From 664f9e06ababfb573ed09d55c83c9c23174042ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=BF=E9=AD=81?= <670569467@qq.com> Date: Wed, 20 Dec 2023 14:19:46 +0800 Subject: [PATCH] [ISSUE #11456]Support TLS GRPC communication between clusters. --- .../client/config/impl/ClientWorker.java | 4 +- .../remote/gprc/NamingGrpcClientProxy.java | 4 +- .../common/remote/CommunicationType.java | 51 +++++ .../remote/client/RpcClientFactory.java | 40 ++-- .../client/RpcClusterClientTlsConfig.java | 105 +++++++++++ .../common/remote/client/RpcConstants.java | 176 ++++++++++++++++-- ...Config.java => RpcSdkClientTlsConfig.java} | 46 +++-- .../client/grpc/DefaultGrpcClientConfig.java | 93 ++++----- .../common/remote/client/grpc/GrpcClient.java | 96 +++++----- .../remote/client/grpc/GrpcClientConfig.java | 18 +- .../remote/client/grpc/GrpcClusterClient.java | 12 +- .../remote/client/grpc/GrpcSdkClient.java | 15 +- .../remote/client/RpcClientFactoryTest.java | 15 +- .../remote/client/RpcClientTlsConfigTest.java | 22 +-- .../client/RpcClusterClientTlsConfigTest.java | 105 +++++++++++ .../remote/client/RpcConstantsTest.java | 17 +- .../grpc/DefaultGrpcClientConfigTest.java | 6 +- .../remote/client/grpc/GrpcClientTest.java | 25 ++- .../nacos/common/utils/ExceptionUtilTest.java | 6 +- .../cluster/remote/ClusterRpcClientProxy.java | 8 +- .../nacos/core/remote/BaseRpcServer.java | 12 +- .../core/remote/grpc/BaseGrpcServer.java | 37 ++-- .../core/remote/grpc/GrpcClusterServer.java | 31 ++- .../nacos/core/remote/grpc/GrpcSdkServer.java | 36 +--- .../ProtocolNegotiatorBuilderSingleton.java | 82 -------- ...erDefaultTlsProtocolNegotiatorBuilder.java | 89 +++++++++ .../DefaultTlsProtocolNegotiatorBuilder.java | 47 ----- .../tls/OptionalTlsProtocolNegotiator.java | 32 ++-- .../tls/ProtocolNegotiatorBuilderManager.java | 150 +++++++++++++++ ...dkDefaultTlsProtocolNegotiatorBuilder.java | 87 +++++++++ .../remote/tls/RpcClusterServerTlsConfig.java | 85 +++++++++ .../remote/tls/RpcSdkServerTlsConfig.java | 84 +++++++++ .../RpcServerSslContextRefresherHolder.java | 109 +++++++---- .../core/remote/tls/RpcServerTlsConfig.java | 20 -- ....grpc.negotiator.ProtocolNegotiatorBuilder | 3 +- ...faultTlsProtocolNegotiatorBuilderTest.java | 87 +++++++++ .../ProtocolNegotiatorBuilderManagerTest.java | 94 ++++++++++ ...pcServerSslContextRefresherHolderTest.java | 96 ++++++++++ ...a => SdkDefaultTlsContextBuilderTest.java} | 49 ++--- ...aultTlsProtocolNegotiatorBuilderTest.java} | 37 ++-- ...cClusterServerSslContextRefresherTest.java | 48 +++++ .../RpcSdkServerSslContextRefresherTest.java | 48 +++++ ...re.remote.tls.RpcServerSslContextRefresher | 18 ++ ...ConfigServiceComTlsGrpcClient_CITCase.java | 36 ++-- ...nfigServiceNoComTlsGrpcClient_CITCase.java | 30 ++- .../NacosConfigV2MutualAuth_CITCase.java | 53 +++--- ...ationV1ServerNonCompatibility_CITCase.java | 63 +++---- ...ConfigIntegrationV2MutualAuth_CITCase.java | 76 ++++---- .../client/ConfigIntegrationV3_CITCase.java | 64 +++---- .../NamingCompatibilityServiceTls_ITCase.java | 53 +++--- .../NamingTlsServiceAndMutualAuth_ITCase.java | 79 ++++---- .../naming/NamingTlsServiceTls_ITCase.java | 50 +++-- 52 files changed, 1971 insertions(+), 778 deletions(-) create mode 100644 common/src/main/java/com/alibaba/nacos/common/remote/CommunicationType.java create mode 100644 common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfig.java rename common/src/main/java/com/alibaba/nacos/common/remote/client/{RpcClientTlsConfig.java => RpcSdkClientTlsConfig.java} (75%) create mode 100644 common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java delete mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java delete mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManager.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerTlsConfig.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerTlsConfig.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManagerTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java rename core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/{DefaultTlsContextBuilderTest.java => SdkDefaultTlsContextBuilderTest.java} (68%) rename core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/{DefaultTlsProtocolNegotiatorBuilderTest.java => SdkDefaultTlsProtocolNegotiatorBuilderTest.java} (56%) create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java create mode 100644 core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java index 49f840b8962..aa848b53e67 100644 --- a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java +++ b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java @@ -57,7 +57,7 @@ import com.alibaba.nacos.common.remote.client.ConnectionEventListener; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.utils.ConvertUtils; import com.alibaba.nacos.common.utils.JacksonUtils; @@ -1032,7 +1032,7 @@ private RpcClient ensureRpcClient(String taskId) throws NacosException { Map newLabels = new HashMap<>(labels); newLabels.put("taskId", taskId); RpcClient rpcClient = RpcClientFactory.createClient(uuid + "_config-" + taskId, getConnectionType(), - newLabels, RpcClientTlsConfig.properties(this.properties)); + newLabels, RpcSdkClientTlsConfig.properties(this.properties)); if (rpcClient.isWaitInitiated()) { initRpcClientHandler(rpcClient); rpcClient.setTenant(getTenant()); diff --git a/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java b/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java index 640af4eccf1..12e9e75d590 100644 --- a/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java +++ b/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java @@ -58,7 +58,7 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.utils.CollectionUtils; import com.alibaba.nacos.common.utils.JacksonUtils; @@ -104,7 +104,7 @@ public NamingGrpcClientProxy(String namespaceId, SecurityProxy securityProxy, Se labels.put(RemoteConstants.LABEL_MODULE, RemoteConstants.LABEL_MODULE_NAMING); labels.put(Constants.APPNAME, AppNameUtils.getAppName()); this.rpcClient = RpcClientFactory.createClient(uuid, ConnectionType.GRPC, labels, - RpcClientTlsConfig.properties(properties.asProperties())); + RpcSdkClientTlsConfig.properties(properties.asProperties())); this.redoService = new NamingGrpcRedoService(this, properties); NAMING_LOGGER.info("Create naming rpc client for uuid->{}", uuid); start(serverListFactory, serviceInfoHolder); diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/CommunicationType.java b/common/src/main/java/com/alibaba/nacos/common/remote/CommunicationType.java new file mode 100644 index 00000000000..0d996266557 --- /dev/null +++ b/common/src/main/java/com/alibaba/nacos/common/remote/CommunicationType.java @@ -0,0 +1,51 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote; + +/** + * Enum representing different types of communication. + * + *

CommunicationType includes:

+ * + * + * @author stone-98 + * @date 2023/12/23 + */ +public enum CommunicationType { + /** + * Communication between SDK and servers. + */ + SDK("sdk"), + /** + * Communication between servers in a cluster. + */ + CLUSTER("cluster"); + + private final String type; + + CommunicationType(String type) { + this.type = type; + } + + public String getType() { + return type; + } +} + diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java index 6d850568e3c..5b7c5a4c96c 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java @@ -76,7 +76,7 @@ public static RpcClient createClient(String clientName, ConnectionType connectio } public static RpcClient createClient(String clientName, ConnectionType connectionType, Map labels, - RpcClientTlsConfig tlsConfig) { + RpcSdkClientTlsConfig tlsConfig) { return createClient(clientName, connectionType, null, null, labels, tlsConfig); } @@ -97,7 +97,7 @@ public static RpcClient createClient(String clientName, ConnectionType connectio * @return rpc client. */ public static RpcClient createClient(String clientName, ConnectionType connectionType, Integer threadPoolCoreSize, - Integer threadPoolMaxSize, Map labels, RpcClientTlsConfig tlsConfig) { + Integer threadPoolMaxSize, Map labels, RpcSdkClientTlsConfig tlsConfig) { if (!ConnectionType.GRPC.equals(connectionType)) { throw new UnsupportedOperationException("unsupported connection type :" + connectionType.getType()); @@ -110,30 +110,41 @@ public static RpcClient createClient(String clientName, ConnectionType connectio } /** - * create a rpc client. + * Creates an RPC client for cluster communication with default thread pool settings. * - * @param clientName client name. - * @param connectionType client type. - * @return rpc client. + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param labels Additional labels for RPC-related attributes. + * @return An RPC client for cluster communication. */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Map labels) { return createClusterClient(clientName, connectionType, null, null, labels); } + /** + * Creates an RPC client for cluster communication with TLS configuration. + * + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param labels Additional labels for RPC-related attributes. + * @param tlsConfig TLS configuration for secure communication. + * @return An RPC client for cluster communication with TLS configuration. + */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, - Map labels, RpcClientTlsConfig tlsConfig) { + Map labels, RpcClusterClientTlsConfig tlsConfig) { return createClusterClient(clientName, connectionType, null, null, labels, tlsConfig); } /** - * create a rpc client. + * Creates an RPC client for cluster communication with custom thread pool settings. * - * @param clientName client name. - * @param connectionType client type. - * @param threadPoolCoreSize grpc thread pool core size - * @param threadPoolMaxSize grpc thread pool max size - * @return rpc client. + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param threadPoolCoreSize The core size of the gRPC thread pool. + * @param threadPoolMaxSize The maximum size of the gRPC thread pool. + * @param labels Additional labels for RPC-related attributes. + * @return An RPC client for cluster communication with custom thread pool settings. */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels) { @@ -151,10 +162,9 @@ public static RpcClient createClusterClient(String clientName, ConnectionType co * @param tlsConfig tlsConfig. * @return */ - public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels, - RpcClientTlsConfig tlsConfig) { + RpcClusterClientTlsConfig tlsConfig) { if (!ConnectionType.GRPC.equals(connectionType)) { throw new UnsupportedOperationException("unsupported connection type :" + connectionType.getType()); } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfig.java new file mode 100644 index 00000000000..cccf9949ada --- /dev/null +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfig.java @@ -0,0 +1,105 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote.client; + +import com.alibaba.nacos.common.remote.TlsConfig; +import com.alibaba.nacos.common.utils.StringUtils; + +/** + * RPC Cluster Client TLS Configuration for Nacos. + *

+ * This class extends the {@link TlsConfig} class and provides a convenient way to create a configuration instance + * specifically for the RPC (Remote Procedure Call) cluster client in Nacos. + *

+ *

+ * To configure RPC cluster client TLS settings, you can use the following system properties: + *

