This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-saga.git
commit ba4d3b574468cb8d81163cfa05cc028431e39da6 Author: Willem Jiang <jiangni...@huawei.com> AuthorDate: Wed May 9 12:40:42 2018 +0800 SCB-342 Clean up the ssl settings --- .../saga/alpha/server/GrpcServerConfig.java | 14 ++++++------ .../saga/alpha/server/GrpcStartable.java | 25 ++++++++++++++++------ .../src/main/resources/application.yaml | 18 ++++++++++------ .../saga/alpha/server/AlphaIntegrationTest.java | 3 ++- .../alpha/server/AlphaIntegrationWithSSLTest.java | 13 ++++++----- 5 files changed, 48 insertions(+), 25 deletions(-) diff --git a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java index c14cd0c..66dd992 100644 --- a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java +++ b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcServerConfig.java @@ -31,16 +31,16 @@ public class GrpcServerConfig { @Value("${alpha.server.ssl.enable:false}") private boolean sslEnable; - @Value("${alpha.server.ssl.cert:server.cert}") + @Value("${alpha.server.ssl.cert:server.crt}") private String cert; - @Value("${alpha.server.ssl.key:server.key}") + @Value("${alpha.server.ssl.key:server.pem}") private String key; - @Value("${alpha.server.ssl.sslEnable:false}") - private boolean mutalAuth; + @Value("${alpha.server.ssl.mutualAuth:false}") + private boolean mutualAuth; - @Value("${alpha.server.ssl.clientCert:client.cert}") + @Value("${alpha.server.ssl.clientCert:client.crt}") private String clientCert; public String getHost() { @@ -63,8 +63,8 @@ public class GrpcServerConfig { return key; } - public boolean isMutalAuth() { - return mutalAuth; + public boolean isMutualAuth() { + return mutualAuth; } public String getClientCert() { diff --git a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java index 9a2133c..4d99374 100644 --- a/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java +++ b/alpha/alpha-server/src/main/java/org/apache/servicecomb/saga/alpha/server/GrpcStartable.java @@ -20,8 +20,8 @@ package org.apache.servicecomb.saga.alpha.server; -import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.lang.invoke.MethodHandles; import java.net.InetSocketAddress; import java.util.Arrays; @@ -82,21 +82,34 @@ class GrpcStartable implements ServerStartable { private SslContextBuilder getSslContextBuilder(GrpcServerConfig config) { Properties prop = new Properties(); + ClassLoader classLoader = getClass().getClassLoader(); try { - prop.load(getClass().getClassLoader().getResourceAsStream("ssl.properties")); + prop.load(classLoader.getResourceAsStream("ssl.properties")); } catch (IOException e) { throw new IllegalStateException("Unable to read ssl.properties.", e); } - SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(config.getCert()), - new File(config.getKey())) + InputStream cert = getInputStream(classLoader, config.getCert(), "Server Cert"); + InputStream key = getInputStream(classLoader, config.getKey(), "Server Key"); + + SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(cert, key) .protocols(prop.getProperty("protocols")) .ciphers(Arrays.asList(prop.getProperty("ciphers").split(","))); - if (config.isMutalAuth()) { - sslClientContextBuilder.trustManager(new File(config.getClientCert())); + if (config.isMutualAuth()) { + InputStream clientCert = getInputStream(classLoader, config.getClientCert(), "Client Cert"); + sslClientContextBuilder.trustManager(clientCert); sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE); } return GrpcSslContexts.configure(sslClientContextBuilder, SslProvider.OPENSSL); } + + private InputStream getInputStream(ClassLoader classLoader, String resource, String config) { + InputStream is = classLoader.getResourceAsStream(resource); + if (is == null) { + throw new IllegalStateException("Cannot load the " + config + " from " + resource); + } + return is; + + } } diff --git a/alpha/alpha-server/src/main/resources/application.yaml b/alpha/alpha-server/src/main/resources/application.yaml index 41964d0..9ec21b8 100644 --- a/alpha/alpha-server/src/main/resources/application.yaml +++ b/alpha/alpha-server/src/main/resources/application.yaml @@ -21,12 +21,18 @@ alpha: server: host: 0.0.0.0 port: 8080 - ssl: - enable: false - cert: server.crt - key: server.pem - enableMutualAuth: false - clientCert: client.crt + +--- +spring: + profiles: ssl + alpha: + server: + ssl: + enable: true + cert: server.crt + key: server.pem + mutualAuth: true + clientCert: client.crt --- spring: profiles: prd diff --git a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java index aa0036f..f2b8cac 100644 --- a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java +++ b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationTest.java @@ -70,6 +70,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit4.SpringRunner; import com.google.protobuf.ByteString; @@ -82,10 +83,10 @@ import io.grpc.stub.StreamObserver; @SpringBootTest(classes = {AlphaApplication.class, AlphaConfig.class}, properties = { "alpha.server.host=0.0.0.0", - "alpha.server.ssl.enable=false", "alpha.server.port=8090", "alpha.event.pollingInterval=1" }) +@ActiveProfiles("ssl") public class AlphaIntegrationTest { private static final int port = 8090; diff --git a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java index 5c05d18..81d3082 100644 --- a/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java +++ b/alpha/alpha-server/src/test/java/org/apache/servicecomb/saga/alpha/server/AlphaIntegrationWithSSLTest.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLException; import org.junit.BeforeClass; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit4.SpringRunner; import io.grpc.netty.GrpcSslContexts; @@ -36,15 +37,17 @@ import io.netty.handler.ssl.SslProvider; @SpringBootTest(classes = {AlphaApplication.class, AlphaConfig.class}, properties = { "alpha.server.host=0.0.0.0", - "alpha.server.port=8090", "alpha.event.pollingInterval=1", - "alpha.server.ssl.enable=true", "alpha.server.ssl.cert=src/test/resources/server.crt", - "alpha.server.ssl.key=src/test/resources/server.pem", "alpha.server.ssl.enableMutualAuth=true", - "alpha.server.ssl.clientCert=src/test/resources/client.crt"}) + "alpha.server.port=8090", + "alpha.event.pollingInterval=1", + "alpha.server.ssl.enable=true" + }) +@ActiveProfiles("ssl") + public class AlphaIntegrationWithSSLTest extends AlphaIntegrationTest { private static final int port = 8090; @BeforeClass - public static void setupClientChannel() throws Exception { + public static void setupClientChannel() { clientChannel = NettyChannelBuilder.forAddress("localhost", port) .negotiationType(NegotiationType.TLS) .sslContext(getSslContext()) -- To stop receiving notification emails like this one, please contact ningji...@apache.org.