zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support TLS Grpc communication between clusters. (#11549)

Browse Source 
* Fix exception code error.(#10925)

* [ISSUE #11456]Add RpcClusterClientTlsConfig.java.

* [ISSUE #11456]Add cluster rpc tls config.

* [ISSUE #11456]Add RpcClusterClientTlsConfig UT.

* [ISSUE #11456]Add cluster server tls.

* [ISSUE #11456]Remove supportCommunicationTypes.

* [ISSUE #11456]Fix unit testing and indentation handling

* [ISSUE #11456]Indentation handling

* [ISSUE #11456]Fix unit test and rpc constants.

* [ISSUE #11456]Fix unit test.

* [ISSUE #11456]Optimize code.

* [ISSUE #11456]Fix check style.

* [ISSUE #11456]Add unit test.

* [ISSUE #11456]Fix check style.

* [ISSUE #11456]Update unit test.

* [ISSUE #11456]Fix unit test.

* [ISSUE #11456]Add License.

* [ISSUE #11456]Fix unit test.

* [ISSUE #11456]Fix unit test.

* [ISSUE #11456]Rename class.

* [ISSUE #11456]Optimize code.

* [ISSUE #11456]Handling indentation issues.

* [ISSUE #11456]Handling indentation issues.

* [ISSUE #11456]Handling indentation issues.

* [ISSUE #11456]Optimize code.

* [ISSUE #11456]Fix unit test.

* [ISSUE #11456]Fix unit testing and compatibility handling.

* [ISSUE #11456]Support TLS GRPC communication between clusters.

* [ISSUE #11456] Fix bugs.

* [ISSUE #11456]Fix bugs.

* [ISSUE #11456]Adjusting parameter names (compatibility considerations).

* [ISSUE #11456]Resolve conflict.

* [ISSUE #11456]Remove ProtocolNegotiatorBuilderManager and abstract ProtocolNegotiatorBuilderSingleton.

* [ISSUE #11456]Remove CommunicationType.java.

* [ISSUE #11456]Optimize code.

* [ISSUE #11456]Revert author.

* Splitting RpcTlsConfigFactory.

* Split RpcConstants.

* Divided RpcTlsConfigFactory, adjusted cluster parameters to "nacos.remote.peer.rpc.tls".

* check style.

* check style.

* unit test.
This commit is contained in:
阿魁 2024-05-15 11:13:29 +08:00 committed by GitHub
parent 6fe43637c0
commit 5169f06654
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
59 changed files with 2177 additions and 972 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api/src/test/java/com/alibaba/nacos/api/remote/RpcScheduledExecutorTest.java
View File

@ -18,18 +18,19 @@ package com.alibaba.nacos.api.remote;
import org.junit.Test;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
public class RpcScheduledExecutorTest {
private static final String NAME = "test.rpc.thread";
Map<String, String> threadNameMap = new HashMap<>();
Map<String, String> threadNameMap = new ConcurrentHashMap<>();
@Test
public void testRpcScheduledExecutor() throws InterruptedException {
@ -37,10 +38,9 @@ public class RpcScheduledExecutorTest {
CountDownLatch latch = new CountDownLatch(2);
executor.submit(new TestRunner(1, latch));
executor.submit(new TestRunner(2, latch));
latch.await(1, TimeUnit.SECONDS);
boolean await = latch.await(1, TimeUnit.SECONDS);
assertTrue(await);
assertEquals(2, threadNameMap.size());
assertEquals(NAME + ".0", threadNameMap.get("1"));
assertEquals(NAME + ".1", threadNameMap.get("2"));
}
private class TestRunner implements Runnable {
@ -56,13 +56,8 @@ public class RpcScheduledExecutorTest {
@Override
public void run() {
try {
threadNameMap.put(String.valueOf(id), Thread.currentThread().getName());
TimeUnit.MILLISECONDS.sleep(500);
} catch (InterruptedException ignored) {
} finally {
latch.countDown();
}
threadNameMap.put(String.valueOf(id), Thread.currentThread().getName());
latch.countDown();
}
}
}

12
client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java
View File

@ -61,6 +61,7 @@ import com.alibaba.nacos.common.remote.client.ConnectionEventListener;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory;
import com.alibaba.nacos.common.remote.client.ServerListFactory;
import com.alibaba.nacos.common.utils.ConnLabelsUtils;
import com.alibaba.nacos.common.utils.ConvertUtils;
@ -128,6 +129,8 @@ public class ClientWorker implements Closeable {
*/
private final AtomicReference<Map<String, CacheData>> cacheMap = new AtomicReference<>(new HashMap<>());
private final DefaultLabelsCollectorManager defaultLabelsCollectorManager = new DefaultLabelsCollectorManager();
private Map<String, String> appLables = new HashMap<>();
private final ConfigFilterChainManager configFilterChainManager;
@ -579,8 +582,6 @@ public class ClientWorker implements Closeable {
return agent.isHealthServer();
}
private static DefaultLabelsCollectorManager defaultLabelsCollectorManager = new DefaultLabelsCollectorManager();
public class ConfigRpcTransportClient extends ConfigTransportClient {
Map<String, ExecutorService> multiTaskExecutor = new HashMap<>();
@ -1088,18 +1089,19 @@ public class ClientWorker implements Closeable {
private RpcClient ensureRpcClient(String taskId) throws NacosException {
synchronized (ClientWorker.this) {
Map<String, String> labels = getLabels();
Map<String, String> newLabels = new HashMap<>(labels);
newLabels.put("taskId", taskId);
RpcClientTlsConfig clientTlsConfig = RpcClientTlsConfigFactory.getInstance()
.createSdkConfig(properties);
RpcClient rpcClient = RpcClientFactory.createClient(uuid + "_config-" + taskId, getConnectionType(),
newLabels, this.properties, RpcClientTlsConfig.properties(this.properties));
newLabels, clientTlsConfig);
if (rpcClient.isWaitInitiated()) {
initRpcClientHandler(rpcClient);
rpcClient.setTenant(getTenant());
rpcClient.start();
}
return rpcClient;
}

4
client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java
View File

@ -58,7 +58,7 @@ import com.alibaba.nacos.common.notify.NotifyCenter;
import com.alibaba.nacos.common.remote.ConnectionType;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory;
import com.alibaba.nacos.common.remote.client.ServerListFactory;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.common.utils.JacksonUtils;
@ -104,7 +104,7 @@ public class NamingGrpcClientProxy extends AbstractNamingClientProxy {
labels.put(RemoteConstants.LABEL_MODULE, RemoteConstants.LABEL_MODULE_NAMING);
labels.put(Constants.APPNAME, AppNameUtils.getAppName());
this.rpcClient = RpcClientFactory.createClient(uuid, ConnectionType.GRPC, labels,
RpcClientTlsConfig.properties(properties.asProperties()));
RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties.asProperties()));
this.redoService = new NamingGrpcRedoService(this, properties);
NAMING_LOGGER.info("Create naming rpc client for uuid->{}", uuid);
start(serverListFactory, serviceInfoHolder);

42
client/src/test/java/com/alibaba/nacos/client/config/impl/ClientWorkerTest.java
View File

@ -101,7 +101,7 @@ public class ClientWorkerTest {
any(RpcClientTlsConfig.class))).thenReturn(rpcClient);
rpcClientFactoryMockedStatic.when(
() -> RpcClientFactory.createClient(anyString(), any(ConnectionType.class), any(Map.class),
any(Properties.class), any(RpcClientTlsConfig.class))).thenReturn(rpcClient);
any(RpcClientTlsConfig.class))).thenReturn(rpcClient);
localConfigInfoProcessorMockedStatic = Mockito.mockStatic(LocalConfigInfoProcessor.class);
Properties properties = new Properties();
properties.put(PropertyKeyConst.NAMESPACE, TEST_NAMESPACE);
@ -149,8 +149,8 @@ public class ClientWorkerTest {
public void receiveConfigInfo(String configInfo) {
}
};
clientWorker.addListeners(dataId, group, Arrays.asList(listener));
clientWorker.addListeners(dataId, group, Collections.singletonList(listener));
List<Listener> listeners = clientWorker.getCache(dataId, group).getListeners();
Assert.assertEquals(1, listeners.size());
Assert.assertEquals(listener, listeners.get(0));
@ -180,8 +180,8 @@ public class ClientWorkerTest {
String dataId = "a";
String group = "b";
clientWorker.addTenantListeners(dataId, group, Arrays.asList(listener));
clientWorker.addTenantListeners(dataId, group, Collections.singletonList(listener));
List<Listener> listeners = clientWorker.getCache(dataId, group).getListeners();
Assert.assertEquals(1, listeners.size());
Assert.assertEquals(listener, listeners.get(0));
@ -191,7 +191,7 @@ public class ClientWorkerTest {
Assert.assertEquals(0, listeners.size());
String content = "d";
clientWorker.addTenantListenersWithContent(dataId, group, content, null, Arrays.asList(listener));
clientWorker.addTenantListenersWithContent(dataId, group, content, null, Collections.singletonList(listener));
listeners = clientWorker.getCache(dataId, group).getListeners();
Assert.assertEquals(1, listeners.size());
Assert.assertEquals(listener, listeners.get(0));
@ -418,10 +418,10 @@ public class ClientWorkerTest {
String metricValues = jsonNode.get("metricValues")
.get(ClientConfigMetricRequest.MetricsKey.build(ClientConfigMetricRequest.MetricsKey.CACHE_DATA,
GroupKey.getKeyTenant(dataId, group, tenant)).toString()).textValue();
int colonIndex = metricValues.toString().lastIndexOf(":");
int colonIndex = metricValues.lastIndexOf(":");
Assert.assertEquals(content, metricValues.substring(0, colonIndex));
Assert.assertEquals(md5, metricValues.substring(colonIndex + 1, metricValues.toString().length()));
Assert.assertEquals(md5, metricValues.substring(colonIndex + 1, metricValues.length()));
}
@ -441,7 +441,7 @@ public class ClientWorkerTest {
Mockito.when(rpcClient.request(any(ConfigQueryRequest.class), anyLong())).thenReturn(configQueryResponse);
ConfigResponse configResponse = clientWorker.getServerConfig(dataId, group, tenant, 100, true);
Assert.assertEquals(null, configResponse.getContent());
Assert.assertNull(configResponse.getContent());
localConfigInfoProcessorMockedStatic.verify(
() -> LocalConfigInfoProcessor.saveSnapshot(eq(clientWorker.getAgentName()), eq(dataId), eq(group),
eq(tenant), eq(null)), times(1));
@ -476,7 +476,7 @@ public class ClientWorkerTest {
Properties prop = new Properties();
ConfigFilterChainManager filter = new ConfigFilterChainManager(new Properties());
ServerListManager agent = Mockito.mock(ServerListManager.class);
final NacosClientProperties nacosClientProperties = NacosClientProperties.PROTOTYPE.derive(prop);
ClientWorker clientWorker = new ClientWorker(filter, agent, nacosClientProperties);
clientWorker.shutdown();
@ -485,8 +485,8 @@ public class ClientWorkerTest {
ConfigTransportClient o = (ConfigTransportClient) agent1.get(clientWorker);
Assert.assertTrue(o.executor.isShutdown());
agent1.setAccessible(false);
Assert.assertEquals(null, clientWorker.getAgentName());
Assert.assertNull(clientWorker.getAgentName());
}
@Test
@ -552,13 +552,13 @@ public class ClientWorkerTest {
configContext.setGroup(group);
configContext.setTenant(tenant);
ConfigChangeBatchListenResponse response = new ConfigChangeBatchListenResponse();
response.setChangedConfigs(Arrays.asList(configContext));
response.setChangedConfigs(Collections.singletonList(configContext));
RpcClient rpcClientInner = Mockito.mock(RpcClient.class);
Mockito.when(rpcClientInner.isWaitInitiated()).thenReturn(true, false);
rpcClientFactoryMockedStatic.when(
() -> RpcClientFactory.createClient(anyString(), any(ConnectionType.class), any(Map.class),
any(Properties.class), any(RpcClientTlsConfig.class))).thenReturn(rpcClientInner);
any(RpcClientTlsConfig.class))).thenReturn(rpcClientInner);
// mock listen and remove listen request
Mockito.when(rpcClientInner.request(any(ConfigBatchListenRequest.class), anyLong()))
.thenReturn(response, response);
@ -620,20 +620,20 @@ public class ClientWorkerTest {
Properties prop = new Properties();
ConfigFilterChainManager filter = new ConfigFilterChainManager(new Properties());
ServerListManager agent = Mockito.mock(ServerListManager.class);
final NacosClientProperties nacosClientProperties = NacosClientProperties.PROTOTYPE.derive(prop);
ClientWorker clientWorker = new ClientWorker(filter, agent, nacosClientProperties);
ClientWorker.ConfigRpcTransportClient client = Mockito.mock(ClientWorker.ConfigRpcTransportClient.class);
Mockito.when(client.isHealthServer()).thenReturn(Boolean.TRUE);
Field declaredField = ClientWorker.class.getDeclaredField("agent");
declaredField.setAccessible(true);
declaredField.set(clientWorker, client);
Assert.assertEquals(true, clientWorker.isHealthServer());
Assert.assertTrue(clientWorker.isHealthServer());
Mockito.when(client.isHealthServer()).thenReturn(Boolean.FALSE);
Assert.assertEquals(false, clientWorker.isHealthServer());
assertFalse(clientWorker.isHealthServer());
}
@Test

32
common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java
View File

@ -121,30 +121,41 @@ public class RpcClientFactory {
}
/**
* create a rpc client.
* Creates an RPC client for cluster communication with default thread pool settings.
*
* @param clientName client name.
* @param connectionType client type.
* @return rpc client.
* @param clientName The name of the client.
* @param connectionType The type of client connection.
* @param labels Additional labels for RPC-related attributes.
* @return An RPC client for cluster communication.
*/
public static RpcClient createClusterClient(String clientName, ConnectionType connectionType,
Map<String, String> labels) {
return createClusterClient(clientName, connectionType, null, null, labels);
}
/**
* Creates an RPC client for cluster communication with TLS configuration.
*
* @param clientName The name of the client.
* @param connectionType The type of client connection.
* @param labels Additional labels for RPC-related attributes.
* @param tlsConfig TLS configuration for secure communication.
* @return An RPC client for cluster communication with TLS configuration.
*/
public static RpcClient createClusterClient(String clientName, ConnectionType connectionType,
Map<String, String> labels, RpcClientTlsConfig tlsConfig) {
return createClusterClient(clientName, connectionType, null, null, labels, tlsConfig);
}
/**
* create a rpc client.
* Creates an RPC client for cluster communication with custom thread pool settings.
*
* @param clientName client name.
* @param connectionType client type.
* @param threadPoolCoreSize grpc thread pool core size
* @param threadPoolMaxSize grpc thread pool max size
* @return rpc client.
* @param clientName The name of the client.
* @param connectionType The type of client connection.
* @param threadPoolCoreSize The core size of the gRPC thread pool.
* @param threadPoolMaxSize The maximum size of the gRPC thread pool.
* @param labels Additional labels for RPC-related attributes.
* @return An RPC client for cluster communication with custom thread pool settings.
*/
public static RpcClient createClusterClient(String clientName, ConnectionType connectionType,
Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map<String, String> labels) {
@ -162,7 +173,6 @@ public class RpcClientFactory {
* @param tlsConfig tlsConfig.
* @return
*/
public static RpcClient createClusterClient(String clientName, ConnectionType connectionType,
Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map<String, String> labels,
RpcClientTlsConfig tlsConfig) {

58
common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java
View File

@ -18,68 +18,10 @@ package com.alibaba.nacos.common.remote.client;
import com.alibaba.nacos.common.remote.TlsConfig;
import java.util.Properties;
/**
* gRPC config for sdk.
*
* @author githubcheng2978
*/
public class RpcClientTlsConfig extends TlsConfig {
/**
* get tls config from properties.
* @param properties Properties.
* @return tls of config.
*/
public static RpcClientTlsConfig properties(Properties properties) {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_ENABLE)) {
tlsConfig.setEnableTls(Boolean.parseBoolean(
properties.getProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE)));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) {
tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_MUTUAL_AUTH)) {
tlsConfig.setMutualAuthEnable(Boolean.parseBoolean(
properties.getProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH)));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS)) {
tlsConfig.setProtocols(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CIPHERS)) {
tlsConfig.setCiphers(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)) {
tlsConfig.setTrustCollectionCertFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH)) {
tlsConfig.setCertChainFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_KEY)) {
tlsConfig.setCertPrivateKey(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL)) {
tlsConfig.setTrustAll(Boolean.parseBoolean(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL)));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD)) {
tlsConfig.setCertPrivateKeyPassword(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD));
}
if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) {
tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER));
}
return tlsConfig;
}
}

97
common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigFactory.java Normal file
View File

@ -0,0 +1,97 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.remote.client;
import java.util.Properties;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.MUTUAL_AUTH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CERT_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CERT_KEY;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CIPHERS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_ENABLE;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_PROTOCOLS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_PROVIDER;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_ALL;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_PWD;
import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_CLIENT_RPC;
import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_PEER_RPC;
/**
* TlsConfigFactory.
*
* @author stone-98
*/
public class RpcClientTlsConfigFactory implements RpcTlsConfigFactory {
private static RpcClientTlsConfigFactory instance;
private RpcClientTlsConfigFactory() {
}
public static synchronized RpcClientTlsConfigFactory getInstance() {
if (instance == null) {
instance = new RpcClientTlsConfigFactory();
}
return instance;
}
/**
* Create SDK client TLS config.
*
* @param properties Properties containing TLS configuration
* @return RpcClientTlsConfig object representing the TLS configuration
*/
@Override
public RpcClientTlsConfig createSdkConfig(Properties properties) {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(getBooleanProperty(properties, NACOS_CLIENT_RPC + TLS_ENABLE, false));
tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, NACOS_CLIENT_RPC + MUTUAL_AUTH, false));
tlsConfig.setProtocols(properties.getProperty(NACOS_CLIENT_RPC + TLS_PROTOCOLS));
tlsConfig.setCiphers(properties.getProperty(NACOS_CLIENT_RPC + TLS_CIPHERS));
tlsConfig.setTrustCollectionCertFile(properties.getProperty(NACOS_CLIENT_RPC + TLS_TRUST_COLLECTION_CHAIN_PATH));
tlsConfig.setCertChainFile(properties.getProperty(NACOS_CLIENT_RPC + TLS_CERT_CHAIN_PATH));
tlsConfig.setCertPrivateKey(properties.getProperty(NACOS_CLIENT_RPC + TLS_CERT_KEY));
tlsConfig.setTrustAll(getBooleanProperty(properties, NACOS_CLIENT_RPC + TLS_TRUST_ALL, true));
tlsConfig.setCertPrivateKeyPassword(properties.getProperty(NACOS_CLIENT_RPC + TLS_TRUST_PWD));
tlsConfig.setSslProvider(properties.getProperty(NACOS_CLIENT_RPC + TLS_PROVIDER));
return tlsConfig;
}
/**
* Create cluster client TLS config.
*
* @param properties Properties containing TLS configuration
* @return RpcClientTlsConfig object representing the TLS configuration
*/
@Override
public RpcClientTlsConfig createClusterConfig(Properties properties) {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_ENABLE, false));
tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.MUTUAL_AUTH, false));
tlsConfig.setProtocols(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_PROTOCOLS));
tlsConfig.setCiphers(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CIPHERS));
tlsConfig.setTrustCollectionCertFile(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH));
tlsConfig.setCertChainFile(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH));
tlsConfig.setCertPrivateKey(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CERT_KEY));
tlsConfig.setTrustAll(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_ALL, true));
tlsConfig.setCertPrivateKeyPassword(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_PWD));
tlsConfig.setSslProvider(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_PROVIDER));
return tlsConfig;
}
}

171
common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java
View File

@ -34,54 +34,51 @@ import java.util.Set;
public class RpcConstants {
public static final String NACOS_CLIENT_RPC = "nacos.remote.client.rpc";
public static final String NACOS_SERVER_RPC = "nacos.remote.server.rpc.tls";
public static final String NACOS_PEER_RPC = "nacos.remote.peer.rpc.tls";
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_ENABLE = NACOS_CLIENT_RPC + ClientSuffix.TLS_ENABLE;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_ENABLE = NACOS_CLIENT_RPC + ".tls.enable";
public static final String RPC_CLIENT_TLS_PROVIDER = NACOS_CLIENT_RPC + ClientSuffix.TLS_PROVIDER;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_PROVIDER = NACOS_CLIENT_RPC + ".tls.provider";
public static final String RPC_CLIENT_MUTUAL_AUTH = NACOS_CLIENT_RPC + ClientSuffix.MUTUAL_AUTH;
@RpcConfigLabel
public static final String RPC_CLIENT_MUTUAL_AUTH = NACOS_CLIENT_RPC + ".tls.mutualAuth";
public static final String RPC_CLIENT_TLS_PROTOCOLS = NACOS_CLIENT_RPC + ClientSuffix.TLS_PROTOCOLS;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_PROTOCOLS = NACOS_CLIENT_RPC + ".tls.protocols";
public static final String RPC_CLIENT_TLS_CIPHERS = NACOS_CLIENT_RPC + ClientSuffix.TLS_CIPHERS;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_CIPHERS = NACOS_CLIENT_RPC + ".tls.ciphers";
public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = NACOS_CLIENT_RPC + ClientSuffix.TLS_CERT_CHAIN_PATH;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = NACOS_CLIENT_RPC + ".tls.certChainFile";
public static final String RPC_CLIENT_TLS_CERT_KEY = NACOS_CLIENT_RPC + ClientSuffix.TLS_CERT_KEY;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_CERT_KEY = NACOS_CLIENT_RPC + ".tls.certPrivateKey";
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_TRUST_PWD = NACOS_CLIENT_RPC + ".tls.certPrivateKeyPassword";
public static final String RPC_CLIENT_TLS_TRUST_PWD = NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_PWD;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH =
NACOS_CLIENT_RPC + ".tls.trustCollectionChainPath";
NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH;
@RpcConfigLabel
public static final String RPC_CLIENT_TLS_TRUST_ALL = NACOS_CLIENT_RPC + ".tls.trustAll";
public static final String RPC_CLIENT_TLS_TRUST_ALL = NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_ALL;
private static final Set<String> CONFIG_NAMES = new HashSet<>();
@Documented
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
protected @interface RpcConfigLabel {
}
static {
Class clazz = RpcConstants.class;
Field[] declaredFields = clazz.getDeclaredFields();
for (Field declaredField : declaredFields) {
declaredField.setAccessible(true);
if (declaredField.getType().equals(String.class) && null != declaredField
.getAnnotation(RpcConfigLabel.class)) {
if (declaredField.getType().equals(String.class) && null != declaredField.getAnnotation(
RpcConfigLabel.class)) {
try {
CONFIG_NAMES.add((String) declaredField.get(null));
} catch (IllegalAccessException ignored) {
@ -90,7 +87,139 @@ public class RpcConstants {
}
}
/**
* Enumeration of common suffixes for RPC configuration properties. Each enum constant represents a specific
* configuration attribute suffix. This allows for the construction of complete configuration property keys.
*/
public class ClientSuffix {
/**
* Suffix for 'tls.enable' configuration property.
*/
public static final String TLS_ENABLE = ".tls.enable";
/**
* Suffix for 'tls.provider' configuration property.
*/
public static final String TLS_PROVIDER = ".tls.provider";
/**
* Suffix for 'tls.mutualAuth' configuration property.
*/
public static final String MUTUAL_AUTH = ".tls.mutualAuth";
/**
* Suffix for 'tls.protocols' configuration property.
*/
public static final String TLS_PROTOCOLS = ".tls.protocols";
/**
* Suffix for 'tls.ciphers' configuration property.
*/
public static final String TLS_CIPHERS = ".tls.ciphers";
/**
* Suffix for 'tls.certChainFile' configuration property.
*/
public static final String TLS_CERT_CHAIN_PATH = ".tls.certChainFile";
/**
* Suffix for 'tls.certPrivateKey' configuration property.
*/
public static final String TLS_CERT_KEY = ".tls.certPrivateKey";
/**
* Suffix for 'tls.certPrivateKeyPassword' configuration property.
*/
public static final String TLS_TRUST_PWD = ".tls.certPrivateKeyPassword";
/**
* Suffix for 'tls.trustCollectionChainPath' configuration property.
*/
public static final String TLS_TRUST_COLLECTION_CHAIN_PATH = ".tls.trustCollectionChainPath";
/**
* Suffix for 'tls.trustAll' configuration property.
*/
public static final String TLS_TRUST_ALL = ".tls.trustAll";
}
/**
* Enumeration of common suffixes for RPC configuration properties. Each enum constant represents a specific
* configuration attribute suffix. This allows for the construction of complete configuration property keys.
*/
public class ServerSuffix {
/**
* Suffix for 'tls.enable' configuration property.
*/
public static final String TLS_ENABLE = ".enableTls";
/**
* Suffix for 'tls.provider' configuration property.
*/
public static final String TLS_PROVIDER = ".sslProvider";
/**
* Suffix for 'tls.mutualAuth' configuration property.
*/
public static final String MUTUAL_AUTH = ".mutualAuthEnable";
/**
* Suffix for 'tls.protocols' configuration property.
*/
public static final String TLS_PROTOCOLS = ".protocols";
/**
* Suffix for 'tls.ciphers' configuration property.
*/
public static final String TLS_CIPHERS = ".ciphers";
/**
* Suffix for 'tls.certChainFile' configuration property.
*/
public static final String TLS_CERT_CHAIN_PATH = ".certChainFile";
/**
* Suffix for 'tls.certPrivateKey' configuration property.
*/
public static final String TLS_CERT_KEY = ".certPrivateKey";
/**
* Suffix for 'tls.certPrivateKeyPassword' configuration property.
*/
public static final String TLS_TRUST_PWD = ".certPrivateKeyPassword";
/**
* Suffix for 'tls.trustCollectionChainPath' configuration property.
*/
public static final String TLS_TRUST_COLLECTION_CHAIN_PATH = ".trustCollectionCertFile";
/**
* Suffix for 'tls.trustAll' configuration property.
*/
public static final String TLS_TRUST_ALL = ".trustAll";
/**
* Suffix for '.sslContextRefresher' configuration property.
*/
public static final String SSL_CONTEXT_REFRESHER = ".sslContextRefresher";
/**
* Suffix for '.compatibility' configuration property.
*/
public static final String COMPATIBILITY = ".compatibility";
}
@Documented
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
protected @interface RpcConfigLabel {
}
public static Set<String> getRpcParams() {
return Collections.unmodifiableSet(CONFIG_NAMES);
}
}

62
common/src/main/java/com/alibaba/nacos/common/remote/client/RpcTlsConfigFactory.java Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.remote.client;
import com.alibaba.nacos.common.remote.TlsConfig;
import java.util.Properties;
/**
* RpcTlsConfigFactory.
*
* @author stone-98
* @date 2024/4/8
*/
public interface RpcTlsConfigFactory {
/**
* Create a TlsConfig for SDK connections based on the provided properties.
*
* @param properties Properties containing configuration
* @return TlsConfig instance for SDK connections
*/
TlsConfig createSdkConfig(Properties properties);
/**
* Create a TlsConfig for cluster connections based on the provided properties.
*
* @param properties Properties containing configuration
* @return TlsConfig instance for cluster connections
*/
TlsConfig createClusterConfig(Properties properties);
/**
* Get boolean property from properties.
*
* @param properties Properties containing configuration
* @param key Key of the property
* @param defaultValue Default value to return if the property is not found or is invalid
* @return Boolean value of the property, or the provided defaultValue if not found or invalid
*/
default Boolean getBooleanProperty(Properties properties, String key, Boolean defaultValue) {
String value = properties.getProperty(key);
if (value != null) {
return Boolean.parseBoolean(value);
}
return defaultValue;
}
}

98
common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java
View File

@ -16,7 +16,9 @@
package com.alibaba.nacos.common.remote.client.grpc;
import com.alibaba.nacos.common.remote.TlsConfig;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory;
import com.alibaba.nacos.common.utils.ThreadUtils;
import java.util.HashMap;
@ -32,37 +34,37 @@ import java.util.concurrent.TimeUnit;
*/
public class DefaultGrpcClientConfig implements GrpcClientConfig {
private String name;
private final String name;
private int retryTimes;
private final int retryTimes;
private long timeOutMills;
private final long timeOutMills;
private long connectionKeepAlive;
private final long connectionKeepAlive;
private long channelKeepAliveTimeout;
private final long channelKeepAliveTimeout;
private long threadPoolKeepAlive;
private final long threadPoolKeepAlive;
private int threadPoolCoreSize;
private final int threadPoolCoreSize;
private int threadPoolMaxSize;
private final int threadPoolMaxSize;
private long serverCheckTimeOut;
private final long serverCheckTimeOut;
private int threadPoolQueueSize;
private final int threadPoolQueueSize;
private int maxInboundMessageSize;
private final int maxInboundMessageSize;
private int channelKeepAlive;
private final int channelKeepAlive;
private int healthCheckRetryTimes;
private final int healthCheckRetryTimes;
private long healthCheckTimeOut;
private final long healthCheckTimeOut;
private long capabilityNegotiationTimeout;
private final long capabilityNegotiationTimeout;
private Map<String, String> labels;
private final Map<String, String> labels;
private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
@ -98,7 +100,7 @@ public class DefaultGrpcClientConfig implements GrpcClientConfig {
this.labels.put("tls.enable", "false");
if (Objects.nonNull(builder.tlsConfig)) {
this.tlsConfig = builder.tlsConfig;
if (builder.tlsConfig.getEnableTls()) {
if (Objects.nonNull(builder.tlsConfig.getEnableTls()) && builder.tlsConfig.getEnableTls()) {
this.labels.put("tls.enable", "true");
}
}
@ -173,7 +175,7 @@ public class DefaultGrpcClientConfig implements GrpcClientConfig {
}
@Override
public RpcClientTlsConfig tlsConfig() {
public TlsConfig tlsConfig() {
return tlsConfig;
}
@ -237,12 +239,22 @@ public class DefaultGrpcClientConfig implements GrpcClientConfig {
private long capabilityNegotiationTimeout = 5000L;
private Map<String, String> labels = new HashMap<>();
private final Map<String, String> labels = new HashMap<>();
private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
private Builder() {
}
public Builder buildSdkFromProperties(Properties properties) {
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
return fromProperties(properties, tlsConfig);
}
public Builder buildClusterFromProperties(Properties properties) {
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
return fromProperties(properties, tlsConfig);
}
/**
* Set config from properties.
@ -250,7 +262,7 @@ public class DefaultGrpcClientConfig implements GrpcClientConfig {
* @param properties properties
* @return Builder
*/
public Builder fromProperties(Properties properties) {
public Builder fromProperties(Properties properties, RpcClientTlsConfig tlsConfig) {
if (properties.containsKey(GrpcConstants.GRPC_NAME)) {
this.name = properties.getProperty(GrpcConstants.GRPC_NAME);
}
@ -261,53 +273,53 @@ public class DefaultGrpcClientConfig implements GrpcClientConfig {
this.timeOutMills = Long.parseLong(properties.getProperty(GrpcConstants.GRPC_TIMEOUT_MILLS));
}
if (properties.containsKey(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)) {
this.connectionKeepAlive = Long
.parseLong(properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME));
this.connectionKeepAlive = Long.parseLong(
properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME));
}
if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)) {
this.threadPoolKeepAlive = Long
.parseLong(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME));
this.threadPoolKeepAlive = Long.parseLong(
properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME));
}
if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)) {
this.threadPoolCoreSize = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE));
this.threadPoolCoreSize = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE));
}
if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)) {
this.threadPoolMaxSize = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE));
this.threadPoolMaxSize = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE));
}
if (properties.containsKey(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)) {
this.serverCheckTimeOut = Long
.parseLong(properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT));
this.serverCheckTimeOut = Long.parseLong(
properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT));
}
if (properties.containsKey(GrpcConstants.GRPC_QUEUESIZE)) {
this.threadPoolQueueSize = Integer.parseInt(properties.getProperty(GrpcConstants.GRPC_QUEUESIZE));
}
if (properties.containsKey(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)) {
this.maxInboundMessageSize = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE));
this.maxInboundMessageSize = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE));
}
if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)) {
this.channelKeepAlive = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME));
this.channelKeepAlive = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME));
}
if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)) {
this.capabilityNegotiationTimeout = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT));
this.capabilityNegotiationTimeout = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT));
}
if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)) {
this.healthCheckRetryTimes = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES));
this.healthCheckRetryTimes = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES));
}
if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)) {
this.healthCheckTimeOut = Long
.parseLong(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT));
this.healthCheckTimeOut = Long.parseLong(
properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT));
}
if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)) {
this.channelKeepAliveTimeout = Integer
.parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT));
this.channelKeepAliveTimeout = Integer.parseInt(
properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT));
}
this.tlsConfig = RpcClientTlsConfig.properties(properties);
this.tlsConfig = tlsConfig;
return this;
}

103
common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java
View File

@ -33,6 +33,7 @@ import com.alibaba.nacos.api.remote.response.SetupAckResponse;
import com.alibaba.nacos.common.ability.discover.NacosAbilityManagerHolder;
import com.alibaba.nacos.common.packagescan.resource.Resource;
import com.alibaba.nacos.common.remote.ConnectionType;
import com.alibaba.nacos.common.remote.TlsConfig;
import com.alibaba.nacos.common.remote.client.Connection;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientStatus;
@ -64,7 +65,6 @@ import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
@ -109,15 +109,6 @@ public abstract class GrpcClient extends RpcClient {
this(DefaultGrpcClientConfig.newBuilder().setName(name).build());
}
/**
* constructor.
*
* @param properties .
*/
public GrpcClient(Properties properties) {
this(DefaultGrpcClientConfig.newBuilder().fromProperties(properties).build());
}
/**
* constructor.
*
@ -209,8 +200,8 @@ public abstract class GrpcClient extends RpcClient {
private ManagedChannel createNewManagedChannel(String serverIp, int serverPort) {
LOGGER.info("grpc client connection server:{} ip,serverPort:{},grpcTslConfig:{}", serverIp, serverPort,
JacksonUtils.toJson(clientConfig.tlsConfig()));
ManagedChannelBuilder<?> managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext())
.executor(grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance())
ManagedChannelBuilder<?> managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext()).executor(
grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance())
.decompressorRegistry(DecompressorRegistry.getDefaultInstance())
.maxInboundMessageSize(clientConfig.maxInboundMessageSize())
.keepAliveTime(clientConfig.channelKeepAlive(), TimeUnit.MILLISECONDS)
@ -288,8 +279,8 @@ public abstract class GrpcClient extends RpcClient {
} catch (Exception e) {
LoggerUtils.printIfErrorEnabled(LOGGER, "[{}]Handle server request exception: {}",
grpcConn.getConnectionId(), payload.toString(), e.getMessage());
Response errResponse = ErrorResponse
.build(NacosException.CLIENT_ERROR, "Handle server request error");
Response errResponse = ErrorResponse.build(NacosException.CLIENT_ERROR,
"Handle server request error");
errResponse.setRequestId(request.getRequestId());
sendResponse(errResponse);
}
@ -374,8 +365,8 @@ public abstract class GrpcClient extends RpcClient {
ServerCheckResponse serverCheckResponse = (ServerCheckResponse) response;
connectionId = serverCheckResponse.getConnectionId();
BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc
.newStub(newChannelStubTemp.getChannel());
BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc.newStub(
newChannelStubTemp.getChannel());
GrpcConnection grpcConn = new GrpcConnection(serverInfo, grpcExecutor);
grpcConn.setConnectionId(connectionId);
// if not supported, it will be false
@ -398,8 +389,8 @@ public abstract class GrpcClient extends RpcClient {
conSetupRequest.setClientVersion(VersionUtils.getFullClientVersion());
conSetupRequest.setLabels(super.getLabels());
// set ability table
conSetupRequest
.setAbilityTable(NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode()));
conSetupRequest.setAbilityTable(
NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode()));
conSetupRequest.setTenant(super.getTenant());
grpcConn.sendRequest(conSetupRequest);
// wait for response
@ -531,44 +522,9 @@ public abstract class GrpcClient extends RpcClient {
}
}
/**
* Setup response handler.
*/
class SetupRequestHandler implements ServerRequestHandler {
private final RecAbilityContext abilityContext;
public SetupRequestHandler(RecAbilityContext abilityContext) {
this.abilityContext = abilityContext;
}
@Override
public Response requestReply(Request request, Connection connection) {
// if finish setup
if (request instanceof SetupAckRequest) {
SetupAckRequest setupAckRequest = (SetupAckRequest) request;
// remove and count down
recAbilityContext
.release(Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0)));
return new SetupAckResponse();
}
return null;
}
}
private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional<SslContext> sslContext) {
if (sslContext.isPresent()) {
return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS)
.sslContext(sslContext.get());
} else {
return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext();
}
}
private Optional<SslContext> buildSslContext() {
RpcClientTlsConfig tlsConfig = clientConfig.tlsConfig();
TlsConfig tlsConfig = clientConfig.tlsConfig();
if (!tlsConfig.getEnableTls()) {
return Optional.empty();
}
@ -595,8 +551,8 @@ public abstract class GrpcClient extends RpcClient {
}
if (tlsConfig.getMutualAuthEnable()) {
if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils
.isBlank(tlsConfig.getCertPrivateKey())) {
if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils.isBlank(
tlsConfig.getCertPrivateKey())) {
throw new IllegalArgumentException("client certChainFile or certPrivateKey must be not null");
}
Resource certChainFile = resourceLoader.getResource(tlsConfig.getCertChainFile());
@ -609,6 +565,41 @@ public abstract class GrpcClient extends RpcClient {
throw new RuntimeException("Unable to build SslContext", e);
}
}
private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional<SslContext> sslContext) {
if (sslContext.isPresent()) {
return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS)
.sslContext(sslContext.get());
} else {
return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext();
}
}
/**
* Setup response handler.
*/
class SetupRequestHandler implements ServerRequestHandler {
private final RecAbilityContext abilityContext;
public SetupRequestHandler(RecAbilityContext abilityContext) {
this.abilityContext = abilityContext;
}
@Override
public Response requestReply(Request request, Connection connection) {
// if finish setup
if (request instanceof SetupAckRequest) {
SetupAckRequest setupAckRequest = (SetupAckRequest) request;
// remove and count down
recAbilityContext.release(
Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0)));
return new SetupAckResponse();
}
return null;
}
}
}

15
common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java
View File

@ -16,6 +16,7 @@
package com.alibaba.nacos.common.remote.client.grpc;
import com.alibaba.nacos.common.remote.TlsConfig;
import com.alibaba.nacos.common.remote.client.RpcClientConfig;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
@ -81,26 +82,26 @@ public interface GrpcClientConfig extends RpcClientConfig {
* @return channelKeepAliveTimeout.
*/
long channelKeepAliveTimeout();
/**
* getTlsConfig.
* getTlsConfig.
*
* @return TlsConfig.
*/
RpcClientTlsConfig tlsConfig();
TlsConfig tlsConfig();
/**
*Set TlsConfig.
* Set TlsConfig.
*
* @param tlsConfig tlsConfig of client.
*/
void setTlsConfig(RpcClientTlsConfig tlsConfig);
/**
* get timeout of connection setup(TimeUnit.MILLISECONDS).
*
* @return timeout of connection setup
*/
long capabilityNegotiationTimeout();
}

22
common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java
View File

@ -21,7 +21,6 @@ import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import java.util.Map;
import java.util.Properties;
/**
* gRPC client for cluster.
@ -48,16 +47,7 @@ public class GrpcClusterClient extends GrpcClient {
public GrpcClusterClient(GrpcClientConfig config) {
super(config);
}
/**
* Constructor.
*
* @param properties .
*/
public GrpcClusterClient(Properties properties) {
super(properties);
}
/**
* Constructor.
*
@ -67,20 +57,20 @@ public class GrpcClusterClient extends GrpcClient {
* @param labels .
*/
public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize,
Map<String, String> labels) {
Map<String, String> labels) {
this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null);
}
public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize,
Map<String, String> labels, RpcClientTlsConfig tlsConfig) {
Map<String, String> labels, RpcClientTlsConfig tlsConfig) {
super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig);
}
@Override
protected AbilityMode abilityMode() {
return AbilityMode.CLUSTER_CLIENT;
}
@Override
public int rpcPortOffset() {
return Integer.parseInt(System.getProperty(GrpcConstants.NACOS_SERVER_GRPC_PORT_OFFSET_KEY,

23
common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java
View File

@ -21,7 +21,6 @@ import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import java.util.Map;
import java.util.Properties;
/**
* gRPC client for sdk.
@ -40,15 +39,6 @@ public class GrpcSdkClient extends GrpcClient {
super(name);
}
/**
* Constructor.
*
* @param properties .
*/
public GrpcSdkClient(Properties properties) {
super(properties);
}
/**
* Constructor.
*
@ -57,20 +47,21 @@ public class GrpcSdkClient extends GrpcClient {
* @param threadPoolMaxSize .
* @param labels .
*/
public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map<String, String> labels) {
public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize,
Map<String, String> labels) {
this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null);
}
public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map<String, String> labels,
RpcClientTlsConfig tlsConfig) {
RpcClientTlsConfig tlsConfig) {
super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig);
}
@Override
protected AbilityMode abilityMode() {
return AbilityMode.SDK_CLIENT;
}
/**
* constructor.
*
@ -86,4 +77,4 @@ public class GrpcSdkClient extends GrpcClient {
String.valueOf(Constants.SDK_GRPC_PORT_DEFAULT_OFFSET)));
}
}
}

15
common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java
View File

@ -48,7 +48,10 @@ public class RpcClientFactoryTest {
RpcClient rpcClient;
@Mock(lenient = true)
RpcClientTlsConfig tlsConfig;
RpcClientTlsConfig clusterClientTlsConfig;
@Mock(lenient = true)
RpcClientTlsConfig rpcClientTlsConfig;
@BeforeClass
public static void setUpBeforeClass() throws NoSuchFieldException, IllegalAccessException {
@ -166,9 +169,9 @@ public class RpcClientFactoryTest {
@Test
public void testCreateClusterClientTsl() {
Mockito.when(tlsConfig.getEnableTls()).thenReturn(true);
Mockito.when(clusterClientTlsConfig.getEnableTls()).thenReturn(true);
RpcClient client = RpcClientFactory.createClusterClient("testClient", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Collections.singletonMap("labelKey", "labelValue"), clusterClientTlsConfig);
Map<String, String> labesMap = new HashMap<>();
labesMap.put("labelKey", "labelValue");
labesMap.put("tls.enable", "true");
@ -180,9 +183,9 @@ public class RpcClientFactoryTest {
@Test
public void testCreateClientTsl() {
Mockito.when(tlsConfig.getEnableTls()).thenReturn(true);
Mockito.when(rpcClientTlsConfig.getEnableTls()).thenReturn(true);
RpcClient client = RpcClientFactory.createClient("testClient", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Collections.singletonMap("labelKey", "labelValue"), rpcClientTlsConfig);
Map<String, String> labesMap = new HashMap<>();
labesMap.put("labelKey", "labelValue");
labesMap.put("tls.enable", "true");
@ -191,4 +194,4 @@ public class RpcClientFactoryTest {
Assert.assertEquals("testClient",
CollectionUtils.getOnlyElement(RpcClientFactory.getAllClientEntries()).getKey());
}
}
}

