From 8b80750c44732f6b3cc5ccf6de6b226aa1bf0545 Mon Sep 17 00:00:00 2001 From: Christopher Batey Date: Wed, 22 Aug 2018 16:14:53 +0100 Subject: [PATCH] Update vanilla Akka gRPC to not use TLS in examples (#353) --- docs/src/main/paradox/overview.md | 2 +- docs/src/main/paradox/server/walkthrough.md | 8 +- .../java/example/myapp/CombinedServer.java | 50 +---------- .../example/myapp/echo/EchoServiceImpl.java | 7 -- .../myapp/helloworld/GreeterServer.java | 74 +--------------- .../src/main/resources/application.conf | 10 +-- .../src/main/resources/certs/ca.pem | 15 ---- .../src/main/resources/certs/server1.key | 16 ---- .../src/main/resources/certs/server1.pem | 16 ---- .../src/main/resources/application.conf | 9 +- .../src/main/resources/certs/ca.pem | 15 ---- .../src/main/resources/certs/server1.key | 16 ---- .../src/main/resources/certs/server1.pem | 16 ---- .../scala/example/myapp/CombinedServer.scala | 54 +----------- .../myapp/helloworld/GreeterClient.scala | 6 +- .../myapp/helloworld/GreeterServer.scala | 85 ++----------------- .../myapp/helloworld/GreeterServiceSpec.scala | 3 +- 17 files changed, 26 insertions(+), 376 deletions(-) delete mode 100644 plugin-tester-java/src/main/resources/certs/ca.pem delete mode 100644 plugin-tester-java/src/main/resources/certs/server1.key delete mode 100644 plugin-tester-java/src/main/resources/certs/server1.pem delete mode 100644 plugin-tester-scala/src/main/resources/certs/ca.pem delete mode 100644 plugin-tester-scala/src/main/resources/certs/server1.key delete mode 100644 plugin-tester-scala/src/main/resources/certs/server1.pem diff --git a/docs/src/main/paradox/overview.md b/docs/src/main/paradox/overview.md index 0cf1fafa8..7c7e44513 100644 --- a/docs/src/main/paradox/overview.md +++ b/docs/src/main/paradox/overview.md @@ -27,7 +27,7 @@ This library is in preview mode: basic functionality is in place, but API's and build system plugins are still expected to be improved. The API on both sides (Client and Server) is a simple Akka Streams-based one. -We plan to also provide a 'power user' API for each of these ([#191](https://github.com/akka/akka-grpc/issues/191), [#179](https://github.com/akka/akka-grpc/issues/179)). +The client has a 'power user' API and the planned for the server in [#179](https://github.com/akka/akka-grpc/issues/179)). The client side is currently implemented on top of [io.grpc:grpc-netty-shaded](https://mvnrepository.com/artifact/io.grpc/grpc-netty-shaded), diff --git a/docs/src/main/paradox/server/walkthrough.md b/docs/src/main/paradox/server/walkthrough.md index 8a5bc28e1..4e99ee732 100644 --- a/docs/src/main/paradox/server/walkthrough.md +++ b/docs/src/main/paradox/server/walkthrough.md @@ -198,9 +198,11 @@ In the example this was done from the `main` method, but you could also do this @@@ -HTTP/2 can only be served over TLS. That means that you need to configure your server with TLS information to provide certificates. -The example code contains a snippet about how to set up the TLS context from certificates and keys provided from resources on the -classpath. In a real application, you would probably want to load the keys from outside the application jar instead. +The above example does not use TLS and is configured to only serve HTTP/2. +To allow HTTP and HTTP/2 and gRPC on the same port TLS must be used. +That means that you need to configure your server with TLS information to provide certificates. + +TODO Document how to configure TLS ([#191](https://github.com/akka/akka-grpc/issues/352) @@@ note diff --git a/plugin-tester-java/src/main/java/example/myapp/CombinedServer.java b/plugin-tester-java/src/main/java/example/myapp/CombinedServer.java index 47df7125e..1d58677ca 100644 --- a/plugin-tester-java/src/main/java/example/myapp/CombinedServer.java +++ b/plugin-tester-java/src/main/java/example/myapp/CombinedServer.java @@ -5,9 +5,7 @@ package example.myapp; import akka.actor.ActorSystem; -import akka.http.javadsl.ConnectWithHttps; -import akka.http.javadsl.ConnectionContext; -import akka.http.javadsl.HttpsConnectionContext; +import akka.http.javadsl.