguration config) throws IOException { - SslContext sslContext = null; - if (config.tls) { - System.out.println("Using fake CA for TLS certificate.\n" - + "Run the Java client with --tls --testca"); - - File cert = TestUtils.loadCert("server1.pem"); - File key = TestUtils.loadCert("server1.key"); - SslContextBuilder sslContextBuilder = GrpcSslContexts.forServer(cert, key); - if (config.transport == ServerConfiguration.Transport.NETTY_NIO) { - sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK); - } else { - // Native transport with OpenSSL - sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL); - } - if (config.useDefaultCiphers) { - sslContextBuilder.ciphers(null); - } - sslContext = sslContextBuilder.build(); - } - final EventLoopGroup boss; final EventLoopGroup worker; final Class<? extends ServerChannel> channelType; @@ -183,8 +159,15 @@ public class AsyncServer { .workerEventLoopGroup(worker) .channelType(channelType) .addService(new BenchmarkServiceImpl()) - .sslContext(sslContext) .flowControlWindow(config.flowControlWindow); + if (config.tls) { + System.out.println("Using fake CA for TLS certificate.\n" + + "Run the Java client with --tls --testca"); + + File cert = TestUtils.loadCert("server1.pem"); + File key = TestUtils.loadCert("server1.key"); + builder.useTransportSecurity(cert, key); + } if (config.directExecutor) { builder.directExecutor(); } else { diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/qps/ClientConfiguration.java b/benchmarks/src/main/java/io/grpc/benchmarks/qps/ClientConfiguration.java index 39a8440c5..61ee53073 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/qps/ClientConfiguration.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/qps/ClientConfiguration.java @@ -67,7 +67,7 @@ public class ClientConfiguration implements Configuration { public ManagedChannel newChannel() throws IOException { return Utils.newClientChannel(transport, address, tls, testca, authorityOverride, - useDefaultCiphers, flowControlWindow, directExecutor); + flowControlWindow, directExecutor); } public Messages.SimpleRequest newRequest() { @@ -176,13 +176,6 @@ public class ClientConfiguration implements Configuration { config.testca = parseBoolean(value); } }, - USE_DEFAULT_CIPHERS("", "Use the default JDK ciphers for TLS (Used to support Java 7).", - "" + DEFAULT.useDefaultCiphers) { - @Override - protected void setClientValue(ClientConfiguration config, String value) { - config.useDefaultCiphers = parseBoolean(value); - } - }, TRANSPORT("STR", Transport.getDescriptionString(), DEFAULT.transport.name().toLowerCase()) { @Override protected void setClientValue(ClientConfiguration config, String value) { diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/qps/OpenLoopClient.java b/benchmarks/src/main/java/io/grpc/benchmarks/qps/OpenLoopClient.java index 07b4be5fd..d2a694482 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/qps/OpenLoopClient.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/qps/OpenLoopClient.java @@ -30,7 +30,6 @@ import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TARGET_QPS; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TESTCA; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TLS; import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TRANSPORT; -import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.USE_DEFAULT_CIPHERS; import io.grpc.Channel; import io.grpc.ManagedChannel; @@ -66,7 +65,7 @@ public class OpenLoopClient { public static void main(String... args) throws Exception { ClientConfiguration.Builder configBuilder = ClientConfiguration.newBuilder( ADDRESS, TARGET_QPS, CLIENT_PAYLOAD, SERVER_PAYLOAD, TLS, - TESTCA, USE_DEFAULT_CIPHERS, TRANSPORT, DURATION, SAVE_HISTOGRAM, FLOW_CONTROL_WINDOW); + TESTCA, TRANSPORT, DURATION, SAVE_HISTOGRAM, FLOW_CONTROL_WINDOW); ClientConfiguration config; try { config = configBuilder.build(args); diff --git a/benchmarks/src/main/java/io/grpc/benchmarks/qps/ServerConfiguration.java b/benchmarks/src/main/java/io/grpc/benchmarks/qps/ServerConfiguration.java index e25086069..6fb52468f 100644 --- a/benchmarks/src/main/java/io/grpc/benchmarks/qps/ServerConfiguration.java +++ b/benchmarks/src/main/java/io/grpc/benchmarks/qps/ServerConfiguration.java @@ -38,7 +38,6 @@ class ServerConfiguration implements Configuration { Transport transport = Transport.NETTY_NIO; boolean tls; - boolean useDefaultCiphers; boolean directExecutor; SocketAddress address; int flowControlWindow = NettyChannelBuilder.DEFAULT_FLOW_CONTROL_WINDOW; @@ -159,13 +158,6 @@ class ServerConfiguration implements Configuration { config.tls = parseBoolean(value); } }, - USE_DEFAULT_CIPHERS("", "Use the default JDK ciphers for TLS (Used to support Java 7).", - "false") { - @Override - protected void setServerValue(ServerConfiguration config, String value) { - config.useDefaultCiphers = parseBoolean(value); - } - }, TRANSPORT("STR", Transport.getDescriptionString(), DEFAULT.transport.name().toLowerCase()) { @Override protected void setServerValue(ServerConfiguration config, String value) { |