server side tls code

src/main/java/JobServ/JobServServer.java

@@ -11,11 +11,15 @@ package JobServ;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.stub.StreamObserver;
+import io.grpc.netty.GrpcSslContexts;
+import io.grpc.netty.NettyServerBuilder;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
 
 import java.io.IOException;
 import java.util.logging.Logger;
 
-
 /*
  * The JobServServer class implements the JobServ protobuf API
  * It does this by extending the gRPC stub code.
@@ -26,16 +30,40 @@ public class JobServServer {
     private static final Logger logger = Logger.getLogger(JobServServer.class.getName());
 
     private Server server;
+    private final int port;
+    private final String certChainFilePath;
+    private final String privateKeyFilePath;
+    private final String trustCertCollectionFilePath;
+
+    public JobServServer(int port,
+                         String certChainFilePath,
+                         String privateKeyFilePath,
+                         String trustCertCollectionFilePath) {
+        this.port = port;
+        this.certChainFilePath = certChainFilePath;
+        this.privateKeyFilePath = privateKeyFilePath;
+        this.trustCertCollectionFilePath = trustCertCollectionFilePath;
+    }
+
+    private SslContextBuilder getSslContextBuilder() {
+        SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath),
+                                                                                new File(privateKeyFilePath));
+
+            sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
+            sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
+
+        return GrpcSslContexts.configure(sslClientContextBuilder);
 
     // starts the GRPC API Server
     private void start() throws IOException {
         // TODO: this should be passed in from a configuration manager
-        int port = 8448;
-        server = ServerBuilder.forPort(port)
+        server = ServerBuilder.forPort(this.port)
             .addService(new ShellServerImpl())
+            .sslContext(getSslContextBuilder().build())
             .build()
             .start();
-        logger.info("Server initialized without tls");
+        logger.info("Server initialized!");
+
         Runtime.getRuntime().addShutdownHook(new Thread() {
                 @Override
                 public void run() {
@@ -62,7 +90,14 @@ public class JobServServer {
 
     // Main function. starts GRPC server and spins until server is shutdown
     public static void main(String[] args) throws IOException, InterruptedException {
-        final JobServServer server = new JobServServer();
+        int port = 8448; // TODO: port and key/cert files should be handled by a config manager 
+
+        if(args.length < 3) {
+            System.out.println("Usage: ./jobserv-server certchain privatekey truststore");
+            return;
+        }
+
+        final JobServServer server = new JobServServer(8448, args[0], args[1], args[2]);
         server.start();
         server.blockUntilShutdown();
     }