grpc加密TLS初体验(go、java版本)

grpc-go、java的安装编译helloworld可以参考如下文章

openssl的安装、生成秘钥证书可以参考如下文章

示例代码go版本

服务端代码

package main

import (

"fmt"

"log"

"net"

pb "github.com/grpc/grpc-common/go/helloworld"

"golang.org/x/net/context"

"google.golang.org/grpc"

"google.golang.org/grpc/credentials"

)

const (

port = ":50051"

)

type server struct{}

func (s *server) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {

fmt.Println("--->>> request name = ", in.Name)

return &pb.HelloReply{Message: "--->>> Hello " + in.Name}, nil

}

func main() {

lis, err := net.Listen("tcp", port)

if err != nil {

log.Fatalf("failed to listen: %v", err)

}

fmt.Println(">>> server is starting in 127.0.0.1 and port " + port + " >>>")

s := grpc.NewServer()

pb.RegisterGreeterServer(s, &server{})

creds, err := credentials.NewServerTLSFromFile("D:/BaiduYunDownload/server1.pem", "D:/BaiduYunDownload/server1.key")

if err != nil {

fmt.Println("Failed to generate credentials: ", err)

}

s.Serve(creds.NewListener(lis))

}

客户端代码

package main

import (

"log"

"os"

pb "github.com/grpc/grpc-common/go/helloworld"

"golang.org/x/net/context"

"google.golang.org/grpc"

"google.golang.org/grpc/credentials"

)

const (

address     = "127.0.0.1:50051"

defaultName = "world"

)

func main() {

var opts []grpc.DialOption

var creds credentials.TransportAuthenticator

var err error

creds, err = credentials.NewClientTLSFromFile("D:/BaiduYunDownload/ca.pem", "x.test.youtube.com")

if err != nil {

log.Fatalf("Failed to create TLS credentials %v", err)

}

opts = append(opts, grpc.WithTransportCredentials(creds))

conn, err := grpc.Dial(address, opts...)

if err != nil {

log.Fatalf("did not connect: %v", err)

}

log.Printf(">>> connect success >>>")

defer conn.Close()

c := pb.NewGreeterClient(conn)

name := defaultName

if len(os.Args) > 1 {

name = os.Args[1]

}

r, err := c.SayHello(context.Background(), &pb.HelloRequest{Name: name})

if err != nil {

log.Fatalf("could not greet: %v", err)

}

log.Printf("Greeting: %s", r.Message)

}

示例代码java版本

服务端代码：

packageio.grpc.examples.helloworld;

importio.grpc.ServerImpl;

importio.grpc.stub.StreamObserver;

importio.grpc.transport.netty.NettyServerBuilder;

importio.netty.handler.ssl.SslContext;

importjava.io.File;

importjava.util.logging.Logger;

public classHelloWorldServer {

private static finalLoggerlogger= Logger

.getLogger(HelloWorldServer.class.getName());

private int port= 50051;

privateServerImplserver;

private voidstart()throwsException {

@SuppressWarnings("deprecation")

SslContext sslContext = SslContext.newServerContext(newFile(

"D:/BaiduYunDownload/server3.pem"),newFile(

"D:/BaiduYunDownload/server3_pkcs8.key"));

server= NettyServerBuilder.forPort(port).sslContext(sslContext)

.addService(GreeterGrpc.bindService(newGreeterImpl())).build()

.start();

logger.info("Server started, listening on "+port);

Runtime.getRuntime().addShutdownHook(newThread() {

@Override

public voidrun() {

System.err

.println("*** shutting down gRPC server since JVM is shutting down");

HelloWorldServer.this.stop();

System.err.println("*** server shut down");

}

});

}

private voidstop() {

if(server!=null) {

server.shutdown();

}

}

public static voidmain(String[] args)throwsException {

finalHelloWorldServer server =newHelloWorldServer();

server.start();

}

private classGreeterImplimplementsGreeterGrpc.Greeter {

@Override

public voidsayHello(HelloRequest req,

StreamObserver responseObserver) {

System.out.println("--->>> name = "+ req.getName());

HelloResponse reply = HelloResponse.newBuilder()

.setMessage("Hello "+ req.getName()).build();

responseObserver.onValue(reply);

responseObserver.onCompleted();

}

}

}

客户端代码：

packageio.grpc.examples.helloworld;

importio.grpc.ChannelImpl;

importio.grpc.transport.netty.NegotiationType;

importio.grpc.transport.netty.NettyChannelBuilder;

importio.netty.handler.ssl.SslContext;

importjava.io.File;

importjava.security.NoSuchAlgorithmException;

importjava.util.concurrent.TimeUnit;

importjava.util.logging.Level;

importjava.util.logging.Logger;

importjavax.net.ssl.SSLException;

public classHelloWorldClient {

private static finalLoggerlogger= Logger

.getLogger(HelloWorldClient.class.getName());

private finalChannelImplchannel;

private finalGreeterGrpc.GreeterBlockingStubblockingStub;

publicHelloWorldClient(String host,intport)throwsSSLException,

NoSuchAlgorithmException {

@SuppressWarnings("deprecation")

//这里要注意下由于java版本的没有提供像go那样的可以指定域名

// java版本源代码中把host传入作为证书域名

//域名是在证书生成的过程中自己输入的

SslContext sslContext = SslContext.newClientContext(newFile(

"D:/BaiduYunDownload/ca3.pem"));

channel= NettyChannelBuilder.forAddress(host, port)

.sslContext(sslContext).negotiationType(NegotiationType.TLS)

.build();

blockingStub= GreeterGrpc.newBlockingStub(channel);

}

public voidshutdown()throwsInterruptedException {

channel.shutdown().awaitTerminated(5, TimeUnit.SECONDS);

}

public voidgreet(String name) {

try{

logger.info("Will try to greet "+ name);

HelloRequest request = HelloRequest.newBuilder().setName(name)

.build();

HelloResponse response =blockingStub.sayHello(request);

logger.info("Greeting: "+ response.getMessage());

}catch(RuntimeException e) {

logger.log(Level.WARNING,"RPC failed", e);

return;

}

}

public static voidmain(String[] args)throwsException {

HelloWorldClient client =newHelloWorldClient("localhost", 50051);

try{

String user ="world";

if(args.length> 0) {

user = args[0];

}

client.greet(user);

}finally{

client.shutdown();

}

}

}

示例代码下载

有疑问加站长微信联系(非本文作者)