22
common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java
View File

@ -29,7 +29,7 @@ public class RpcClientTlsConfigTest {
public void testEnableTls() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertTrue(tlsConfig.getEnableTls());
}
@ -37,7 +37,7 @@ public class RpcClientTlsConfigTest {
public void testSslProvider() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER, "provider");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("provider", tlsConfig.getSslProvider());
}
@ -45,7 +45,7 @@ public class RpcClientTlsConfigTest {
public void testMutualAuthEnable() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertTrue(tlsConfig.getMutualAuthEnable());
}
@ -53,7 +53,7 @@ public class RpcClientTlsConfigTest {
public void testProtocols() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS, "protocols");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("protocols", tlsConfig.getProtocols());
}
@ -61,7 +61,7 @@ public class RpcClientTlsConfigTest {
public void testCiphers() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS, "ciphers");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("ciphers", tlsConfig.getCiphers());
}
@ -69,7 +69,7 @@ public class RpcClientTlsConfigTest {
public void testTrustCollectionCertFile() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile());
}
@ -77,7 +77,7 @@ public class RpcClientTlsConfigTest {
public void testCertChainFile() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "certChainFile");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("certChainFile", tlsConfig.getCertChainFile());
}
@ -85,7 +85,7 @@ public class RpcClientTlsConfigTest {
public void testCertPrivateKey() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "certPrivateKey");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey());
}
@ -93,7 +93,7 @@ public class RpcClientTlsConfigTest {
public void testTrustAll() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertTrue(tlsConfig.getTrustAll());
}
@ -101,7 +101,7 @@ public class RpcClientTlsConfigTest {
public void testCertPrivateKeyPassword() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD, "trustPwd");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties);
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties);
assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword());
}
}
}

128
common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java Normal file
View File

@ -0,0 +1,128 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.remote.client;
import org.junit.Test;
import java.util.Properties;
import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_PEER_RPC;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.MUTUAL_AUTH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_KEY;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CIPHERS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_ENABLE;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROTOCOLS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROVIDER;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_ALL;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_PWD;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
public class RpcClusterClientTlsConfigTest {
@Test
public void testEnableTls() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertTrue(tlsConfig.getEnableTls());
}
@Test
public void testSslProvider() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_PROVIDER, "provider");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("provider", tlsConfig.getSslProvider());
}
@Test
public void testMutualAuthEnable() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + MUTUAL_AUTH, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertTrue(tlsConfig.getMutualAuthEnable());
}
@Test
public void testProtocols() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_PROTOCOLS, "protocols");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("protocols", tlsConfig.getProtocols());
}
@Test
public void testCiphers() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_CIPHERS, "ciphers");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("ciphers", tlsConfig.getCiphers());
}
@Test
public void testTrustCollectionCertFile() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile());
}
@Test
public void testCertChainFile() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_CERT_CHAIN_PATH, "certChainFile");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("certChainFile", tlsConfig.getCertChainFile());
}
@Test
public void testCertPrivateKey() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_CERT_KEY, "certPrivateKey");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey());
}
@Test
public void testTrustAll() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_ALL, "true");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertTrue(tlsConfig.getTrustAll());
}
@Test
public void testCertPrivateKeyPassword() {
Properties properties = new Properties();
properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true");
properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_PWD, "trustPwd");
RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword());
}
}

3
common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java
View File

@ -26,8 +26,7 @@ public class RpcConstantsTest {
@Test
public void testGetRpcParams() {
Class clazz = RpcConstants.class;
Field[] declaredFields = clazz.getDeclaredFields();
Field[] declaredFields = RpcConstants.class.getDeclaredFields();
int i = 0;
for (Field declaredField : declaredFields) {
declaredField.setAccessible(true);

2
common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java
View File

@ -84,7 +84,7 @@ public class DefaultGrpcClientConfigTest {
properties.setProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT, "5000");
DefaultGrpcClientConfig config = (DefaultGrpcClientConfig) DefaultGrpcClientConfig.newBuilder()
.fromProperties(properties).build();
.fromProperties(properties, null).build();
assertEquals("test", config.name());
assertEquals(3, config.retryTimes());

21
common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java
View File

@ -176,8 +176,8 @@ public class GrpcClientTest {
BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class);
GrpcConnection grpcConnection = mock(GrpcConnection.class);
when(stub.requestBiStream(any())).thenAnswer((Answer<StreamObserver<Payload>>) invocationOnMock -> {
((StreamObserver<Payload>) invocationOnMock.getArgument(0))
.onNext(GrpcUtils.convert(new SetupAckRequest()));
((StreamObserver<Payload>) invocationOnMock.getArgument(0)).onNext(
GrpcUtils.convert(new SetupAckRequest()));
return null;
});
setCurrentConnection(grpcConnection, grpcClient);
@ -191,8 +191,8 @@ public class GrpcClientTest {
BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class);
GrpcConnection grpcConnection = mock(GrpcConnection.class);
when(stub.requestBiStream(any())).thenAnswer((Answer<StreamObserver<Payload>>) invocationOnMock -> {
((StreamObserver<Payload>) invocationOnMock.getArgument(0))
.onNext(GrpcUtils.convert(new ConnectResetRequest()));
((StreamObserver<Payload>) invocationOnMock.getArgument(0)).onNext(
GrpcUtils.convert(new ConnectResetRequest()));
return null;
});
grpcClient.registerServerRequestHandler((request, connection) -> {
@ -212,8 +212,8 @@ public class GrpcClientTest {
BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class);
GrpcConnection grpcConnection = mock(GrpcConnection.class);
when(stub.requestBiStream(any())).thenAnswer((Answer<StreamObserver<Payload>>) invocationOnMock -> {
((StreamObserver<Payload>) invocationOnMock.getArgument(0))
.onNext(GrpcUtils.convert(new ConnectResetRequest()));
((StreamObserver<Payload>) invocationOnMock.getArgument(0)).onNext(
GrpcUtils.convert(new ConnectResetRequest()));
return null;
});
grpcClient.registerServerRequestHandler((request, connection) -> null);
@ -228,8 +228,8 @@ public class GrpcClientTest {
BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class);
GrpcConnection grpcConnection = mock(GrpcConnection.class);
when(stub.requestBiStream(any())).thenAnswer((Answer<StreamObserver<Payload>>) invocationOnMock -> {
((StreamObserver<Payload>) invocationOnMock.getArgument(0))
.onNext(GrpcUtils.convert(new ConnectResetRequest()));
((StreamObserver<Payload>) invocationOnMock.getArgument(0)).onNext(
GrpcUtils.convert(new ConnectResetRequest()));
return null;
});
grpcClient.registerServerRequestHandler((request, connection) -> {
@ -325,9 +325,8 @@ public class GrpcClientTest {
private void invokeBindRequestStream(GrpcClient grpcClient, BiRequestStreamGrpc.BiRequestStreamStub stub,
GrpcConnection grpcConnection)
throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
Method bindRequestStreamMethod = GrpcClient.class
.getDeclaredMethod("bindRequestStream", BiRequestStreamGrpc.BiRequestStreamStub.class,
GrpcConnection.class);
Method bindRequestStreamMethod = GrpcClient.class.getDeclaredMethod("bindRequestStream",
BiRequestStreamGrpc.BiRequestStreamStub.class, GrpcConnection.class);
bindRequestStreamMethod.setAccessible(true);
bindRequestStreamMethod.invoke(grpcClient, stub, grpcConnection);
}

4
common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClientTest.java
View File

@ -46,7 +46,9 @@ public class GrpcClusterClientTest {
@Test
public void testRpcPortOffsetDefault() {
grpcClusterClient = new GrpcClusterClient(new Properties());
DefaultGrpcClientConfig.Builder builder = DefaultGrpcClientConfig.newBuilder()
.buildClusterFromProperties(new Properties());
grpcClusterClient = new GrpcClusterClient(builder.build());
assertEquals(1001, grpcClusterClient.rpcPortOffset());
}

3
common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClientTest.java
View File

@ -22,7 +22,6 @@ import org.junit.After;
import org.junit.Test;
import java.util.Collections;
import java.util.Properties;
import static org.junit.Assert.assertEquals;
@ -46,7 +45,7 @@ public class GrpcSdkClientTest {
@Test
public void testRpcPortOffsetDefault() {
grpcSdkClient = new GrpcSdkClient(new Properties());
grpcSdkClient = new GrpcSdkClient("test");
assertEquals(1000, grpcSdkClient.rpcPortOffset());
}

11
core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java
View File

@ -25,7 +25,9 @@ import com.alibaba.nacos.common.notify.NotifyCenter;
import com.alibaba.nacos.common.remote.ConnectionType;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.common.remote.client.ServerListFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.core.cluster.Member;
import com.alibaba.nacos.core.cluster.MemberChangeListener;
@ -41,6 +43,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
@ -152,10 +155,10 @@ public class ClusterRpcClientProxy extends MemberChangeListener {
* Using {@link EnvUtil#getAvailableProcessors(int)} to build cluster clients' grpc thread pool.
*/
private RpcClient buildRpcClient(ConnectionType type, Map<String, String> labels, String memberClientKey) {
RpcClient clusterClient = RpcClientFactory
.createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2),
EnvUtil.getAvailableProcessors(8), labels);
return clusterClient;
Properties properties = EnvUtil.getProperties();
RpcClientTlsConfig config = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties);
return RpcClientFactory.createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2),
EnvUtil.getAvailableProcessors(8), labels, config);
}
/**

12
core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java
View File

@ -47,8 +47,12 @@ public abstract class BaseRpcServer {
startServer();
if (RpcServerSslContextRefresherHolder.getInstance() != null) {
RpcServerSslContextRefresherHolder.getInstance().refresh(this);
if (RpcServerSslContextRefresherHolder.getSdkInstance() != null) {
RpcServerSslContextRefresherHolder.getSdkInstance().refresh(this);
}
if (RpcServerSslContextRefresherHolder.getClusterInstance() != null) {
RpcServerSslContextRefresherHolder.getClusterInstance().refresh(this);
}
Loggers.REMOTE.info("Nacos {} Rpc server started at port {}", serverName, getServicePort());
@ -75,8 +79,8 @@ public abstract class BaseRpcServer {
* Reload protocol context if necessary.
*
* <p>
* protocol like:
* <li>Tls</li>
* protocol like:
* <li>Tls</li>
* </p>
*/
public abstract void reloadProtocolContext();

37
core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java
View File

@ -20,6 +20,7 @@ import com.alibaba.nacos.api.grpc.auto.Payload;
import com.alibaba.nacos.common.remote.ConnectionType;
import com.alibaba.nacos.core.remote.BaseRpcServer;
import com.alibaba.nacos.core.remote.ConnectionManager;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import io.grpc.CompressorRegistry;
@ -53,6 +54,11 @@ import java.util.concurrent.TimeUnit;
*/
public abstract class BaseGrpcServer extends BaseRpcServer {
/**
* The ProtocolNegotiator instance used for communication.
*/
protected NacosGrpcProtocolNegotiator protocolNegotiator;
private Server server;
@Autowired
@ -115,6 +121,15 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
* reload protocol negotiator If necessary.
*/
public void reloadProtocolNegotiator() {
if (protocolNegotiator != null) {
try {
protocolNegotiator.reloadNegotiator();
} catch (Throwable throwable) {
Loggers.REMOTE.info("Nacos {} Rpc server reload negotiator fail at port {}.",
this.getClass().getSimpleName(), getServicePort());
throw throwable;
}
}
}
protected long getPermitKeepAliveTime() {
@ -130,8 +145,8 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
}
protected int getMaxInboundMessageSize() {
Integer property = EnvUtil
.getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY,
Integer.class);
if (property != null) {
return property;
}
@ -152,8 +167,8 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
// unary common call register.
final MethodDescriptor<Payload, Payload> unaryPayloadMethod = MethodDescriptor.<Payload, Payload>newBuilder()
.setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(MethodDescriptor
.generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME,
.setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(
MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME,
GrpcServerConstants.REQUEST_METHOD_NAME))
.setRequestMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance()))
.setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build();
@ -161,9 +176,8 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
final ServerCallHandler<Payload, Payload> payloadHandler = ServerCalls.asyncUnaryCall(
(request, responseObserver) -> grpcCommonRequestAcceptor.request(request, responseObserver));
final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition
.builder(GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler)
.build();
final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition.builder(
GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler).build();
handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfUnaryPayload, serverInterceptor));
// bi stream register.
@ -171,15 +185,14 @@ public abstract class BaseGrpcServer extends BaseRpcServer {
(responseObserver) -> grpcBiStreamRequestAcceptor.requestBiStream(responseObserver));
final MethodDescriptor<Payload, Payload> biStreamMethod = MethodDescriptor.<Payload, Payload>newBuilder()
.setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(MethodDescriptor
.generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME,
.setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(
MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME,
GrpcServerConstants.REQUEST_BI_STREAM_METHOD_NAME))
.setRequestMarshaller(ProtoUtils.marshaller(Payload.newBuilder().build()))
.setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build();
final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition
.builder(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler)
.build();
final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition.builder(
GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler).build();
handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfBiStream, serverInterceptor));
}

29
core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java
View File

@ -21,15 +21,18 @@ import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilter;
import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader;
import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor;
import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader;
import com.alibaba.nacos.core.remote.grpc.negotiator.ClusterProtocolNegotiatorBuilderSingleton;
import com.alibaba.nacos.core.utils.GlobalExecutor;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import io.grpc.ServerInterceptor;
import io.grpc.ServerTransportFilter;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import org.springframework.stereotype.Service;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ThreadPoolExecutor;
/**
@ -56,8 +59,8 @@ public class GrpcClusterServer extends BaseGrpcServer {
@Override
protected long getKeepAliveTime() {
Long property = EnvUtil
.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, Long.class);
Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY,
Long.class);
if (property != null) {
return property;
}
@ -66,14 +69,20 @@ public class GrpcClusterServer extends BaseGrpcServer {
@Override
protected long getKeepAliveTimeout() {
Long property = EnvUtil
.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, Long.class);
Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY,
Long.class);
if (property != null) {
return property;
}
return super.getKeepAliveTimeout();
}
@Override
protected Optional<InternalProtocolNegotiator.ProtocolNegotiator> newProtocolNegotiator() {
protocolNegotiator = ClusterProtocolNegotiatorBuilderSingleton.getSingleton().build();
return Optional.ofNullable(protocolNegotiator);
}
@Override
protected long getPermitKeepAliveTime() {
Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_PERMIT_KEEP_ALIVE_TIME, Long.class);
@ -85,8 +94,8 @@ public class GrpcClusterServer extends BaseGrpcServer {
@Override
protected int getMaxInboundMessageSize() {
Integer property = EnvUtil
.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY,
Integer.class);
if (property != null) {
return property;
}
@ -104,8 +113,8 @@ public class GrpcClusterServer extends BaseGrpcServer {
protected List<ServerInterceptor> getSeverInterceptors() {
List<ServerInterceptor> result = new LinkedList<>();
result.addAll(super.getSeverInterceptors());
result.addAll(NacosGrpcServerInterceptorServiceLoader
.loadServerInterceptors(NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR));
result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors(
NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR));
return result;
}
@ -113,8 +122,8 @@ public class GrpcClusterServer extends BaseGrpcServer {
protected List<ServerTransportFilter> getServerTransportFilters() {
List<ServerTransportFilter> result = new LinkedList<>();
result.addAll(super.getServerTransportFilters());
result.addAll(NacosGrpcServerTransportFilterServiceLoader
.loadServerTransportFilters(NacosGrpcServerTransportFilter.CLUSTER_FILTER));
result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters(
NacosGrpcServerTransportFilter.CLUSTER_FILTER));
return result;
}
}

34
core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java
View File

@ -21,8 +21,7 @@ import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilter;
import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader;
import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor;
import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilderSingleton;
import com.alibaba.nacos.core.remote.grpc.negotiator.SdkProtocolNegotiatorBuilderSingleton;
import com.alibaba.nacos.core.utils.GlobalExecutor;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
@ -45,8 +44,6 @@ import java.util.concurrent.ThreadPoolExecutor;
@Service
public class GrpcSdkServer extends BaseGrpcServer {
private NacosGrpcProtocolNegotiator protocolNegotiator;
@Override
public int rpcPortOffset() {
return Constants.SDK_GRPC_PORT_DEFAULT_OFFSET;
@ -78,8 +75,8 @@ public class GrpcSdkServer extends BaseGrpcServer {
@Override
protected int getMaxInboundMessageSize() {
Integer property = EnvUtil
.getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class);
Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY,
Integer.class);
if (property != null) {
return property;
}
@ -106,7 +103,7 @@ public class GrpcSdkServer extends BaseGrpcServer {
@Override
protected Optional<InternalProtocolNegotiator.ProtocolNegotiator> newProtocolNegotiator() {
protocolNegotiator = ProtocolNegotiatorBuilderSingleton.getSingleton().build();
protocolNegotiator = SdkProtocolNegotiatorBuilderSingleton.getSingleton().build();
return Optional.ofNullable(protocolNegotiator);
}
@ -114,8 +111,8 @@ public class GrpcSdkServer extends BaseGrpcServer {
protected List<ServerInterceptor> getSeverInterceptors() {
List<ServerInterceptor> result = new LinkedList<>();
result.addAll(super.getSeverInterceptors());
result.addAll(NacosGrpcServerInterceptorServiceLoader
.loadServerInterceptors(NacosGrpcServerInterceptor.SDK_INTERCEPTOR));
result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors(
NacosGrpcServerInterceptor.SDK_INTERCEPTOR));
return result;
}
@ -123,24 +120,9 @@ public class GrpcSdkServer extends BaseGrpcServer {
protected List<ServerTransportFilter> getServerTransportFilters() {
List<ServerTransportFilter> result = new LinkedList<>();
result.addAll(super.getServerTransportFilters());
result.addAll(NacosGrpcServerTransportFilterServiceLoader
.loadServerTransportFilters(NacosGrpcServerTransportFilter.SDK_FILTER));
result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters(
NacosGrpcServerTransportFilter.SDK_FILTER));
return result;
}
/**
* reload ssl context.
*/
public void reloadProtocolNegotiator() {
if (protocolNegotiator != null) {
try {
protocolNegotiator.reloadNegotiator();
} catch (Throwable throwable) {
Loggers.REMOTE
.info("Nacos {} Rpc server reload negotiator fail at port {}.", this.getClass().getSimpleName(),
getServicePort());
throw throwable;
}
}
}
}

96
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/AbstractProtocolNegotiatorBuilderSingleton.java Normal file
View File

@ -0,0 +1,96 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* Abstract base class for ProtocolNegotiatorBuilder singletons. This class provides a common implementation for
* building ProtocolNegotiator instances based on a given type. Subclasses should provide implementations for loading
* ProtocolNegotiatorBuilder instances via SPI and defining default builders.
*
* @author stone-98
* @date 2024/2/21
*/
public abstract class AbstractProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder {
/**
* Map to store ProtocolNegotiatorBuilders based on their types.
*/
protected static final Map<String, ProtocolNegotiatorBuilder> BUILDER_MAP = new ConcurrentHashMap<>();
static {
try {
for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) {
BUILDER_MAP.put(each.type(), each);
Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(),
each.type());
}
} catch (Exception e) {
Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed.", e);
}
}
/**
* The property key to retrieve the actual type of ProtocolNegotiatorBuilder.
*/
protected final String typePropertyKey;
/**
* The actual type of ProtocolNegotiatorBuilder, retrieved from system properties.
*/
protected String actualType;
/**
* Constructs an instance of AbstractProtocolNegotiatorBuilderSingleton with the specified type property key.
*
* @param typePropertyKey the property key to retrieve the actual type
*/
public AbstractProtocolNegotiatorBuilderSingleton(String typePropertyKey) {
this.typePropertyKey = typePropertyKey;
this.actualType = EnvUtil.getProperty(typePropertyKey, defaultBuilderPair().getFirst());
}
/**
* Builds a ProtocolNegotiator instance based on the actual type.
*
* @return a ProtocolNegotiator instance
*/
@Override
public NacosGrpcProtocolNegotiator build() {
ProtocolNegotiatorBuilder actualBuilder = BUILDER_MAP.get(actualType);
if (null == actualBuilder) {
Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default type {}", actualType,
defaultBuilderPair().getFirst());
return defaultBuilderPair().getSecond().build();
}
return actualBuilder.build();
}
/**
* Declare default ProtocolNegotiatorBuilders in case loading from SPI fails.
*
* @return a Pair of String and ProtocolNegotiatorBuilder representing the default builder
*/
protected abstract Pair<String, ProtocolNegotiatorBuilder> defaultBuilderPair();
}

81
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingleton.java Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder;
/**
* Manages ProtocolNegotiatorBuilders for cluster communication. Provides a singleton instance of
* ProtocolNegotiatorBuilder configured for this purpose. Defaults to TLS protocol negotiation but can be overridden via
* system properties.
*
*
* <p>Property key for configuring the ProtocolNegotiator type for cluster communication.
*
* @author stone-98
* @date 2024/2/21
*/
public class ClusterProtocolNegotiatorBuilderSingleton extends AbstractProtocolNegotiatorBuilderSingleton {
/**
* Property key for configuring the ProtocolNegotiator type for cluster communication.
*/
public static final String TYPE_PROPERTY_KEY = "nacos.remote.cluster.server.rpc.protocol.negotiator.type";
/**
* Singleton instance of ClusterProtocolNegotiatorBuilderSingleton.
*/
private static final ClusterProtocolNegotiatorBuilderSingleton SINGLETON = new ClusterProtocolNegotiatorBuilderSingleton();
/**
* Constructs a new instance of ClusterProtocolNegotiatorBuilderSingleton. Sets up the type property key for
* ProtocolNegotiatorBuilder.
*/
public ClusterProtocolNegotiatorBuilderSingleton() {
super(TYPE_PROPERTY_KEY);
}
/**
* Retrieves the singleton instance of ClusterProtocolNegotiatorBuilderSingleton.
*
* @return the singleton instance
*/
public static AbstractProtocolNegotiatorBuilderSingleton getSingleton() {
return SINGLETON;
}
/**
* Provides the default ProtocolNegotiatorBuilder pair.
*
* @return a Pair containing the default type and builder instance
*/
@Override
protected Pair<String, ProtocolNegotiatorBuilder> defaultBuilderPair() {
return Pair.with(TYPE_PROPERTY_KEY, new ClusterDefaultTlsProtocolNegotiatorBuilder());
}
/**
* Retrieves the type of ProtocolNegotiatorBuilder configured for cluster communication.
*
* @return the type of ProtocolNegotiatorBuilder
*/
@Override
public String type() {
return super.actualType;
}
}

82
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java
View File

@ -1,82 +0,0 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder.TYPE_DEFAULT_TLS;
/**
* Protocol Negotiator Builder Singleton.
*
* @author xiweng.yy
*/
public class ProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder {
private static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type";
private static final ProtocolNegotiatorBuilderSingleton SINGLETON = new ProtocolNegotiatorBuilderSingleton();
private final Map<String, ProtocolNegotiatorBuilder> builderMap;
private String actualType;
private ProtocolNegotiatorBuilderSingleton() {
actualType = EnvUtil.getProperty(TYPE_PROPERTY_KEY, TYPE_DEFAULT_TLS);
builderMap = new ConcurrentHashMap<>();
loadAllBuilders();
}
private void loadAllBuilders() {
try {
for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) {
builderMap.put(each.type(), each);
Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(),
each.type());
}
} catch (Exception e) {
Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed, use default ProtocolNegotiatorBuilder", e);
builderMap.put(TYPE_DEFAULT_TLS, new DefaultTlsProtocolNegotiatorBuilder());
actualType = TYPE_DEFAULT_TLS;
}
}
public static ProtocolNegotiatorBuilderSingleton getSingleton() {
return SINGLETON;
}
@Override
public NacosGrpcProtocolNegotiator build() {
ProtocolNegotiatorBuilder actualBuilder = builderMap.get(actualType);
if (null == actualBuilder) {
Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default", actualType);
return builderMap.get(TYPE_DEFAULT_TLS).build();
}
return actualBuilder.build();
}
@Override
public String type() {
return actualType;
}
}

81
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingleton.java Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder;
/**
* Manages ProtocolNegotiatorBuilders for the interaction between Nacos and SDK. Provides a singleton instance of
* ProtocolNegotiatorBuilder configured for this interaction. Defaults to TLS protocol negotiation but can be overridden
* via system properties.
*
*
* <p>Property key for configuring the ProtocolNegotiator type for Nacos and SDK interaction.
*
* @author stone-98
* @date 2024/2/21
*/
public class SdkProtocolNegotiatorBuilderSingleton extends AbstractProtocolNegotiatorBuilderSingleton {
/**
* Property key to retrieve the type of ProtocolNegotiatorBuilder.
*/
public static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type";
/**
* Singleton instance of SdkProtocolNegotiatorBuilderSingleton.
*/
private static final SdkProtocolNegotiatorBuilderSingleton SINGLETON = new SdkProtocolNegotiatorBuilderSingleton();
/**
* Constructs a new instance of SdkProtocolNegotiatorBuilderSingleton. Sets up the type property key for
* ProtocolNegotiatorBuilder.
*/
public SdkProtocolNegotiatorBuilderSingleton() {
super(TYPE_PROPERTY_KEY);
}
/**
* Retrieves the singleton instance of SdkProtocolNegotiatorBuilderSingleton.
*
* @return the singleton instance
*/
public static AbstractProtocolNegotiatorBuilderSingleton getSingleton() {
return SINGLETON;
}
/**
* Provides the default ProtocolNegotiatorBuilder pair.
*
* @return a Pair containing the default type and builder instance
*/
@Override
protected Pair<String, ProtocolNegotiatorBuilder> defaultBuilderPair() {
return Pair.with(TYPE_PROPERTY_KEY, new SdkDefaultTlsProtocolNegotiatorBuilder());
}
/**
* Retrieves the type of ProtocolNegotiatorBuilder configured for the SDK.
*
* @return the type of ProtocolNegotiatorBuilder
*/
@Override
public String type() {
return super.actualType;
}
}

93
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java Normal file
View File

@ -0,0 +1,93 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfigFactory;
import com.alibaba.nacos.sys.env.EnvUtil;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import java.util.Properties;
/**
* The {@code ClusterDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the
* {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for cluster-to-cluster
* communication with TLS encryption.
*
* <p>It defines the type as {@code CLUSTER_DEFAULT_TLS} and supports communication types for clusters.
* </p>
*
* <p>The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the
* configuration provided by the {@link RpcServerTlsConfig} class. If TLS encryption is enabled, it creates an
* {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns
* null.
* </p>
*
* <p>The {@code type()} method returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator
* builder.
* </p>
*
* <p>Example Usage:
* <pre>{@code
* ProtocolNegotiatorBuilder builder = new ClusterDefaultTlsProtocolNegotiatorBuilder();
* NacosGrpcProtocolNegotiator negotiator = builder.build();
* }</pre>
* </p>
*
* @author stone-98
* @date 2023/12/23
* @see ProtocolNegotiatorBuilder
* @see NacosGrpcProtocolNegotiator
* @see RpcServerTlsConfig
* @see OptionalTlsProtocolNegotiator
*/
public class ClusterDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder {
/**
* The unique identifier for this negotiator builder.
*/
public static final String CLUSTER_TYPE_DEFAULT_TLS = "CLUSTER_DEFAULT_TLS";
/**
* Constructs and returns a ProtocolNegotiator for cluster-to-cluster communication with TLS encryption.
*
* @return ProtocolNegotiator, or null if TLS is not enabled.
*/
@Override
public NacosGrpcProtocolNegotiator build() {
Properties properties = EnvUtil.getProperties();
RpcServerTlsConfig config = RpcServerTlsConfigFactory.getInstance().createClusterConfig(properties);
if (config.getEnableTls()) {
SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config);
return new OptionalTlsProtocolNegotiator(sslContext, config);
}
return null;
}
/**
* Returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator builder.
*
* @return The type identifier.
*/
@Override
public String type() {
return CLUSTER_TYPE_DEFAULT_TLS;
}
}

47
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java
View File

@ -1,47 +0,0 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
/**
* Default optional tls protocol negotiator builder.
*
* @author xiweng.yy
*/
public class DefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder {
public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS";
@Override
public NacosGrpcProtocolNegotiator build() {
RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
if (rpcServerTlsConfig.getEnableTls()) {
SslContext sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
return new OptionalTlsProtocolNegotiator(sslContext, rpcServerTlsConfig.getCompatibility());
}
return null;
}
@Override
public String type() {
return TYPE_DEFAULT_TLS;
}
}

32
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java
View File

@ -43,11 +43,14 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato
private final boolean supportPlainText;
private final RpcServerTlsConfig config;
private SslContext sslContext;
public OptionalTlsProtocolNegotiator(SslContext sslContext, boolean supportPlainText) {
public OptionalTlsProtocolNegotiator(SslContext sslContext, RpcServerTlsConfig config) {
this.sslContext = sslContext;
this.supportPlainText = supportPlainText;
this.config = config;
this.supportPlainText = config.getCompatibility();
}
void setSslContext(SslContext sslContext) {
@ -63,8 +66,7 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato
public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
ChannelHandler plaintext = InternalProtocolNegotiators.serverPlaintext().newHandler(grpcHttp2ConnectionHandler);
ChannelHandler ssl = InternalProtocolNegotiators.serverTls(sslContext).newHandler(grpcHttp2ConnectionHandler);
ChannelHandler decoder = new PortUnificationServerHandler(ssl, plaintext);
return decoder;
return new PortUnificationServerHandler(ssl, plaintext);
}
@Override
@ -74,27 +76,25 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato
@Override
public void reloadNegotiator() {
RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
if (rpcServerTlsConfig.getEnableTls()) {
sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
if (config.getEnableTls()) {
sslContext = DefaultTlsContextBuilder.getSslContext(config);
}
}
private ProtocolNegotiationEvent getDefPne() {
ProtocolNegotiationEvent protocolNegotiationEvent = null;
try {
Field aDefault = ProtocolNegotiationEvent.class.getDeclaredField("DEFAULT");
aDefault.setAccessible(true);
return (ProtocolNegotiationEvent) aDefault.get(protocolNegotiationEvent);
return (ProtocolNegotiationEvent) aDefault.get(null);
} catch (Exception e) {
e.printStackTrace();
}
return protocolNegotiationEvent;
return null;
}
public class PortUnificationServerHandler extends ByteToMessageDecoder {
private ProtocolNegotiationEvent pne;
private final ProtocolNegotiationEvent pne;
private final ChannelHandler ssl;
@ -116,14 +116,12 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato
return;
}
if (isSsl(in) || !supportPlainText) {
ctx.pipeline().addAfter(ctx.name(), (String) null, this.ssl);
ctx.fireUserEventTriggered(pne);
ctx.pipeline().remove(this);
ctx.pipeline().addAfter(ctx.name(), null, this.ssl);
} else {
ctx.pipeline().addAfter(ctx.name(), (String) null, this.plaintext);
ctx.fireUserEventTriggered(pne);
ctx.pipeline().remove(this);
ctx.pipeline().addAfter(ctx.name(), null, this.plaintext);
}
ctx.fireUserEventTriggered(pne);
ctx.pipeline().remove(this);
}
}

