[rocketmq] 10/26: [ISSUE #5486] polish tls config; add tcnative dependency

Fri, 09 Dec 2022 03:54:00 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhouxzhan pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git

commit 832fc57a08a1ee5aee18b662e1e7539e41caf50f
Author: kaiyi.lk <[email protected]>
AuthorDate: Wed Nov 9 18:03:00 2022 +0800

    [ISSUE #5486] polish tls config; add tcnative dependency
---
 pom.xml                                            |  6 +++
 proxy/pom.xml                                      |  4 ++
 .../apache/rocketmq/proxy/config/ProxyConfig.java  | 48 ++++++++++++----------
 .../rocketmq/proxy/grpc/GrpcServerBuilder.java     |  6 +--
 .../proxy/remoting/RemotingProtocolServer.java     | 12 +++---
 5 files changed, 45 insertions(+), 31 deletions(-)

diff --git a/pom.xml b/pom.xml
index 197cea783..e4324a5b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -103,6 +103,7 @@
 
         <commons-cli.version>1.5.0</commons-cli.version>
         <netty.version>4.1.65.Final</netty.version>
+        <netty.tcnative.version>2.0.53.Final</netty.tcnative.version>
         <bcpkix-jdk15on.version>1.69</bcpkix-jdk15on.version>
         <fastjson.version>1.2.83</fastjson.version>
         <javassist.version>3.20.0-GA</javassist.version>
@@ -900,6 +901,11 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-tcnative-boringssl-static</artifactId>
+                <version>${netty.tcnative.version}</version>
+            </dependency>
 
             <dependency>
                 <groupId>org.springframework</groupId>
diff --git a/proxy/pom.xml b/proxy/pom.xml
index c15734f16..f5373e914 100644
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -95,6 +95,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-tcnative-boringssl-static</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
diff --git 
a/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java 
b/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
index b613c191e..bd7cf1113 100644
--- a/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
+++ b/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
@@ -73,14 +73,17 @@ public class ProxyConfig implements ConfigFile {
     private String namesrvAddr = 
System.getProperty(MixAll.NAMESRV_ADDR_PROPERTY, 
System.getenv(MixAll.NAMESRV_ADDR_ENV));
     private String namesrvDomain = "";
     private String namesrvDomainSubgroup = "";
+    /**
+     * TLS
+     */
+    private boolean tlsTestModeEnable = true;
+    private String tlsKeyPath = ConfigurationManager.getProxyHome() + 
"/conf/tls/rocketmq.key";
+    private String tlsCertPath = ConfigurationManager.getProxyHome() + 
"/conf/tls/rocketmq.crt";
     /**
      * gRPC
      */
     private String proxyMode = ProxyMode.CLUSTER.name();
     private Integer grpcServerPort = 8081;
-    private boolean grpcTlsTestModeEnable = true;
-    private String grpcTlsKeyPath = ConfigurationManager.getProxyHome() + 
"/conf/tls/rocketmq.key";
-    private String grpcTlsCertPath = ConfigurationManager.getProxyHome() + 
"/conf/tls/rocketmq.crt";
     private int grpcBossLoopNum = 1;
     private int grpcWorkerLoopNum = PROCESSOR_NUMBER * 2;
     private boolean enableGrpcEpoll = false;
@@ -190,8 +193,6 @@ public class ProxyConfig implements ConfigFile {
 
     private boolean traceOn = false;
 
-    private String remotingAccessPoint = "";
-
     private BrokerConfig.MetricsExporterType metricsExporterType = 
BrokerConfig.MetricsExporterType.DISABLE;
 
     private String metricsGrpcExporterTarget = "";
@@ -210,9 +211,9 @@ public class ProxyConfig implements ConfigFile {
     private long channelExpiredTimeout = 1000 * 120;
 
     // remoting
-
     private boolean enableRemotingLocalProxyGrpc = true;
     private int localProxyConnectTimeoutMs = 3000;
+    private String remotingAccessAddr = "";
     private int remotingListenPort = 8080;
 
     private int remotingHeartbeatThreadPoolNums = 2 * PROCESSOR_NUMBER;
@@ -245,6 +246,9 @@ public class ProxyConfig implements ConfigFile {
         if (StringUtils.isBlank(localServeAddr)) {
             throw new ProxyException(ProxyExceptionCode.INTERNAL_SERVER_ERROR, 
"get local serve ip failed");
         }
+        if (StringUtils.isBlank(remotingAccessAddr)) {
+            this.remotingAccessAddr = this.localServeAddr;
+        }
         if (StringUtils.isBlank(systemTopicClusterName)) {
             this.systemTopicClusterName = this.rocketMQClusterName;
         }
@@ -407,28 +411,28 @@ public class ProxyConfig implements ConfigFile {
         this.grpcServerPort = grpcServerPort;
     }
 
-    public boolean isGrpcTlsTestModeEnable() {
-        return grpcTlsTestModeEnable;
+    public boolean isTlsTestModeEnable() {
+        return tlsTestModeEnable;
     }
 
-    public void setGrpcTlsTestModeEnable(boolean grpcTlsTestModeEnable) {
-        this.grpcTlsTestModeEnable = grpcTlsTestModeEnable;
+    public void setTlsTestModeEnable(boolean tlsTestModeEnable) {
+        this.tlsTestModeEnable = tlsTestModeEnable;
     }
 
