From c855151af8f121e29ff5c3207bb5876e0e029014 Mon Sep 17 00:00:00 2001 From: Aidan Hahn Date: Sat, 18 May 2019 15:28:36 -0700 Subject: [PATCH] server side tls code --- src/main/java/JobServ/JobServServer.java | 45 +++++++++++++++++++++--- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/src/main/java/JobServ/JobServServer.java b/src/main/java/JobServ/JobServServer.java index 682da01..2230bf4 100644 --- a/src/main/java/JobServ/JobServServer.java +++ b/src/main/java/JobServ/JobServServer.java @@ -11,11 +11,15 @@ package JobServ; import io.grpc.Server; import io.grpc.ServerBuilder; import io.grpc.stub.StreamObserver; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.netty.NettyServerBuilder; +import io.netty.handler.ssl.ClientAuth; +import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslProvider; import java.io.IOException; import java.util.logging.Logger; - /* * The JobServServer class implements the JobServ protobuf API * It does this by extending the gRPC stub code. @@ -26,16 +30,40 @@ public class JobServServer { private static final Logger logger = Logger.getLogger(JobServServer.class.getName()); private Server server; + private final int port; + private final String certChainFilePath; + private final String privateKeyFilePath; + private final String trustCertCollectionFilePath; + + public JobServServer(int port, + String certChainFilePath, + String privateKeyFilePath, + String trustCertCollectionFilePath) { + this.port = port; + this.certChainFilePath = certChainFilePath; + this.privateKeyFilePath = privateKeyFilePath; + this.trustCertCollectionFilePath = trustCertCollectionFilePath; + } + + private SslContextBuilder getSslContextBuilder() { + SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath), + new File(privateKeyFilePath)); + + sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath)); + sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE); + + return GrpcSslContexts.configure(sslClientContextBuilder); // starts the GRPC API Server private void start() throws IOException { // TODO: this should be passed in from a configuration manager - int port = 8448; - server = ServerBuilder.forPort(port) + server = ServerBuilder.forPort(this.port) .addService(new ShellServerImpl()) + .sslContext(getSslContextBuilder().build()) .build() .start(); - logger.info("Server initialized without tls"); + logger.info("Server initialized!"); + Runtime.getRuntime().addShutdownHook(new Thread() { @Override public void run() { @@ -62,7 +90,14 @@ public class JobServServer { // Main function. starts GRPC server and spins until server is shutdown public static void main(String[] args) throws IOException, InterruptedException { - final JobServServer server = new JobServServer(); + int port = 8448; // TODO: port and key/cert files should be handled by a config manager + + if(args.length < 3) { + System.out.println("Usage: ./jobserv-server certchain privatekey truststore"); + return; + } + + final JobServServer server = new JobServServer(8448, args[0], args[1], args[2]); server.start(); server.blockUntilShutdown(); }