3939import io .grpc .internal .FakeClock ;
4040import io .grpc .internal .GrpcUtil ;
4141import io .grpc .internal .SharedResourceHolder ;
42- import io .grpc .internal .testing .TestUtils ;
4342import io .grpc .testing .GrpcCleanupRule ;
4443import io .grpc .testing .TlsTesting ;
45- import io .netty . handler . ssl . util . SelfSignedCertificate ;
44+ import java . io .InputStream ;
4645import java .net .InetAddress ;
4746import java .net .InetSocketAddress ;
4847import java .net .Socket ;
49- import java .security .KeyStore ;
50- import java .security .cert .Certificate ;
5148import java .util .concurrent .ScheduledExecutorService ;
5249import javax .net .SocketFactory ;
53- import javax .net .ssl .KeyManagerFactory ;
50+ import javax .net .ssl .KeyManager ;
5451import javax .net .ssl .SSLContext ;
5552import javax .net .ssl .SSLServerSocket ;
5653import javax .net .ssl .SSLSocket ;
5754import javax .net .ssl .SSLSocketFactory ;
58- import javax .net .ssl .TrustManagerFactory ;
55+ import javax .net .ssl .TrustManager ;
5956import javax .security .auth .x500 .X500Principal ;
6057import org .junit .Rule ;
6158import org .junit .Test ;
@@ -168,16 +165,12 @@ public void sslSocketFactoryFrom_unsupportedTls() {
168165
169166 @ Test
170167 public void sslSocketFactoryFrom_tls_customRoots () throws Exception {
171- SelfSignedCertificate cert = new SelfSignedCertificate (TestUtils .TEST_SERVER_HOST );
172- KeyStore keyStore = KeyStore .getInstance (KeyStore .getDefaultType ());
173- keyStore .load (null );
174- keyStore .setKeyEntry ("mykey" , cert .key (), new char [0 ], new Certificate [] {cert .cert ()});
175- KeyManagerFactory keyManagerFactory =
176- KeyManagerFactory .getInstance (KeyManagerFactory .getDefaultAlgorithm ());
177- keyManagerFactory .init (keyStore , new char [0 ]);
178-
179168 SSLContext serverContext = SSLContext .getInstance ("TLS" );
180- serverContext .init (keyManagerFactory .getKeyManagers (), null , null );
169+ try (InputStream server1Chain = TlsTesting .loadCert ("server1.pem" );
170+ InputStream server1Key = TlsTesting .loadCert ("server1.key" )) {
171+ serverContext .init (
172+ OkHttpChannelBuilder .createKeyManager (server1Chain , server1Key ), null , null );
173+ }
181174 final SSLServerSocket serverListenSocket =
182175 (SSLServerSocket ) serverContext .getServerSocketFactory ().createServerSocket (0 );
183176 final SettableFuture <SSLSocket > serverSocket = SettableFuture .create ();
@@ -194,9 +187,12 @@ public void sslSocketFactoryFrom_tls_customRoots() throws Exception {
194187 }
195188 }).start ();
196189
197- ChannelCredentials creds = TlsChannelCredentials .newBuilder ()
198- .trustManager (cert .certificate ())
190+ ChannelCredentials creds ;
191+ try (InputStream ca = TlsTesting .loadCert ("ca.pem" )) {
192+ creds = TlsChannelCredentials .newBuilder ()
193+ .trustManager (ca )
199194 .build ();
195+ }
200196 OkHttpChannelBuilder .SslSocketFactoryResult result =
201197 OkHttpChannelBuilder .sslSocketFactoryFrom (creds );
202198 SSLSocket socket =
@@ -208,24 +204,19 @@ public void sslSocketFactoryFrom_tls_customRoots() throws Exception {
208204
209205 @ Test
210206 public void sslSocketFactoryFrom_tls_mtls () throws Exception {
211- SelfSignedCertificate cert = new SelfSignedCertificate (TestUtils .TEST_SERVER_HOST );
212- KeyStore keyStore = KeyStore .getInstance (KeyStore .getDefaultType ());
213- keyStore .load (null );
214- keyStore .setKeyEntry ("mykey" , cert .key (), new char [0 ], new Certificate [] {cert .cert ()});
215- KeyManagerFactory keyManagerFactory =
216- KeyManagerFactory .getInstance (KeyManagerFactory .getDefaultAlgorithm ());
217- keyManagerFactory .init (keyStore , new char [0 ]);
218-
219- KeyStore certStore = KeyStore .getInstance (KeyStore .getDefaultType ());
220- certStore .load (null );
221- certStore .setCertificateEntry ("mycert" , cert .cert ());
222- TrustManagerFactory trustManagerFactory =
223- TrustManagerFactory .getInstance (TrustManagerFactory .getDefaultAlgorithm ());
224- trustManagerFactory .init (certStore );
207+ KeyManager [] keyManagers ;
208+ try (InputStream server1Chain = TlsTesting .loadCert ("server1.pem" );
209+ InputStream server1Key = TlsTesting .loadCert ("server1.key" )) {
210+ keyManagers = OkHttpChannelBuilder .createKeyManager (server1Chain , server1Key );
211+ }
212+
213+ TrustManager [] trustManagers ;
214+ try (InputStream ca = TlsTesting .loadCert ("ca.pem" )) {
215+ trustManagers = OkHttpChannelBuilder .createTrustManager (ca );