+ *
    + *
  • {@code nacos.remote.cluster.client.rpc.tls.enable}: Enable or disable TLS. Default is {@code false}.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.Provider}: Specify the SSL provider.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.mutualAuth}: Enable or disable mutual authentication. Default is {@code false}.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.protocols}: Specify the TLS protocols.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.ciphers}: Specify the TLS ciphers.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.certChainFile}: Specify the path to the certificate chain file.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.certPrivateKey}: Specify the path to the certificate private key file.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.certPrivateKeyPassword}: Specify the password for the certificate private key.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.trustCollectionCertFile}: Specify the path to the trust collection chain file.
  • + *
  • {@code nacos.remote.cluster.client.rpc.tls.trustAll}: Enable or disable trusting all certificates. Default is {@code false}.
  • + *
+ * + * @author stone-98 + * @date 2023/12/20 + */ +public class RpcClusterClientTlsConfig extends TlsConfig { + + /** + * Creates a new instance of {@link RpcClusterClientTlsConfig} by loading TLS configuration from system properties. + * + * @return A new instance of {@link RpcClusterClientTlsConfig} with loaded TLS configuration. + */ + public static RpcClusterClientTlsConfig createConfig() { + RpcClusterClientTlsConfig tlsConfig = new RpcClusterClientTlsConfig(); + tlsConfig.setEnableTls(Boolean.getBoolean(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE)); + if (!Boolean.getBoolean(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE)) { + return tlsConfig; + } + + String sslProvider = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_PROVIDER); + if (StringUtils.isNotBlank(sslProvider)) { + tlsConfig.setSslProvider(sslProvider); + } + + boolean mutualAuth = Boolean.getBoolean(RpcConstants.RPC_CLUSTER_CLIENT_MUTUAL_AUTH); + tlsConfig.setMutualAuthEnable(mutualAuth); + + String protocols = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_PROTOCOLS); + if (StringUtils.isNotBlank(protocols)) { + tlsConfig.setProtocols(protocols); + } + + String ciphers = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CIPHERS); + if (StringUtils.isNotBlank(ciphers)) { + tlsConfig.setCiphers(ciphers); + } + + String certChain = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CERT_CHAIN_PATH); + if (StringUtils.isNotBlank(ciphers)) { + tlsConfig.setCertChainFile(certChain); + } + + String certPrivateKey = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CERT_KEY); + if (StringUtils.isNotBlank(certPrivateKey)) { + tlsConfig.setCertPrivateKey(certPrivateKey); + } + + String certPrivateKeyPassword = System.getProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_PWD); + if (StringUtils.isNotBlank(certPrivateKeyPassword)) { + tlsConfig.setCertPrivateKeyPassword(certPrivateKeyPassword); + } + + String trustCollectionCertFile = System.getProperty( + RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH); + if (StringUtils.isNotBlank(trustCollectionCertFile)) { + tlsConfig.setTrustCollectionCertFile(trustCollectionCertFile); + } + + boolean trustAll = Boolean.getBoolean(RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_ALL); + tlsConfig.setTrustAll(trustAll); + + return tlsConfig; + } +} diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java index 0b0f40762b6..eb7320a21be 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java @@ -35,62 +35,202 @@ public class RpcConstants { public static final String NACOS_CLIENT_RPC = "nacos.remote.client.rpc"; + public static final String NACOS_CLUSTER_CLIENT_RPC = "nacos.remote.cluster.client.rpc"; + @RpcConfigLabel - public static final String RPC_CLIENT_TLS_ENABLE = NACOS_CLIENT_RPC + ".tls.enable"; + public static final String RPC_CLIENT_TLS_ENABLE = getConfigKey(RpcConfigSuffix.TLS_ENABLE); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_PROVIDER = NACOS_CLIENT_RPC + ".tls.provider"; + public static final String RPC_CLIENT_TLS_PROVIDER = getConfigKey(RpcConfigSuffix.TLS_PROVIDER); @RpcConfigLabel - public static final String RPC_CLIENT_MUTUAL_AUTH = NACOS_CLIENT_RPC + ".tls.mutualAuth"; + public static final String RPC_CLIENT_MUTUAL_AUTH = getConfigKey(RpcConfigSuffix.MUTUAL_AUTH); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_PROTOCOLS = NACOS_CLIENT_RPC + ".tls.protocols"; + public static final String RPC_CLIENT_TLS_PROTOCOLS = getConfigKey(RpcConfigSuffix.TLS_PROTOCOLS); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CIPHERS = NACOS_CLIENT_RPC + ".tls.ciphers"; + public static final String RPC_CLIENT_TLS_CIPHERS = getConfigKey(RpcConfigSuffix.TLS_CIPHERS); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = NACOS_CLIENT_RPC + ".tls.certChainFile"; + public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = getConfigKey(RpcConfigSuffix.TLS_CERT_CHAIN_PATH); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CERT_KEY = NACOS_CLIENT_RPC + ".tls.certPrivateKey"; + public static final String RPC_CLIENT_TLS_CERT_KEY = getConfigKey(RpcConfigSuffix.TLS_CERT_KEY); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_TRUST_PWD = NACOS_CLIENT_RPC + ".tls.certPrivateKeyPassword"; + public static final String RPC_CLIENT_TLS_TRUST_PWD = getConfigKey(RpcConfigSuffix.TLS_TRUST_PWD); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH = - NACOS_CLIENT_RPC + ".tls.trustCollectionChainPath"; + public static final String RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH = getConfigKey( + RpcConfigSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH); @RpcConfigLabel - public static final String RPC_CLIENT_TLS_TRUST_ALL = NACOS_CLIENT_RPC + ".tls.trustAll"; + public static final String RPC_CLIENT_TLS_TRUST_ALL = getConfigKey(RpcConfigSuffix.TLS_TRUST_ALL); private static final Set CONFIG_NAMES = new HashSet<>(); - @Documented - @Target(ElementType.FIELD) - @Retention(RetentionPolicy.RUNTIME) - protected @interface RpcConfigLabel { + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_ENABLE = getClusterConfigKey(RpcConfigSuffix.TLS_ENABLE); - } + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_PROVIDER = getClusterConfigKey(RpcConfigSuffix.TLS_PROVIDER); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_MUTUAL_AUTH = getClusterConfigKey(RpcConfigSuffix.MUTUAL_AUTH); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_PROTOCOLS = getClusterConfigKey(RpcConfigSuffix.TLS_PROTOCOLS); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_CIPHERS = getClusterConfigKey(RpcConfigSuffix.TLS_CIPHERS); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_CERT_CHAIN_PATH = getClusterConfigKey( + RpcConfigSuffix.TLS_CERT_CHAIN_PATH); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_CERT_KEY = getClusterConfigKey(RpcConfigSuffix.TLS_CERT_KEY); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_TRUST_PWD = getClusterConfigKey(RpcConfigSuffix.TLS_TRUST_PWD); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH = getClusterConfigKey( + RpcConfigSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH); + + @RpcClusterConfigLabel + public static final String RPC_CLUSTER_CLIENT_TLS_TRUST_ALL = getClusterConfigKey(RpcConfigSuffix.TLS_TRUST_ALL); + + private static final Set CLUSTER_CONFIG_NAMES = new HashSet<>(); static { Class clazz = RpcConstants.class; Field[] declaredFields = clazz.getDeclaredFields(); for (Field declaredField : declaredFields) { declaredField.setAccessible(true); - if (declaredField.getType().equals(String.class) && null != declaredField - .getAnnotation(RpcConfigLabel.class)) { + if (!declaredField.getType().equals(String.class)) { + continue; + } + if (null != declaredField.getAnnotation(RpcConfigLabel.class)) { try { CONFIG_NAMES.add((String) declaredField.get(null)); } catch (IllegalAccessException ignored) { } + } else if (null != declaredField.getAnnotation(RpcClusterConfigLabel.class)) { + try { + CLUSTER_CONFIG_NAMES.add((String) declaredField.get(null)); + } catch (IllegalAccessException ignored) { + } } } } + public static String getConfigKey(RpcConfigSuffix configSuffix) { + return NACOS_CLIENT_RPC + configSuffix.getSuffix(); + } + + public static String getClusterConfigKey(RpcConfigSuffix configSuffix) { + return NACOS_CLUSTER_CLIENT_RPC + configSuffix.getSuffix(); + } + + /** + * Enumeration of common suffixes for RPC configuration properties. Each enum constant represents a specific + * configuration attribute suffix. This allows for the construction of complete configuration property keys. + */ + public enum RpcConfigSuffix { + + /** + * Suffix for 'tls.enable' configuration property. + */ + TLS_ENABLE(".tls.enable"), + + /** + * Suffix for 'tls.provider' configuration property. + */ + TLS_PROVIDER(".tls.provider"), + + /** + * Suffix for 'tls.mutualAuth' configuration property. + */ + MUTUAL_AUTH(".tls.mutualAuth"), + + /** + * Suffix for 'tls.protocols' configuration property. + */ + TLS_PROTOCOLS(".tls.protocols"), + + /** + * Suffix for 'tls.ciphers' configuration property. + */ + TLS_CIPHERS(".tls.ciphers"), + + /** + * Suffix for 'tls.certChainFile' configuration property. + */ + TLS_CERT_CHAIN_PATH(".tls.certChainFile"), + + /** + * Suffix for 'tls.certPrivateKey' configuration property. + */ + TLS_CERT_KEY(".tls.certPrivateKey"), + + /** + * Suffix for 'tls.certPrivateKeyPassword' configuration property. + */ + TLS_TRUST_PWD(".tls.certPrivateKeyPassword"), + + /** + * Suffix for 'tls.trustCollectionChainPath' configuration property. + */ + TLS_TRUST_COLLECTION_CHAIN_PATH(".tls.trustCollectionChainPath"), + + /** + * Suffix for 'tls.trustAll' configuration property. + */ + TLS_TRUST_ALL(".tls.trustAll"); + + private final String suffix; + + /** + * Constructor for RpcConfigSuffix enumeration. + * + * @param suffix The configuration attribute suffix. + */ + RpcConfigSuffix(String suffix) { + this.suffix = suffix; + } + + /** + * Retrieve the configuration attribute suffix. + * + * @return The configuration attribute suffix. + */ + public String getSuffix() { + return suffix; + } + } + + + @Documented + @Target(ElementType.FIELD) + @Retention(RetentionPolicy.RUNTIME) + protected @interface RpcConfigLabel { + + } + + @Documented + @Target(ElementType.FIELD) + @Retention(RetentionPolicy.RUNTIME) + protected @interface RpcClusterConfigLabel { + + } + public static Set getRpcParams() { return Collections.unmodifiableSet(CONFIG_NAMES); } + + public static Set getClusterRpcParams() { + return Collections.unmodifiableSet(CLUSTER_CONFIG_NAMES); + } } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcSdkClientTlsConfig.java similarity index 75% rename from common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java rename to common/src/main/java/com/alibaba/nacos/common/remote/client/RpcSdkClientTlsConfig.java index 61b847e98ac..e72d69c0651 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcSdkClientTlsConfig.java @@ -25,61 +25,57 @@ * * @author githubcheng2978 */ -public class RpcClientTlsConfig extends TlsConfig { - +public class RpcSdkClientTlsConfig extends TlsConfig { + /** - * get tls config from properties. - * @param properties Properties. + * get tls config from properties. + * + * @param properties Properties. * @return tls of config. */ - public static RpcClientTlsConfig properties(Properties properties) { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + public static RpcSdkClientTlsConfig properties(Properties properties) { + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_ENABLE)) { - tlsConfig.setEnableTls(Boolean.parseBoolean( - properties.getProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE))); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) { - tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER)); + tlsConfig.setEnableTls(Boolean.parseBoolean(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE))); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_MUTUAL_AUTH)) { - tlsConfig.setMutualAuthEnable(Boolean.parseBoolean( - properties.getProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH))); + tlsConfig.setMutualAuthEnable( + Boolean.parseBoolean(properties.getProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH))); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS)) { tlsConfig.setProtocols(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CIPHERS)) { tlsConfig.setCiphers(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)) { - tlsConfig.setTrustCollectionCertFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)); + tlsConfig.setTrustCollectionCertFile( + properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH)) { tlsConfig.setCertChainFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_KEY)) { tlsConfig.setCertPrivateKey(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL)) { tlsConfig.setTrustAll(Boolean.parseBoolean(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL))); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD)) { tlsConfig.setCertPrivateKeyPassword(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD)); } - + if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) { tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER)); } return tlsConfig; } - } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java index cf6ac4787e5..72188dae1a4 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java @@ -16,7 +16,8 @@ package com.alibaba.nacos.common.remote.client.grpc; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.TlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import com.alibaba.nacos.common.utils.ThreadUtils; import java.util.HashMap; @@ -32,39 +33,39 @@ */ public class DefaultGrpcClientConfig implements GrpcClientConfig { - private String name; + private final String name; - private int retryTimes; + private final int retryTimes; - private long timeOutMills; + private final long timeOutMills; - private long connectionKeepAlive; + private final long connectionKeepAlive; - private long channelKeepAliveTimeout; + private final long channelKeepAliveTimeout; - private long threadPoolKeepAlive; + private final long threadPoolKeepAlive; - private int threadPoolCoreSize; + private final int threadPoolCoreSize; - private int threadPoolMaxSize; + private final int threadPoolMaxSize; - private long serverCheckTimeOut; + private final long serverCheckTimeOut; - private int threadPoolQueueSize; + private final int threadPoolQueueSize; - private int maxInboundMessageSize; + private final int maxInboundMessageSize; - private int channelKeepAlive; + private final int channelKeepAlive; - private int healthCheckRetryTimes; + private final int healthCheckRetryTimes; - private long healthCheckTimeOut; + private final long healthCheckTimeOut; - private long capabilityNegotiationTimeout; + private final long capabilityNegotiationTimeout; - private Map labels; + private final Map labels; - private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + private TlsConfig tlsConfig = new TlsConfig(); /** * constructor. @@ -173,11 +174,11 @@ public long channelKeepAliveTimeout() { } @Override - public RpcClientTlsConfig tlsConfig() { + public TlsConfig tlsConfig() { return tlsConfig; } - public void setTlsConfig(RpcClientTlsConfig tlsConfig) { + public void setTlsConfig(TlsConfig tlsConfig) { this.tlsConfig = tlsConfig; } @@ -237,9 +238,9 @@ public static class Builder { private long capabilityNegotiationTimeout = 5000L; - private Map labels = new HashMap<>(); + private final Map labels = new HashMap<>(); - private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + private TlsConfig tlsConfig = new TlsConfig(); private Builder() { } @@ -261,53 +262,53 @@ public Builder fromProperties(Properties properties) { this.timeOutMills = Long.parseLong(properties.getProperty(GrpcConstants.GRPC_TIMEOUT_MILLS)); } if (properties.containsKey(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)) { - this.connectionKeepAlive = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)); + this.connectionKeepAlive = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)) { - this.threadPoolKeepAlive = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)); + this.threadPoolKeepAlive = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)) { - this.threadPoolCoreSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)); + this.threadPoolCoreSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)) { - this.threadPoolMaxSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)); + this.threadPoolMaxSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)) { - this.serverCheckTimeOut = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)); + this.serverCheckTimeOut = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_QUEUESIZE)) { this.threadPoolQueueSize = Integer.parseInt(properties.getProperty(GrpcConstants.GRPC_QUEUESIZE)); } if (properties.containsKey(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)) { - this.maxInboundMessageSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)); + this.maxInboundMessageSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)) { - this.channelKeepAlive = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)); + this.channelKeepAlive = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)) { - this.capabilityNegotiationTimeout = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)); + this.capabilityNegotiationTimeout = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)) { - this.healthCheckRetryTimes = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)); + this.healthCheckRetryTimes = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)); } if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)) { - this.healthCheckTimeOut = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)); + this.healthCheckTimeOut = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)) { - this.channelKeepAliveTimeout = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)); + this.channelKeepAliveTimeout = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)); } - this.tlsConfig = RpcClientTlsConfig.properties(properties); + this.tlsConfig = RpcSdkClientTlsConfig.properties(properties); return this; } @@ -449,7 +450,7 @@ public Builder setLabels(Map labels) { * @param tlsConfig tls of client. * @return */ - public Builder setTlsConfig(RpcClientTlsConfig tlsConfig) { + public Builder setTlsConfig(TlsConfig tlsConfig) { this.tlsConfig = tlsConfig; return this; } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java index 25d213cb951..ff81cc2322f 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java @@ -33,10 +33,10 @@ import com.alibaba.nacos.common.ability.discover.NacosAbilityManagerHolder; import com.alibaba.nacos.common.packagescan.resource.Resource; import com.alibaba.nacos.common.remote.ConnectionType; +import com.alibaba.nacos.common.remote.TlsConfig; import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientStatus; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.remote.client.ServerRequestHandler; import com.alibaba.nacos.common.utils.JacksonUtils; @@ -163,7 +163,7 @@ public GrpcClient(String name, Integer threadPoolCoreSize, Integer threadPoolMax } public GrpcClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels, - RpcClientTlsConfig tlsConfig) { + TlsConfig tlsConfig) { this(DefaultGrpcClientConfig.newBuilder().setName(name).setThreadPoolCoreSize(threadPoolCoreSize) .setTlsConfig(tlsConfig).setThreadPoolMaxSize(threadPoolMaxSize).setLabels(labels).build()); } @@ -209,8 +209,8 @@ protected RequestGrpc.RequestFutureStub createNewChannelStub(ManagedChannel mana private ManagedChannel createNewManagedChannel(String serverIp, int serverPort) { LOGGER.info("grpc client connection server:{} ip,serverPort:{},grpcTslConfig:{}", serverIp, serverPort, JacksonUtils.toJson(clientConfig.tlsConfig())); - ManagedChannelBuilder managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext()) - .executor(grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance()) + ManagedChannelBuilder managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext()).executor( + grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance()) .decompressorRegistry(DecompressorRegistry.getDefaultInstance()) .maxInboundMessageSize(clientConfig.maxInboundMessageSize()) .keepAliveTime(clientConfig.channelKeepAlive(), TimeUnit.MILLISECONDS) @@ -288,8 +288,8 @@ public void onNext(Payload payload) { } catch (Exception e) { LoggerUtils.printIfErrorEnabled(LOGGER, "[{}]Handle server request exception: {}", grpcConn.getConnectionId(), payload.toString(), e.getMessage()); - Response errResponse = ErrorResponse - .build(NacosException.CLIENT_ERROR, "Handle server request error"); + Response errResponse = ErrorResponse.build(NacosException.CLIENT_ERROR, + "Handle server request error"); errResponse.setRequestId(request.getRequestId()); sendResponse(errResponse); } @@ -374,8 +374,8 @@ public Connection connectToServer(ServerInfo serverInfo) { ServerCheckResponse serverCheckResponse = (ServerCheckResponse) response; connectionId = serverCheckResponse.getConnectionId(); - BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc - .newStub(newChannelStubTemp.getChannel()); + BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc.newStub( + newChannelStubTemp.getChannel()); GrpcConnection grpcConn = new GrpcConnection(serverInfo, grpcExecutor); grpcConn.setConnectionId(connectionId); // if not supported, it will be false @@ -398,8 +398,8 @@ public Connection connectToServer(ServerInfo serverInfo) { conSetupRequest.setClientVersion(VersionUtils.getFullClientVersion()); conSetupRequest.setLabels(super.getLabels()); // set ability table - conSetupRequest - .setAbilityTable(NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode())); + conSetupRequest.setAbilityTable( + NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode())); conSetupRequest.setTenant(super.getTenant()); grpcConn.sendRequest(conSetupRequest); // wait for response @@ -531,44 +531,9 @@ public boolean check(Connection connection) { } } - /** - * Setup response handler. - */ - class SetupRequestHandler implements ServerRequestHandler { - - private final RecAbilityContext abilityContext; - - public SetupRequestHandler(RecAbilityContext abilityContext) { - this.abilityContext = abilityContext; - } - - @Override - public Response requestReply(Request request, Connection connection) { - // if finish setup - if (request instanceof SetupAckRequest) { - SetupAckRequest setupAckRequest = (SetupAckRequest) request; - // remove and count down - recAbilityContext - .release(Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0))); - return new SetupAckResponse(); - } - return null; - } - } - - private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional sslContext) { - if (sslContext.isPresent()) { - return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS) - .sslContext(sslContext.get()); - - } else { - return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext(); - } - } - private Optional buildSslContext() { - RpcClientTlsConfig tlsConfig = clientConfig.tlsConfig(); + TlsConfig tlsConfig = clientConfig.tlsConfig(); if (!tlsConfig.getEnableTls()) { return Optional.empty(); } @@ -595,8 +560,8 @@ private Optional buildSslContext() { } if (tlsConfig.getMutualAuthEnable()) { - if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils - .isBlank(tlsConfig.getCertPrivateKey())) { + if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils.isBlank( + tlsConfig.getCertPrivateKey())) { throw new IllegalArgumentException("client certChainFile or certPrivateKey must be not null"); } Resource certChainFile = resourceLoader.getResource(tlsConfig.getCertChainFile()); @@ -609,6 +574,41 @@ private Optional buildSslContext() { throw new RuntimeException("Unable to build SslContext", e); } } + + private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional sslContext) { + if (sslContext.isPresent()) { + return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS) + .sslContext(sslContext.get()); + + } else { + return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext(); + } + } + + /** + * Setup response handler. + */ + class SetupRequestHandler implements ServerRequestHandler { + + private final RecAbilityContext abilityContext; + + public SetupRequestHandler(RecAbilityContext abilityContext) { + this.abilityContext = abilityContext; + } + + @Override + public Response requestReply(Request request, Connection connection) { + // if finish setup + if (request instanceof SetupAckRequest) { + SetupAckRequest setupAckRequest = (SetupAckRequest) request; + // remove and count down + recAbilityContext.release( + Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0))); + return new SetupAckResponse(); + } + return null; + } + } } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java index 1c1b4003bad..42b8199a7ae 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java @@ -16,8 +16,8 @@ package com.alibaba.nacos.common.remote.client.grpc; +import com.alibaba.nacos.common.remote.TlsConfig; import com.alibaba.nacos.common.remote.client.RpcClientConfig; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; /** * GrpcCleint config. Use to collect and init Grpc client configuration. @@ -81,26 +81,26 @@ public interface GrpcClientConfig extends RpcClientConfig { * @return channelKeepAliveTimeout. */ long channelKeepAliveTimeout(); - + /** - * getTlsConfig. + * getTlsConfig. * * @return TlsConfig. */ - RpcClientTlsConfig tlsConfig(); - + TlsConfig tlsConfig(); + /** - *Set TlsConfig. + * Set TlsConfig. * * @param tlsConfig tlsConfig of client. */ - void setTlsConfig(RpcClientTlsConfig tlsConfig); - + void setTlsConfig(TlsConfig tlsConfig); + /** * get timeout of connection setup(TimeUnit.MILLISECONDS). * * @return timeout of connection setup */ long capabilityNegotiationTimeout(); - + } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java index 7749f69b6f6..63b9e6f7775 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java @@ -18,7 +18,7 @@ import com.alibaba.nacos.api.ability.constant.AbilityMode; import com.alibaba.nacos.api.common.Constants; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcClusterClientTlsConfig; import java.util.Map; import java.util.Properties; @@ -67,20 +67,20 @@ public GrpcClusterClient(Properties properties) { * @param labels . */ public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, - Map labels) { + Map labels) { this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null); } - + public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, - Map labels, RpcClientTlsConfig tlsConfig) { + Map labels, RpcClusterClientTlsConfig tlsConfig) { super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig); } - + @Override protected AbilityMode abilityMode() { return AbilityMode.CLUSTER_CLIENT; } - + @Override public int rpcPortOffset() { return Integer.parseInt(System.getProperty(GrpcConstants.NACOS_SERVER_GRPC_PORT_OFFSET_KEY, diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java index 0ede2af6de6..aaab00aa222 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java @@ -18,7 +18,7 @@ import com.alibaba.nacos.api.ability.constant.AbilityMode; import com.alibaba.nacos.api.common.Constants; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import java.util.Map; import java.util.Properties; @@ -57,20 +57,21 @@ public GrpcSdkClient(Properties properties) { * @param threadPoolMaxSize . * @param labels . */ - public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels) { + public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, + Map labels) { this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null); } - + public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels, - RpcClientTlsConfig tlsConfig) { + RpcSdkClientTlsConfig tlsConfig) { super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig); } - + @Override protected AbilityMode abilityMode() { return AbilityMode.SDK_CLIENT; } - + /** * constructor. * @@ -86,4 +87,4 @@ public int rpcPortOffset() { String.valueOf(Constants.SDK_GRPC_PORT_DEFAULT_OFFSET))); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java index 1857a707c6e..1bdebc76f88 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java @@ -48,7 +48,10 @@ public class RpcClientFactoryTest { RpcClient rpcClient; @Mock(lenient = true) - RpcClientTlsConfig tlsConfig; + RpcClusterClientTlsConfig clusterClientTlsConfig; + + @Mock(lenient = true) + RpcSdkClientTlsConfig rpcClientTlsConfig; @BeforeClass public static void setUpBeforeClass() throws NoSuchFieldException, IllegalAccessException { @@ -166,9 +169,9 @@ public void testCreatedClusterClientWhenConnectionTypeNotMappingThenThrowExcepti @Test public void testCreateClusterClientTsl() { - Mockito.when(tlsConfig.getEnableTls()).thenReturn(true); + Mockito.when(clusterClientTlsConfig.getEnableTls()).thenReturn(true); RpcClient client = RpcClientFactory.createClusterClient("testClient", ConnectionType.GRPC, - Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + Collections.singletonMap("labelKey", "labelValue"), clusterClientTlsConfig); Map labesMap = new HashMap<>(); labesMap.put("labelKey", "labelValue"); labesMap.put("tls.enable", "true"); @@ -180,9 +183,9 @@ public void testCreateClusterClientTsl() { @Test public void testCreateClientTsl() { - Mockito.when(tlsConfig.getEnableTls()).thenReturn(true); + Mockito.when(rpcClientTlsConfig.getEnableTls()).thenReturn(true); RpcClient client = RpcClientFactory.createClient("testClient", ConnectionType.GRPC, - Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + Collections.singletonMap("labelKey", "labelValue"), rpcClientTlsConfig); Map labesMap = new HashMap<>(); labesMap.put("labelKey", "labelValue"); labesMap.put("tls.enable", "true"); @@ -191,4 +194,4 @@ public void testCreateClientTsl() { Assert.assertEquals("testClient", CollectionUtils.getOnlyElement(RpcClientFactory.getAllClientEntries()).getKey()); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java index f0e6b59ba02..367bb16808b 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java @@ -29,7 +29,7 @@ public class RpcClientTlsConfigTest { public void testEnableTls() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertTrue(tlsConfig.getEnableTls()); } @@ -37,7 +37,7 @@ public void testEnableTls() { public void testSslProvider() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER, "provider"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("provider", tlsConfig.getSslProvider()); } @@ -45,7 +45,7 @@ public void testSslProvider() { public void testMutualAuthEnable() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertTrue(tlsConfig.getMutualAuthEnable()); } @@ -53,7 +53,7 @@ public void testMutualAuthEnable() { public void testProtocols() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS, "protocols"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("protocols", tlsConfig.getProtocols()); } @@ -61,7 +61,7 @@ public void testProtocols() { public void testCiphers() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS, "ciphers"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("ciphers", tlsConfig.getCiphers()); } @@ -69,7 +69,7 @@ public void testCiphers() { public void testTrustCollectionCertFile() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile()); } @@ -77,7 +77,7 @@ public void testTrustCollectionCertFile() { public void testCertChainFile() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "certChainFile"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("certChainFile", tlsConfig.getCertChainFile()); } @@ -85,7 +85,7 @@ public void testCertChainFile() { public void testCertPrivateKey() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "certPrivateKey"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey()); } @@ -93,7 +93,7 @@ public void testCertPrivateKey() { public void testTrustAll() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertTrue(tlsConfig.getTrustAll()); } @@ -101,7 +101,7 @@ public void testTrustAll() { public void testCertPrivateKeyPassword() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD, "trustPwd"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcSdkClientTlsConfig tlsConfig = RpcSdkClientTlsConfig.properties(properties); assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword()); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java new file mode 100644 index 00000000000..f71382fcd22 --- /dev/null +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java @@ -0,0 +1,105 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote.client; + +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class RpcClusterClientTlsConfigTest { + + @Test + public void testEnableTls() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertTrue(tlsConfig.getEnableTls()); + } + + @Test + public void testSslProvider() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_PROVIDER, "provider"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("provider", tlsConfig.getSslProvider()); + } + + @Test + public void testMutualAuthEnable() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_MUTUAL_AUTH, "true"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertTrue(tlsConfig.getMutualAuthEnable()); + } + + @Test + public void testProtocols() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_PROTOCOLS, "protocols"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("protocols", tlsConfig.getProtocols()); + } + + @Test + public void testCiphers() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CIPHERS, "ciphers"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("ciphers", tlsConfig.getCiphers()); + } + + @Test + public void testTrustCollectionCertFile() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile()); + } + + @Test + public void testCertChainFile() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CERT_CHAIN_PATH, "certChainFile"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("certChainFile", tlsConfig.getCertChainFile()); + } + + @Test + public void testCertPrivateKey() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_CERT_KEY, "certPrivateKey"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey()); + } + + @Test + public void testTrustAll() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_ALL, "true"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertTrue(tlsConfig.getTrustAll()); + } + + @Test + public void testCertPrivateKeyPassword() { + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLUSTER_CLIENT_TLS_TRUST_PWD, "trustPwd"); + RpcClusterClientTlsConfig tlsConfig = RpcClusterClientTlsConfig.createConfig(); + assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword()); + } +} + diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java index 6d4a88400f5..0e82b09c0ba 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java @@ -26,8 +26,7 @@ public class RpcConstantsTest { @Test public void testGetRpcParams() { - Class clazz = RpcConstants.class; - Field[] declaredFields = clazz.getDeclaredFields(); + Field[] declaredFields = RpcConstants.class.getDeclaredFields(); int i = 0; for (Field declaredField : declaredFields) { declaredField.setAccessible(true); @@ -38,4 +37,18 @@ public void testGetRpcParams() { } assertEquals(i, RpcConstants.getRpcParams().size()); } + + @Test + public void testGetClusterRpcParams() { + Field[] declaredFields = RpcConstants.class.getDeclaredFields(); + int i = 0; + for (Field declaredField : declaredFields) { + declaredField.setAccessible(true); + if (declaredField.getType().equals(String.class) && null != declaredField.getAnnotation( + RpcConstants.RpcClusterConfigLabel.class)) { + i++; + } + } + assertEquals(i, RpcConstants.getClusterRpcParams().size()); + } } diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java index 718bab454e5..1fee49da6a5 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.common.remote.client.grpc; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -255,7 +255,7 @@ public void testSetLabels() { @Test public void testSetTlsConfig() { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); DefaultGrpcClientConfig.Builder builder = DefaultGrpcClientConfig.newBuilder(); builder.setTlsConfig(tlsConfig); DefaultGrpcClientConfig config = (DefaultGrpcClientConfig) builder.build(); @@ -264,7 +264,7 @@ public void testSetTlsConfig() { @Test public void testSetTlsConfigDirectly() { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); DefaultGrpcClientConfig.Builder builder = DefaultGrpcClientConfig.newBuilder(); DefaultGrpcClientConfig config = (DefaultGrpcClientConfig) builder.build(); config.setTlsConfig(tlsConfig); diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java index 28b89e8c4f8..b33ca62c0e0 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java @@ -31,7 +31,7 @@ import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientStatus; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.google.common.util.concurrent.ListenableFuture; import io.grpc.Channel; @@ -76,7 +76,7 @@ public class GrpcClientTest { protected GrpcClient grpcClient; @Mock - RpcClientTlsConfig tlsConfig; + RpcSdkClientTlsConfig tlsConfig; protected RpcClient.ServerInfo serverInfo; @@ -176,8 +176,8 @@ public void testBindRequestStreamOnNextSetupAckRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new SetupAckRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new SetupAckRequest())); return null; }); setCurrentConnection(grpcConnection, grpcClient); @@ -191,8 +191,8 @@ public void testBindRequestStreamOnNextOtherRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> { @@ -212,8 +212,8 @@ public void testBindRequestStreamOnNextNoRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> null); @@ -228,8 +228,8 @@ public void testBindRequestStreamOnNextHandleException() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> { @@ -325,9 +325,8 @@ public void testBindRequestStreamOnCompletedFromNotRunning() private void invokeBindRequestStream(GrpcClient grpcClient, BiRequestStreamGrpc.BiRequestStreamStub stub, GrpcConnection grpcConnection) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { - Method bindRequestStreamMethod = GrpcClient.class - .getDeclaredMethod("bindRequestStream", BiRequestStreamGrpc.BiRequestStreamStub.class, - GrpcConnection.class); + Method bindRequestStreamMethod = GrpcClient.class.getDeclaredMethod("bindRequestStream", + BiRequestStreamGrpc.BiRequestStreamStub.class, GrpcConnection.class); bindRequestStreamMethod.setAccessible(true); bindRequestStreamMethod.invoke(grpcClient, stub, grpcConnection); } diff --git a/common/src/test/java/com/alibaba/nacos/common/utils/ExceptionUtilTest.java b/common/src/test/java/com/alibaba/nacos/common/utils/ExceptionUtilTest.java index 087a8f1fc83..2a8cf2d5120 100644 --- a/common/src/test/java/com/alibaba/nacos/common/utils/ExceptionUtilTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/utils/ExceptionUtilTest.java @@ -52,8 +52,8 @@ public void testGetStackTrace() { assertEquals("", ExceptionUtil.getStackTrace(null)); String stackTrace = ExceptionUtil.getStackTrace(nacosRuntimeException); assertTrue(stackTrace.contains( - "com.alibaba.nacos.api.exception.runtime.NacosRuntimeException: errCode: 500, errMsg: Test \n")); + "com.alibaba.nacos.api.exception.runtime.NacosRuntimeException: errCode: 500, errMsg: Test")); assertTrue(stackTrace.contains("at ")); - assertTrue(stackTrace.contains("Caused by: java.lang.RuntimeException: I'm caused exception.\n")); + assertTrue(stackTrace.contains("Caused by: java.lang.RuntimeException: I'm caused exception.")); } -} \ No newline at end of file +} diff --git a/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java b/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java index ac6f8b9af3d..224bfbd7c99 100644 --- a/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java +++ b/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java @@ -25,6 +25,7 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; +import com.alibaba.nacos.common.remote.client.RpcClusterClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.utils.CollectionUtils; import com.alibaba.nacos.core.cluster.Member; @@ -152,10 +153,9 @@ public List getServerList() { * Using {@link EnvUtil#getAvailableProcessors(int)} to build cluster clients' grpc thread pool. */ private RpcClient buildRpcClient(ConnectionType type, Map labels, String memberClientKey) { - RpcClient clusterClient = RpcClientFactory - .createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2), - EnvUtil.getAvailableProcessors(8), labels); - return clusterClient; + RpcClusterClientTlsConfig config = RpcClusterClientTlsConfig.createConfig(); + return RpcClientFactory.createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2), + EnvUtil.getAvailableProcessors(8), labels, config); } /** diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java index 3b5fe849a8f..3ec0fe28674 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java @@ -47,8 +47,12 @@ public void start() throws Exception { startServer(); - if (RpcServerSslContextRefresherHolder.getInstance() != null) { - RpcServerSslContextRefresherHolder.getInstance().refresh(this); + if (RpcServerSslContextRefresherHolder.getSdkInstance() != null) { + RpcServerSslContextRefresherHolder.getSdkInstance().refresh(this); + } + + if (RpcServerSslContextRefresherHolder.getClusterInstance() != null) { + RpcServerSslContextRefresherHolder.getClusterInstance().refresh(this); } Loggers.REMOTE.info("Nacos {} Rpc server started at port {}", serverName, getServicePort()); @@ -75,8 +79,8 @@ public void start() throws Exception { * Reload protocol context if necessary. * *

