Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GRPC transport encryption #273

Merged
merged 9 commits into from
Aug 12, 2020
Merged

GRPC transport encryption #273

merged 9 commits into from
Aug 12, 2020

Conversation

lanwen
Copy link
Collaborator

@lanwen lanwen commented Feb 19, 2020

related to #188

build.gradle Outdated Show resolved Hide resolved
applicationContext.registerBean(
JWTAuthGRPCTransportConfigurer.class,
() -> new JWTAuthGRPCTransportConfigurer(verifier)
() -> new JWTAuthGRPCTransportConfigurer(authProperties)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems to be handled in #274, probably shouldn't be changed in this PR to avoid conflicts

@lanwen
Copy link
Collaborator Author

lanwen commented Feb 19, 2020

this one is draft, yeah

@lanwen
Copy link
Collaborator Author

lanwen commented Feb 19, 2020

So I've tried to get keys and certs using this manual:
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/authentication-authorization.html

Also didn't try yet
https://github.com/grpc/grpc-java/pull/3992/files#diff-1c0f522a61adc59307209c8e0296db49R39
https://github.com/grpc/grpc-java/blob/master/testing/src/main/resources/certs/README

but it should be actually exactly the same...

With absolute paths for now, just to not spend time on relative path issues.
Currently,

UNAVAILABLE: io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]

is the only response I've got

.forAddress("localhost", port)
.directExecutor()
.sslContext(GrpcSslContexts.forClient()
.trustManager(ResourceUtils.getFile("/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt"))
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

err?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, didn't get? That's either ca, or server cert to trust

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the path to the file is hardcoded and obviously won't work on others' machines :)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, sure, thats a very dirty draft, I didn't mean to leave it as is. I just wansn't able to achieve anything with certs.

@lanwen
Copy link
Collaborator Author

lanwen commented May 14, 2020

could try to automate cert creation for the test, so that it would be easier for you to test same way as I did

@lanwen
Copy link
Collaborator Author

lanwen commented May 14, 2020

@bsideup I updated certs and paths following https://github.com/grpc/grpc-java/tree/master/testing/src/main/resources/certs so you could try to launch

@lanwen lanwen marked this pull request as ready for review August 11, 2020 23:10
@lanwen
Copy link
Collaborator Author

lanwen commented Aug 11, 2020

That's awesome! So what was wrong with the certs - how did you generate them finally?

@bsideup
Copy link
Owner

bsideup commented Aug 12, 2020

@lanwen FTR:
certs were generated for Google domains, and we were using localhost. Re-generating the certs (as per https://github.com/grpc/grpc-java/tree/master/testing/src/main/resources/certs ) fixed the issue :)

@bsideup bsideup merged commit d29e6c5 into master Aug 12, 2020
@bsideup bsideup deleted the grpc-tls branch August 12, 2020 20:22
@bsideup bsideup added this to the next milestone Aug 12, 2020
@bsideup bsideup added the enhancement New feature or request label Aug 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants