diff options
author | zpencer <spencerfang@google.com> | 2018-04-11 16:14:58 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-11 16:14:58 -0700 |
commit | 137e759fda7f22f228fae438102840d2ca9b9376 (patch) | |
tree | ec08ad8b43e0951a83ca83402dd508c32f067dd7 /netty | |
parent | d68b2cd74a6af1b0487d67e82a4ce0a443b2cf95 (diff) | |
download | grpc-grpc-java-137e759fda7f22f228fae438102840d2ca9b9376.tar.gz |
core, netty: allow InputStream based certs (#4316)
Allow ServerBuilder to read certs from InputStream, not just from a
File.
Diffstat (limited to 'netty')
-rw-r--r-- | netty/src/main/java/io/grpc/netty/GrpcSslContexts.java | 22 | ||||
-rw-r--r-- | netty/src/main/java/io/grpc/netty/NettyServerBuilder.java | 12 | ||||
-rw-r--r-- | netty/src/test/java/io/grpc/netty/TlsTest.java | 1 |
3 files changed, 34 insertions, 1 deletions
diff --git a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java index 15dfb63b9..07b1a9a22 100644 --- a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java +++ b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java @@ -31,6 +31,7 @@ import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.SupportedCipherSuiteFilter; import java.io.File; +import java.io.InputStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.Provider; @@ -141,6 +142,27 @@ public class GrpcSslContexts { } /** + * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC. + * + * @see SslContextBuilder#forServer(InputStream, InputStream) + * @see #configure(SslContextBuilder) + */ + public static SslContextBuilder forServer(InputStream keyCertChain, InputStream key) { + return configure(SslContextBuilder.forServer(keyCertChain, key)); + } + + /** + * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC. + * + * @see SslContextBuilder#forServer(InputStream, InputStream, String) + * @see #configure(SslContextBuilder) + */ + public static SslContextBuilder forServer( + InputStream keyCertChain, InputStream key, String keyPassword) { + return configure(SslContextBuilder.forServer(keyCertChain, key, keyPassword)); + } + + /** * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if * an application requires particular settings it should override the options set here. */ diff --git a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java index 4e7df6380..ae7463ff7 100644 --- a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java +++ b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java @@ -38,6 +38,7 @@ import io.netty.channel.ServerChannel; import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.handler.ssl.SslContext; import java.io.File; +import java.io.InputStream; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.util.HashMap; @@ -438,4 +439,15 @@ public final class NettyServerBuilder extends AbstractServerImplBuilder<NettySer } return this; } + + @Override + public NettyServerBuilder useTransportSecurity(InputStream certChain, InputStream privateKey) { + try { + sslContext = GrpcSslContexts.forServer(certChain, privateKey).build(); + } catch (SSLException e) { + // This should likely be some other, easier to catch exception. + throw new RuntimeException(e); + } + return this; + } } diff --git a/netty/src/test/java/io/grpc/netty/TlsTest.java b/netty/src/test/java/io/grpc/netty/TlsTest.java index c99d7f1ce..6628a39a6 100644 --- a/netty/src/test/java/io/grpc/netty/TlsTest.java +++ b/netty/src/test/java/io/grpc/netty/TlsTest.java @@ -176,7 +176,6 @@ public class TlsTest { client.unaryRpc(SimpleRequest.getDefaultInstance()); } - /** * Tests that a server configured to require client authentication refuses to accept connections * from a client that has an untrusted certificate. |