-    public String getGrpcTlsKeyPath() {
-        return grpcTlsKeyPath;
+    public String getTlsKeyPath() {
+        return tlsKeyPath;
     }
 
-    public void setGrpcTlsKeyPath(String grpcTlsKeyPath) {
-        this.grpcTlsKeyPath = grpcTlsKeyPath;
+    public void setTlsKeyPath(String tlsKeyPath) {
+        this.tlsKeyPath = tlsKeyPath;
     }
 
-    public String getGrpcTlsCertPath() {
-        return grpcTlsCertPath;
+    public String getTlsCertPath() {
+        return tlsCertPath;
     }
 
-    public void setGrpcTlsCertPath(String grpcTlsCertPath) {
-        this.grpcTlsCertPath = grpcTlsCertPath;
+    public void setTlsCertPath(String tlsCertPath) {
+        this.tlsCertPath = tlsCertPath;
     }
 
     public int getGrpcBossLoopNum() {
@@ -1059,12 +1063,12 @@ public class ProxyConfig implements ConfigFile {
         this.traceOn = traceOn;
     }
 
-    public String getRemotingAccessPoint() {
-        return remotingAccessPoint;
+    public String getRemotingAccessAddr() {
+        return remotingAccessAddr;
     }
 
-    public void setRemotingAccessPoint(String remotingAccessPoint) {
-        this.remotingAccessPoint = remotingAccessPoint;
+    public void setRemotingAccessAddr(String remotingAccessAddr) {
+        this.remotingAccessAddr = remotingAccessAddr;
     }
 
     public BrokerConfig.MetricsExporterType getMetricsExporterType() {
diff --git 
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java 
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
index 00a738770..5e1b73505 100644
--- a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
+++ b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
@@ -118,7 +118,7 @@ public class GrpcServerBuilder {
             return;
         }
         ProxyConfig proxyConfig = ConfigurationManager.getProxyConfig();
-        boolean tlsTestModeEnable = proxyConfig.isGrpcTlsTestModeEnable();
+        boolean tlsTestModeEnable = proxyConfig.isTlsTestModeEnable();
         if (tlsTestModeEnable) {
             SelfSignedCertificate selfSignedCertificate = new 
SelfSignedCertificate();
             
serverBuilder.sslContext(GrpcSslContexts.forServer(selfSignedCertificate.certificate(),
 selfSignedCertificate.privateKey())
@@ -128,8 +128,8 @@ public class GrpcServerBuilder {
             return;
         }
 
-        String tlsKeyPath = 
ConfigurationManager.getProxyConfig().getGrpcTlsKeyPath();
-        String tlsCertPath = 
ConfigurationManager.getProxyConfig().getGrpcTlsCertPath();
+        String tlsKeyPath = 
ConfigurationManager.getProxyConfig().getTlsKeyPath();
+        String tlsCertPath = 
ConfigurationManager.getProxyConfig().getTlsCertPath();
         try (InputStream serverKeyInputStream = 
Files.newInputStream(Paths.get(tlsKeyPath));
              InputStream serverCertificateStream = 
Files.newInputStream(Paths.get(tlsCertPath))) {
             
serverBuilder.sslContext(GrpcSslContexts.forServer(serverCertificateStream, 
serverKeyInputStream)
diff --git 
a/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
 
b/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
index d0137b2b4..a173a79b6 100644
--- 
a/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
+++ 
b/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
@@ -99,12 +99,12 @@ public class RemotingProtocolServer implements 
StartAndShutdown, RemotingProxyOu
         ProxyConfig config = ConfigurationManager.getProxyConfig();
         NettyServerConfig defaultServerConfig = new NettyServerConfig();
         defaultServerConfig.setListenPort(config.getRemotingListenPort());
-        TlsSystemConfig.tlsTestModeEnable = false;
-        System.setProperty(TlsSystemConfig.TLS_TEST_MODE_ENABLE, "false");
-        TlsSystemConfig.tlsServerCertPath = config.getGrpcTlsCertPath();
-        System.setProperty(TlsSystemConfig.TLS_SERVER_CERTPATH, 
config.getGrpcTlsCertPath());
-        TlsSystemConfig.tlsServerKeyPath = config.getGrpcTlsKeyPath();
-        System.setProperty(TlsSystemConfig.TLS_SERVER_KEYPATH, 
config.getGrpcTlsKeyPath());
+        TlsSystemConfig.tlsTestModeEnable = config.isTlsTestModeEnable();
+        System.setProperty(TlsSystemConfig.TLS_TEST_MODE_ENABLE, 
Boolean.toString(config.isTlsTestModeEnable()));
+        TlsSystemConfig.tlsServerCertPath = config.getTlsCertPath();
+        System.setProperty(TlsSystemConfig.TLS_SERVER_CERTPATH, 
config.getTlsCertPath());
+        TlsSystemConfig.tlsServerKeyPath = config.getTlsKeyPath();
+        System.setProperty(TlsSystemConfig.TLS_SERVER_KEYPATH, 
config.getTlsKeyPath());
 
         this.clientHousekeepingService = new 
ClientHousekeepingService(this.clientManagerActivity);

Reply via email to