affine/jobserv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactors to server tls code

Browse source
This commit is contained in:
Aidan Hahn 2019-05-19 13:03:53 -07:00
parent 3021a1d405
commit a932852b2c
No known key found for this signature in database
GPG key ID: 327711E983899316
4 changed files with 44 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -1,6 +1,9 @@
# JobServ
Remote Procedure Calls over the protobuf API
# Requirements
- openssl
# Building
Gradle will manage dependencies, generate code, compile the java, and package the code.
Simply run the folllowing command:

6
buildwrapper.sh
View file

@ -6,6 +6,8 @@ SERVER_PATH=resources/server
CLIENT_CA_CN=jobserv-client-ca
CLIENT_CN=jobserv-client
CLIENT_PATH=resources/client
TEST_CA_CN=jobserv-bad-cert-ca
TEST_CN=jobserv-bad-cert
TEST_PATH=resources/test
rm -rf resources/*
@ -32,7 +34,7 @@ openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.ke
echo "[+] Generating Client CA Cert"
openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"
echo "[+] Generating test CA Key"
openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=DontUseMe"
openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}"
# Generate Server Key, Signing request, cert
@ -59,7 +61,7 @@ openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_
echo "[+] Generating test key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096
echo "[+] Generating test signing request"
openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${DontUseMe}"
openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}"
echo "[+] Generating test certificate "
openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt
echo "[+] Removing passphrase from test key"

4
src/main/java/JobServ/JobServClient.java
View file

@ -226,7 +226,7 @@ public class JobServClient {
// fails if port is improperly formatted or if an ssl exception occurs
JobServClient client;
try {
client = new JobServClient(args[0], Integer.parseInt(args[1]), args[2], args[1], args[0]);
client = new JobServClient(args[3], Integer.parseInt(args[4]), args[2], args[1], args[0]);
} catch (NumberFormatException e) {
System.out.println("Invalid Port");
@ -239,7 +239,7 @@ public class JobServClient {
// declare pid up here so that multiple switch cases can use it
int candidatePid;
// parse remaining args
switch (args[2]) {
switch (args[5]) {
case "new":
if (args.length < 7) {
System.out.println("Improper formatting, try client --help");

58
src/main/java/JobServ/JobServServer.java
View file

@ -31,31 +31,30 @@ public class JobServServer {
private Server server;
private final int port;
private final String certChainFilePath;
private final String privateKeyFilePath;
private final String trustCertCollectionFilePath;
private final SslContext ssl;
/*
* Constructor
* Sets port and builds sslContext
*/
public JobServServer(int port,
String certChainFilePath,
String privateKeyFilePath,
String trustCertCollectionFilePath) {
String serverCert,
String privateKey,
String trustStore) {
this.port = port;
this.certChainFilePath = certChainFilePath;
this.privateKeyFilePath = privateKeyFilePath;
this.trustCertCollectionFilePath = trustCertCollectionFilePath;
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(new File(serverCert), new File(privateKey));
// Mutual TLS trust store and require client auth
sslContextBuilder.trustManager(new File(trustStore));
sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
this.ssl = GrpcSslContexts.configure(sslClientContextBuilder).build();
}
private SslContextBuilder getSslContextBuilder() {
SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath),
new File(privateKeyFilePath));
sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
return GrpcSslContexts.configure(sslClientContextBuilder);
}
// starts the GRPC API Server
/*
* start()
* this initializes the server
*/
private void start() throws IOException {
// TODO: this should be passed in from a configuration manager
server = NettyServerBuilder.forPort(port)
@ -76,25 +75,38 @@ public class JobServServer {
});
}
/*
* stop()
* This is called when ctrl+c is pressed
*/
private void stop() {
if (server != null) {
server.shutdown();
}
}
// spinlock for main()
/*
* blockUntilShutdown()
* This is more or less the main loop of the server.
* It spins until shutdown is called.
*/
private void blockUntilShutdown() throws InterruptedException {
if (server != null) {
server.awaitTermination();
}
}
// Main function. starts GRPC server and spins until server is shutdown
/*
* main()
* Entrypoint of hte server
* parses args and initializes a server object.
* calls server main loop.
*/
public static void main(String[] args) throws IOException, InterruptedException {
int port = 8448; // TODO: port and key/cert files should be handled by a config manager
if(args.length < 3) {
System.out.println("Usage: ./jobserv-server certchain privatekey truststore");
System.out.println("Usage: ./jobserv-server cert privatekey truststore");
return;
}