Skip to content

Commit

Permalink
Merge pull request #39287 from cescoffier/new-cert-gen
Browse files Browse the repository at this point in the history
  • Loading branch information
cescoffier authored Mar 8, 2024
2 parents fb3c0b8 + 708a70f commit fc5df7c
Show file tree
Hide file tree
Showing 17 changed files with 1,078 additions and 3 deletions.
2 changes: 1 addition & 1 deletion build-parent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,7 @@
<dependency>
<groupId>me.escoffier.certs</groupId>
<artifactId>certificate-generator-junit5</artifactId>
<version>0.4.3</version>
<version>0.5.0</version>
<scope>test</scope>
</dependency>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package io.quarkus.grpc.client.tls;

import static org.assertj.core.api.Assertions.assertThat;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.grpc.examples.helloworld.GreeterGrpc;
import io.grpc.examples.helloworld.HelloReply;
import io.grpc.examples.helloworld.HelloRequest;
import io.quarkus.grpc.GrpcClient;
import io.quarkus.test.QuarkusUnitTest;
import me.escoffier.certs.Format;
import me.escoffier.certs.junit5.Alias;
import me.escoffier.certs.junit5.Certificate;
import me.escoffier.certs.junit5.Certificates;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "grpc-alias", password = "password", formats = { Format.JKS, Format.PEM,
Format.PKCS12 }, client = true, aliases = @Alias(name = "alias", password = "alias-password", subjectAlternativeNames = "DNS:localhost"))
})
class MtlsWithJKSTrustStoreWithHttpServerWithAliasTest {

private static final String configuration = """
quarkus.grpc.clients.hello.plain-text=false
quarkus.grpc.clients.hello.tls.trust-certificate-jks.path=target/certs/grpc-alias-client-truststore.jks
quarkus.grpc.clients.hello.tls.trust-certificate-jks.password=password
quarkus.grpc.clients.hello.tls.key-certificate-jks.path=target/certs/grpc-alias-client-keystore.jks
quarkus.grpc.clients.hello.tls.key-certificate-jks.password=password
quarkus.grpc.clients.hello.tls.key-certificate-jks.alias=alias
quarkus.grpc.clients.hello.tls.key-certificate-jks.alias-password=alias-password
quarkus.grpc.clients.hello.tls.enabled=true
quarkus.grpc.clients.hello.use-quarkus-grpc-client=true
quarkus.grpc.server.use-separate-server=false
quarkus.grpc.server.plain-text=false # Force the client to use TLS for the tests
quarkus.http.ssl.certificate.key-store-file=target/certs/grpc-alias-keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.key-store-alias=alias
quarkus.http.ssl.certificate.key-store-alias-password=alias-password
quarkus.http.ssl.certificate.trust-store-file=target/certs/grpc-alias-server-truststore.jks
quarkus.http.ssl.certificate.trust-store-password=password
quarkus.http.ssl.client-auth=REQUIRED
quarkus.http.insecure-requests=disabled
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(
() -> ShrinkWrap.create(JavaArchive.class)
.addPackage(HelloWorldTlsEndpoint.class.getPackage())
.addPackage(GreeterGrpc.class.getPackage())
.add(new StringAsset(configuration), "application.properties"));

@GrpcClient("hello")
GreeterGrpc.GreeterBlockingStub blockingHelloService;

@Test
void testClientTlsConfiguration() {
HelloReply reply = blockingHelloService.sayHello(HelloRequest.newBuilder().setName("neo").build());
assertThat(reply.getMessage()).isEqualTo("Hello neo");
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package io.quarkus.grpc.client.tls;

import static org.assertj.core.api.Assertions.assertThat;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.grpc.examples.helloworld.GreeterGrpc;
import io.grpc.examples.helloworld.HelloReply;
import io.grpc.examples.helloworld.HelloRequest;
import io.quarkus.grpc.GrpcClient;
import io.quarkus.test.QuarkusUnitTest;
import me.escoffier.certs.Format;
import me.escoffier.certs.junit5.Alias;
import me.escoffier.certs.junit5.Certificate;
import me.escoffier.certs.junit5.Certificates;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "grpc-alias", password = "password", formats = { Format.JKS, Format.PEM,
Format.PKCS12 }, client = true, aliases = @Alias(name = "alias", password = "alias-password", subjectAlternativeNames = "DNS:localhost"))
})
class MtlsWithP12TrustStoreWithHttpServerWithAliasTest {