91
core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java Normal file
View File

@ -0,0 +1,91 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfigFactory;
import com.alibaba.nacos.sys.env.EnvUtil;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import java.util.Properties;
/**
* The {@code SdkDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the
* {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for SDK-to-Server
* communication with optional TLS encryption.
*
* <p>It defines the type as {@code SDK_DEFAULT_TLS} and supports communication types for SDKs.
* </p>
*
* <p>The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the
* configuration provided by the {@link RpcServerTlsConfig} class. If TLS encryption is enabled, it creates an
* {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns
* null.
* </p>
*
* <p>The {@code type()} method returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder.
* </p>
*
* <p>Example Usage:
* <pre>{@code
* ProtocolNegotiatorBuilder builder = new SdkDefaultTlsProtocolNegotiatorBuilder();
* NacosGrpcProtocolNegotiator negotiator = builder.build();
* }</pre>
* </p>
*
* @author xiweng.yy
* @date 2023/12/23
* @see ProtocolNegotiatorBuilder
* @see NacosGrpcProtocolNegotiator
* @see RpcServerTlsConfig
* @see OptionalTlsProtocolNegotiator
*/
public class SdkDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder {
/**
* The unique identifier for this negotiator builder.
*/
public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS";
/**
* Constructs and returns a ProtocolNegotiator for SDK-to-Server communication with optional TLS encryption.
*
* @return ProtocolNegotiator, or null if TLS is not enabled.
*/
@Override
public NacosGrpcProtocolNegotiator build() {
Properties properties = EnvUtil.getProperties();
RpcServerTlsConfig config = RpcServerTlsConfigFactory.getInstance().createSdkConfig(properties);
if (config.getEnableTls()) {
SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config);
return new OptionalTlsProtocolNegotiator(sslContext, config);
}
return null;
}
/**
* Returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder.
*
* @return The type identifier.
*/
@Override
public String type() {
return TYPE_DEFAULT_TLS;
}
}

119
core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java
View File

@ -19,56 +19,95 @@ package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import java.util.Collection;
import java.util.Properties;
/**
* ssl context refresher spi holder.
* Holder for managing instances of {@link RpcServerSslContextRefresher}. This class is responsible for initializing and
* providing instances of the SSL context refresher based on the communication type (SDK or Cluster).
*
* @author liuzunfei
* @version $Id: RequestFilters.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $
* @version $Id: RpcServerSslContextRefresherHolder.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $
*/
public class RpcServerSslContextRefresherHolder {
private static RpcServerSslContextRefresher instance;
private static volatile boolean init = false;
public static RpcServerSslContextRefresher getInstance() {
if (init) {
return instance;
}
/**
* The instance of {@link RpcServerSslContextRefresher} for SDK communication.
*/
private static RpcServerSslContextRefresher sdkInstance;
/**
* The instance of {@link RpcServerSslContextRefresher} for Cluster communication.
*/
private static RpcServerSslContextRefresher clusterInstance;
static {
init();
}
/**
* Gets the instance of {@link RpcServerSslContextRefresher} for SDK communication.
*
* @return The instance of {@link RpcServerSslContextRefresher} for SDK communication.
*/
public static RpcServerSslContextRefresher getSdkInstance() {
return sdkInstance;
}
/**
* Gets the instance of {@link RpcServerSslContextRefresher} for Cluster communication.
*
* @return The instance of {@link RpcServerSslContextRefresher} for Cluster communication.
*/
public static RpcServerSslContextRefresher getClusterInstance() {
return clusterInstance;
}
/**
* Initializes the holder by loading SSL context refreshers and matching them with the configured types (SDK and
* Cluster).
*/
private static void init() {
synchronized (RpcServerSslContextRefresherHolder.class) {
if (init) {
return instance;
}
RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance();
String sslContextRefresher = rpcServerTlsConfig.getSslContextRefresher();
if (StringUtils.isNotBlank(sslContextRefresher)) {
Collection<RpcServerSslContextRefresher> load = NacosServiceLoader
.load(RpcServerSslContextRefresher.class);
for (RpcServerSslContextRefresher contextRefresher : load) {
if (sslContextRefresher.equals(contextRefresher.getName())) {
instance = contextRefresher;
Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} Founded->{}", sslContextRefresher,
contextRefresher.getClass().getSimpleName());
break;
}
}
if (instance == null) {
Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} not found", sslContextRefresher);
}
} else {
Loggers.REMOTE
.info("No RpcServerSslContextRefresher specified,Ssl Context auto refresh not supported.");
}
Loggers.REMOTE.info("RpcServerSslContextRefresher init end");
init = true;
Properties properties = EnvUtil.getProperties();
RpcServerTlsConfig clusterServerTlsConfig = RpcServerTlsConfigFactory.getInstance().createClusterConfig(properties);
RpcServerTlsConfig sdkServerTlsConfig = RpcServerTlsConfigFactory.getInstance().createSdkConfig(properties);
Collection<RpcServerSslContextRefresher> refreshers = NacosServiceLoader.load(
RpcServerSslContextRefresher.class);
sdkInstance = getSslContextRefresher(refreshers, sdkServerTlsConfig);
clusterInstance = getSslContextRefresher(refreshers, clusterServerTlsConfig);
Loggers.REMOTE.info("RpcServerSslContextRefresher initialization completed.");
}
}
/**
* Initializes the SSL context refresher instance based on the specified configuration.
*
* @param refreshers Collection of SSL context refreshers to choose from.
* @param serverTlsConfig Configuration instance for the SSL context refresher.
* @return The instance of {@link RpcServerSslContextRefresher}.
*/
private static RpcServerSslContextRefresher getSslContextRefresher(
Collection<RpcServerSslContextRefresher> refreshers, RpcServerTlsConfig serverTlsConfig) {
String refresherName = serverTlsConfig.getSslContextRefresher();
RpcServerSslContextRefresher instance = null;
if (StringUtils.isNotBlank(refresherName)) {
for (RpcServerSslContextRefresher contextRefresher : refreshers) {
if (refresherName.equals(contextRefresher.getName())) {
instance = contextRefresher;
Loggers.REMOTE.info("RpcServerSslContextRefresher initialized using {}.",
contextRefresher.getClass().getSimpleName());
break;
}
}
if (instance == null) {
Loggers.REMOTE.warn("Failed to find RpcServerSslContextRefresher with name {}.", refresherName);
}
} else {
Loggers.REMOTE.info("Ssl Context auto refresh is not supported.");
}
return instance;
}
}

61
core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java
View File

@ -17,50 +17,57 @@
package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.common.remote.TlsConfig;
import com.alibaba.nacos.common.utils.JacksonUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.sys.utils.PropertiesUtil;
/**
* Grpc config.
* Represents the TLS configuration for an RPC server.
* This class extends TlsConfig to inherit common TLS configuration properties.
*
* @author githubcheng2978.
*/
public class RpcServerTlsConfig extends TlsConfig {
public static final String PREFIX = "nacos.remote.server.rpc.tls";
private static RpcServerTlsConfig instance;
/**
* The class representing the configuration for SSL context refreshing in the RPC server.
*/
private String sslContextRefresher = "";
/**
* Indicates whether compatibility mode is enabled.
*/
private Boolean compatibility = true;
public static synchronized RpcServerTlsConfig getInstance() {
if (null == instance) {
instance = PropertiesUtil.handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, RpcServerTlsConfig.class);
if (instance == null) {
Loggers.REMOTE.debug("TLS configuration is empty, use default value");
instance = new RpcServerTlsConfig();
}
}
Loggers.REMOTE.info("Nacos Rpc server tls config:{}", JacksonUtils.toJson(instance));
return instance;
}
/**
* Gets the compatibility mode status.
*
* @return true if compatibility mode is enabled, false otherwise.
*/
public Boolean getCompatibility() {
return compatibility;
}
/**
* Sets the compatibility mode status.
*
* @param compatibility true to enable compatibility mode, false otherwise.
*/
public void setCompatibility(Boolean compatibility) {
this.compatibility = compatibility;
}
/**
* Gets the SSL context refresher.
*
* @return the SSL context refresher.
*/
public String getSslContextRefresher() {
return sslContextRefresher;
}
/**
* Sets the SSL context refresher.
*
* @param sslContextRefresher the SSL context refresher to set.
*/
public void setSslContextRefresher(String sslContextRefresher) {
this.sslContextRefresher = sslContextRefresher;
}

103
core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfigFactory.java Normal file
View File

@ -0,0 +1,103 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.common.remote.client.RpcTlsConfigFactory;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import java.util.Properties;
import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_SERVER_RPC;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.COMPATIBILITY;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.MUTUAL_AUTH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.SSL_CONTEXT_REFRESHER;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_KEY;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CIPHERS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_ENABLE;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROTOCOLS;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROVIDER;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_ALL;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH;
import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_PWD;
/**
* RpcServerTlsConfigFactory.
*
* @author stone-98
* @date 2024/4/8
*/
public class RpcServerTlsConfigFactory implements RpcTlsConfigFactory {
private static RpcServerTlsConfigFactory instance;
private RpcServerTlsConfigFactory() {
}
public static synchronized RpcServerTlsConfigFactory getInstance() {
if (instance == null) {
instance = new RpcServerTlsConfigFactory();
}
return instance;
}
/**
* Create SDK client TLS config.
*
* @param properties Properties containing TLS configuration
* @return RpcClientTlsConfig object representing the TLS configuration
*/
@Override
public RpcServerTlsConfig createSdkConfig(Properties properties) {
return createServerTlsConfig(properties, NACOS_SERVER_RPC);
}
/**
* Create cluster client TLS config.
*
* @param properties Properties containing TLS configuration
* @return RpcClientTlsConfig object representing the TLS configuration
*/
@Override
public RpcServerTlsConfig createClusterConfig(Properties properties) {
return createServerTlsConfig(properties, RpcConstants.NACOS_PEER_RPC);
}
/**
* create sdk server tls config.
*
* @param properties properties
* @param prefix prefix
* @return
*/
public RpcServerTlsConfig createServerTlsConfig(Properties properties, String prefix) {
RpcServerTlsConfig tlsConfig = new RpcServerTlsConfig();
tlsConfig.setEnableTls(getBooleanProperty(properties, prefix + TLS_ENABLE, false));
tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, prefix + MUTUAL_AUTH, false));
tlsConfig.setProtocols(properties.getProperty(prefix + TLS_PROTOCOLS));
tlsConfig.setCiphers(properties.getProperty(prefix + TLS_CIPHERS));
tlsConfig.setTrustCollectionCertFile(properties.getProperty(prefix + TLS_TRUST_COLLECTION_CHAIN_PATH));
tlsConfig.setCertChainFile(properties.getProperty(prefix + TLS_CERT_CHAIN_PATH));
tlsConfig.setCertPrivateKey(properties.getProperty(prefix + TLS_CERT_KEY));
tlsConfig.setTrustAll(getBooleanProperty(properties, prefix + TLS_TRUST_ALL, true));
tlsConfig.setCertPrivateKeyPassword(properties.getProperty(prefix + TLS_TRUST_PWD));
tlsConfig.setSslProvider(properties.getProperty(prefix + TLS_PROVIDER));
tlsConfig.setSslContextRefresher(properties.getProperty(prefix + SSL_CONTEXT_REFRESHER));
tlsConfig.setCompatibility(getBooleanProperty(properties, prefix + COMPATIBILITY, true));
return tlsConfig;
}
}

3
core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder
View File

@ -14,4 +14,5 @@
# limitations under the License.
#
com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder
com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder
com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder

71
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingletonTest.java Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.mock.env.MockEnvironment;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertSame;
/**
* Test ClusterProtocolNegotiatorBuilderSingleton.
*
* @author stone-98
* @date 2024/2/21
*/
public class ClusterProtocolNegotiatorBuilderSingletonTest {
@Before
public void setUp() throws Exception {
ConfigurableEnvironment environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
}
@After
public void tearDown() throws Exception {
}
@Test
public void testSingletonInstance() {
AbstractProtocolNegotiatorBuilderSingleton singleton1 = ClusterProtocolNegotiatorBuilderSingleton.getSingleton();
AbstractProtocolNegotiatorBuilderSingleton singleton2 = ClusterProtocolNegotiatorBuilderSingleton.getSingleton();
assertSame(singleton1, singleton2);
}
@Test
public void testDefaultBuilderPair() {
Pair<String, ProtocolNegotiatorBuilder> defaultPair = ClusterProtocolNegotiatorBuilderSingleton.getSingleton()
.defaultBuilderPair();
assertNotNull(defaultPair);
assertEquals(ClusterProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, defaultPair.getFirst());
assertNotNull(defaultPair.getSecond());
}
@Test
public void testType() {
String type = ClusterProtocolNegotiatorBuilderSingleton.getSingleton().type();
assertNotNull(type);
assertEquals(ClusterProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, type);
}
}

71
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingletonTest.java Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator;
import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.mock.env.MockEnvironment;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertSame;
/**
* Test SdkProtocolNegotiatorBuilderSingleton.
*
* @author stone-98
* @date 2024/2/21
*/
public class SdkProtocolNegotiatorBuilderSingletonTest {
@Before
public void setUp() throws Exception {
ConfigurableEnvironment environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
}
@After
public void tearDown() throws Exception {
}
@Test
public void testSingletonInstance() {
AbstractProtocolNegotiatorBuilderSingleton singleton1 = SdkProtocolNegotiatorBuilderSingleton.getSingleton();
AbstractProtocolNegotiatorBuilderSingleton singleton2 = SdkProtocolNegotiatorBuilderSingleton.getSingleton();
assertSame(singleton1, singleton2);
}
@Test
public void testDefaultBuilderPair() {
Pair<String, ProtocolNegotiatorBuilder> defaultPair = SdkProtocolNegotiatorBuilderSingleton.getSingleton()
.defaultBuilderPair();
assertNotNull(defaultPair);
assertEquals(SdkProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, defaultPair.getFirst());
assertNotNull(defaultPair.getSecond());
}
@Test
public void testType() {
String type = SdkProtocolNegotiatorBuilderSingleton.getSingleton().type();
assertNotNull(type);
assertEquals(SdkProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, type);
}
}

84
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.mock.env.MockEnvironment;
import java.util.Properties;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
/**
* Test ClusterDefaultTlsProtocolNegotiatorBuilder.
*
* @author stone-98
* @date 2023/12/25
*/
public class ClusterDefaultTlsProtocolNegotiatorBuilderTest {
private ConfigurableEnvironment environment;
private ClusterDefaultTlsProtocolNegotiatorBuilder builder;
@Before
public void setUp() {
environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
builder = new ClusterDefaultTlsProtocolNegotiatorBuilder();
}
@After
public void tearDown() throws NoSuchFieldException, IllegalAccessException {
}
@Test
public void testBuildTlsDisabled() {
assertNull(builder.build());
}
@Test
public void testBuildTlsEnabled() {
Properties properties = new Properties();
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".enableTls", "true");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".compatibility", "false");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".ciphers",
"ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".protocols", "TLSv1.2,TLSv1.3");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".certPrivateKey", "test-server-key.pem");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".certChainFile", "test-server-cert.pem");
properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".trustCollectionCertFile",
"test-ca-cert.pem");
PropertiesPropertySource propertySource = new PropertiesPropertySource("myPropertySource", properties);
MutablePropertySources propertySources = environment.getPropertySources();
propertySources.addLast(propertySource);
NacosGrpcProtocolNegotiator negotiator = builder.build();
assertNotNull(negotiator);
}
}

120
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java
View File

@ -1,120 +0,0 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.mock.env.MockEnvironment;
import java.lang.reflect.Field;
public class DefaultTlsContextBuilderTest {
private ConfigurableEnvironment environment;
@Before
public void setUp() throws Exception {
environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
RpcServerTlsConfig.getInstance().setEnableTls(true);
}
@After
public void tearDown() throws Exception {
RpcServerTlsConfig.getInstance().setEnableTls(false);
RpcServerTlsConfig.getInstance().setTrustAll(false);
RpcServerTlsConfig.getInstance().setMutualAuthEnable(false);
RpcServerTlsConfig.getInstance().setCertChainFile(null);
RpcServerTlsConfig.getInstance().setCertPrivateKey(null);
RpcServerTlsConfig.getInstance().setCiphers(null);
RpcServerTlsConfig.getInstance().setProtocols(null);
RpcServerTlsConfig.getInstance().setTrustCollectionCertFile(null);
RpcServerTlsConfig.getInstance().setSslProvider("");
clearRpcServerTlsConfigInstance();
}
@Test(expected = IllegalArgumentException.class)
public void testGetSslContextIllegal() {
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
@Test
public void testGetSslContextWithoutMutual() {
RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
grpcServerConfig.setCertPrivateKey("test-server-key.pem");
grpcServerConfig.setCertChainFile("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
@Test
public void testGetSslContextWithMutual() {
RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
grpcServerConfig.setTrustAll(true);
grpcServerConfig.setMutualAuthEnable(true);
grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
grpcServerConfig.setCertPrivateKey("test-server-key.pem");
grpcServerConfig.setCertChainFile("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
@Test
public void testGetSslContextWithMutualAndPart() {
RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
grpcServerConfig.setMutualAuthEnable(true);
grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
grpcServerConfig.setCertPrivateKey("test-server-key.pem");
grpcServerConfig.setCertChainFile("test-server-cert.pem");
grpcServerConfig.setTrustCollectionCertFile("test-ca-cert.pem");
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
@Test(expected = IllegalArgumentException.class)
public void testGetSslContextWithMutualAndPartIllegal() {
RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
grpcServerConfig.setMutualAuthEnable(true);
grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
grpcServerConfig.setCertPrivateKey("test-server-key.pem");
grpcServerConfig.setCertChainFile("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
@Test(expected = NacosRuntimeException.class)
public void testGetSslContextForNonExistFile() {
RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance();
grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3");
grpcServerConfig.setCertPrivateKey("non-exist-server-key.pem");
grpcServerConfig.setCertChainFile("non-exist-cert.pem");
DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance());
}
private static void clearRpcServerTlsConfigInstance() throws Exception {
Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance");
instanceField.setAccessible(true);
instanceField.set(null, null);
}
}

53
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 1999-2020 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.core.env.ConfigurableEnvironment;
/**
* Test RpcServerSslContextRefresherHolder.
*
* @author stone-98
*/
@RunWith(MockitoJUnitRunner.class)
public class RpcServerSslContextRefresherHolderTest {
@Mock
private ConfigurableEnvironment environment;
@Before
public void setUp() {
EnvUtil.setEnvironment(environment);
}
@After
public void tearDown() {
}
@Test
public void testInit() {
}
}

110
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java Normal file
View File

@ -0,0 +1,110 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.mock.env.MockEnvironment;
import static org.mockito.Mockito.when;
/**
* {@link DefaultTlsContextBuilder} unit test.
*
* @author stone-98
* @date 2024-03-11 17:11
*/
@RunWith(MockitoJUnitRunner.class)
public class SdkDefaultTlsContextBuilderTest {
private ConfigurableEnvironment environment;
@Mock
private RpcServerTlsConfig rpcServerTlsConfig;
@Before
public void setUp() throws Exception {
environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
}
@After
public void tearDown() throws Exception {
}
@Test(expected = IllegalArgumentException.class)
public void testGetSslContextIllegal() {
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
@Test
public void testGetSslContextWithoutMutual() {
when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
@Test
public void testGetSslContextWithMutual() {
when(rpcServerTlsConfig.getTrustAll()).thenReturn(true);
when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true);
when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
@Test
public void testGetSslContextWithMutualAndPart() {
when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true);
when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
when(rpcServerTlsConfig.getTrustCollectionCertFile()).thenReturn("test-ca-cert.pem");
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
@Test(expected = IllegalArgumentException.class)
public void testGetSslContextWithMutualAndPartIllegal() {
when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true);
when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384");
when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3");
when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem");
when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem");
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
@Test(expected = NacosRuntimeException.class)
public void testGetSslContextForNonExistFile() {
when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("non-exist-server-key.pem");
when(rpcServerTlsConfig.getCertChainFile()).thenReturn("non-exist-cert.pem");
DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig);
}
}

52
core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java → core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java
View File

@ -16,56 +16,58 @@
package com.alibaba.nacos.core.remote.grpc.negotiator.tls;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.mock.env.MockEnvironment;
import java.lang.reflect.Field;
import java.util.Properties;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class SdkDefaultTlsProtocolNegotiatorBuilderTest {
public class DefaultTlsProtocolNegotiatorBuilderTest {
private ConfigurableEnvironment environment;
private DefaultTlsProtocolNegotiatorBuilder builder;
private SdkDefaultTlsProtocolNegotiatorBuilder builder;
@Mock
private Properties properties;
@Before
public void setUp() throws Exception {
environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
builder = new DefaultTlsProtocolNegotiatorBuilder();
builder = new SdkDefaultTlsProtocolNegotiatorBuilder();
}
@After
public void tearDown() throws Exception {
RpcServerTlsConfig.getInstance().setEnableTls(false);
RpcServerTlsConfig.getInstance().setCertChainFile(null);
RpcServerTlsConfig.getInstance().setCertPrivateKey(null);
clearRpcServerTlsConfigInstance();
}
@Test
public void testBuildDisabled() {
assertNull(builder.build());
}
@Test
public void testBuildEnabled() {
RpcServerTlsConfig.getInstance().setEnableTls(true);
RpcServerTlsConfig.getInstance().setCertPrivateKey("test-server-key.pem");
RpcServerTlsConfig.getInstance().setCertChainFile("test-server-cert.pem");
final MockedStatic<EnvUtil> envUtilMockedStatic = Mockito.mockStatic(EnvUtil.class);
when(EnvUtil.getProperties()).thenReturn(properties);
when(properties.getProperty("nacos.remote.server.rpc.tls.enableTls")).thenReturn("true");
when(properties.getProperty("nacos.remote.server.rpc.tls.certPrivateKey")).thenReturn("test-server-key.pem");
when(properties.getProperty("nacos.remote.server.rpc.tls.certChainFile")).thenReturn("test-server-cert.pem");
assertNotNull(builder.build());
envUtilMockedStatic.close();
}
private static void clearRpcServerTlsConfigInstance() throws Exception {
Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance");
instanceField.setAccessible(true);
instanceField.set(null, null);
}
}
}

48
core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.core.remote.BaseRpcServer;
public class RpcClusterServerSslContextRefresherTest implements RpcServerSslContextRefresher {
@Override
public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) {
return new SslContextChangeAware() {
@Override
public void init(BaseRpcServer baseRpcServer) {
}
@Override
public void onSslContextChange() {
}
@Override
public void shutdown() {
}
};
}
@Override
public String getName() {
return "cluster-refresher-test";
}
}

48
core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright 1999-2021 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.alibaba.nacos.core.remote.tls;
import com.alibaba.nacos.core.remote.BaseRpcServer;
public class RpcSdkServerSslContextRefresherTest implements RpcServerSslContextRefresher {
@Override
public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) {
return new SslContextChangeAware() {
@Override
public void init(BaseRpcServer baseRpcServer) {
}
@Override
public void onSslContextChange() {
}
@Override
public void shutdown() {
}
};
}
@Override
public String getName() {
return "sdk-refresher-test";
}
}

18
core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright 1999-2021 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
com.alibaba.nacos.core.remote.tls.RpcSdkServerSslContextRefresherTest
com.alibaba.nacos.core.remote.tls.RpcClusterServerSslContextRefresherTest

20
sys/src/main/java/com/alibaba/nacos/sys/env/EnvUtil.java vendored
View File

@ -24,8 +24,10 @@ import com.alibaba.nacos.plugin.environment.CustomEnvironmentPluginManager;
import com.alibaba.nacos.sys.utils.DiskUtils;
import com.alibaba.nacos.sys.utils.InetUtils;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.MapPropertySource;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertySource;
import org.springframework.core.io.InputStreamResource;
import org.springframework.core.io.Resource;
@ -43,6 +45,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.HashMap;
@ -169,6 +172,23 @@ public class EnvUtil {
public static <T> T getRequiredProperty(String key, Class<T> targetType) throws IllegalStateException {
return environment.getRequiredProperty(key, targetType);
}
public static Properties getProperties() {
Properties properties = new Properties();
for (PropertySource<?> propertySource : environment.getPropertySources()) {
if (propertySource instanceof EnumerablePropertySource) {
EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) propertySource;
String[] propertyNames = enumerablePropertySource.getPropertyNames();
for (String propertyName : propertyNames) {
Object propertyValue = enumerablePropertySource.getProperty(propertyName);
if (propertyValue != null) {
properties.put(propertyName, propertyValue.toString());
}
}
}
}
return properties;
}
public static String resolvePlaceholders(String text) {
return environment.resolvePlaceholders(text);

35
test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java
View File

@ -23,13 +23,15 @@ import com.alibaba.nacos.api.config.ConfigService;
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.*;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.MethodSorters;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.web.server.LocalServerPort;
import org.springframework.test.context.junit4.SpringRunner;
import java.io.IOException;
@ -46,36 +48,27 @@ import java.util.concurrent.atomic.AtomicInteger;
*/
@RunWith(SpringRunner.class)
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@SpringBootTest(classes = {Nacos.class},
properties = {
"nacos.standalone=true",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".compatibility=true",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".compatibility=true",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC
+ ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class NacosConfigServiceComTlsGrpcClient_CITCase {
public static AtomicInteger increment = new AtomicInteger(100);
@LocalServerPort
private int port;
@BeforeClass
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceComTlsGrpcClient_CITCase.class.getSimpleName());
}
@BeforeClass
@AfterClass
public static void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
public void test_e_TlsServerAndPlainClient() throws Exception {
public void test_e_TlsServerAndPlainClient() throws Exception {
Properties propertiesfalse = new Properties();
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false");
propertiesfalse.put("serverAddr", "127.0.0.1");

29
test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java
View File

@ -23,7 +23,6 @@ import com.alibaba.nacos.api.config.ConfigService;
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.AfterClass;
import org.junit.Assert;
@ -47,30 +46,25 @@ import java.util.concurrent.atomic.AtomicInteger;
* @author githubcheng2978.
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = {Nacos.class},
properties = {
"nacos.standalone=true",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC
+ ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class NacosConfigServiceNoComTlsGrpcClient_CITCase {
public static AtomicInteger increment = new AtomicInteger(100);
@BeforeClass
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceNoComTlsGrpcClient_CITCase.class.getSimpleName());
}
@BeforeClass
@AfterClass
public static void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
@Ignore("TODO, Fix cert expired problem")
public void test_e_TlsServerAndTlsClient() throws Exception {
@ -83,7 +77,8 @@ public class NacosConfigServiceNoComTlsGrpcClient_CITCase {
String content = UUID.randomUUID().toString();
String dataId = "test-group" + increment.getAndIncrement();
String groupId = "test-data" + increment.getAndIncrement();
boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(), "test-data" + increment.getAndIncrement(), content);
boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(),
"test-data" + increment.getAndIncrement(), content);
CountDownLatch latch = new CountDownLatch(1);
configService.addListener(dataId, groupId, new AbstractConfigChangeListener() {
@Override
@ -99,9 +94,9 @@ public class NacosConfigServiceNoComTlsGrpcClient_CITCase {
latch.await(5, TimeUnit.SECONDS);
Assert.assertTrue(b);
}
@Test
public void test_e_TlsServerAndPlainClient() throws Exception {
public void test_e_TlsServerAndPlainClient() throws Exception {
Properties propertiesfalse = new Properties();
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false");
propertiesfalse.put("serverAddr", "127.0.0.1");

52
test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java
View File

@ -14,7 +14,6 @@
* limitations under the License.
*/
package com.alibaba.nacos.test.config;
import com.alibaba.nacos.Nacos;
@ -24,7 +23,6 @@ import com.alibaba.nacos.api.config.ConfigService;
import com.alibaba.nacos.client.config.NacosConfigService;
import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.test.base.ConfigCleanUtils;
import org.junit.After;
import org.junit.Assert;
@ -48,43 +46,37 @@ import java.util.concurrent.atomic.AtomicInteger;
* @author githubcheng2978.
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = {Nacos.class},
properties = {
"nacos.standalone=true",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem",
RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem", RpcConstants.NACOS_SERVER_RPC
+ ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class NacosConfigV2MutualAuth_CITCase {
public static AtomicInteger increment = new AtomicInteger(100);
@BeforeClass
public static void beforeClass() throws IOException {
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigV2MutualAuth_CITCase.class.getSimpleName());
}
@After
public void cleanClientCache() throws Exception {
public void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
@Ignore("TODO, Fix cert expired problem")
public void test_d_MutualAuth() throws Exception {
Properties propertiesfalse = new Properties();
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem");
propertiesfalse.put("serverAddr", "127.0.0.1");
ConfigService configServiceFalse = new NacosConfigService(propertiesfalse);
String dataId = "test-group" + increment.getAndIncrement();
@ -106,14 +98,14 @@ public class NacosConfigV2MutualAuth_CITCase {
latch2.await(5, TimeUnit.SECONDS);
Assert.assertTrue(res);
}
@Test
public void test_d_MutualAuthButClientNot() throws Exception {
Properties propertiesfalse = new Properties();
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-client-cert.pem");
propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-client-cert.pem");
propertiesfalse.put("serverAddr", "127.0.0.1");
ConfigService configServiceFalse = new NacosConfigService(propertiesfalse);
String dataId = "test-group" + increment.getAndIncrement();

