JDK version : 1.8u77

proto3.0.3 version

I have tried incorporating SSL into current application. Please find below 
approaches we have tried.
1) OpenSSL Static approach

We have added the io.netty.tcnative-boringssl-static, io.netty.handler and 
bundles to com.pelco.vms.pelcotools.application.bnd and

Tried the below code snippet (added to RPCHandler) :


*SslContext sslContext = SslContextBuilder.forServer(certificatePemFile, 
privateKeyPemFile))*
*                                             
.sslProvider(SslProvider.OPENSSL)*
*                                             .build();*
*    server = NettyServerBuilder.forAddress(new 
InetSocketAddress(InetAddress.getLoopbackAddress(), 8443))*
*                               .addService(service)*
*                               .sslContext(sslContext)*
*                               .build()*
*                               .start();*
                                                                                
                                
  
But we are receiving the below exception while building the SslContext.
 
*java.lang.UnsatisfiedLinkError: failed to load the required native library*
*                at 
io.netty.handler.ssl.OpenSsl.ensureAvailability(OpenSsl.java:311)*
*                at 
io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(ReferenceCountedOpenSslContext.java:230)*
*                at 
io.netty.handler.ssl.OpenSslContext.<init>(OpenSslContext.java:43)*
*                at 
io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:347)*
*                at 
io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:335)*
*                at 
io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:421)*
*                at 
io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:441)*
*                at 
com.pelco.vms.pelcotools.handlers.RPCHandler.start(RPCHandler.java:105)*
*                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)*
*                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown 
Source)*
*                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown 
Source)*
*                at java.lang.reflect.Method.invoke(Unknown Source)*
*                at 
org.apache.felix.scr.impl.helper.BaseMethod.invokeMethod(BaseMethod.java:222)*
*                at 
org.apache.felix.scr.impl.helper.BaseMethod.access$500(BaseMethod.java:37)*
*                at 
org.apache.felix.scr.impl.helper.BaseMethod$Resolved.invoke(BaseMethod.java:615)*
*                at 
org.apache.felix.scr.impl.helper.BaseMethod.invoke(BaseMethod.java:499)*
*                at 
org.apache.felix.scr.impl.helper.ActivateMethod.invoke(ActivateMethod.java:295)*
*                at 
org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:302)*
*                at 
org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:113)*
*                at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:866)*
*                at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:833)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:724)*
*                at 
org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:954)*
*                at 
org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:915)*
*                at 
org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1215)*
*                at 
org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1136)*
*                at 
org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.trackAdding(ServiceTracker.java:945)*
*                at 
org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.track(ServiceTracker.java:881)*
*                at 
org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1167)*
*                at 
org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:120)*
*                at 
org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:987)*
*                at 
org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:838)*
*                at 
org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:545)*
*                at 
org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4547)*
*                at 
org.apache.felix.framework.Felix.registerService(Felix.java:3521)*
*                at 
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:869)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:857)*
*                at 
org.apache.felix.scr.impl.manager.RegistrationManager.changeRegistration(RegistrationManager.java:133)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager.registerService(AbstractComponentManager.java:915)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:715)*
*                at 
org.apache.felix.scr.impl.manager.AbstractComponentManager.enable(AbstractComponentManager.java:399)*
*                at 
org.apache.felix.scr.impl.config.ConfigurableComponentHolder.enableComponents(ConfigurableComponentHolder.java:676)*
*                at 
org.apache.felix.scr.impl.BundleComponentActivator.initialEnable(BundleComponentActivator.java:339)*
*                at 
org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:360)*
*                at 
org.apache.felix.scr.impl.Activator.access$000(Activator.java:53)*
*                at 
org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:260)*
*                at 
org.apache.felix.utils.extender.AbstractExtender.createExtension(AbstractExtender.java:259)*
*                at 
org.apache.felix.utils.extender.AbstractExtender.modifiedBundle(AbstractExtender.java:232)*
*                at 
org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:482)*
*                at 
org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:415)*
*                at 
org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)*
*                at 
org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:444)*
*                at 
org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:913)*
*                at 
org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:834)*
*                at 
org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:516)*
*                at 
org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4531)*
*                at 
org.apache.felix.framework.Felix.startBundle(Felix.java:2169)*
*                at 
org.apache.felix.framework.BundleImpl.start(BundleImpl.java:977)*
*                at aQute.launcher.Launcher.update(Launcher.java:436)*
*                at aQute.launcher.Launcher.activate(Launcher.java:349)*
*                at aQute.launcher.Launcher.run(Launcher.java:238)*
*                at aQute.launcher.Launcher.main(Launcher.java:87)*
*Caused by: java.lang.ClassNotFoundException: 
io.netty.internal.tcnative.SSL not found by io.netty.handler [86]*
*                at 
org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1558)*
*                at 
org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:79)*
*                at 
org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1998)*
*                at java.lang.ClassLoader.loadClass(Unknown Source)*
*                at java.lang.Class.forName0(Native Method)*
*                at java.lang.Class.forName(Unknown Source)*
*                at io.netty.handler.ssl.OpenSsl.<clinit>(OpenSsl.java:73)*
*                ... 62 more*