*; import akka.http.scaladsl.settings.ServerSettings; import akka.stream.ActorMaterializer; import akka.stream.Materializer; @@ -34,7 +32,6 @@ //#import import akka.grpc.javadsl.ServiceHandler; -import akka.http.javadsl.Http; import akka.http.javadsl.model.HttpRequest; import akka.http.javadsl.model.HttpResponse; import akka.japi.Function; @@ -64,7 +61,7 @@ public static void main(String[] args) throws Exception { Http.get(sys).bindAndHandleAsync( serviceHandlers, - ConnectWithHttps.toHostHttps("127.0.0.1", 8080).withCustomHttpsContext(serverHttpContext()), + ConnectHttp.toHost("127.0.0.1", 8080, UseHttp2.always()), ServerSettings.create(sys), // Needed to allow running multiple requests concurrently, see https://github.com/akka/akka-http/issues/2145 256, @@ -75,47 +72,4 @@ public static void main(String[] args) throws Exception { System.out.println("gRPC server bound to: " + binding.localAddress()); }); } - - private static HttpsConnectionContext serverHttpContext() throws Exception { - // FIXME how would end users do this? TestUtils.loadCert? issue #89 - String keyEncoded = read(CombinedServer.class.getResourceAsStream("/certs/server1.key")) - .replace("-----BEGIN PRIVATE KEY-----\n", "") - .replace("-----END PRIVATE KEY-----\n", "") - .replace("\n", ""); - - byte[] decodedKey = Base64.getDecoder().decode(keyEncoded); - - PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decodedKey); - - KeyFactory kf = KeyFactory.getInstance("RSA"); - PrivateKey privateKey = kf.generatePrivate(spec); - - CertificateFactory fact = CertificateFactory.getInstance("X.509"); - Certificate cer = fact.generateCertificate(CombinedServer.class.getResourceAsStream("/certs/server1.pem")); - - KeyStore ks = KeyStore.getInstance("PKCS12"); - ks.load(null); - ks.setKeyEntry("private", privateKey, new char[0], new Certificate[]{cer}); - - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(ks, null); - - SSLContext context = SSLContext.getInstance("TLS"); - context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); - - return ConnectionContext.https(context); - } - - private static String read(InputStream in) throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(Math.max(64, in.available())); - byte[] buffer = new byte[32 * 1024]; - int bytesRead = in.read(buffer); - while (bytesRead >= 0) { - baos.write(buffer, 0, bytesRead); - bytesRead = in.read(buffer); - } - - byte[] bytes = baos.toByteArray(); - return new String(bytes, "UTF-8"); - } } diff --git a/plugin-tester-java/src/main/java/example/myapp/echo/EchoServiceImpl.java b/plugin-tester-java/src/main/java/example/myapp/echo/EchoServiceImpl.java index 8c8274cbd..57c71a670 100644 --- a/plugin-tester-java/src/main/java/example/myapp/echo/EchoServiceImpl.java +++ b/plugin-tester-java/src/main/java/example/myapp/echo/EchoServiceImpl.java @@ -4,15 +4,8 @@ package example.myapp.echo; -import java.util.List; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; -import java.util.stream.Collectors; - -import akka.NotUsed; -import akka.stream.Materializer; -import akka.stream.javadsl.Sink; -import akka.stream.javadsl.Source; import example.myapp.echo.grpc.