58
test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java
View File

@ -14,7 +14,6 @@
* limitations under the License.
*/
package com.alibaba.nacos.test.client;
import com.alibaba.nacos.Nacos;
@ -25,7 +24,7 @@ import com.alibaba.nacos.common.remote.client.Connection;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.AfterClass;
import org.junit.Assert;
@ -45,89 +44,88 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
/**
* use configPublishRequest for communication verification between client and server
* use configPublishRequest for communication verification between client and server.
*
* @author githubcheng2978
*/
@RunWith(SpringRunner.class)
@TestConfiguration
@SpringBootTest(classes = {Nacos.class},
properties = {
"server.servlet.context-path=/nacos",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"server.servlet.context-path=/nacos",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC
+ ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@Ignore("TODO, Fix cert expired problem")
public class ConfigIntegrationV1ServerNonCompatibility_CITCase {
public static AtomicInteger increment = new AtomicInteger(100);
@LocalServerPort
private int port;
@BeforeClass
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName());
ConfigCleanUtils.changeToNewTestNacosHome(
ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName());
}
@BeforeClass
@AfterClass
public static void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
public void test_a_TlsServer() throws Exception {
RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null);
RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), null);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
Connection connection = client.connectToServer(serverInfo);
Assert.assertNull(connection);
}
@Test
public void test_b_ServerTlsTrustAll() throws Exception {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setTrustAll(true);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequest = new ConfigPublishRequest();
String content = UUID.randomUUID().toString();
configPublishRequest.setContent(content);
configPublishRequest.setGroup("test-group" + increment.getAndIncrement());
configPublishRequest.setDataId("test-data" + increment.getAndIncrement());
Response response = connectionTrustCa.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3));
Assert.assertTrue(response.isSuccess());
connectionTrustCa.close();
}
@Test
public void test_c_ServerTlsTrustCa() throws Exception {
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem");
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest();
String contentCa = UUID.randomUUID().toString();
configPublishRequestCa.setContent(contentCa);
configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement());
configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement());

71
test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java
View File

@ -25,9 +25,13 @@ import com.alibaba.nacos.common.remote.client.Connection;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.*;
import org.junit.After;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.web.server.LocalServerPort;
@ -40,79 +44,76 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
/**
* use configPublishRequest for communication verification between client and server
* use configPublishRequest for communication verification between client and server.
*
* @author githubcheng2978
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = {Nacos.class},
properties = {
"nacos.standalone=true",
RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true",
RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem",
RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem",
RpcConstants.NACOS_SERVER_RPC + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class ConfigIntegrationV2MutualAuth_CITCase {
@LocalServerPort
private int port;
public static AtomicInteger increment = new AtomicInteger(100);
@BeforeClass
public static void beforeClass() throws IOException {
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV2MutualAuth_CITCase.class.getSimpleName());
}
@After
public void cleanClientCache() throws Exception {
public void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
@Ignore("TODO, fix the cert expired problem")
public void test_d_MutualAuth() throws Exception {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setMutualAuthEnable(true);
tlsConfig.setCertChainFile("test-client-cert.pem");
tlsConfig.setCertPrivateKey("test-client-key.pem");
tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem");
RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
Connection connection = client.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequest = new ConfigPublishRequest();
String content = UUID.randomUUID().toString();
configPublishRequest.setContent(content);
configPublishRequest.setGroup("test-group"+increment.getAndIncrement());
configPublishRequest.setDataId("test-data"+increment.getAndIncrement());
configPublishRequest.setGroup("test-group" + increment.getAndIncrement());
configPublishRequest.setDataId("test-data" + increment.getAndIncrement());
configPublishRequest.setRequestId(content);
Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(5));
Assert.assertTrue(response.isSuccess());
connection.close();
}
@Test
public void test_e_ServerMutualAuthOnly() throws Exception {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem");
RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);

58
test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java
View File

@ -25,10 +25,14 @@ import com.alibaba.nacos.common.remote.client.Connection;
import com.alibaba.nacos.common.remote.client.RpcClient;
import com.alibaba.nacos.common.remote.client.RpcClientFactory;
import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.test.ConfigCleanUtils;
import org.junit.*;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.web.server.LocalServerPort;
@ -46,44 +50,40 @@ import java.util.concurrent.atomic.AtomicInteger;
* @author githubcheng2978
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = {Nacos.class},
properties = {
"nacos.standalone=true",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem",
RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class ConfigIntegrationV3_CITCase {
@LocalServerPort
private int port;
public static AtomicInteger increment = new AtomicInteger(100);
@BeforeClass
public static void beforeClass() throws IOException {
ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV3_CITCase.class.getSimpleName());
}
@BeforeClass
@AfterClass
public static void cleanClientCache() throws Exception {
ConfigCleanUtils.cleanClientCache();
}
@Test
public void test_e_TlsServerAndPlainClient() throws Exception {
RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null);
RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), null);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
Connection connection = client.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequest = new ConfigPublishRequest();
String content = UUID.randomUUID().toString();
configPublishRequest.setContent(content);
configPublishRequest.setGroup("test-group" + increment.getAndIncrement());
configPublishRequest.setDataId("test-data" + increment.getAndIncrement());
@ -91,19 +91,18 @@ public class ConfigIntegrationV3_CITCase {
Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3));
Assert.assertTrue(response.isSuccess());
connection.close();
}
@Test
public void test_f_ServerTlsTrustAll() throws Exception {
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setTrustAll(true);
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(port);
RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Connection connectionTrustAll = clientTrustAll.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequest = new ConfigPublishRequest();
String content = UUID.randomUUID().toString();
@ -113,25 +112,26 @@ public class ConfigIntegrationV3_CITCase {
Response response = connectionTrustAll.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3));
Assert.assertTrue(response.isSuccess());
connectionTrustAll.close();
}
@Test
@Ignore("TODO, Fix cert expired problem")
public void test_g_ServerTlsTrustCa() throws Exception {
RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo();
serverInfo.setServerIp("127.0.0.1");
serverInfo.setServerPort(EnvUtil.getPort());
RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig();
tlsConfig.setEnableTls(true);
tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem");
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC,
Collections.singletonMap("labelKey", "labelValue"), tlsConfig);
Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo);
ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest();
String contentCa = UUID.randomUUID().toString();
configPublishRequestCa.setContent(contentCa);
configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement());
configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement());

54
test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java
View File

@ -27,7 +27,7 @@ import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.api.naming.pojo.Service;
import com.alibaba.nacos.api.selector.ExpressionSelector;
import com.alibaba.nacos.api.selector.NoneSelector;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@ -45,43 +45,45 @@ import java.util.concurrent.TimeUnit;
import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName;
/**
* NamingCompatibilityServiceTls_ITCase.
*
* @author githucheng2978.
* @date .
**/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = Nacos.class, properties = {
"server.servlet.context-path=/nacos",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".compatibility=true",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=true",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem",
RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class NamingCompatibilityServiceTls_ITCase {
private NamingMaintainService namingMaintainService;
private NamingService namingService;
private Instance instance;
private String serviceName;
@LocalServerPort
private int port;
@Before
public void init() throws Exception {
NamingBase.prepareServer(port);
if (namingMaintainService == null) {
TimeUnit.SECONDS.sleep(10);
namingMaintainService = NamingMaintainFactory.createMaintainService("127.0.0.1" + ":" + port);
}
if (namingService == null) {
TimeUnit.SECONDS.sleep(10);
namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port);
}
instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
@ -91,11 +93,11 @@ public class NamingCompatibilityServiceTls_ITCase {
map.put("netType", "external");
map.put("version", "1.0");
instance.setMetadata(map);
serviceName = randomDomainName();
}
@Test
public void updateInstance() throws NacosException, InterruptedException {
Map<String, String> map = new HashMap<String, String>();
@ -110,7 +112,7 @@ public class NamingCompatibilityServiceTls_ITCase {
Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version"));
System.out.println(instances.get(0));
}
@Test
public void updateInstanceWithDisable() throws NacosException, InterruptedException {
Map<String, String> map = new HashMap<String, String>();
@ -124,7 +126,7 @@ public class NamingCompatibilityServiceTls_ITCase {
List<Instance> instances = namingService.getAllInstances(serviceName, false);
Assert.assertEquals(0, instances.size());
}
@Test
public void createAndUpdateService() throws NacosException {
String serviceName = randomDomainName();
@ -138,13 +140,13 @@ public class NamingCompatibilityServiceTls_ITCase {
preService.setMetadata(metadata);
ExpressionSelector selector = new ExpressionSelector();
selector.setExpression("CONSUMER.label.A=PROVIDER.label.A &CONSUMER.label.B=PROVIDER.label.B");
System.out.println("service info : " + preService);
namingMaintainService.createService(preService, selector);
Service remoteService = namingMaintainService.queryService(serviceName);
System.out.println("remote service info : " + remoteService);
Assert.assertEquals(preService.toString(), remoteService.toString());
// update service
Service nowService = new Service();
nowService.setName(serviceName);
@ -153,13 +155,13 @@ public class NamingCompatibilityServiceTls_ITCase {
metadata.clear();
metadata.put(serviceName, "this is a update metadata");
nowService.setMetadata(metadata);
namingMaintainService.updateService(nowService, new NoneSelector());
remoteService = namingMaintainService.queryService(serviceName);
System.out.println("remote service info : " + remoteService);
Assert.assertEquals(nowService.toString(), remoteService.toString());
}
@Test
public void deleteService() throws NacosException {
String serviceName = randomDomainName();
@ -167,7 +169,7 @@ public class NamingCompatibilityServiceTls_ITCase {
preService.setName(serviceName);
System.out.println("service info : " + preService);
namingMaintainService.createService(preService, new NoneSelector());
Assert.assertTrue(namingMaintainService.deleteService(serviceName));
}

79
test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java
View File

@ -23,7 +23,6 @@ import com.alibaba.nacos.api.naming.NamingFactory;
import com.alibaba.nacos.api.naming.NamingService;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import org.junit.After;
import org.junit.Assert;
import org.junit.FixMethodOrder;
@ -43,38 +42,36 @@ import java.util.concurrent.TimeUnit;
import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName;
/**
* NamingTlsServiceAndMutualAuth_ITCase.
*
* @author githucheng2978.
* @date .
**/
@RunWith(SpringRunner.class)
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@SpringBootTest(classes = Nacos.class, properties = {
"server.servlet.context-path=/nacos",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem",
RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem", RpcConstants.NACOS_SERVER_RPC
+ ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@Ignore("TODO, Fix cert expired problem")
public class NamingTlsServiceAndMutualAuth_ITCase {
@LocalServerPort
private int port;
@Test
public void test_a_MutualAuth() throws NacosException {
String serviceName = randomDomainName();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true");
Instance instance = new Instance();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true");
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
@ -94,19 +91,19 @@ public class NamingTlsServiceAndMutualAuth_ITCase {
Assert.assertEquals(instances.size(), 1);
Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version"));
namingService.shutDown();
}
@Test(expected = NacosException.class)
public void test_b_MutualAuthClientTrustCa() throws NacosException {
String serviceName = randomDomainName();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem");
Instance instance = new Instance();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem");
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
@ -118,18 +115,18 @@ public class NamingTlsServiceAndMutualAuth_ITCase {
instance.setMetadata(map);
namingService.registerInstance(serviceName, instance);
namingService.shutDown();
}
@Test(expected = NacosException.class)
public void test_c_MutualAuthClientTrustALl() throws NacosException {
String serviceName = randomDomainName();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true");
Instance instance = new Instance();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true");
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
@ -142,9 +139,9 @@ public class NamingTlsServiceAndMutualAuth_ITCase {
namingService.registerInstance(serviceName, instance);
namingService.shutDown();
}
@After
public void after(){
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"");
public void after() {
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "");
}
}

50
test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java
View File

@ -23,7 +23,6 @@ import com.alibaba.nacos.api.naming.NamingFactory;
import com.alibaba.nacos.api.naming.NamingService;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.common.remote.client.RpcConstants;
import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Ignore;
@ -42,30 +41,29 @@ import java.util.concurrent.TimeUnit;
import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName;
/**
* NamingTlsServiceTls_ITCase.
*
* @author githucheng2978.
* @date .
**/
@RunWith(SpringRunner.class)
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@SpringBootTest(classes = Nacos.class, properties = {
"server.servlet.context-path=/nacos",
RpcServerTlsConfig.PREFIX+".enableTls=true",
RpcServerTlsConfig.PREFIX+".compatibility=false",
RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem",
RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem",
},
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos",
RpcConstants.NACOS_SERVER_RPC + ".enableTls=true",
RpcConstants.NACOS_SERVER_RPC + ".compatibility=false",
RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC
+ ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@Ignore("TODO, Fix cert expired problem")
public class NamingTlsServiceTls_ITCase {
@LocalServerPort
private int port;
@Test(expected = NacosException.class)
public void Tls_a_ServerAndPlainClient() throws NacosException {
Instance instance = new Instance();
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
@ -76,20 +74,20 @@ public class NamingTlsServiceTls_ITCase {
map.put("version", "2.0");
namingService.registerInstance(randomDomainName(), instance);
namingService.shutDown();
}
@Test
public void Tls_b_ServerAndTlsClientTrustCa() throws NacosException {
String serviceName = randomDomainName();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem");
Instance instance = new Instance();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem");
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME);
NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port);
NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port);
Map<String, String> map = new HashMap<String, String>();
map.put("netType", "external-update");
map.put("version", "2.0");
@ -105,20 +103,20 @@ public class NamingTlsServiceTls_ITCase {
Assert.assertEquals(instances.size(), 1);
Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version"));
namingService.shutDown();
}
@Test
public void Tls_c_ServerAndTlsClientAll() throws NacosException {
String serviceName = randomDomainName();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true");
Instance instance = new Instance();
System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true");
System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true");
Instance instance = new Instance();
instance.setIp("127.0.0.1");
instance.setPort(8081);
instance.setWeight(2);
instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME);
NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port);
NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port);
Map<String, String> map = new HashMap<String, String>();
map.put("netType", "external-update");
map.put("version", "2.0");