- * protocol like: - *

  • Tls
  • + * protocol like: + *
  • Tls
  • *

    */ public abstract void reloadProtocolContext(); diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java index 5749a52d8cb..837924191ea 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java @@ -20,6 +20,7 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.core.remote.BaseRpcServer; import com.alibaba.nacos.core.remote.ConnectionManager; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; import io.grpc.CompressorRegistry; @@ -53,6 +54,11 @@ */ public abstract class BaseGrpcServer extends BaseRpcServer { + /** + * The ProtocolNegotiator instance used for communication. + */ + protected NacosGrpcProtocolNegotiator protocolNegotiator; + private Server server; @Autowired @@ -115,6 +121,15 @@ protected Optional newProtocolNeg * reload protocol negotiator If necessary. */ public void reloadProtocolNegotiator() { + if (protocolNegotiator != null) { + try { + protocolNegotiator.reloadNegotiator(); + } catch (Throwable throwable) { + Loggers.REMOTE.info("Nacos {} Rpc server reload negotiator fail at port {}.", + this.getClass().getSimpleName(), getServicePort()); + throw throwable; + } + } } protected long getPermitKeepAliveTime() { @@ -130,8 +145,8 @@ protected long getKeepAliveTimeout() { } protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -152,8 +167,8 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept // unary common call register. final MethodDescriptor unaryPayloadMethod = MethodDescriptor.newBuilder() - .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(MethodDescriptor - .generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME, + .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName( + MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME, GrpcServerConstants.REQUEST_METHOD_NAME)) .setRequestMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build(); @@ -161,9 +176,8 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept final ServerCallHandler payloadHandler = ServerCalls.asyncUnaryCall( (request, responseObserver) -> grpcCommonRequestAcceptor.request(request, responseObserver)); - final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition - .builder(GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler) - .build(); + final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition.builder( + GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler).build(); handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfUnaryPayload, serverInterceptor)); // bi stream register. @@ -171,15 +185,14 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept (responseObserver) -> grpcBiStreamRequestAcceptor.requestBiStream(responseObserver)); final MethodDescriptor biStreamMethod = MethodDescriptor.newBuilder() - .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(MethodDescriptor - .generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME, + .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName( + MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME, GrpcServerConstants.REQUEST_BI_STREAM_METHOD_NAME)) .setRequestMarshaller(ProtoUtils.marshaller(Payload.newBuilder().build())) .setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build(); - final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition - .builder(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler) - .build(); + final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition.builder( + GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler).build(); handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfBiStream, serverInterceptor)); } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java index f37c4c46b37..1a52b48afdf 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java @@ -17,19 +17,23 @@ package com.alibaba.nacos.core.remote.grpc; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.common.remote.CommunicationType; import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilter; import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader; +import com.alibaba.nacos.core.remote.grpc.negotiator.tls.ProtocolNegotiatorBuilderManager; import com.alibaba.nacos.core.utils.GlobalExecutor; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; import io.grpc.ServerInterceptor; import io.grpc.ServerTransportFilter; +import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator; import org.springframework.stereotype.Service; import java.util.LinkedList; import java.util.List; +import java.util.Optional; import java.util.concurrent.ThreadPoolExecutor; /** @@ -56,8 +60,8 @@ public ThreadPoolExecutor getRpcExecutor() { @Override protected long getKeepAliveTime() { - Long property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, Long.class); + Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, + Long.class); if (property != null) { return property; } @@ -66,14 +70,21 @@ protected long getKeepAliveTime() { @Override protected long getKeepAliveTimeout() { - Long property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, Long.class); + Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, + Long.class); if (property != null) { return property; } return super.getKeepAliveTimeout(); } + @Override + protected Optional newProtocolNegotiator() { + protocolNegotiator = ProtocolNegotiatorBuilderManager.getInstance() + .buildGrpcProtocolNegotiator(CommunicationType.CLUSTER); + return Optional.ofNullable(protocolNegotiator); + } + @Override protected long getPermitKeepAliveTime() { Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_PERMIT_KEEP_ALIVE_TIME, Long.class); @@ -85,8 +96,8 @@ protected long getPermitKeepAliveTime() { @Override protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -104,8 +115,8 @@ protected int getMaxInboundMessageSize() { protected List getSeverInterceptors() { List result = new LinkedList<>(); result.addAll(super.getSeverInterceptors()); - result.addAll(NacosGrpcServerInterceptorServiceLoader - .loadServerInterceptors(NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR)); + result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors( + NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR)); return result; } @@ -113,8 +124,8 @@ protected List getSeverInterceptors() { protected List getServerTransportFilters() { List result = new LinkedList<>(); result.addAll(super.getServerTransportFilters()); - result.addAll(NacosGrpcServerTransportFilterServiceLoader - .loadServerTransportFilters(NacosGrpcServerTransportFilter.CLUSTER_FILTER)); + result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters( + NacosGrpcServerTransportFilter.CLUSTER_FILTER)); return result; } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java index 6e9e58fb8ab..a06afe9d45e 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java @@ -17,12 +17,12 @@ package com.alibaba.nacos.core.remote.grpc; import com.alibaba.nacos.api.common.Constants; +import com.alibaba.nacos.common.remote.CommunicationType; import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilter; import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader; -import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; -import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilderSingleton; +import com.alibaba.nacos.core.remote.grpc.negotiator.tls.ProtocolNegotiatorBuilderManager; import com.alibaba.nacos.core.utils.GlobalExecutor; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; @@ -45,8 +45,6 @@ @Service public class GrpcSdkServer extends BaseGrpcServer { - private NacosGrpcProtocolNegotiator protocolNegotiator; - @Override public int rpcPortOffset() { return Constants.SDK_GRPC_PORT_DEFAULT_OFFSET; @@ -78,8 +76,8 @@ protected long getKeepAliveTimeout() { @Override protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -106,7 +104,8 @@ protected long getPermitKeepAliveTime() { @Override protected Optional newProtocolNegotiator() { - protocolNegotiator = ProtocolNegotiatorBuilderSingleton.getSingleton().build(); + protocolNegotiator = ProtocolNegotiatorBuilderManager.getInstance() + .buildGrpcProtocolNegotiator(CommunicationType.SDK); return Optional.ofNullable(protocolNegotiator); } @@ -114,8 +113,8 @@ protected Optional newProtocolNeg protected List getSeverInterceptors() { List result = new LinkedList<>(); result.addAll(super.getSeverInterceptors()); - result.addAll(NacosGrpcServerInterceptorServiceLoader - .loadServerInterceptors(NacosGrpcServerInterceptor.SDK_INTERCEPTOR)); + result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors( + NacosGrpcServerInterceptor.SDK_INTERCEPTOR)); return result; } @@ -123,24 +122,9 @@ protected List getSeverInterceptors() { protected List getServerTransportFilters() { List result = new LinkedList<>(); result.addAll(super.getServerTransportFilters()); - result.addAll(NacosGrpcServerTransportFilterServiceLoader - .loadServerTransportFilters(NacosGrpcServerTransportFilter.SDK_FILTER)); + result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters( + NacosGrpcServerTransportFilter.SDK_FILTER)); return result; } - /** - * reload ssl context. - */ - public void reloadProtocolNegotiator() { - if (protocolNegotiator != null) { - try { - protocolNegotiator.reloadNegotiator(); - } catch (Throwable throwable) { - Loggers.REMOTE - .info("Nacos {} Rpc server reload negotiator fail at port {}.", this.getClass().getSimpleName(), - getServicePort()); - throw throwable; - } - } - } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java deleted file mode 100644 index 9d30d3676ca..00000000000 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 1999-2023 Alibaba Group Holding Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.alibaba.nacos.core.remote.grpc.negotiator; - -import com.alibaba.nacos.common.spi.NacosServiceLoader; -import com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder; -import com.alibaba.nacos.core.utils.Loggers; -import com.alibaba.nacos.sys.env.EnvUtil; - -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder.TYPE_DEFAULT_TLS; - -/** - * Protocol Negotiator Builder Singleton. - * - * @author xiweng.yy - */ -public class ProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder { - - private static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type"; - - private static final ProtocolNegotiatorBuilderSingleton SINGLETON = new ProtocolNegotiatorBuilderSingleton(); - - private final Map builderMap; - - private String actualType; - - private ProtocolNegotiatorBuilderSingleton() { - actualType = EnvUtil.getProperty(TYPE_PROPERTY_KEY, TYPE_DEFAULT_TLS); - builderMap = new ConcurrentHashMap<>(); - loadAllBuilders(); - } - - private void loadAllBuilders() { - try { - for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) { - builderMap.put(each.type(), each); - Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(), - each.type()); - } - } catch (Exception e) { - Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed, use default ProtocolNegotiatorBuilder", e); - builderMap.put(TYPE_DEFAULT_TLS, new DefaultTlsProtocolNegotiatorBuilder()); - actualType = TYPE_DEFAULT_TLS; - } - } - - public static ProtocolNegotiatorBuilderSingleton getSingleton() { - return SINGLETON; - } - - @Override - public NacosGrpcProtocolNegotiator build() { - ProtocolNegotiatorBuilder actualBuilder = builderMap.get(actualType); - if (null == actualBuilder) { - Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default", actualType); - return builderMap.get(TYPE_DEFAULT_TLS).build(); - } - return actualBuilder.build(); - } - - @Override - public String type() { - return actualType; - } -} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java new file mode 100644 index 00000000000..75de17fae0e --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java @@ -0,0 +1,89 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; +import com.alibaba.nacos.core.remote.tls.RpcClusterServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; + +/** + * The {@code ClusterDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the + * {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for cluster-to-cluster + * communication with TLS encryption. + * + *

    It defines the type as {@code CLUSTER_DEFAULT_TLS} and supports communication types for clusters. + *

    + * + *

    The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the + * configuration provided by the {@link RpcClusterServerTlsConfig} class. If TLS encryption is enabled, it creates an + * {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns + * null. + *

    + * + *

    The {@code type()} method returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator + * builder. + *

    + * + *

    Example Usage: + *

    {@code
    + * ProtocolNegotiatorBuilder builder = new ClusterDefaultTlsProtocolNegotiatorBuilder();
    + * NacosGrpcProtocolNegotiator negotiator = builder.build();
    + * }
    + *

    + * + * @author stone-98 + * @date 2023/12/23 + * @see ProtocolNegotiatorBuilder + * @see NacosGrpcProtocolNegotiator + * @see RpcClusterServerTlsConfig + * @see OptionalTlsProtocolNegotiator + */ +public class ClusterDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { + + /** + * The unique identifier for this negotiator builder. + */ + public static final String CLUSTER_TYPE_DEFAULT_TLS = "CLUSTER_DEFAULT_TLS"; + + /** + * Constructs and returns a ProtocolNegotiator for cluster-to-cluster communication with TLS encryption. + * + * @return ProtocolNegotiator, or null if TLS is not enabled. + */ + @Override + public NacosGrpcProtocolNegotiator build() { + RpcServerTlsConfig config = RpcClusterServerTlsConfig.getInstance(); + if (config.getEnableTls()) { + SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config); + return new OptionalTlsProtocolNegotiator(sslContext, config); + } + return null; + } + + /** + * Returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator builder. + * + * @return The type identifier. + */ + @Override + public String type() { + return CLUSTER_TYPE_DEFAULT_TLS; + } +} + diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java deleted file mode 100644 index aa64cf91d04..00000000000 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 1999-2023 Alibaba Group Holding Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.alibaba.nacos.core.remote.grpc.negotiator.tls; - -import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; -import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; -import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; - -/** - * Default optional tls protocol negotiator builder. - * - * @author xiweng.yy - */ -public class DefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { - - public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS"; - - @Override - public NacosGrpcProtocolNegotiator build() { - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - if (rpcServerTlsConfig.getEnableTls()) { - SslContext sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); - return new OptionalTlsProtocolNegotiator(sslContext, rpcServerTlsConfig.getCompatibility()); - } - return null; - } - - @Override - public String type() { - return TYPE_DEFAULT_TLS; - } -} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java index c73f51250dc..a41ee4244fb 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java @@ -43,11 +43,14 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato private final boolean supportPlainText; + private final RpcServerTlsConfig config; + private SslContext sslContext; - public OptionalTlsProtocolNegotiator(SslContext sslContext, boolean supportPlainText) { + public OptionalTlsProtocolNegotiator(SslContext sslContext, RpcServerTlsConfig config) { this.sslContext = sslContext; - this.supportPlainText = supportPlainText; + this.config = config; + this.supportPlainText = config.getCompatibility(); } void setSslContext(SslContext sslContext) { @@ -63,8 +66,7 @@ public AsciiString scheme() { public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) { ChannelHandler plaintext = InternalProtocolNegotiators.serverPlaintext().newHandler(grpcHttp2ConnectionHandler); ChannelHandler ssl = InternalProtocolNegotiators.serverTls(sslContext).newHandler(grpcHttp2ConnectionHandler); - ChannelHandler decoder = new PortUnificationServerHandler(ssl, plaintext); - return decoder; + return new PortUnificationServerHandler(ssl, plaintext); } @Override @@ -74,27 +76,25 @@ public void close() { @Override public void reloadNegotiator() { - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - if (rpcServerTlsConfig.getEnableTls()) { - sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + if (config.getEnableTls()) { + sslContext = DefaultTlsContextBuilder.getSslContext(config); } } private ProtocolNegotiationEvent getDefPne() { - ProtocolNegotiationEvent protocolNegotiationEvent = null; try { Field aDefault = ProtocolNegotiationEvent.class.getDeclaredField("DEFAULT"); aDefault.setAccessible(true); - return (ProtocolNegotiationEvent) aDefault.get(protocolNegotiationEvent); + return (ProtocolNegotiationEvent) aDefault.get(null); } catch (Exception e) { e.printStackTrace(); } - return protocolNegotiationEvent; + return null; } public class PortUnificationServerHandler extends ByteToMessageDecoder { - private ProtocolNegotiationEvent pne; + private final ProtocolNegotiationEvent pne; private final ChannelHandler ssl; @@ -116,14 +116,12 @@ protected void decode(ChannelHandlerContext ctx, ByteBuf in, List out) t return; } if (isSsl(in) || !supportPlainText) { - ctx.pipeline().addAfter(ctx.name(), (String) null, this.ssl); - ctx.fireUserEventTriggered(pne); - ctx.pipeline().remove(this); + ctx.pipeline().addAfter(ctx.name(), null, this.ssl); } else { - ctx.pipeline().addAfter(ctx.name(), (String) null, this.plaintext); - ctx.fireUserEventTriggered(pne); - ctx.pipeline().remove(this); + ctx.pipeline().addAfter(ctx.name(), null, this.plaintext); } + ctx.fireUserEventTriggered(pne); + ctx.pipeline().remove(this); } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManager.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManager.java new file mode 100644 index 00000000000..e1709a894a1 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManager.java @@ -0,0 +1,150 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.common.spi.NacosServiceLoader; +import com.alibaba.nacos.common.utils.StringUtils; +import com.alibaba.nacos.common.remote.CommunicationType; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; +import com.alibaba.nacos.core.utils.Loggers; +import com.alibaba.nacos.sys.env.EnvUtil; + +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder.CLUSTER_TYPE_DEFAULT_TLS; +import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder.SDK_TYPE_DEFAULT_TLS; + +/** + * Manager for ProtocolNegotiatorBuilder instances, responsible for loading, managing, and providing + * ProtocolNegotiatorBuilders. + * + *

    {@code ProtocolNegotiatorBuilderManager} is a singleton class, and it initializes ProtocolNegotiatorBuilders + * using the SPI mechanism. It also provides default ProtocolNegotiatorBuilders in case loading from SPI fails. + *

    + * + *

    Usage: + *

    {@code
    + * ProtocolNegotiatorBuilderManager manager = ProtocolNegotiatorBuilderManager.getInstance();
    + * NacosGrpcProtocolNegotiator negotiator = manager.get(CommunicationType.SDK);
    + * }
    + *

    + * + * @author stone-98 + * @date 2023/12/23 + */ +public class ProtocolNegotiatorBuilderManager { + + /** + * Property key for configuring the ProtocolNegotiator type for cluster communication. + */ + public static final String CLUSTER_TYPE_PROPERTY_KEY = "nacos.remote.cluster.server.rpc.protocol.negotiator.type"; + + /** + * Property key for configuring the ProtocolNegotiator type for SDK communication. + */ + public static final String SDK_TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type"; + + /** + * Singleton instance of ProtocolNegotiatorBuilderManager. + */ + private static final ProtocolNegotiatorBuilderManager INSTANCE = new ProtocolNegotiatorBuilderManager(); + + /** + * Map to store ProtocolNegotiatorBuilders by their types. + */ + private static Map builderMap; + + /** + * Map to store the actual ProtocolNegotiator types used for different CommunicationTypes. + */ + private static Map actualTypeMap; + + /** + * Private constructor to enforce singleton pattern. + */ + private ProtocolNegotiatorBuilderManager() { + builderMap = new HashMap<>(); + actualTypeMap = new HashMap<>(); + initActualTypeMap(); + try { + initBuilders(); + } catch (Exception e) { + Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed, use default ProtocolNegotiatorBuilder", e); + initDefaultBuilder(); + } + } + + /** + * Initialize all ProtocolNegotiatorBuilders using the SPI mechanism. + */ + private void initBuilders() { + for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) { + builderMap.put(each.type(), each); + Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(), + each.type()); + } + } + + /** + * Initialize the mapping of CommunicationType to actual ProtocolNegotiator type from configuration properties. + */ + private void initActualTypeMap() { + actualTypeMap.put(CommunicationType.SDK, EnvUtil.getProperty(SDK_TYPE_PROPERTY_KEY, SDK_TYPE_DEFAULT_TLS)); + actualTypeMap.put(CommunicationType.CLUSTER, + EnvUtil.getProperty(CLUSTER_TYPE_PROPERTY_KEY, CLUSTER_TYPE_DEFAULT_TLS)); + } + + /** + * Initialize default ProtocolNegotiatorBuilders in case loading from SPI fails. + */ + private void initDefaultBuilder() { + builderMap.put(SDK_TYPE_DEFAULT_TLS, new SdkDefaultTlsProtocolNegotiatorBuilder()); + builderMap.put(CLUSTER_TYPE_PROPERTY_KEY, new ClusterDefaultTlsProtocolNegotiatorBuilder()); + } + + /** + * Get the singleton instance of ProtocolNegotiatorBuilderManager. + * + * @return The singleton instance. + */ + public static ProtocolNegotiatorBuilderManager getInstance() { + return INSTANCE; + } + + /** + * Get the ProtocolNegotiator for the specified CommunicationType. + * + * @param communicationType The CommunicationType for which the ProtocolNegotiator is requested. + * @return The ProtocolNegotiator instance. + */ + public NacosGrpcProtocolNegotiator buildGrpcProtocolNegotiator(CommunicationType communicationType) { + String actualType = actualTypeMap.get(communicationType); + if (StringUtils.isBlank(actualType)) { + Loggers.REMOTE.warn("Not found actualType for communicationType {}.", communicationType); + return null; + } + ProtocolNegotiatorBuilder builder = builderMap.get(actualType); + if (Objects.isNull(builder)) { + Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for actualType {}.", actualType); + return null; + } + return builder.build(); + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java new file mode 100644 index 00000000000..b62624a9918 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java @@ -0,0 +1,87 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; + +/** + * The {@code SdkDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the + * {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for SDK-to-Server + * communication with optional TLS encryption. + * + *

    It defines the type as {@code SDK_DEFAULT_TLS} and supports communication types for SDKs. + *

    + * + *

    The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the + * configuration provided by the {@link RpcSdkServerTlsConfig} class. If TLS encryption is enabled, it creates an + * {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns + * null. + *

    + * + *

    The {@code type()} method returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder. + *

    + * + *

    Example Usage: + *

    {@code
    + * ProtocolNegotiatorBuilder builder = new SdkDefaultTlsProtocolNegotiatorBuilder();
    + * NacosGrpcProtocolNegotiator negotiator = builder.build();
    + * }
    + *

    + * + * @author xiweng.yy + * @date 2023/12/23 + * @see ProtocolNegotiatorBuilder + * @see NacosGrpcProtocolNegotiator + * @see RpcSdkServerTlsConfig + * @see OptionalTlsProtocolNegotiator + */ +public class SdkDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { + + /** + * The unique identifier for this negotiator builder. + */ + public static final String SDK_TYPE_DEFAULT_TLS = "SDK_DEFAULT_TLS"; + + /** + * Constructs and returns a ProtocolNegotiator for SDK-to-Server communication with optional TLS encryption. + * + * @return ProtocolNegotiator, or null if TLS is not enabled. + */ + @Override + public NacosGrpcProtocolNegotiator build() { + RpcServerTlsConfig config = RpcSdkServerTlsConfig.getInstance(); + if (config.getEnableTls()) { + SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config); + return new OptionalTlsProtocolNegotiator(sslContext, config); + } + return null; + } + + /** + * Returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder. + * + * @return The type identifier. + */ + @Override + public String type() { + return SDK_TYPE_DEFAULT_TLS; + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerTlsConfig.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerTlsConfig.java new file mode 100644 index 00000000000..ddf11328640 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerTlsConfig.java @@ -0,0 +1,85 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.common.utils.JacksonUtils; +import com.alibaba.nacos.core.utils.Loggers; +import com.alibaba.nacos.sys.env.EnvUtil; +import com.alibaba.nacos.sys.utils.PropertiesUtil; + +/** + * The {@code RpcClusterServerTlsConfig} class represents the TLS configuration for the Nacos Rpc server in a cluster + * environment. + * + *

