@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }
private ManagedChannel createChannel(BasicMeta.Endpoint endpoint) { String target = endpoint.getIp(); if (Strings.isNullOrEmpty(target)) { target = endpoint.getHostname(); } NettyChannelBuilder builder = NettyChannelBuilder .forAddress(target, endpoint.getPort()) .executor((Executor) applicationContext.getBean("grpcClientExecutor")) .keepAliveTime(6, TimeUnit.MINUTES) .keepAliveTimeout(24, TimeUnit.HOURS) .keepAliveWithoutCalls(true) .idleTimeout(1, TimeUnit.HOURS) .perRpcBufferLimit(128 << 20) .flowControlWindow(32 << 20) .maxInboundMessageSize(32 << 20) .enableRetry() .retryBufferSize(16 << 20) .maxRetryAttempts(20); // todo: configurable LOGGER.info("[COMMON][CHANNEL][CREATE] use insecure channel to {}", toStringUtils.toOneLineString(endpoint)); builder.negotiationType(NegotiationType.PLAINTEXT) .usePlaintext(); ManagedChannel managedChannel = builder .build(); LOGGER.info("[COMMON][CHANNEL][CREATE] created channel to {}", toStringUtils.toOneLineString(endpoint)); return managedChannel; }
throw new SecurityException(e); builder.sslContext(sslContext).useTransportSecurity().negotiationType(NegotiationType.TLS); } else { LOGGER.info("use insecure channel to {}", toStringUtils.toOneLineString(endpoint)); builder.negotiationType(NegotiationType.PLAINTEXT);
@Override // Keep this in sync with NettyChannelFactory#configureSecurity protected void configureSecurity(final NettyChannelBuilder builder, final String name) { final GrpcChannelProperties properties = getPropertiesFor(name); final NegotiationType negotiationType = properties.getNegotiationType(); builder.negotiationType(of(negotiationType)); if (negotiationType != NegotiationType.PLAINTEXT) { final Security security = properties.getSecurity(); final String authorityOverwrite = security.getAuthorityOverride(); if (authorityOverwrite != null && !authorityOverwrite.isEmpty()) { builder.overrideAuthority(authorityOverwrite); } final SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (security.isClientAuthEnabled()) { final File keyCertChainFile = toCheckedFile("keyCertChain", security.getCertificateChainPath()); final File privateKeyFile = toCheckedFile("privateKey", security.getPrivateKeyPath()); sslContextBuilder.keyManager(keyCertChainFile, privateKeyFile); } final String trustCertCollectionPath = security.getTrustCertCollectionPath(); if (trustCertCollectionPath != null && !trustCertCollectionPath.isEmpty()) { final File trustCertCollectionFile = toCheckedFile("trustCertCollection", trustCertCollectionPath); sslContextBuilder.trustManager(trustCertCollectionFile); } try { builder.sslContext(sslContextBuilder.build()); } catch (final SSLException e) { throw new IllegalStateException("Failed to create ssl context for grpc client", e); } } }