This is an automated email from the ASF dual-hosted git repository.
ningjiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-saga.git
commit ba4d3b574468cb8d81163cfa05cc028431e39da6
Author: Willem Jiang <jiangni...@huawei.com>
AuthorDate: Wed May 9 12:40:42 2018 +0800
SCB-342 Clean up the ssl settings
---
.../saga/alpha/server/GrpcServerConfig.java | 14 ++++++------
.../saga/alpha/server/GrpcStartable.java | 25 ++++++++++++++++------
.../src/main/resources/application.yaml | 18 ++++++++++------
.../saga/alpha/server/AlphaIntegrationTest.java | 3 ++-
.../alpha/server/AlphaIntegrationWithSSLTest.java | 13 ++++++-----
5 files changed, 48 insertions(+), 25 deletions(-)
diff --git
a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java
b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java
index c14cd0c..66dd992 100644
---
a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java
+++
b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java
@@ -31,16 +31,16 @@ public class GrpcServerConfig {
@Value("${alpha.server.ssl.enable:false}")
private boolean sslEnable;
- @Value("${alpha.server.ssl.cert:server.cert}")
+ @Value("${alpha.server.ssl.cert:server.crt}")
private String cert;
- @Value("${alpha.server.ssl.key:server.key}")
+ @Value("${alpha.server.ssl.key:server.pem}")
private String key;
- @Value("${alpha.server.ssl.sslEnable:false}")
- private boolean mutalAuth;
+ @Value("${alpha.server.ssl.mutualAuth:false}")
+ private boolean mutualAuth;
- @Value("${alpha.server.ssl.clientCert:client.cert}")
+ @Value("${alpha.server.ssl.clientCert:client.crt}")
private String clientCert;
public String getHost() {
@@ -63,8 +63,8 @@ public class GrpcServerConfig {
return key;
}
- public boolean isMutalAuth() {
- return mutalAuth;
+ public boolean isMutualAuth() {
+ return mutualAuth;
}
public String getClientCert() {
diff --git
a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java
b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java
index 9a2133c..4d99374 100644
---
a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java
+++
b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java
@@ -20,8 +20,8 @@
package org.apache.servicecomb.saga.alpha.server;
-import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.net.InetSocketAddress;
import java.util.Arrays;
@@ -82,21 +82,34 @@ class GrpcStartable implements ServerStartable {
private SslContextBuilder getSslContextBuilder(GrpcServerConfig config) {
Properties prop = new Properties();
+ ClassLoader classLoader = getClass().getClassLoader();
try {
-
prop.load(getClass().getClassLoader().getResourceAsStream("ssl.properties"));
+ prop.load(classLoader.getResourceAsStream("ssl.properties"));
} catch (IOException e) {
throw new IllegalStateException("Unable to read ssl.properties.", e);
}
- SslContextBuilder sslClientContextBuilder =
SslContextBuilder.forServer(new File(config.getCert()),
- new File(config.getKey()))
+ InputStream cert = getInputStream(classLoader, config.getCert(), "Server
Cert");
+ InputStream key = getInputStream(classLoader, config.getKey(), "Server
Key");
+
+ SslContextBuilder sslClientContextBuilder =
SslContextBuilder.forServer(cert, key)
.protocols(prop.getProperty("protocols"))
.ciphers(Arrays.asList(prop.getProperty("ciphers").split(",")));
- if (config.isMutalAuth()) {
- sslClientContextBuilder.trustManager(new File(config.getClientCert()));
+ if (config.isMutualAuth()) {
+ InputStream clientCert = getInputStream(classLoader,
config.getClientCert(), "Client Cert");
+ sslClientContextBuilder.trustManager(clientCert);
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
return GrpcSslContexts.configure(sslClientContextBuilder,
SslProvider.OPENSSL);
}
+
+ private InputStream getInputStream(ClassLoader classLoader, String resource,
String config) {
+ InputStream is = classLoader.getResourceAsStream(resource);
+ if (is == null) {
+ throw new IllegalStateException("Cannot load the " + config + " from " +
resource);
+ }
+ return is;
+
+ }
}
diff --git a/alpha/alpha-server/src/main/resources/application.yaml
b/alpha/alpha-server/src/main/resources/application.yaml
index 41964d0..9ec21b8 100644
--- a/alpha/alpha-server/src/main/resources/application.yaml
+++ b/alpha/alpha-server/src/main/resources/application.yaml
@@ -21,12 +21,18 @@ alpha:
server:
host: 0.0.0.0
port: 8080
- ssl:
- enable: false
- cert: server.crt
- key: server.pem
- enableMutualAuth: false
- clientCert: client.crt
+
+---
+spring:
+ profiles: ssl
+ alpha:
+ server:
+ ssl:
+ enable: true
+ cert: server.crt
+ key: server.pem
+ mutualAuth: true
+ clientCert: client.crt
---
spring:
profiles: prd
diff --git
a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java
b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java
index aa0036f..f2b8cac 100644
---
a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java
+++
b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java
@@ -70,6 +70,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import com.google.protobuf.ByteString;
@@ -82,10 +83,10 @@ import io.grpc.stub.StreamObserver;
@SpringBootTest(classes = {AlphaApplication.class, AlphaConfig.class},
properties = {
"alpha.server.host=0.0.0.0",
- "alpha.server.ssl.enable=false",
"alpha.server.port=8090",
"alpha.event.pollingInterval=1"
})
+@ActiveProfiles("ssl")
public class AlphaIntegrationTest {
private static final int port = 8090;
diff --git
a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java
b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java
index 5c05d18..81d3082 100644
---
a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java
+++
b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java
@@ -24,6 +24,7 @@ import javax.net.ssl.SSLException;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import io.grpc.netty.GrpcSslContexts;
@@ -36,15 +37,17 @@ import io.netty.handler.ssl.SslProvider;
@SpringBootTest(classes = {AlphaApplication.class, AlphaConfig.class},
properties = {
"alpha.server.host=0.0.0.0",
- "alpha.server.port=8090", "alpha.event.pollingInterval=1",
- "alpha.server.ssl.enable=true",
"alpha.server.ssl.cert=src/test/resources/server.crt",
- "alpha.server.ssl.key=src/test/resources/server.pem",
"alpha.server.ssl.enableMutualAuth=true",
- "alpha.server.ssl.clientCert=src/test/resources/client.crt"})
+ "alpha.server.port=8090",
+ "alpha.event.pollingInterval=1",
+ "alpha.server.ssl.enable=true"
+ })
+@ActiveProfiles("ssl")
+
public class AlphaIntegrationWithSSLTest extends AlphaIntegrationTest {
private static final int port = 8090;
@BeforeClass
- public static void setupClientChannel() throws Exception {
+ public static void setupClientChannel() {
clientChannel = NettyChannelBuilder.forAddress("localhost", port)
.negotiationType(NegotiationType.TLS)
.sslContext(getSslContext())
--
To stop receiving notification emails like this one, please contact
ningji...@apache.org.