    It extends the {@link RpcServerTlsConfig} class and provides specific configuration properties under the prefix + * {@code nacos.remote.cluster.server.rpc.tls}. The TLS configuration is loaded from the environment using Spring + * Binder. If the configuration is empty, it falls back to default values. + *

    + * + *

    The class follows the Singleton pattern, and the instance can be obtained using the {@link #getInstance()} + * method. + *

    + * + *

    The logger messages include information about the type of TLS configuration, such as "Nacos Rpc server tls + * config." + *

    + * + *

    Example Usage: + *

    {@code
    + * RpcClusterServerTlsConfig config = RpcClusterServerTlsConfig.getInstance();
    + * }
    + *

    + * + * @author stone-98 + * @date 2023/12/23 + * @see RpcServerTlsConfig + */ +public class RpcClusterServerTlsConfig extends RpcServerTlsConfig { + + /** + * The property key prefix for TLS configuration. + */ + public static final String PREFIX = "nacos.remote.cluster.server.rpc.tls"; + + /** + * The singleton instance of the RpcClusterServerTlsConfig class. + */ + private static RpcClusterServerTlsConfig instance; + + private RpcClusterServerTlsConfig() { + } + + /** + * Retrieves the singleton instance of RpcClusterServerTlsConfig, loading the TLS configuration from the environment + * using Spring Binder. If the configuration is empty, it falls back to default values. + * + * @return The singleton instance of RpcClusterServerTlsConfig. + */ + public static synchronized RpcClusterServerTlsConfig getInstance() { + if (null == instance) { + instance = PropertiesUtil.handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, + RpcClusterServerTlsConfig.class); + if (instance == null) { + Loggers.REMOTE.debug("Cluster communication type TLS configuration is empty, use default value"); + instance = new RpcClusterServerTlsConfig(); + } + } + Loggers.REMOTE.info("Nacos Rpc cluster server tls config: {}", JacksonUtils.toJson(instance)); + return instance; + } +} + diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerTlsConfig.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerTlsConfig.java new file mode 100644 index 00000000000..7d3413a2797 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerTlsConfig.java @@ -0,0 +1,84 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.common.utils.JacksonUtils; +import com.alibaba.nacos.core.utils.Loggers; +import com.alibaba.nacos.sys.env.EnvUtil; +import com.alibaba.nacos.sys.utils.PropertiesUtil; + +/** + * The {@code RpcSdkServerTlsConfig} class represents the TLS configuration for the Nacos Rpc server in SDK + * communication type. + * + *

    It extends the {@link RpcServerTlsConfig} class and provides specific configuration properties under the prefix + * {@code nacos.remote.sdk.server.rpc.tls}. The TLS configuration is loaded from the environment using Spring Binder. If + * the configuration is empty, it falls back to default values. + *

    + * + *

    The class follows the Singleton pattern, and the instance can be obtained using the {@link #getInstance()} + * method. + *

    + * + *

    The logger messages include information about the type of TLS configuration, such as "Nacos Rpc SDK server tls + * config." + *

    + * + *

    Example Usage: + *

    {@code
    + * RpcSdkServerTlsConfig config = RpcSdkServerTlsConfig.getInstance();
    + * }
    + *

    + * + * @author stone-98 + * @date 2023/12/23 + * @see RpcServerTlsConfig + */ +public class RpcSdkServerTlsConfig extends RpcServerTlsConfig { + + /** + * The property key prefix for SDK TLS configuration. + */ + public static final String PREFIX = "nacos.remote.sdk.server.rpc.tls"; + + /** + * The singleton instance of the RpcSdkServerTlsConfig class. + */ + private static RpcSdkServerTlsConfig instance; + + private RpcSdkServerTlsConfig() { + } + + /** + * Retrieves the singleton instance of RpcSdkServerTlsConfig, loading the TLS configuration from the environment + * using Spring Binder. If the configuration is empty, it falls back to default values. + * + * @return The singleton instance of RpcSdkServerTlsConfig. + */ + public static synchronized RpcSdkServerTlsConfig getInstance() { + if (null == instance) { + instance = PropertiesUtil.handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, RpcSdkServerTlsConfig.class); + if (instance == null) { + Loggers.REMOTE.debug("SDK communication type TLS configuration is empty, use default value"); + instance = new RpcSdkServerTlsConfig(); + } + } + Loggers.REMOTE.info("Nacos Rpc SDK server tls config: {}", JacksonUtils.toJson(instance)); + return instance; + } +} + diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java index b423442319c..02a8836a9f7 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java @@ -16,6 +16,7 @@ package com.alibaba.nacos.core.remote.tls; +import com.alibaba.nacos.common.remote.CommunicationType; import com.alibaba.nacos.common.spi.NacosServiceLoader; import com.alibaba.nacos.common.utils.StringUtils; import com.alibaba.nacos.core.utils.Loggers; @@ -23,52 +24,90 @@ import java.util.Collection; /** - * ssl context refresher spi holder. + * Holder for managing instances of {@link RpcServerSslContextRefresher}. This class is responsible for initializing and + * providing instances of the SSL context refresher based on the communication type (SDK or Cluster). * * @author liuzunfei - * @version $Id: RequestFilters.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $ + * @version $Id: RpcServerSslContextRefresherHolder.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $ */ public class RpcServerSslContextRefresherHolder { - private static RpcServerSslContextRefresher instance; + /** + * The instance of {@link RpcServerSslContextRefresher} for SDK communication. + */ + private static RpcServerSslContextRefresher sdkInstance; - private static volatile boolean init = false; + /** + * The instance of {@link RpcServerSslContextRefresher} for Cluster communication. + */ + private static RpcServerSslContextRefresher clusterInstance; - public static RpcServerSslContextRefresher getInstance() { - if (init) { - return instance; - } + static { + init(); + } + + /** + * Gets the instance of {@link RpcServerSslContextRefresher} for SDK communication. + * + * @return The instance of {@link RpcServerSslContextRefresher} for SDK communication. + */ + public static RpcServerSslContextRefresher getSdkInstance() { + return sdkInstance; + } + + /** + * Gets the instance of {@link RpcServerSslContextRefresher} for Cluster communication. + * + * @return The instance of {@link RpcServerSslContextRefresher} for Cluster communication. + */ + public static RpcServerSslContextRefresher getClusterInstance() { + return clusterInstance; + } + + /** + * Initializes the holder by loading SSL context refreshers and matching them with the configured types (SDK and + * Cluster). + */ + private static void init() { synchronized (RpcServerSslContextRefresherHolder.class) { - if (init) { - return instance; - } - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - String sslContextRefresher = rpcServerTlsConfig.getSslContextRefresher(); - if (StringUtils.isNotBlank(sslContextRefresher)) { - Collection load = NacosServiceLoader - .load(RpcServerSslContextRefresher.class); - for (RpcServerSslContextRefresher contextRefresher : load) { - if (sslContextRefresher.equals(contextRefresher.getName())) { - instance = contextRefresher; - Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} Founded->{}", sslContextRefresher, - contextRefresher.getClass().getSimpleName()); - break; - } - } - if (instance == null) { - Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} not found", sslContextRefresher); + Collection refreshers = NacosServiceLoader.load( + RpcServerSslContextRefresher.class); + doInit(refreshers, RpcSdkServerTlsConfig.getInstance(), sdkInstance, CommunicationType.SDK.getType()); + doInit(refreshers, RpcClusterServerTlsConfig.getInstance(), clusterInstance, + CommunicationType.CLUSTER.getType()); + Loggers.REMOTE.info("RpcServerSslContextRefresher init end"); + } + } + + /** + * Initializes the SSL context refresher instance based on the specified configuration and communication type. + * + * @param refreshers Collection of SSL context refreshers to choose from. + * @param serverTlsConfig Configuration instance for the SSL context refresher. + * @param instance The instance to be initialized based on the configuration. + * @param communicationType The type of communication (SDK or Cluster). + */ + private static void doInit(Collection refreshers, RpcServerTlsConfig serverTlsConfig, + RpcServerSslContextRefresher instance, String communicationType) { + String refresherName = serverTlsConfig.getSslContextRefresher(); + if (StringUtils.isNotBlank(refresherName)) { + for (RpcServerSslContextRefresher contextRefresher : refreshers) { + if (refresherName.equals(contextRefresher.getName())) { + instance = contextRefresher; + Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} for {} Founded -> {}.", refresherName, + communicationType, contextRefresher.getClass().getSimpleName()); + break; } - - } else { - Loggers.REMOTE - .info("No RpcServerSslContextRefresher specified,Ssl Context auto refresh not supported."); } - - Loggers.REMOTE.info("RpcServerSslContextRefresher init end"); - init = true; + if (instance == null) { + Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} for {} not found", refresherName, + communicationType); + } + } else { + Loggers.REMOTE.info( + "No {} communication type RpcServerSslContextRefresher specified, Ssl Context auto refresh not supported.", + communicationType); } - - return instance; } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java index e0b0068462e..80a7fd84659 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java @@ -17,10 +17,6 @@ package com.alibaba.nacos.core.remote.tls; import com.alibaba.nacos.common.remote.TlsConfig; -import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.utils.Loggers; -import com.alibaba.nacos.sys.env.EnvUtil; -import com.alibaba.nacos.sys.utils.PropertiesUtil; /** * Grpc config. @@ -29,26 +25,10 @@ */ public class RpcServerTlsConfig extends TlsConfig { - public static final String PREFIX = "nacos.remote.server.rpc.tls"; - - private static RpcServerTlsConfig instance; - private String sslContextRefresher = ""; private Boolean compatibility = true; - public static synchronized RpcServerTlsConfig getInstance() { - if (null == instance) { - instance = PropertiesUtil.handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, RpcServerTlsConfig.class); - if (instance == null) { - Loggers.REMOTE.debug("TLS configuration is empty, use default value"); - instance = new RpcServerTlsConfig(); - } - } - Loggers.REMOTE.info("Nacos Rpc server tls config:{}", JacksonUtils.toJson(instance)); - return instance; - } - public Boolean getCompatibility() { return compatibility; } diff --git a/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder index 1ea83c1f0b2..e0065225026 100644 --- a/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder +++ b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder @@ -14,4 +14,5 @@ # limitations under the License. # -com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder \ No newline at end of file +com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder +com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java new file mode 100644 index 00000000000..1d16eb0becb --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java @@ -0,0 +1,87 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.tls.RpcClusterServerTlsConfig; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.MutablePropertySources; +import org.springframework.core.env.PropertiesPropertySource; +import org.springframework.mock.env.MockEnvironment; + +import java.lang.reflect.Field; +import java.util.Properties; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +/** + * Test ClusterDefaultTlsProtocolNegotiatorBuilder. + * + * @author stone-98 + * @date 2023/12/25 + */ +public class ClusterDefaultTlsProtocolNegotiatorBuilderTest { + + private ConfigurableEnvironment environment; + + private ClusterDefaultTlsProtocolNegotiatorBuilder builder; + + @Before + public void setUp() { + environment = new MockEnvironment(); + EnvUtil.setEnvironment(environment); + builder = new ClusterDefaultTlsProtocolNegotiatorBuilder(); + } + + @After + public void tearDown() throws NoSuchFieldException, IllegalAccessException { + resetInstance(); + } + + @Test + public void testBuildTlsDisabled() { + assertNull(builder.build()); + } + + @Test + public void testBuildTlsEnabled() { + Properties properties = new Properties(); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".enableTls", "true"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".compatibility", "false"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".certChainFile", "test-server-cert.pem"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".certPrivateKey", "test-server-key.pem"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".trustCollectionCertFile", "test-ca-cert.pem"); + + PropertiesPropertySource propertySource = new PropertiesPropertySource("myPropertySource", properties); + MutablePropertySources propertySources = environment.getPropertySources(); + propertySources.addLast(propertySource); + + NacosGrpcProtocolNegotiator negotiator = builder.build(); + assertNotNull(negotiator); + } + + private void resetInstance() throws NoSuchFieldException, IllegalAccessException { + Field instanceField = RpcClusterServerTlsConfig.class.getDeclaredField("instance"); + instanceField.setAccessible(true); + instanceField.set(null, null); + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManagerTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManagerTest.java new file mode 100644 index 00000000000..1aee9ed5af2 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ProtocolNegotiatorBuilderManagerTest.java @@ -0,0 +1,94 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.common.remote.CommunicationType; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.tls.RpcClusterServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.MutablePropertySources; +import org.springframework.core.env.PropertiesPropertySource; +import org.springframework.mock.env.MockEnvironment; + +import java.lang.reflect.Field; +import java.util.Properties; + +import static org.junit.Assert.assertNotNull; + +/** + * Test ProtocolNegotiatorBuilderManager. + * + * @author stone-98 + */ +public class ProtocolNegotiatorBuilderManagerTest { + + @Before + public void setUp() throws Exception { + ConfigurableEnvironment environment = new MockEnvironment(); + Properties properties = new Properties(); + properties.setProperty(RpcSdkServerTlsConfig.PREFIX + ".enableTls", "true"); + properties.setProperty(RpcSdkServerTlsConfig.PREFIX + ".compatibility", "false"); + properties.setProperty(RpcSdkServerTlsConfig.PREFIX + ".certChainFile", "test-server-cert.pem"); + properties.setProperty(RpcSdkServerTlsConfig.PREFIX + ".certPrivateKey", "test-server-key.pem"); + properties.setProperty(RpcSdkServerTlsConfig.PREFIX + ".trustCollectionCertFile", "test-ca-cert.pem"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".enableTls", "true"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".compatibility", "false"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".certChainFile", "test-server-cert.pem"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".certPrivateKey", "test-server-key.pem"); + properties.setProperty(RpcClusterServerTlsConfig.PREFIX + ".trustCollectionCertFile", "test-ca-cert.pem"); + + MutablePropertySources propertySources = environment.getPropertySources(); + PropertiesPropertySource propertySource = new PropertiesPropertySource("myPropertySource", properties); + propertySources.addLast(propertySource); + EnvUtil.setEnvironment(environment); + setStaticField(RpcSdkServerTlsConfig.class, null, "instance"); + setStaticField(RpcClusterServerTlsConfig.class, null, "instance"); + } + + @After + public void tearDown() throws Exception { + } + + @Test + public void testGetSdkNegotiator() { + ProtocolNegotiatorBuilderManager manager = ProtocolNegotiatorBuilderManager.getInstance(); + NacosGrpcProtocolNegotiator negotiator = manager.buildGrpcProtocolNegotiator(CommunicationType.SDK); + assertNotNull("SDK ProtocolNegotiator should not be null", negotiator); + } + + @Test + public void testGetClusterNegotiator() { + ProtocolNegotiatorBuilderManager manager = ProtocolNegotiatorBuilderManager.getInstance(); + NacosGrpcProtocolNegotiator negotiator = manager.buildGrpcProtocolNegotiator(CommunicationType.CLUSTER); + assertNotNull("Cluster ProtocolNegotiator should not be null", negotiator); + } + + private void setStaticField(Class target, Object obj, String fieldName) { + try { + Field instanceField = target.getDeclaredField(fieldName); + instanceField.setAccessible(true); + instanceField.set(null, obj); + } catch (NoSuchFieldException | IllegalAccessException e) { + e.printStackTrace(); + } + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java new file mode 100644 index 00000000000..524f700c3fc --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java @@ -0,0 +1,96 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.tls.RpcClusterServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresherHolder; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.core.env.ConfigurableEnvironment; + +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; + +import static org.junit.Assert.assertNotNull; +import static org.mockito.Mockito.when; + +/** + * Test RpcServerSslContextRefresherHolder. + * + * @author stone-98 + */ +@RunWith(MockitoJUnitRunner.class) +public class RpcServerSslContextRefresherHolderTest { + + @Mock + private ConfigurableEnvironment environment; + + @Mock + private RpcSdkServerTlsConfig sdkRpcConfig; + + @Mock + private RpcClusterServerTlsConfig clusterConfig; + + @Before + public void setUp() { + EnvUtil.setEnvironment(environment); + } + + @After + public void tearDown() { + } + + @Test + public void testInit() { + when(sdkRpcConfig.getSslContextRefresher()).thenReturn("sdk-refresher-test"); + when(clusterConfig.getSslContextRefresher()).thenReturn("cluster-refresher-test"); + setStaticField(RpcSdkServerTlsConfig.class, sdkRpcConfig, "instance"); + setStaticField(RpcClusterServerTlsConfig.class, clusterConfig, "instance"); + invokeStaticMethod("init"); + assertNotNull(RpcServerSslContextRefresherHolder.getClusterInstance()); + assertNotNull(RpcServerSslContextRefresherHolder.getSdkInstance()); + } + + private void setStaticField(Class target, Object obj, String fieldName) { + try { + Field instanceField = target.getDeclaredField(fieldName); + instanceField.setAccessible(true); + instanceField.set(null, obj); + } catch (NoSuchFieldException | IllegalAccessException e) { + e.printStackTrace(); + } + } + + private void invokeStaticMethod(String methodName) { + try { + Class clazz = RpcServerSslContextRefresherHolder.class; + Method privateStaticMethod = clazz.getDeclaredMethod(methodName); + privateStaticMethod.setAccessible(true); + privateStaticMethod.invoke(null); + privateStaticMethod.setAccessible(false); + } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) { + e.printStackTrace(); + } + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java similarity index 68% rename from core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java rename to core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java index f947a367a83..99305c444c8 100644 --- a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java @@ -17,6 +17,7 @@ package com.alibaba.nacos.core.remote.grpc.negotiator.tls; import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import com.alibaba.nacos.sys.env.EnvUtil; import org.junit.After; @@ -27,7 +28,7 @@ import java.lang.reflect.Field; -public class DefaultTlsContextBuilderTest { +public class SdkDefaultTlsContextBuilderTest { private ConfigurableEnvironment environment; @@ -35,86 +36,86 @@ public class DefaultTlsContextBuilderTest { public void setUp() throws Exception { environment = new MockEnvironment(); EnvUtil.setEnvironment(environment); - RpcServerTlsConfig.getInstance().setEnableTls(true); + RpcSdkServerTlsConfig.getInstance().setEnableTls(true); } @After public void tearDown() throws Exception { - RpcServerTlsConfig.getInstance().setEnableTls(false); - RpcServerTlsConfig.getInstance().setTrustAll(false); - RpcServerTlsConfig.getInstance().setMutualAuthEnable(false); - RpcServerTlsConfig.getInstance().setCertChainFile(null); - RpcServerTlsConfig.getInstance().setCertPrivateKey(null); - RpcServerTlsConfig.getInstance().setCiphers(null); - RpcServerTlsConfig.getInstance().setProtocols(null); - RpcServerTlsConfig.getInstance().setTrustCollectionCertFile(null); - RpcServerTlsConfig.getInstance().setSslProvider(""); + RpcSdkServerTlsConfig.getInstance().setEnableTls(false); + RpcSdkServerTlsConfig.getInstance().setTrustAll(false); + RpcSdkServerTlsConfig.getInstance().setMutualAuthEnable(false); + RpcSdkServerTlsConfig.getInstance().setCertChainFile(null); + RpcSdkServerTlsConfig.getInstance().setCertPrivateKey(null); + RpcSdkServerTlsConfig.getInstance().setCiphers(null); + RpcSdkServerTlsConfig.getInstance().setProtocols(null); + RpcSdkServerTlsConfig.getInstance().setTrustCollectionCertFile(null); + RpcSdkServerTlsConfig.getInstance().setSslProvider(""); clearRpcServerTlsConfigInstance(); } @Test(expected = IllegalArgumentException.class) public void testGetSslContextIllegal() { - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } @Test public void testGetSslContextWithoutMutual() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); + RpcServerTlsConfig grpcServerConfig = RpcSdkServerTlsConfig.getInstance(); grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); grpcServerConfig.setCertPrivateKey("test-server-key.pem"); grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } @Test public void testGetSslContextWithMutual() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); + RpcServerTlsConfig grpcServerConfig = RpcSdkServerTlsConfig.getInstance(); grpcServerConfig.setTrustAll(true); grpcServerConfig.setMutualAuthEnable(true); grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); grpcServerConfig.setCertPrivateKey("test-server-key.pem"); grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } @Test public void testGetSslContextWithMutualAndPart() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); + RpcServerTlsConfig grpcServerConfig = RpcSdkServerTlsConfig.getInstance(); grpcServerConfig.setMutualAuthEnable(true); grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); grpcServerConfig.setCertPrivateKey("test-server-key.pem"); grpcServerConfig.setCertChainFile("test-server-cert.pem"); grpcServerConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } @Test(expected = IllegalArgumentException.class) public void testGetSslContextWithMutualAndPartIllegal() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); + RpcServerTlsConfig grpcServerConfig = RpcSdkServerTlsConfig.getInstance(); grpcServerConfig.setMutualAuthEnable(true); grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); grpcServerConfig.setCertPrivateKey("test-server-key.pem"); grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } @Test(expected = NacosRuntimeException.class) public void testGetSslContextForNonExistFile() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); + RpcServerTlsConfig grpcServerConfig = RpcSdkServerTlsConfig.getInstance(); grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); grpcServerConfig.setCertPrivateKey("non-exist-server-key.pem"); grpcServerConfig.setCertChainFile("non-exist-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); + DefaultTlsContextBuilder.getSslContext(RpcSdkServerTlsConfig.getInstance()); } private static void clearRpcServerTlsConfigInstance() throws Exception { - Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance"); + Field instanceField = RpcSdkServerTlsConfig.class.getDeclaredField("instance"); instanceField.setAccessible(true); instanceField.set(null, null); } -} \ No newline at end of file +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java similarity index 56% rename from core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java rename to core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java index 24e0a6fd782..7f008ebb7bf 100644 --- a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java @@ -16,7 +16,7 @@ package com.alibaba.nacos.core.remote.grpc.negotiator.tls; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.sys.env.EnvUtil; import org.junit.After; import org.junit.Before; @@ -29,25 +29,26 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -public class DefaultTlsProtocolNegotiatorBuilderTest { +public class SdkDefaultTlsProtocolNegotiatorBuilderTest { private ConfigurableEnvironment environment; - private DefaultTlsProtocolNegotiatorBuilder builder; + private SdkDefaultTlsProtocolNegotiatorBuilder builder; @Before public void setUp() throws Exception { environment = new MockEnvironment(); EnvUtil.setEnvironment(environment); - builder = new DefaultTlsProtocolNegotiatorBuilder(); + builder = new SdkDefaultTlsProtocolNegotiatorBuilder(); + setStaticField(RpcSdkServerTlsConfig.class, null, "instance"); } @After public void tearDown() throws Exception { - RpcServerTlsConfig.getInstance().setEnableTls(false); - RpcServerTlsConfig.getInstance().setCertChainFile(null); - RpcServerTlsConfig.getInstance().setCertPrivateKey(null); - clearRpcServerTlsConfigInstance(); + RpcSdkServerTlsConfig.getInstance().setEnableTls(false); + RpcSdkServerTlsConfig.getInstance().setCertChainFile(null); + RpcSdkServerTlsConfig.getInstance().setCertPrivateKey(null); + setStaticField(RpcSdkServerTlsConfig.class, null, "instance"); } @Test @@ -57,15 +58,19 @@ public void testBuildDisabled() { @Test public void testBuildEnabled() { - RpcServerTlsConfig.getInstance().setEnableTls(true); - RpcServerTlsConfig.getInstance().setCertPrivateKey("test-server-key.pem"); - RpcServerTlsConfig.getInstance().setCertChainFile("test-server-cert.pem"); + RpcSdkServerTlsConfig.getInstance().setEnableTls(true); + RpcSdkServerTlsConfig.getInstance().setCertPrivateKey("test-server-key.pem"); + RpcSdkServerTlsConfig.getInstance().setCertChainFile("test-server-cert.pem"); assertNotNull(builder.build()); } - private static void clearRpcServerTlsConfigInstance() throws Exception { - Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance"); - instanceField.setAccessible(true); - instanceField.set(null, null); + private void setStaticField(Class target, Object obj, String fieldName) { + try { + Field instanceField = target.getDeclaredField(fieldName); + instanceField.setAccessible(true); + instanceField.set(null, obj); + } catch (NoSuchFieldException | IllegalAccessException e) { + e.printStackTrace(); + } } -} \ No newline at end of file +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java new file mode 100644 index 00000000000..f9b4fda663c --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java @@ -0,0 +1,48 @@ +/* + * Copyright 1999-2021 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.core.remote.BaseRpcServer; + +public class RpcClusterServerSslContextRefresherTest implements RpcServerSslContextRefresher { + + @Override + public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) { + return new SslContextChangeAware() { + @Override + public void init(BaseRpcServer baseRpcServer) { + + } + + @Override + public void onSslContextChange() { + + } + + @Override + public void shutdown() { + + } + }; + } + + @Override + public String getName() { + return "cluster-refresher-test"; + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java new file mode 100644 index 00000000000..3a39b7830c7 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java @@ -0,0 +1,48 @@ +/* + * Copyright 1999-2021 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.core.remote.BaseRpcServer; + +public class RpcSdkServerSslContextRefresherTest implements RpcServerSslContextRefresher { + + @Override + public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) { + return new SslContextChangeAware() { + @Override + public void init(BaseRpcServer baseRpcServer) { + + } + + @Override + public void onSslContextChange() { + + } + + @Override + public void shutdown() { + + } + }; + } + + @Override + public String getName() { + return "sdk-refresher-test"; + } +} diff --git a/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher b/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher new file mode 100644 index 00000000000..0c84c41b275 --- /dev/null +++ b/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher @@ -0,0 +1,18 @@ +# +# Copyright 1999-2021 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +com.alibaba.nacos.core.remote.tls.RpcSdkServerSslContextRefresherTest +com.alibaba.nacos.core.remote.tls.RpcClusterServerSslContextRefresherTest diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java index b15c1e05f22..dc6c72fc4b1 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java @@ -23,13 +23,16 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; -import org.junit.*; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.FixMethodOrder; +import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.MethodSorters; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.web.server.LocalServerPort; import org.springframework.test.context.junit4.SpringRunner; import java.io.IOException; @@ -46,36 +49,27 @@ */ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".compatibility=true", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigServiceComTlsGrpcClient_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); - - @LocalServerPort - private int port; - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceComTlsGrpcClient_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - - + @Test - public void test_e_TlsServerAndPlainClient() throws Exception { + public void test_e_TlsServerAndPlainClient() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false"); propertiesfalse.put("serverAddr", "127.0.0.1"); diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java index da5ee0a6b05..4305da0dee7 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java @@ -23,7 +23,7 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; import org.junit.AfterClass; import org.junit.Assert; @@ -47,30 +47,25 @@ * @author githubcheng2978. */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigServiceNoComTlsGrpcClient_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceNoComTlsGrpcClient_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_e_TlsServerAndTlsClient() throws Exception { @@ -83,7 +78,8 @@ public void test_e_TlsServerAndTlsClient() throws Exception { String content = UUID.randomUUID().toString(); String dataId = "test-group" + increment.getAndIncrement(); String groupId = "test-data" + increment.getAndIncrement(); - boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(), "test-data" + increment.getAndIncrement(), content); + boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(), + "test-data" + increment.getAndIncrement(), content); CountDownLatch latch = new CountDownLatch(1); configService.addListener(dataId, groupId, new AbstractConfigChangeListener() { @Override @@ -99,9 +95,9 @@ public void receiveConfigChange(ConfigChangeEvent event) { latch.await(5, TimeUnit.SECONDS); Assert.assertTrue(b); } - + @Test - public void test_e_TlsServerAndPlainClient() throws Exception { + public void test_e_TlsServerAndPlainClient() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false"); propertiesfalse.put("serverAddr", "127.0.0.1"); diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java index b06c6d62095..e95b502b60a 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java @@ -14,7 +14,6 @@ * limitations under the License. */ - package com.alibaba.nacos.test.config; import com.alibaba.nacos.Nacos; @@ -24,7 +23,7 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; import org.junit.After; import org.junit.Assert; @@ -48,43 +47,37 @@ * @author githubcheng2978. */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".mutualAuthEnable=true", + RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", + RpcSdkServerTlsConfig.PREFIX + ".certPrivateKey=test-server-key.pem", RpcSdkServerTlsConfig.PREFIX + + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigV2MutualAuth_CITCase { - - + + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass - public static void beforeClass() throws IOException { + public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigV2MutualAuth_CITCase.class.getSimpleName()); - + } - + @After - public void cleanClientCache() throws Exception { + public void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_d_MutualAuth() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem"); propertiesfalse.put("serverAddr", "127.0.0.1"); ConfigService configServiceFalse = new NacosConfigService(propertiesfalse); String dataId = "test-group" + increment.getAndIncrement(); @@ -106,14 +99,14 @@ public void receiveConfigChange(ConfigChangeEvent event) { latch2.await(5, TimeUnit.SECONDS); Assert.assertTrue(res); } - + @Test public void test_d_MutualAuthButClientNot() throws Exception { - + Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-client-cert.pem"); - + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-client-cert.pem"); + propertiesfalse.put("serverAddr", "127.0.0.1"); ConfigService configServiceFalse = new NacosConfigService(propertiesfalse); String dataId = "test-group" + increment.getAndIncrement(); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java index 74a4d18b423..6390e6453e2 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java @@ -14,7 +14,6 @@ * limitations under the License. */ - package com.alibaba.nacos.test.client; import com.alibaba.nacos.Nacos; @@ -24,8 +23,8 @@ import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.test.ConfigCleanUtils; import org.junit.AfterClass; import org.junit.Assert; @@ -45,89 +44,87 @@ import java.util.concurrent.atomic.AtomicInteger; /** - * use configPublishRequest for communication verification between client and server + * use configPublishRequest for communication verification between client and server. * * @author githubcheng2978 */ @RunWith(SpringRunner.class) @TestConfiguration -@SpringBootTest(classes = {Nacos.class}, - properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"server.servlet.context-path=/nacos", + RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class ConfigIntegrationV1ServerNonCompatibility_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); + @LocalServerPort private int port; - + @BeforeClass public static void beforeClass() throws IOException { - ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName()); + ConfigCleanUtils.changeToNewTestNacosHome( + ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName()); } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test public void test_a_TlsServer() throws Exception { - RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null); + RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), null); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - + Connection connection = client.connectToServer(serverInfo); Assert.assertNull(connection); } - - + @Test public void test_b_ServerTlsTrustAll() throws Exception { - - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustAll(true); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); String content = UUID.randomUUID().toString(); configPublishRequest.setContent(content); configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); - + Response response = connectionTrustCa.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connectionTrustCa.close(); } - + @Test public void test_c_ServerTlsTrustCa() throws Exception { - + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest(); String contentCa = UUID.randomUUID().toString(); - + configPublishRequestCa.setContent(contentCa); configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement()); configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement()); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java index 2d28d0621e5..ceb13df4dc2 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java @@ -24,10 +24,14 @@ import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.test.ConfigCleanUtils; -import org.junit.*; +import org.junit.After; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.web.server.LocalServerPort; @@ -40,79 +44,75 @@ import java.util.concurrent.atomic.AtomicInteger; /** - * use configPublishRequest for communication verification between client and server + * use configPublishRequest for communication verification between client and server. * * @author githubcheng2978 */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcSdkServerTlsConfig.PREFIX + ".mutualAuthEnable=true", RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", + RpcSdkServerTlsConfig.PREFIX + ".certPrivateKey=test-server-key.pem", RpcSdkServerTlsConfig.PREFIX + + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class ConfigIntegrationV2MutualAuth_CITCase { - + @LocalServerPort private int port; - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass - public static void beforeClass() throws IOException { + public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV2MutualAuth_CITCase.class.getSimpleName()); - + } - + @After - public void cleanClientCache() throws Exception { + public void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, fix the cert expired problem") public void test_d_MutualAuth() throws Exception { - - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setMutualAuthEnable(true); tlsConfig.setCertChainFile("test-client-cert.pem"); tlsConfig.setCertPrivateKey("test-client-key.pem"); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); - + RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - + Connection connection = client.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); - + String content = UUID.randomUUID().toString(); - + configPublishRequest.setContent(content); - configPublishRequest.setGroup("test-group"+increment.getAndIncrement()); - configPublishRequest.setDataId("test-data"+increment.getAndIncrement()); + configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); + configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); configPublishRequest.setRequestId(content); Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(5)); Assert.assertTrue(response.isSuccess()); connection.close(); } - + @Test public void test_e_ServerMutualAuthOnly() throws Exception { - - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); - + RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java index 17e93a6e560..fa30b748c03 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java @@ -24,11 +24,15 @@ import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcSdkClientTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import com.alibaba.nacos.sys.env.EnvUtil; import com.alibaba.nacos.test.ConfigCleanUtils; -import org.junit.*; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.web.server.LocalServerPort; @@ -46,44 +50,40 @@ * @author githubcheng2978 */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem" - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class ConfigIntegrationV3_CITCase { - + @LocalServerPort private int port; - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV3_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test public void test_e_TlsServerAndPlainClient() throws Exception { - RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null); + RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), null); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); Connection connection = client.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); - + String content = UUID.randomUUID().toString(); - + configPublishRequest.setContent(content); configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); @@ -91,19 +91,18 @@ public void test_e_TlsServerAndPlainClient() throws Exception { Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connection.close(); - } - + @Test public void test_f_ServerTlsTrustAll() throws Exception { - - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustAll(true); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustAll = clientTrustAll.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); String content = UUID.randomUUID().toString(); @@ -113,25 +112,26 @@ public void test_f_ServerTlsTrustAll() throws Exception { Response response = connectionTrustAll.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connectionTrustAll.close(); - + } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_g_ServerTlsTrustCa() throws Exception { - + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); - + serverInfo.setServerPort(EnvUtil.getPort()); - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + RpcSdkClientTlsConfig tlsConfig = new RpcSdkClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest(); String contentCa = UUID.randomUUID().toString(); - + configPublishRequestCa.setContent(contentCa); configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement()); configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement()); diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java index 1379445f621..81f8c82cfab 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java @@ -27,7 +27,7 @@ import com.alibaba.nacos.api.naming.pojo.Service; import com.alibaba.nacos.api.selector.ExpressionSelector; import com.alibaba.nacos.api.selector.NoneSelector; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -45,43 +45,44 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingCompatibilityServiceTls_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".compatibility=true", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NamingCompatibilityServiceTls_ITCase { - + private NamingMaintainService namingMaintainService; + private NamingService namingService; + private Instance instance; + private String serviceName; - + @LocalServerPort private int port; - + @Before public void init() throws Exception { - + NamingBase.prepareServer(port); - + if (namingMaintainService == null) { TimeUnit.SECONDS.sleep(10); namingMaintainService = NamingMaintainFactory.createMaintainService("127.0.0.1" + ":" + port); } - + if (namingService == null) { TimeUnit.SECONDS.sleep(10); namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); } - + instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); @@ -91,11 +92,11 @@ public void init() throws Exception { map.put("netType", "external"); map.put("version", "1.0"); instance.setMetadata(map); - + serviceName = randomDomainName(); - + } - + @Test public void updateInstance() throws NacosException, InterruptedException { Map map = new HashMap(); @@ -110,7 +111,7 @@ public void updateInstance() throws NacosException, InterruptedException { Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); System.out.println(instances.get(0)); } - + @Test public void updateInstanceWithDisable() throws NacosException, InterruptedException { Map map = new HashMap(); @@ -124,7 +125,7 @@ public void updateInstanceWithDisable() throws NacosException, InterruptedExcept List instances = namingService.getAllInstances(serviceName, false); Assert.assertEquals(0, instances.size()); } - + @Test public void createAndUpdateService() throws NacosException { String serviceName = randomDomainName(); @@ -138,13 +139,13 @@ public void createAndUpdateService() throws NacosException { preService.setMetadata(metadata); ExpressionSelector selector = new ExpressionSelector(); selector.setExpression("CONSUMER.label.A=PROVIDER.label.A &CONSUMER.label.B=PROVIDER.label.B"); - + System.out.println("service info : " + preService); namingMaintainService.createService(preService, selector); Service remoteService = namingMaintainService.queryService(serviceName); System.out.println("remote service info : " + remoteService); Assert.assertEquals(preService.toString(), remoteService.toString()); - + // update service Service nowService = new Service(); nowService.setName(serviceName); @@ -153,13 +154,13 @@ public void createAndUpdateService() throws NacosException { metadata.clear(); metadata.put(serviceName, "this is a update metadata"); nowService.setMetadata(metadata); - + namingMaintainService.updateService(nowService, new NoneSelector()); remoteService = namingMaintainService.queryService(serviceName); System.out.println("remote service info : " + remoteService); Assert.assertEquals(nowService.toString(), remoteService.toString()); } - + @Test public void deleteService() throws NacosException { String serviceName = randomDomainName(); @@ -167,7 +168,7 @@ public void deleteService() throws NacosException { preService.setName(serviceName); System.out.println("service info : " + preService); namingMaintainService.createService(preService, new NoneSelector()); - + Assert.assertTrue(namingMaintainService.deleteService(serviceName)); } diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java index 2b598cdd294..e1c71471fbf 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java @@ -23,7 +23,7 @@ import com.alibaba.nacos.api.naming.NamingService; import com.alibaba.nacos.api.naming.pojo.Instance; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import org.junit.After; import org.junit.Assert; import org.junit.FixMethodOrder; @@ -43,38 +43,35 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingTlsServiceAndMutualAuth_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".mutualAuthEnable=true", + RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", + RpcSdkServerTlsConfig.PREFIX + ".certPrivateKey=test-server-key.pem", RpcSdkServerTlsConfig.PREFIX + + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class NamingTlsServiceAndMutualAuth_ITCase { - - + + @LocalServerPort private int port; - + @Test public void test_a_MutualAuth() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -94,19 +91,19 @@ public void test_a_MutualAuth() throws NacosException { Assert.assertEquals(instances.size(), 1); Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); namingService.shutDown(); - + } - - + + @Test(expected = NacosException.class) public void test_b_MutualAuthClientTrustCa() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -118,18 +115,18 @@ public void test_b_MutualAuthClientTrustCa() throws NacosException { instance.setMetadata(map); namingService.registerInstance(serviceName, instance); namingService.shutDown(); - + } - + @Test(expected = NacosException.class) public void test_c_MutualAuthClientTrustALl() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -142,9 +139,9 @@ public void test_c_MutualAuthClientTrustALl() throws NacosException { namingService.registerInstance(serviceName, instance); namingService.shutDown(); } - + @After - public void after(){ - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,""); + public void after() { + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, ""); } } diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java index 8597a1aad2b..047380005ff 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java @@ -23,7 +23,7 @@ import com.alibaba.nacos.api.naming.NamingService; import com.alibaba.nacos.api.naming.pojo.Instance; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcSdkServerTlsConfig; import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Ignore; @@ -42,30 +42,28 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingTlsServiceTls_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcSdkServerTlsConfig.PREFIX + ".enableTls=true", RpcSdkServerTlsConfig.PREFIX + ".compatibility=false", + RpcSdkServerTlsConfig.PREFIX + ".certChainFile=test-server-cert.pem", RpcSdkServerTlsConfig.PREFIX + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class NamingTlsServiceTls_ITCase { - - + + @LocalServerPort private int port; - + @Test(expected = NacosException.class) public void Tls_a_ServerAndPlainClient() throws NacosException { - - Instance instance = new Instance(); + + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -76,20 +74,20 @@ public void Tls_a_ServerAndPlainClient() throws NacosException { map.put("version", "2.0"); namingService.registerInstance(randomDomainName(), instance); namingService.shutDown(); - + } - + @Test public void Tls_b_ServerAndTlsClientTrustCa() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME); - NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); + NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); Map map = new HashMap(); map.put("netType", "external-update"); map.put("version", "2.0"); @@ -105,20 +103,20 @@ public void Tls_b_ServerAndTlsClientTrustCa() throws NacosException { Assert.assertEquals(instances.size(), 1); Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); namingService.shutDown(); - + } - + @Test public void Tls_c_ServerAndTlsClientAll() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME); - NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); + NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); Map map = new HashMap(); map.put("netType", "external-update"); map.put("version", "2.0");