*; diff --git a/plugin-tester-java/src/main/java/example/myapp/helloworld/GreeterServer.java b/plugin-tester-java/src/main/java/example/myapp/helloworld/GreeterServer.java index 456947bd3..e3d6b2fe2 100644 --- a/plugin-tester-java/src/main/java/example/myapp/helloworld/GreeterServer.java +++ b/plugin-tester-java/src/main/java/example/myapp/helloworld/GreeterServer.java @@ -6,33 +6,13 @@ package example.myapp.helloworld; import akka.actor.ActorSystem; -import akka.http.javadsl.ConnectWithHttps; -import akka.http.javadsl.ConnectionContext; -import akka.http.javadsl.Http; -import akka.http.javadsl.HttpsConnectionContext; +import akka.http.javadsl.*; import akka.http.javadsl.settings.ServerSettings; import akka.stream.ActorMaterializer; import akka.stream.Materializer; import com.typesafe.config.Config; import com.typesafe.config.ConfigFactory; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.FileInputStream; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.KeyFactory; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Base64; - import example.myapp.helloworld.grpc.*; class GreeterServer { @@ -51,10 +31,7 @@ public static void main(String[] args) throws Exception { // Bind implementation to localhost:8080 Http.get(sys).bindAndHandleAsync( GreeterServiceHandlerFactory.create(impl, mat), - // HTTP/2 servers are required to use TLS - ConnectWithHttps.toHostHttps("127.0.0.1", 8080) - // provide TLS certificate and keys - .withCustomHttpsContext(serverHttpContext()), + ConnectHttp.toHost("127.0.0.1", 8080, UseHttp2.always()), ServerSettings.create(sys), // Needed to allow running multiple requests concurrently, see https://github.com/akka/akka-http/issues/2145 256, @@ -66,52 +43,5 @@ public static void main(String[] args) throws Exception { // ActorSystem threads will keep the app alive until `system.terminate()` is called } - - /** - * Read certificate and keys from resources on the classpath. In a real application you - * would probably want to provide those from outside. - */ - private static HttpsConnectionContext serverHttpContext() throws Exception { - // FIXME how would end users do this? TestUtils.loadCert? issue #89 - String keyEncoded = read(GreeterServer.class.getResourceAsStream("/certs/server1.key")) - .replace("-----BEGIN PRIVATE KEY-----\n", "") - .replace("-----END PRIVATE KEY-----\n", "") - .replace("\n", ""); - - byte[] decodedKey = Base64.getDecoder().decode(keyEncoded); - - PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decodedKey); - - KeyFactory kf = KeyFactory.getInstance("RSA"); - PrivateKey privateKey = kf.generatePrivate(spec); - - CertificateFactory fact = CertificateFactory.getInstance("X.509"); - Certificate cer = fact.generateCertificate(GreeterServer.class.getResourceAsStream("/certs/server1.pem")); - - KeyStore ks = KeyStore.getInstance("PKCS12"); - ks.load(null); - ks.setKeyEntry("private", privateKey, new char[0], new Certificate[]{cer}); - - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(ks, null); - - SSLContext context = SSLContext.getInstance("TLS"); - context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); - - return ConnectionContext.https(context); - } - - private static String read(InputStream in) throws IOException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(Math.max(64, in.available())); - byte[] buffer = new byte[32 * 1024]; - int bytesRead = in.read(buffer); - while (bytesRead >= 0) { - baos.write(buffer, 0, bytesRead); - bytesRead = in.read(buffer); - } - - byte[] bytes = baos.toByteArray(); - return new String(bytes, "UTF-8"); - } } //#full-server diff --git a/plugin-tester-java/src/main/resources/application.conf b/plugin-tester-java/src/main/resources/application.conf index 9a01355b5..2664dff99 100644 --- a/plugin-tester-java/src/main/resources/application.conf +++ b/plugin-tester-java/src/main/resources/application.conf @@ -3,14 +3,6 @@ akka.grpc.client { "helloworld.GreeterService" { host = 127.0.0.1 port = 8080 - override-authority = foo.test.google.fr - ssl-config { - disabledKeyAlgorithms = [] // Allow weak certificates - trustManager { - stores = [ - {path = certs/ca.pem, classpath = true, type = PEM} - ] - } - } + use-tls = false } } diff --git a/plugin-tester-java/src/main/resources/certs/ca.pem b/plugin-tester-java/src/main/resources/certs/ca.pem deleted file mode 100644 index 6c8511a73..000000000 --- a/plugin-tester-java/src/main/resources/certs/ca.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla -Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT -BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7 -+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu -g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd -Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau -sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m -oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG -Dfcog5wrJytaQ6UA0wE= ------END CERTIFICATE----- diff --git a/plugin-tester-java/src/main/resources/certs/server1.key b/plugin-tester-java/src/main/resources/certs/server1.key deleted file mode 100644 index 143a5b876..000000000 --- a/plugin-tester-java/src/main/resources/certs/server1.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOHDFScoLCVJpYDD -M4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1BgzkWF+slf -3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd9N8YwbBY -AckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAECgYAn7qGnM2vbjJNBm0VZCkOkTIWm -V10okw7EPJrdL2mkre9NasghNXbE1y5zDshx5Nt3KsazKOxTT8d0Jwh/3KbaN+YY -tTCbKGW0pXDRBhwUHRcuRzScjli8Rih5UOCiZkhefUTcRb6xIhZJuQy71tjaSy0p -dHZRmYyBYO2YEQ8xoQJBAPrJPhMBkzmEYFtyIEqAxQ/o/A6E+E4w8i+KM7nQCK7q -K4JXzyXVAjLfyBZWHGM2uro/fjqPggGD6QH1qXCkI4MCQQDmdKeb2TrKRh5BY1LR -81aJGKcJ2XbcDu6wMZK4oqWbTX2KiYn9GB0woM6nSr/Y6iy1u145YzYxEV/iMwff -DJULAkB8B2MnyzOg0pNFJqBJuH29bKCcHa8gHJzqXhNO5lAlEbMK95p/P2Wi+4Hd -aiEIAF1BF326QJcvYKmwSmrORp85AkAlSNxRJ50OWrfMZnBgzVjDx3xG6KsFQVk2 -ol6VhqL6dFgKUORFUWBvnKSyhjJxurlPEahV6oo6+A+mPhFY8eUvAkAZQyTdupP3 -XEFQKctGz+9+gKkemDp7LBBMEMBXrGTLPhpEfcjv/7KPdnFHYmhYeBTBnuVmTVWe -F98XJ7tIFfJq ------END PRIVATE KEY----- diff --git a/plugin-tester-java/src/main/resources/certs/server1.pem b/plugin-tester-java/src/main/resources/certs/server1.pem deleted file mode 100644 index f3d43fcc5..000000000 --- a/plugin-tester-java/src/main/resources/certs/server1.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx -MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 -ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco -LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg -zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd -9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy -em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G -CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 -hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh -y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 ------END CERTIFICATE----- diff --git a/plugin-tester-scala/src/main/resources/application.conf b/plugin-tester-scala/src/main/resources/application.conf index 6424f1b9a..ed9b92dd6 100644 --- a/plugin-tester-scala/src/main/resources/application.conf +++ b/plugin-tester-scala/src/main/resources/application.conf @@ -6,13 +6,6 @@ akka.grpc.client { host = 127.0.0.1 port = 8080 override-authority = foo.test.google.fr - ssl-config { - disabledKeyAlgorithms = [] // Allow weak certificates - trustManager { - stores = [ - {path = certs/ca.pem, classpath = true, type = PEM} - ] - } - } + use-tls = false } } diff --git a/plugin-tester-scala/src/main/resources/certs/ca.pem b/plugin-tester-scala/src/main/resources/certs/ca.pem deleted file mode 100644 index 6c8511a73..000000000 --- a/plugin-tester-scala/src/main/resources/certs/ca.