216+ }
225217
226218 SSLContext serverContext = SSLContext .getInstance ("TLS" );
227- serverContext .init (
228- keyManagerFactory .getKeyManagers (), trustManagerFactory .getTrustManagers (), null );
219+ serverContext .init (keyManagers , trustManagers , null );
229220 final SSLServerSocket serverListenSocket =
230221 (SSLServerSocket ) serverContext .getServerSocketFactory ().createServerSocket (0 );
231222 serverListenSocket .setNeedClientAuth (true );
@@ -244,40 +235,31 @@ public void sslSocketFactoryFrom_tls_mtls() throws Exception {
244235 }).start ();
245236
246237 ChannelCredentials creds = TlsChannelCredentials .newBuilder ()
247- .keyManager (keyManagerFactory . getKeyManagers () )
248- .trustManager (trustManagerFactory . getTrustManagers () )
238+ .keyManager (keyManagers )
239+ .trustManager (trustManagers )
249240 .build ();
250241 OkHttpChannelBuilder .SslSocketFactoryResult result =
251242 OkHttpChannelBuilder .sslSocketFactoryFrom (creds );
252243 SSLSocket socket =
253244 (SSLSocket ) result .factory .createSocket ("localhost" , serverListenSocket .getLocalPort ());
254245 socket .getSession (); // Force handshake
255246 assertThat (((X500Principal ) serverSocket .get ().getSession ().getPeerPrincipal ()).getName ())
256- .isEqualTo ("CN=" + TestUtils . TEST_SERVER_HOST );
247+ .isEqualTo ("CN=*.test.google.com,O=Example \\ , Co.,L=Chicago,ST=Illinois,C=US" );
257248 socket .close ();
258249 serverSocket .get ().close ();
259250 }
260251
261252 @ Test
262253 public void sslSocketFactoryFrom_tls_mtls_keyFile () throws Exception {
263- SelfSignedCertificate cert = new SelfSignedCertificate (TestUtils .TEST_SERVER_HOST );
264- KeyStore keyStore = KeyStore .getInstance (KeyStore .getDefaultType ());
265- keyStore .load (null );
266- keyStore .setKeyEntry ("mykey" , cert .key (), new char [0 ], new Certificate [] {cert .cert ()});
267- KeyManagerFactory keyManagerFactory =
268- KeyManagerFactory .getInstance (KeyManagerFactory .getDefaultAlgorithm ());
269- keyManagerFactory .init (keyStore , new char [0 ]);
270-
271- KeyStore certStore = KeyStore .getInstance (KeyStore .getDefaultType ());
272- certStore .load (null );
273- certStore .setCertificateEntry ("mycert" , cert .cert ());
274- TrustManagerFactory trustManagerFactory =
275- TrustManagerFactory .getInstance (TrustManagerFactory .getDefaultAlgorithm ());
276- trustManagerFactory .init (certStore );
277-
278254 SSLContext serverContext = SSLContext .getInstance ("TLS" );
279- serverContext .init (
280- keyManagerFactory .getKeyManagers (), trustManagerFactory .getTrustManagers (), null );
255+ try (InputStream server1Chain = TlsTesting .loadCert ("server1.pem" );
256+ InputStream server1Key = TlsTesting .loadCert ("server1.key" );
257+ InputStream ca = TlsTesting .loadCert ("ca.pem" )) {
258+ serverContext .init (
259+ OkHttpChannelBuilder .createKeyManager (server1Chain , server1Key ),
260+ OkHttpChannelBuilder .createTrustManager (ca ),
261+ null );
262+ }
281263 final SSLServerSocket serverListenSocket =
282264 (SSLServerSocket ) serverContext .getServerSocketFactory ().createServerSocket (0 );
283265 serverListenSocket .setNeedClientAuth (true );
@@ -295,17 +277,22 @@ public void sslSocketFactoryFrom_tls_mtls_keyFile() throws Exception {
295277 }
296278 }).start ();
297279
298- ChannelCredentials creds = TlsChannelCredentials .newBuilder ()
299- .keyManager (cert .certificate (), cert .privateKey ())
300- .trustManager (cert .certificate ())
301- .build ();
280+ ChannelCredentials creds ;
281+ try (InputStream server1Chain = TlsTesting .loadCert ("server1.pem" );
282+ InputStream server1Key = TlsTesting .loadCert ("server1.key" );
283+ InputStream ca = TlsTesting .loadCert ("ca.pem" )) {
284+ creds = TlsChannelCredentials .newBuilder ()
285+ .keyManager (server1Chain , server1Key )
286+ .trustManager (ca )
287+ .build ();
288+ }
302289 OkHttpChannelBuilder .SslSocketFactoryResult result =
303290 OkHttpChannelBuilder .sslSocketFactoryFrom (creds );
304291 SSLSocket socket =
305292 (SSLSocket ) result .factory .createSocket ("localhost" , serverListenSocket .getLocalPort ());
306293 socket .getSession (); // Force handshake
307294 assertThat (((X500Principal ) serverSocket .get ().getSession ().getPeerPrincipal ()).getName ())
308- .isEqualTo ("CN=" + TestUtils . TEST_SERVER_HOST );
295+ .isEqualTo ("CN=*.test.google.com,O=Example \\ , Co.,L=Chicago,ST=Illinois,C=US" );
309296 socket .close ();
310297 serverSocket .get ().close ();
311298 }
0 commit comments