affine/jobserv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactors to server tls code

Browse source
This commit is contained in:
Aidan Hahn 2019-05-19 13:03:53 -07:00
parent 3021a1d405
commit a932852b2c
No known key found for this signature in database
GPG key ID: 327711E983899316
4 changed files with 44 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -1,6 +1,9 @@
# JobServ # JobServ
Remote Procedure Calls over the protobuf API Remote Procedure Calls over the protobuf API
# Requirements
- openssl
# Building # Building
Gradle will manage dependencies, generate code, compile the java, and package the code. Gradle will manage dependencies, generate code, compile the java, and package the code.
Simply run the folllowing command: Simply run the folllowing command:

6
buildwrapper.sh
View file

@ -6,6 +6,8 @@ SERVER_PATH=resources/server
CLIENT_CA_CN=jobserv-client-ca CLIENT_CA_CN=jobserv-client-ca
CLIENT_CN=jobserv-client CLIENT_CN=jobserv-client
CLIENT_PATH=resources/client CLIENT_PATH=resources/client
TEST_CA_CN=jobserv-bad-cert-ca
TEST_CN=jobserv-bad-cert
TEST_PATH=resources/test TEST_PATH=resources/test
rm -rf resources/* rm -rf resources/*
@ -32,7 +34,7 @@ openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.ke
echo "[+] Generating Client CA Cert" echo "[+] Generating Client CA Cert"
openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}" openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"
echo "[+] Generating test CA Key" echo "[+] Generating test CA Key"
openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=DontUseMe" openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}"
# Generate Server Key, Signing request, cert # Generate Server Key, Signing request, cert
@ -59,7 +61,7 @@ openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_
echo "[+] Generating test key" echo "[+] Generating test key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096 openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096
echo "[+] Generating test signing request" echo "[+] Generating test signing request"
openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${DontUseMe}" openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}"
echo "[+] Generating test certificate " echo "[+] Generating test certificate "
openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt
echo "[+] Removing passphrase from test key" echo "[+] Removing passphrase from test key"

4
src/main/java/JobServ/JobServClient.java
View file

@ -226,7 +226,7 @@ public class JobServClient {
// fails if port is improperly formatted or if an ssl exception occurs // fails if port is improperly formatted or if an ssl exception occurs
JobServClient client; JobServClient client;
try { try {
client = new JobServClient(args[0], Integer.parseInt(args[1]), args[2], args[1], args[0]); client = new JobServClient(args[3], Integer.parseInt(args[4]), args[2], args[1], args[0]);
} catch (NumberFormatException e) { } catch (NumberFormatException e) {
System.out.println("Invalid Port"); System.out.println("Invalid Port");
@ -239,7 +239,7 @@ public class JobServClient {
// declare pid up here so that multiple switch cases can use it // declare pid up here so that multiple switch cases can use it
int candidatePid; int candidatePid;
// parse remaining args // parse remaining args
switch (args[2]) { switch (args[5]) {
case "new": case "new":
if (args.length < 7) { if (args.length < 7) {
System.out.println("Improper formatting, try client --help"); System.out.println("Improper formatting, try client --help");

58
src/main/java/JobServ/JobServServer.java
View file

@ -31,31 +31,30 @@ public class JobServServer {
private Server server; private Server server;
private final int port; private final int port;
private final String certChainFilePath; private final SslContext ssl;
private final String privateKeyFilePath;
private final String trustCertCollectionFilePath;
/*
* Constructor
* Sets port and builds sslContext
*/
public JobServServer(int port, public JobServServer(int port,
String certChainFilePath, String serverCert,
String privateKeyFilePath, String privateKey,
String trustCertCollectionFilePath) { String trustStore) {
this.port = port; this.port = port;
this.certChainFilePath = certChainFilePath; SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(new File(serverCert), new File(privateKey));
this.privateKeyFilePath = privateKeyFilePath;
this.trustCertCollectionFilePath = trustCertCollectionFilePath; // Mutual TLS trust store and require client auth
sslContextBuilder.trustManager(new File(trustStore));
sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
this.ssl = GrpcSslContexts.configure(sslClientContextBuilder).build();
} }
private SslContextBuilder getSslContextBuilder() { /*
SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath), * start()
new File(privateKeyFilePath)); * this initializes the server
*/
sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
return GrpcSslContexts.configure(sslClientContextBuilder);
}
// starts the GRPC API Server
private void start() throws IOException { private void start() throws IOException {
// TODO: this should be passed in from a configuration manager // TODO: this should be passed in from a configuration manager
server = NettyServerBuilder.forPort(port) server = NettyServerBuilder.forPort(port)
@ -76,25 +75,38 @@ public class JobServServer {
}); });
} }
/*
* stop()
* This is called when ctrl+c is pressed
*/
private void stop() { private void stop() {
if (server != null) { if (server != null) {
server.shutdown(); server.shutdown();
} }
} }
// spinlock for main() /*
* blockUntilShutdown()
* This is more or less the main loop of the server.
* It spins until shutdown is called.
*/
private void blockUntilShutdown() throws InterruptedException { private void blockUntilShutdown() throws InterruptedException {
if (server != null) { if (server != null) {
server.awaitTermination(); server.awaitTermination();
} }
} }
// Main function. starts GRPC server and spins until server is shutdown /*
* main()
* Entrypoint of hte server
* parses args and initializes a server object.
* calls server main loop.
*/
public static void main(String[] args) throws IOException, InterruptedException { public static void main(String[] args) throws IOException, InterruptedException {
int port = 8448; // TODO: port and key/cert files should be handled by a config manager int port = 8448; // TODO: port and key/cert files should be handled by a config manager
if(args.length < 3) { if(args.length < 3) {
System.out.println("Usage: ./jobserv-server certchain privatekey truststore"); System.out.println("Usage: ./jobserv-server cert privatekey truststore");
return; return;
} }