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla -Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT -BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7 -+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu -g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd -Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau -sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m -oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG -Dfcog5wrJytaQ6UA0wE= ------END CERTIFICATE----- diff --git a/plugin-tester-scala/src/main/resources/certs/server1.key b/plugin-tester-scala/src/main/resources/certs/server1.key deleted file mode 100644 index 143a5b876..000000000 --- a/plugin-tester-scala/src/main/resources/certs/server1.key +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOHDFScoLCVJpYDD -M4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1BgzkWF+slf -3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd9N8YwbBY -AckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAECgYAn7qGnM2vbjJNBm0VZCkOkTIWm -V10okw7EPJrdL2mkre9NasghNXbE1y5zDshx5Nt3KsazKOxTT8d0Jwh/3KbaN+YY -tTCbKGW0pXDRBhwUHRcuRzScjli8Rih5UOCiZkhefUTcRb6xIhZJuQy71tjaSy0p -dHZRmYyBYO2YEQ8xoQJBAPrJPhMBkzmEYFtyIEqAxQ/o/A6E+E4w8i+KM7nQCK7q -K4JXzyXVAjLfyBZWHGM2uro/fjqPggGD6QH1qXCkI4MCQQDmdKeb2TrKRh5BY1LR -81aJGKcJ2XbcDu6wMZK4oqWbTX2KiYn9GB0woM6nSr/Y6iy1u145YzYxEV/iMwff -DJULAkB8B2MnyzOg0pNFJqBJuH29bKCcHa8gHJzqXhNO5lAlEbMK95p/P2Wi+4Hd -aiEIAF1BF326QJcvYKmwSmrORp85AkAlSNxRJ50OWrfMZnBgzVjDx3xG6KsFQVk2 -ol6VhqL6dFgKUORFUWBvnKSyhjJxurlPEahV6oo6+A+mPhFY8eUvAkAZQyTdupP3 -XEFQKctGz+9+gKkemDp7LBBMEMBXrGTLPhpEfcjv/7KPdnFHYmhYeBTBnuVmTVWe -F98XJ7tIFfJq ------END PRIVATE KEY----- diff --git a/plugin-tester-scala/src/main/resources/certs/server1.pem b/plugin-tester-scala/src/main/resources/certs/server1.pem deleted file mode 100644 index f3d43fcc5..000000000 --- a/plugin-tester-scala/src/main/resources/certs/server1.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx -MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 -ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco -LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg -zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd -9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy -em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G -CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 -hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh -y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 ------END CERTIFICATE----- diff --git a/plugin-tester-scala/src/main/scala/example/myapp/CombinedServer.scala b/plugin-tester-scala/src/main/scala/example/myapp/CombinedServer.scala index e3d116cc2..22911daf6 100644 --- a/plugin-tester-scala/src/main/scala/example/myapp/CombinedServer.scala +++ b/plugin-tester-scala/src/main/scala/example/myapp/CombinedServer.scala @@ -21,18 +21,16 @@ import scala.concurrent.ExecutionContext import scala.concurrent.Future import akka.actor.ActorSystem import akka.grpc.scaladsl.ServiceHandler -import akka.http.scaladsl.Http -import akka.http.scaladsl.HttpsConnectionContext +import akka.http.scaladsl.