private static final String configuration = """
quarkus.grpc.clients.hello.plain-text=false
quarkus.grpc.clients.hello.tls.trust-certificate-jks.path=target/certs/grpc-alias-client-truststore.p12
quarkus.grpc.clients.hello.tls.trust-certificate-jks.password=password
quarkus.grpc.clients.hello.tls.key-certificate-jks.path=target/certs/grpc-alias-client-keystore.p12
quarkus.grpc.clients.hello.tls.key-certificate-jks.password=password
quarkus.grpc.clients.hello.tls.key-certificate-jks.alias=alias
quarkus.grpc.clients.hello.tls.key-certificate-jks.alias-password=alias-password
quarkus.grpc.clients.hello.tls.enabled=true
quarkus.grpc.clients.hello.use-quarkus-grpc-client=true
quarkus.grpc.server.use-separate-server=false
quarkus.grpc.server.plain-text=false # Force the client to use TLS for the tests
quarkus.http.ssl.certificate.key-store-file=target/certs/grpc-alias-keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.key-store-alias=alias
quarkus.http.ssl.certificate.key-store-alias-password=alias-password
quarkus.http.ssl.certificate.trust-store-file=target/certs/grpc-alias-server-truststore.jks
quarkus.http.ssl.certificate.trust-store-password=password
quarkus.http.ssl.client-auth=REQUIRED
quarkus.http.insecure-requests=disabled
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(
() -> ShrinkWrap.create(JavaArchive.class)
.addPackage(HelloWorldTlsEndpoint.class.getPackage())
.addPackage(GreeterGrpc.class.getPackage())
.add(new StringAsset(configuration), "application.properties"));

@GrpcClient("hello")
GreeterGrpc.GreeterBlockingStub blockingHelloService;

@Test
void testClientTlsConfiguration() {
HelloReply reply = blockingHelloService.sayHello(HelloRequest.newBuilder().setName("neo").build());
assertThat(reply.getMessage()).isEqualTo("Hello neo");
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
package io.quarkus.grpc.server.tls;

import static org.assertj.core.api.Assertions.assertThat;

import java.io.File;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.grpc.ManagedChannel;
import io.grpc.examples.helloworld.GreeterGrpc;
import io.grpc.examples.helloworld.HelloReply;
import io.grpc.examples.helloworld.HelloRequest;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext;
import io.quarkus.grpc.server.services.HelloService;
import io.quarkus.test.QuarkusUnitTest;
import me.escoffier.certs.Format;
import me.escoffier.certs.junit5.Alias;
import me.escoffier.certs.junit5.Certificate;
import me.escoffier.certs.junit5.Certificates;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "grpc-alias", password = "password", formats = { Format.JKS, Format.PEM,
Format.PKCS12 }, client = true, aliases = @Alias(name = "alias", password = "alias-password", subjectAlternativeNames = "DNS:localhost"))
})
public class TlsWithHttpServerUsingJKSWithAliasTest {

static String configuration = """
quarkus.grpc.server.use-separate-server=false
quarkus.http.ssl.certificate.key-store-file=target/certs/grpc-alias-keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.key-store-alias=alias
quarkus.http.ssl.certificate.key-store-alias-password=alias-password
quarkus.http.insecure-requests=disabled
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(
() -> ShrinkWrap.create(JavaArchive.class)
.addPackage(GreeterGrpc.class.getPackage())
.addClass(HelloService.class)
.add(new StringAsset(configuration), "application.properties"));

protected ManagedChannel channel;

@BeforeEach
public void init() throws Exception {
File certs = new File("target/certs/alias-ca.crt");
SslContext sslcontext = GrpcSslContexts.forClient()
.trustManager(certs)
.build();
channel = NettyChannelBuilder.forAddress("localhost", 8444)
.sslContext(sslcontext)
.useTransportSecurity()
.build();
}

@AfterEach
public void shutdown() {
if (channel != null) {
channel.shutdownNow();
}
}

