Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

gRPC: How to configure SSL in client?

Tags:

java

ssl

grpc

netty

grpc-java

Its new topic for me. I'm able to connect as plaintext.

public ManagedChannel getChannel(String serviceName){
    TSServiceClientManager scm = TSServiceManagementFactory.getInstance().getServiceClientManager();
    TSServiceConnectionInfo connInfo = scm.getServiceConnectionInfo(serviceName);
    if(channel == null){
        channel = ManagedChannelBuilder.forAddress(connInfo.getHost(), connInfo.getPort())
                .usePlaintext(true) //need help here for SSL code 
                .build();
    }

    return channel;
}

I was told to enable client-side SSL. I know how to generate, keystore, truststore, pem, CA etc. I need help in :

How to enable SSL instead of .usePlaintext(true) as shown in above code?

(Kindly rewrite the code considering the cert file, keystore, truststore and .pem file exist)

And

I want to know is there anything to do with server to make SSL connection work?

like image 643
SOWMITHRA KUMAR G M Avatar asked Dec 04 '17 07:12

SOWMITHRA KUMAR G M

1 Answers

Since grpc-java 1.37.0 it is possible for most users to configure TLS without using transport-specific APIs. This leverages the ChannelCredentials concept introduced in 1.34.0.

ChannelCredentials creds = TlsChannelCredentials.newBuilder()
    // if server's cert doesn't chain to a standard root
    .trustManager(caFile)
    .keyManager(clientCertFile, keyFile) // client cert
    .build();
channel = Grpc.newChannelBuilderForAddress(serverHost, serverPort, creds)
    .build();

TlsServerCredentials and Grpc.newServerBuilderForPort() would be used on server-side.

Advanced use cases may need to use transport-specific APIs like GrpcSslContexts and NettyChannelBuilder.sslContext().

Original answer: You need to use a transport-specific API. You're likely using Netty today. For Netty, you need to configure Netty's SslContext and pass it to gRPC. Your usage may look something like this:

SslContext sslcontext = GrpcSslContexts.forClient()
    // if server's cert doesn't chain to a standard root
    .trustManager(caFile)
    .keyManager(clientCertFile, keyFile) // client cert
    .build();
channel = NettyChannelBuilder.forAddress(serverHost, serverPort)
    .sslContext(sslContext)
    .build();

If you need server-side configuration, it would use the similar NettyServerBuilder.sslContext(). But the context itself would be different.

like image 186
Eric Anderson Avatar answered Sep 20 '22 05:09

Eric Anderson
Sign in to Comment

Related questions

Getting error when I use @EnableGlobalMethodSecurity(prePostEnabled = true)
Java, why collections.sort() still works with non-comparator typed argument?
Spring boot - Grabbing a file from the file system in a Get Request
Use Static Method in Java as Extension Method in Kotlin
String interning riddle
Google Sheets API v4 Spreadsheets.Values.Update returns ERROR 404:Requested entity was not found
Mock a service of a service in another service Junit
Java validation @min @max annotion for null values
Jackson : map nested object
Can't set ProblemHandler to ObjectMapper in Spring Boot
How to use multiple streams and .map functions in java 8 with lambda expressions
How to change timestamp of records?
SubmissionPublisher on submit not invoking onNext of subscriber
Why is package-protected method not visible in the same package?
Sorting LinkedList with even after odd elements
Year changing from negative -509 to a positive 510 in JDBC with H2 Database
StackOverflowError with JPA bidirectional references in Kotlin
Problems with static binding and dynamic binding in Java
java.lang.ClassNotFoundException: android.support.v4.view.TintableBackgroundView
Why can I create a two dimensional array with 0 rows but 5 columns in java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!