{ Http, HttpConnectionContext, HttpsConnectionContext } +import akka.http.scaladsl.UseHttp2.Always import akka.http.scaladsl.model.StatusCodes import akka.http.scaladsl.model.HttpRequest import akka.http.scaladsl.model.HttpResponse import akka.stream.ActorMaterializer import akka.stream.Materializer import com.typesafe.config.ConfigFactory - import example.myapp.helloworld._ import example.myapp.helloworld.grpc._ - import example.myapp.echo._ import example.myapp.echo.grpc._ @@ -66,57 +64,11 @@ object CombinedServer { port = 8080, // Needed to allow running multiple requests concurrently, see https://github.com/akka/akka-http/issues/2145 parallelism = 256, - connectionContext = serverHttpContext()) + connectionContext = HttpConnectionContext(http2 = Always)) //#concatOrNotFound .foreach { binding => println(s"gRPC server bound to: ${binding.localAddress}") } } - - private def serverHttpContext(): HttpsConnectionContext = { - // FIXME how would end users do this? TestUtils.loadCert? issue #89 - val keyEncoded = read(CombinedServer.getClass.getResourceAsStream("/certs/server1.key")) - .replace("-----BEGIN PRIVATE KEY-----\n", "") - .replace("-----END PRIVATE KEY-----\n", "") - .replace("\n", "") - - val decodedKey = Base64.getDecoder.decode(keyEncoded) - - val spec = new PKCS8EncodedKeySpec(decodedKey) - - val kf = KeyFactory.getInstance("RSA") - val privateKey = kf.generatePrivate(spec) - - val fact = CertificateFactory.getInstance("X.509") - val cer = fact.generateCertificate(CombinedServer.getClass.getResourceAsStream("/certs/server1.pem")) - - val ks = KeyStore.getInstance("PKCS12") - ks.load(null) - ks.setKeyEntry("private", privateKey, Array.empty, Array(cer)) - - val keyManagerFactory = KeyManagerFactory.getInstance("SunX509") - keyManagerFactory.init(ks, null) - - val context = SSLContext.getInstance("TLS") - context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom) - - new HttpsConnectionContext(context) - } - - private def read(in: InputStream): String = { - val bytes: Array[Byte] = { - val baos = new ByteArrayOutputStream(math.max(64, in.available())) - val buffer = Array.ofDim[Byte](32 * 1024) - - var bytesRead = in.read(buffer) - while (bytesRead >= 0) { - baos.write(buffer, 0, bytesRead) - bytesRead = in.read(buffer) - } - baos.toByteArray - } - new String(bytes, "UTF-8") - } - } diff --git a/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterClient.scala b/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterClient.scala index 9f49db7aa..2cbaf999a 100644 --- a/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterClient.scala +++ b/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterClient.scala @@ -5,16 +5,13 @@ //#full-client package example.myapp.helloworld -import akka.Done -import akka.NotUsed +import akka.{ Done, NotUsed } import akka.actor.ActorSystem import akka.grpc.GrpcClientSettings import akka.stream.ActorMaterializer import akka.stream.scaladsl.Source import example.myapp.helloworld.grpc._ -import javax.net.ssl.SSLContext - import scala.concurrent.Future import scala.concurrent.duration._ import scala.util.{ Failure, Success } @@ -101,5 +98,4 @@ object GreeterClient { } } - //#full-client diff --git a/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterServer.scala b/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterServer.scala index b57b57c9f..d10e65ab1 100644 --- a/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterServer.scala +++ b/plugin-tester-scala/src/main/scala/example/myapp/helloworld/GreeterServer.scala @@ -5,34 +5,16 @@ //#full-server package example.myapp.helloworld -import java.io.