@Test
public void testInvokingGrpcServiceUsingTls() {
HelloReply reply = GreeterGrpc.newBlockingStub(channel)
.sayHello(HelloRequest.newBuilder().setName("neo").build());
assertThat(reply.getMessage()).isEqualTo("Hello neo");
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
package io.quarkus.grpc.server.tls;

import static org.assertj.core.api.Assertions.assertThat;

import java.io.File;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.grpc.ManagedChannel;
import io.grpc.examples.helloworld.GreeterGrpc;
import io.grpc.examples.helloworld.HelloReply;
import io.grpc.examples.helloworld.HelloRequest;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext;
import io.quarkus.grpc.server.services.HelloService;
import io.quarkus.test.QuarkusUnitTest;
import me.escoffier.certs.Format;
import me.escoffier.certs.junit5.Alias;
import me.escoffier.certs.junit5.Certificate;
import me.escoffier.certs.junit5.Certificates;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "grpc-alias", password = "password", formats = { Format.JKS, Format.PEM,
Format.PKCS12 }, client = true, aliases = @Alias(name = "alias", password = "alias-password", subjectAlternativeNames = "DNS:localhost"))
})
public class TlsWithHttpServerUsingP12WithAliasTest {

static String configuration = """
quarkus.grpc.server.use-separate-server=false
quarkus.http.ssl.certificate.key-store-file=target/certs/grpc-alias-keystore.p12
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.key-store-alias=alias
quarkus.http.ssl.certificate.key-store-alias-password=alias-password
quarkus.http.insecure-requests=disabled
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(
() -> ShrinkWrap.create(JavaArchive.class)
.addPackage(GreeterGrpc.class.getPackage())
.addClass(HelloService.class)
.add(new StringAsset(configuration), "application.properties"));

protected ManagedChannel channel;

@BeforeEach
public void init() throws Exception {
File certs = new File("target/certs/alias-ca.crt");
SslContext sslcontext = GrpcSslContexts.forClient()
.trustManager(certs)
.build();
channel = NettyChannelBuilder.forAddress("localhost", 8444)
.sslContext(sslcontext)
.useTransportSecurity()
.build();
}

@AfterEach
public void shutdown() {
if (channel != null) {
channel.shutdownNow();
}
}

@Test
public void testInvokingGrpcServiceUsingTls() {
HelloReply reply = GreeterGrpc.newBlockingStub(channel)
.sayHello(HelloRequest.newBuilder().setName("neo").build());
assertThat(reply.getMessage()).isEqualTo("Hello neo");
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
package io.quarkus.grpc.server.tls;

import static org.assertj.core.api.Assertions.assertThat;

import java.io.File;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.grpc.ManagedChannel;
import io.grpc.examples.helloworld.GreeterGrpc;
import io.grpc.examples.helloworld.HelloReply;
import io.grpc.examples.helloworld.HelloRequest;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext;
import io.quarkus.grpc.server.services.HelloService;
import io.quarkus.test.QuarkusUnitTest;
import me.escoffier.certs.Format;
import me.escoffier.certs.junit5.Alias;
import me.escoffier.certs.junit5.Certificate;
import me.escoffier.certs.junit5.Certificates;

@Certificates(baseDir = "target/certs", certificates = {
@Certificate(name = "grpc-alias", password = "password", formats = { Format.JKS, Format.PEM,
Format.PKCS12 }, client = true, aliases = @Alias(name = "alias", password = "alias-password", subjectAlternativeNames = "DNS:localhost"))
})
public class TlsWithJksKeyStoreAndAliasTest {

static String configuration = """
quarkus.grpc.server.ssl.key-store=target/certs/grpc-alias-keystore.jks
quarkus.grpc.server.ssl.key-store-password=password
quarkus.grpc.server.ssl.key-store-alias=alias
quarkus.grpc.server.ssl.key-store-alias-password=alias-password
quarkus.grpc.server.alpn=true
""";

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(
() -> ShrinkWrap.create(JavaArchive.class)
.addPackage(GreeterGrpc.class.getPackage())
.addClass(HelloService.class)
.add(new StringAsset(configuration), "application.properties"));

protected ManagedChannel channel;

@BeforeEach
public void init() throws Exception {
File certs = new File("target/certs/alias-ca.crt");
SslContext sslcontext = GrpcSslContexts.forClient()
.trustManager(certs)
.build();
channel = NettyChannelBuilder.forAddress("localhost", 9001)
.sslContext(sslcontext)
.useTransportSecurity()
.build();
}

@AfterEach
public void shutdown() {
if (channel != null) {
channel.shutdownNow();
}
}

@Test
public void testInvokingGrpcServiceUsingTls() {
HelloReply reply = GreeterGrpc.newBlockingStub(channel)
.sayHello(HelloRequest.newBuilder().setName("neo").build());
assertThat(reply.getMessage()).isEqualTo("Hello neo");
}

}
Loading

0 comments on commit fc5df7c

Please sign in to comment.