2) TLS with JDK (Jetty ALPN/NPN)

As specified in the GRPC doc (
https://github.com/grpc/grpc-java/blob/master/SECURITY.md) tried adding the 
alpn-boot jar to –Xbootclasspath [JVM Arguement] and added 
org.eclipse.jetty.osgi to the com.pelco.vms.pelcotools.application.bnd. And 
tried with the below snippet:

grpc-java/SECURITY.md at master · grpc/grpc-java · GitHub github.com 
Authentication. gRPC supports a number of different mechanisms for 
asserting identity between an client and server. This document provides 
code samples demonstrating ...

server = NettyServerBuilder.forAddress(new 
InetSocketAddress(InetAddress.getLoopbackAddress(), 8443)) 
.addService(service) .useTransportSecurity(certificatePemFile, 
privateKeyPemFile) .build() .start();

The netty server is getting started but we are recieving the below 
expection when a client is trying to connect.

io.netty.channel.ChannelPipelineException: 
io.grpc.netty.ProtocolNegotiators$ServerTlsHandler.handlerAdded() has 
thrown an exception; removed. at 
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:617)
 
at 
io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:226)
 
at 
io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:392)
 
at 
io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:379)
 
at io.grpc.netty.NettyServerTransport.start(NettyServerTransport.java:114) 
at io.grpc.netty.NettyServer$1.initChannel(NettyServer.java:179) at 
io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113) 
at 
io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105) 
at 
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:597)
 
at 
io.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44)
 
at 
io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1387)
 
at 
io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1122)
 
at 
io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:647)
 
at 
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:506)
 
at 
io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:419)
 
at 
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:478) 
at 
io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
 
at 
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:403)
 
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:462) at 
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
 
at 
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
 
at java.lang.Thread.run(Unknown Source) Caused by: 
java.lang.NoClassDefFoundError: org/eclipse/jetty/alpn/ALPN$Provider at 
io.netty.handler.ssl.JettyAlpnSslEngine.newServerEngine(JettyAlpnSslEngine.java:61)
 
at 
io.netty.handler.ssl.JdkAlpnApplicationProtocolNegotiator$AlpnWrapper.wrapSslEngine(JdkAlpnApplicationProtocolNegotiator.java:129)
 
at 
io.netty.handler.ssl.JdkSslContext.configureAndWrapEngine(JdkSslContext.java:249)
 
at io.netty.handler.ssl.JdkSslContext.newEngine(JdkSslContext.java:227) at 
io.grpc.netty.ProtocolNegotiators$ServerTlsHandler.handlerAdded(ProtocolNegotiators.java:146)
 
at 
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:597)
 
... 21 more Caused by: java.lang.ClassNotFoundException: 
org.eclipse.jetty.alpn.ALPN$Provider not found by io.netty.handler [86] at 
org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1558)
 
at 
org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:79)
 
at 
org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1998)
 
at java.lang.ClassLoader.loadClass(Unknown Source) ... 27 more

Note : followed version as per the ALPN version table with JDK

Also tried adding the javaagent JVM option referencing the path to the 
Jetty alpn-agent jar. But this also reached to the above exception while 
connecting.

Please help to resolve the issue

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To post to this group, send email to grpc-io@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/ee08a611-4567-4d6d-a9e9-5b08d5059a95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to