NettyGrpcServer -- configure ALPN

Before this change the following exception was thrown when trying to launch the chaincode server with TLS enabled: java.lang.IllegalArgumentException: ALPN must be enabled and list HTTP/2 as a supported protocol. at com.google.common.base.Preconditions.checkArgument(Preconditions.java:142) at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.ensureAlpnAndH2Enabled(GrpcSslContexts.java:260) at io.grpc.netty.shaded.io.grpc.netty.NettyServerBuilder.sslContext(NettyServerBuilder.java:300) at org.hyperledger.fabric.shim.NettyGrpcServer.<init>(NettyGrpcServer.java:60) at org.hyperledger.fabric.shim.NettyChaincodeServer.<init>(NettyChaincodeServer.java:27) at org.hyperledger.fabric.shim.NettyGrpcServerTest.startAndStopTlsWithoutPassword(NettyGrpcServerTest.java:321) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Signed-off-by: Fedor Tokarev <[email protected]>
hyperledger · Jun 8, 2021 · 3a98fc5 · 3a98fc5
1 parent 63c12ff
commit 3a98fc5
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/fabric-chaincode-shim/src/main/java/org/hyperledger/fabric/shim/NettyGrpcServer.java b/fabric-chaincode-shim/src/main/java/org/hyperledger/fabric/shim/NettyGrpcServer.java
@@ -9,6 +9,8 @@
 
 import io.grpc.Server;
 import io.grpc.netty.shaded.io.grpc.netty.NettyServerBuilder;
+import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
+import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolNames;
 import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -56,11 +58,21 @@ public NettyGrpcServer(final ChaincodeBase chaincodeBase, final ChaincodeServerP
             final File keyCertChainFile = Paths.get(chaincodeServerProperties.getKeyCertChainFile()).toFile();
             final File keyFile = Paths.get(chaincodeServerProperties.getKeyFile()).toFile();
 
+            SslContextBuilder sslContextBuilder;
             if (chaincodeServerProperties.getKeyPassword() == null || chaincodeServerProperties.getKeyPassword().isEmpty()) {
-                serverBuilder.sslContext(SslContextBuilder.forServer(keyCertChainFile, keyFile).build());
+                sslContextBuilder = SslContextBuilder.forServer(keyCertChainFile, keyFile);
             } else {
-                serverBuilder.sslContext(SslContextBuilder.forServer(keyCertChainFile, keyFile, chaincodeServerProperties.getKeyPassword()).build());
+                sslContextBuilder = SslContextBuilder.forServer(keyCertChainFile, keyFile, chaincodeServerProperties.getKeyPassword());
             }
+
+            ApplicationProtocolConfig apn = new ApplicationProtocolConfig(
+                    ApplicationProtocolConfig.Protocol.ALPN,
+                    ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
+                    ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
+                    ApplicationProtocolNames.HTTP_2);
+            sslContextBuilder.applicationProtocolConfig(apn);
+
+            serverBuilder.sslContext(sslContextBuilder.build());
         }
 
         logger.info("<<<<<<<<<<<<<chaincodeServerProperties>>>>>>>>>>>>:\n");