{ ByteArrayOutputStream, FileInputStream, InputStream } -import java.nio.file.Files -import java.nio.file.Paths -import java.security.KeyFactory -import java.security.KeyStore -import java.security.SecureRandom -import java.security.cert.CertificateFactory -import java.security.spec.PKCS8EncodedKeySpec -import java.util.Base64 - -import javax.net.ssl.KeyManagerFactory -import javax.net.ssl.SSLContext - -import scala.concurrent.ExecutionContext -import scala.concurrent.Future import akka.actor.ActorSystem -import akka.grpc.scaladsl.ServiceHandler -import akka.http.scaladsl.Http -import akka.http.scaladsl.HttpsConnectionContext -import akka.http.scaladsl.model.StatusCodes -import akka.http.scaladsl.model.HttpRequest -import akka.http.scaladsl.model.HttpResponse -import akka.stream.ActorMaterializer -import akka.stream.Materializer +import akka.http.scaladsl.UseHttp2.Always +import akka.http.scaladsl.model.{ HttpRequest, HttpResponse } +import akka.http.scaladsl.{ Http, HttpConnectionContext } +import akka.stream.{ ActorMaterializer, Materializer } import com.typesafe.config.ConfigFactory - import example.myapp.helloworld.grpc._ +import scala.concurrent.{ ExecutionContext, Future } + object GreeterServer { def main(args: Array[String]): Unit = { @@ -65,8 +47,8 @@ class GreeterServer(system: ActorSystem) { port = 8080, // Needed to allow running multiple requests concurrently, see https://github.com/akka/akka-http/issues/2145 parallelism = 256, - // HTTP/2 can only be served with TLS so setup everything needed for that - connectionContext = serverHttpContext()) + connectionContext = HttpConnectionContext(http2 = Always) + ) // report successful binding bound.foreach { binding => @@ -75,55 +57,6 @@ class GreeterServer(system: ActorSystem) { bound } - - /** - * Read certificate and keys from resources on the classpath. In a real application you - * would probably want to provide those from outside. - */ - private def serverHttpContext(): HttpsConnectionContext = { - // FIXME how would end users do this? TestUtils.loadCert? issue #89 - val keyEncoded = read(GreeterServer.getClass.getResourceAsStream("/certs/server1.key")) - .replace("-----BEGIN PRIVATE KEY-----\n", "") - .replace("-----END PRIVATE KEY-----\n", "") - .replace("\n", "") - - val decodedKey = Base64.getDecoder.decode(keyEncoded) - - val spec = new PKCS8EncodedKeySpec(decodedKey) - - val kf = KeyFactory.getInstance("RSA") - val privateKey = kf.generatePrivate(spec) - - val fact = CertificateFactory.getInstance("X.509") - val cer = fact.generateCertificate(GreeterServer.getClass.getResourceAsStream("/certs/server1.pem")) - - val ks = KeyStore.getInstance("PKCS12") - ks.load(null) - ks.setKeyEntry("private", privateKey, Array.empty, Array(cer)) - - val keyManagerFactory = KeyManagerFactory.getInstance("SunX509") - keyManagerFactory.init(ks, null) - - val context = SSLContext.getInstance("TLS") - context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom) - - new HttpsConnectionContext(context) - } - - private def read(in: InputStream): String = { - val bytes: Array[Byte] = { - val baos = new ByteArrayOutputStream(math.max(64, in.available())) - val buffer = Array.ofDim[Byte](32 * 1024) - - var bytesRead = in.read(buffer) - while (bytesRead >= 0) { - baos.write(buffer, 0, bytesRead) - bytesRead = in.read(buffer) - } - baos.toByteArray - } - new String(bytes, "UTF-8") - } - } + //#full-server diff --git a/plugin-tester-scala/src/test/scala/example/myapp/helloworld/GreeterServiceSpec.scala b/plugin-tester-scala/src/test/scala/example/myapp/helloworld/GreeterServiceSpec.scala index 361d9bcf9..a2ef44230 100644 --- a/plugin-tester-scala/src/test/scala/example/myapp/helloworld/GreeterServiceSpec.scala +++ b/plugin-tester-scala/src/test/scala/example/myapp/helloworld/GreeterServiceSpec.scala @@ -46,8 +46,7 @@ class GreeterSpec implicit val ec = clientSystem.dispatcher new GreeterServiceClient( GrpcClientSettings.connectToServiceAt("127.0.0.1", 8080) - .withOverrideAuthority("foo.test.google.fr") - .withSSLContext(SSLContextUtils.sslContextFromResource("/certs/ca.pem"))) + .withTls(false)) } override def afterAll: Unit = {