-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support gRPC TLS communication and TLS registry
- Loading branch information
1 parent
3dcd001
commit 8235fb4
Showing
17 changed files
with
352 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
examples/grpc/src/main/java/io/quarkus/qe/grpc/HelloService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,33 @@ | ||
package io.quarkus.qe.grpc; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import io.grpc.stub.StreamObserver; | ||
import io.quarkus.grpc.GrpcService; | ||
import io.quarkus.security.identity.CurrentIdentityAssociation; | ||
|
||
@GrpcService | ||
public class HelloService extends GreeterGrpc.GreeterImplBase { | ||
|
||
@Inject | ||
CurrentIdentityAssociation identityAssociation; | ||
|
||
@Override | ||
public void sayHello(HelloRequest request, StreamObserver<HelloReply> responseObserver) { | ||
String name = request.getName(); | ||
String message = "Hello " + name; | ||
responseObserver.onNext(HelloReply.newBuilder().setMessage(message).build()); | ||
responseObserver.onCompleted(); | ||
} | ||
|
||
@Override | ||
public void sayHi(HiRequest request, StreamObserver<HiReply> responseObserver) { | ||
identityAssociation.getDeferredIdentity().subscribe().with(identity -> { | ||
String name = request.getName(); | ||
String message = "Hello " + name; | ||
String principalName = identity.isAnonymous() ? "" : identity.getPrincipal().getName(); | ||
responseObserver.onNext(HiReply.newBuilder().setMessage(message).setPrincipalName(principalName).build()); | ||
responseObserver.onCompleted(); | ||
}); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file removed
BIN
-2.35 KB
examples/grpc/src/main/resources/META-INF/resources/server.keystore
Binary file not shown.
Binary file removed
BIN
-2.35 KB
examples/grpc/src/main/resources/META-INF/resources/server.truststore
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
examples/grpc/src/test/java/io/quarkus/qe/grpc/GrpcMtlsTlsRegistryIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package io.quarkus.qe.grpc; | ||
|
||
import static io.quarkus.test.services.Certificate.Format.PEM; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import org.junit.jupiter.api.Test; | ||
|
||
import io.quarkus.test.bootstrap.GrpcService; | ||
import io.quarkus.test.scenarios.QuarkusScenario; | ||
import io.quarkus.test.services.Certificate; | ||
import io.quarkus.test.services.Certificate.ClientCertificate; | ||
import io.quarkus.test.services.QuarkusApplication; | ||
|
||
@QuarkusScenario | ||
public class GrpcMtlsTlsRegistryIT { | ||
|
||
private static final String CN = "Hagrid"; | ||
private static final String NAME = "Albus"; | ||
|
||
@QuarkusApplication(grpc = true, ssl = true, certificates = @Certificate(format = PEM, configureHttpServer = true, configureKeystore = true, configureTruststore = true, tlsConfigName = "grpc-tls", clientCertificates = @ClientCertificate(cnAttribute = CN))) | ||
static final GrpcService app = (GrpcService) new GrpcService() | ||
.withProperty("quarkus.grpc.server.use-separate-server", "false") | ||
.withProperty("quarkus.http.insecure-requests", "disabled") | ||
.withProperty("quarkus.http.ssl.client-auth", "request") | ||
.withProperty("quarkus.http.auth.permission.perm-1.policy", "authenticated") | ||
.withProperty("quarkus.http.auth.permission.perm-1.paths", "*") | ||
.withProperty("quarkus.http.auth.permission.perm-1.auth-mechanism", "X509"); | ||
|
||
@Test | ||
public void testMutualTlsCommunicationWithHelloService() { | ||
try (var channel = app.securedGrpcChannel()) { | ||
// here both server and client certificates are generated and used | ||
HiRequest request = HiRequest.newBuilder().setName(NAME).build(); | ||
HiReply response = GreeterGrpc.newBlockingStub(channel).sayHi(request); | ||
|
||
assertEquals("Hello " + NAME, response.getMessage()); | ||
assertEquals("CN=Hagrid", response.getPrincipalName()); | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
examples/grpc/src/test/java/io/quarkus/qe/grpc/GrpcTlsRegistryIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
package io.quarkus.qe.grpc; | ||
|
||
import static io.quarkus.test.services.Certificate.Format.PEM; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.Test; | ||
|
||
import io.grpc.StatusRuntimeException; | ||
import io.quarkus.test.bootstrap.GrpcService; | ||
import io.quarkus.test.scenarios.QuarkusScenario; | ||
import io.quarkus.test.services.Certificate; | ||
import io.quarkus.test.services.QuarkusApplication; | ||
|
||
@QuarkusScenario | ||
public class GrpcTlsRegistryIT { | ||
|
||
private static final String NAME = "Albus"; | ||
|
||
@QuarkusApplication(grpc = true, ssl = true, certificates = @Certificate(format = PEM, configureHttpServer = true, configureKeystore = true, configureTruststore = true, tlsConfigName = "grpc-tls")) | ||
static final GrpcService app = (GrpcService) new GrpcService() | ||
.withProperty("quarkus.grpc.server.use-separate-server", "false") | ||
.withProperty("quarkus.http.insecure-requests", "disabled"); | ||
|
||
@Test | ||
public void testGrpcServiceUsingTls() { | ||
try (var channel = app.securedGrpcChannel()) { | ||
HiRequest request = HiRequest.newBuilder().setName(NAME).build(); | ||
HiReply response = GreeterGrpc.newBlockingStub(channel).sayHi(request); | ||
|
||
assertEquals("Hello " + NAME, response.getMessage()); | ||
// no authentication | ||
assertEquals("", response.getPrincipalName()); | ||
} | ||
} | ||
|
||
@Test | ||
public void testUsingTlsIsRequired() { | ||
try (var channel = app.grpcChannel()) { | ||
var greeterGrpcStub = GreeterGrpc.newBlockingStub(channel); | ||
HiRequest request = HiRequest.newBuilder().setName(NAME).build(); | ||
Assertions.assertThrows(StatusRuntimeException.class, () -> greeterGrpcStub.sayHi(request), | ||
"Secured channel should be required but isn't"); | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 changes: 7 additions & 1 deletion
8
...s-test-core/src/main/java/io/quarkus/test/security/certificate/ClientCertificateImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,10 @@ | ||
package io.quarkus.test.security.certificate; | ||
|
||
record ClientCertificateImpl(String commonName, String keystorePath, String truststorePath) implements ClientCertificate { | ||
record ClientCertificateImpl(String commonName, String keystorePath, String truststorePath, String keyPath, | ||
String certPath) implements PemClientCertificate { | ||
|
||
ClientCertificateImpl(String commonName, String keystorePath, String truststorePath) { | ||
this(commonName, keystorePath, truststorePath, null, null); | ||
} | ||
|
||
} |
9 changes: 9 additions & 0 deletions
9
...us-test-core/src/main/java/io/quarkus/test/security/certificate/PemClientCertificate.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package io.quarkus.test.security.certificate; | ||
|
||
public interface PemClientCertificate extends ClientCertificate { | ||
|
||
String keyPath(); | ||
|
||
String certPath(); | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.