This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ratis.git
The following commit(s) were added to refs/heads/master by this push:
new 2386b1a RATIS-669. Allow Ratis gRPCTlsConfig to take Java Key/Cert
Object in addition to File. Contributed by Xiaoyu Yao. (#33)
2386b1a is described below
commit 2386b1abb7eaff0b8ac081e0ac70480d4e9d15bc
Author: Xiaoyu Yao <[email protected]>
AuthorDate: Wed Aug 28 19:38:58 2019 -0700
RATIS-669. Allow Ratis gRPCTlsConfig to take Java Key/Cert Object in
addition to File. Contributed by Xiaoyu Yao. (#33)
---
.../java/org/apache/ratis/grpc/GrpcTlsConfig.java | 52 ++++++++++++++++------
.../grpc/client/GrpcClientProtocolClient.java | 16 +++++--
.../grpc/server/GrpcServerProtocolClient.java | 13 ++++--
.../org/apache/ratis/grpc/server/GrpcService.java | 13 ++++--
4 files changed, 71 insertions(+), 23 deletions(-)
diff --git a/ratis-grpc/src/main/java/org/apache/ratis/grpc/GrpcTlsConfig.java
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/GrpcTlsConfig.java
index 960bd1d..f9e2455 100644
--- a/ratis-grpc/src/main/java/org/apache/ratis/grpc/GrpcTlsConfig.java
+++ b/ratis-grpc/src/main/java/org/apache/ratis/grpc/GrpcTlsConfig.java
@@ -18,51 +18,77 @@
package org.apache.ratis.grpc;
import java.io.File;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
/**
* Ratis GRPC TLS configurations.
*/
public class GrpcTlsConfig {
// private key
- private final File privateKey;
+ private PrivateKey privateKey;
+ private File privateKeyFile;
// certificate
- private final File certChain;
+ private X509Certificate certChain;
+ private File certChainFile;
// ca certificate
- private final File trustStore;
+ private X509Certificate trustStore;
+ private File trustStoreFile;
// mutual TLS enabled
private final boolean mTlsEnabled;
- public File getPrivateKey() {
+ private final boolean fileBasedConfig;
+
+ public boolean isFileBasedConfig() {
+ return fileBasedConfig;
+ }
+
+ public PrivateKey getPrivateKey() {
return privateKey;
}
- public File getCertChain() {
+ public File getPrivateKeyFile() {
+ return privateKeyFile;
+ }
+
+ public X509Certificate getCertChain() {
return certChain;
}
- public File getTrustStore() {
+ public File getCertChainFile() {
+ return certChainFile;
+ }
+
+ public X509Certificate getTrustStore() {
return trustStore;
}
+ public File getTrustStoreFile() {
+ return trustStoreFile;
+ }
+
public boolean getMtlsEnabled() {
return mTlsEnabled;
}
- public GrpcTlsConfig(File privateKey, File certChain, File trustStore,
boolean mTlsEnabled) {
+ public GrpcTlsConfig(PrivateKey privateKey, X509Certificate certChain,
+ X509Certificate trustStore, boolean mTlsEnabled) {
this.privateKey = privateKey;
this.certChain = certChain;
this.trustStore = trustStore;
this.mTlsEnabled = mTlsEnabled;
+ this.fileBasedConfig = false;
}
- @Override
- public String toString() {
- return "PrivateKey:" + getPrivateKey().getAbsolutePath() +
- " Certificate:" + getCertChain().getAbsolutePath() +
- " TrustStore:" + getTrustStore().getAbsolutePath() +
- " Mutual TlS:" + getMtlsEnabled();
+ public GrpcTlsConfig(File privateKeyFile, File certChainFile,
+ File trustStoreFile, boolean mTlsEnabled) {
+ this.privateKeyFile = privateKeyFile;
+ this.certChainFile = certChainFile;
+ this.trustStoreFile = trustStoreFile;
+ this.mTlsEnabled = mTlsEnabled;
+ this.fileBasedConfig = true;
}
}
\ No newline at end of file
diff --git
a/ratis-grpc/src/main/java/org/apache/ratis/grpc/client/GrpcClientProtocolClient.java
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/client/GrpcClientProtocolClient.java
index 5a49cec..8b329e0 100644
---
a/ratis-grpc/src/main/java/org/apache/ratis/grpc/client/GrpcClientProtocolClient.java
+++
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/client/GrpcClientProtocolClient.java
@@ -99,15 +99,23 @@ public class GrpcClientProtocolClient implements Closeable {
if (tlsConf!= null) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
- if (tlsConf.getTrustStore() != null) {
+ if (tlsConf.isFileBasedConfig()) {
+ sslContextBuilder.trustManager(tlsConf.getTrustStoreFile());
+ } else {
sslContextBuilder.trustManager(tlsConf.getTrustStore());
}
if (tlsConf.getMtlsEnabled()) {
- sslContextBuilder.keyManager(tlsConf.getCertChain(),
- tlsConf.getPrivateKey());
+ if (tlsConf.isFileBasedConfig()) {
+ sslContextBuilder.keyManager(tlsConf.getCertChainFile(),
+ tlsConf.getPrivateKeyFile());
+ } else {
+ sslContextBuilder.keyManager(tlsConf.getPrivateKey(),
+ tlsConf.getCertChain());
+ }
}
try {
-
channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
+ channelBuilder.useTransportSecurity().sslContext(
+ sslContextBuilder.build());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
diff --git
a/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcServerProtocolClient.java
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcServerProtocolClient.java
index a370d72..6eb6c38 100644
---
a/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcServerProtocolClient.java
+++
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcServerProtocolClient.java
@@ -50,12 +50,19 @@ public class GrpcServerProtocolClient implements Closeable {
if (tlsConfig!= null) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
- if (tlsConfig.getTrustStore() != null) {
+ if (tlsConfig.isFileBasedConfig()) {
+ sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
+ } else {
sslContextBuilder.trustManager(tlsConfig.getTrustStore());
}
if (tlsConfig.getMtlsEnabled()) {
- sslContextBuilder.keyManager(tlsConfig.getCertChain(),
- tlsConfig.getPrivateKey());
+ if (tlsConfig.isFileBasedConfig()) {
+ sslContextBuilder.keyManager(tlsConfig.getCertChainFile(),
+ tlsConfig.getPrivateKeyFile());
+ } else {
+ sslContextBuilder.keyManager(tlsConfig.getPrivateKey(),
+ tlsConfig.getCertChain());
+ }
}
try {
channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
diff --git
a/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java
b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java
index f42d356..ec60030 100644
--- a/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java
+++ b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java
@@ -119,11 +119,18 @@ public class GrpcService extends
RaftServerRpcWithProxy<GrpcServerProtocolClient
if (tlsConfig != null) {
SslContextBuilder sslContextBuilder =
- SslContextBuilder.forServer(tlsConfig.getCertChain(),
- tlsConfig.getPrivateKey());
+ tlsConfig.isFileBasedConfig()?
+ SslContextBuilder.forServer(tlsConfig.getCertChainFile(),
+ tlsConfig.getPrivateKeyFile()):
+ SslContextBuilder.forServer(tlsConfig.getPrivateKey(),
+ tlsConfig.getCertChain());
if (tlsConfig.getMtlsEnabled()) {
sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
- sslContextBuilder.trustManager(tlsConfig.getCertChain());
+ if (tlsConfig.isFileBasedConfig()) {
+ sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
+ } else {
+ sslContextBuilder.trustManager(tlsConfig.getTrustStore());
+ }
}
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder,
OPENSSL);
try {
