From e93cfacf1f0bac3e8146b07c3417c90ea4bf759d Mon Sep 17 00:00:00 2001 From: "Mark S. Lewis" Date: Fri, 5 May 2023 16:27:22 +0100 Subject: [PATCH] Use Java gRPC instead of Netty API to establish TLS connections Include specific gRPC TLS implementation in dependencies instead of relying on an appropriate one to be present as a transitive dependency. Signed-off-by: Mark S. Lewis --- .../application-gateway-java/build.gradle | 7 ++++--- .../src/main/java/App.java | 16 ++++++++-------- .../application-gateway-java/build.gradle | 7 ++++--- .../src/main/java/Connections.java | 16 ++++++++-------- off_chain_data/application-java/app/build.gradle | 9 +++++---- .../app/src/main/java/Connections.java | 16 ++++++++-------- 6 files changed, 37 insertions(+), 34 deletions(-) diff --git a/asset-transfer-basic/application-gateway-java/build.gradle b/asset-transfer-basic/application-gateway-java/build.gradle index 01fa3941..5841fd47 100644 --- a/asset-transfer-basic/application-gateway-java/build.gradle +++ b/asset-transfer-basic/application-gateway-java/build.gradle @@ -19,9 +19,10 @@ repositories { } dependencies { - implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1' - implementation 'io.grpc:grpc-netty-shaded:1.50.1' - implementation 'com.google.code.gson:gson:2.9.1' + implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2' + compileOnly 'io.grpc:grpc-api:1.54.1' + runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1' + implementation 'com.google.code.gson:gson:2.10.1' } java { diff --git a/asset-transfer-basic/application-gateway-java/src/main/java/App.java b/asset-transfer-basic/application-gateway-java/src/main/java/App.java index 7fcf3962..3786a2ba 100644 --- a/asset-transfer-basic/application-gateway-java/src/main/java/App.java +++ b/asset-transfer-basic/application-gateway-java/src/main/java/App.java @@ -7,9 +7,9 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonParser; +import io.grpc.Grpc; import io.grpc.ManagedChannel; -import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder; +import io.grpc.TlsChannelCredentials; import org.hyperledger.fabric.client.CommitException; import org.hyperledger.fabric.client.CommitStatusException; import org.hyperledger.fabric.client.Contract; @@ -74,12 +74,12 @@ public final class App { } } - private static ManagedChannel newGrpcConnection() throws IOException, CertificateException { - var tlsCertReader = Files.newBufferedReader(TLS_CERT_PATH); - var tlsCert = Identities.readX509Certificate(tlsCertReader); - - return NettyChannelBuilder.forTarget(PEER_ENDPOINT) - .sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(OVERRIDE_AUTH) + private static ManagedChannel newGrpcConnection() throws IOException { + var credentials = TlsChannelCredentials.newBuilder() + .trustManager(TLS_CERT_PATH.toFile()) + .build(); + return Grpc.newChannelBuilder(PEER_ENDPOINT, credentials) + .overrideAuthority(OVERRIDE_AUTH) .build(); } diff --git a/asset-transfer-events/application-gateway-java/build.gradle b/asset-transfer-events/application-gateway-java/build.gradle index 1a5d8733..1ed4b464 100644 --- a/asset-transfer-events/application-gateway-java/build.gradle +++ b/asset-transfer-events/application-gateway-java/build.gradle @@ -8,9 +8,10 @@ repositories { } dependencies { - implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1' - implementation 'io.grpc:grpc-netty-shaded:1.50.1' - implementation 'com.google.code.gson:gson:2.9.1' + implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2' + compileOnly 'io.grpc:grpc-api:1.54.1' + runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1' + implementation 'com.google.code.gson:gson:2.10.1' } java { diff --git a/asset-transfer-events/application-gateway-java/src/main/java/Connections.java b/asset-transfer-events/application-gateway-java/src/main/java/Connections.java index ae65625a..5342ca87 100644 --- a/asset-transfer-events/application-gateway-java/src/main/java/Connections.java +++ b/asset-transfer-events/application-gateway-java/src/main/java/Connections.java @@ -4,9 +4,9 @@ * SPDX-License-Identifier: Apache-2.0 */ +import io.grpc.Grpc; import io.grpc.ManagedChannel; -import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder; +import io.grpc.TlsChannelCredentials; import org.hyperledger.fabric.client.identity.Identities; import org.hyperledger.fabric.client.identity.Identity; import org.hyperledger.fabric.client.identity.Signer; @@ -40,12 +40,12 @@ public final class Connections { // Private constructor to prevent instantiation } - public static ManagedChannel newGrpcConnection() throws IOException, CertificateException { - var tlsCertReader = Files.newBufferedReader(tlsCertPath); - var tlsCert = Identities.readX509Certificate(tlsCertReader); - - return NettyChannelBuilder.forTarget(peerEndpoint) - .sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(overrideAuth) + public static ManagedChannel newGrpcConnection() throws IOException { + var credentials = TlsChannelCredentials.newBuilder() + .trustManager(tlsCertPath.toFile()) + .build(); + return Grpc.newChannelBuilder(peerEndpoint, credentials) + .overrideAuthority(overrideAuth) .build(); } diff --git a/off_chain_data/application-java/app/build.gradle b/off_chain_data/application-java/app/build.gradle index d2c6faa3..8359c7f2 100644 --- a/off_chain_data/application-java/app/build.gradle +++ b/off_chain_data/application-java/app/build.gradle @@ -14,10 +14,11 @@ repositories { } dependencies { - implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1' - implementation 'org.hyperledger.fabric:fabric-protos:0.1.5' - implementation 'io.grpc:grpc-netty-shaded:1.50.1' - implementation 'com.google.code.gson:gson:2.9.1' + implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2' + implementation 'org.hyperledger.fabric:fabric-protos:0.2.0' + compileOnly 'io.grpc:grpc-api:1.54.1' + runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1' + implementation 'com.google.code.gson:gson:2.10.1' } java { diff --git a/off_chain_data/application-java/app/src/main/java/Connections.java b/off_chain_data/application-java/app/src/main/java/Connections.java index 8f7735ee..9dca742b 100644 --- a/off_chain_data/application-java/app/src/main/java/Connections.java +++ b/off_chain_data/application-java/app/src/main/java/Connections.java @@ -5,9 +5,9 @@ */ import io.grpc.Channel; +import io.grpc.Grpc; import io.grpc.ManagedChannel; -import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder; +import io.grpc.TlsChannelCredentials; import org.hyperledger.fabric.client.Gateway; import org.hyperledger.fabric.client.identity.Identities; import org.hyperledger.fabric.client.identity.Identity; @@ -73,12 +73,12 @@ public final class Connections { // Private constructor to prevent instantiation } - public static ManagedChannel newGrpcConnection() throws IOException, CertificateException { - var tlsCertReader = Files.newBufferedReader(TLS_CERT_PATH); - var tlsCert = Identities.readX509Certificate(tlsCertReader); - - return NettyChannelBuilder.forTarget(PEER_ENDPOINT) - .sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(PEER_HOST_ALIAS) + public static ManagedChannel newGrpcConnection() throws IOException { + var credentials = TlsChannelCredentials.newBuilder() + .trustManager(TLS_CERT_PATH.toFile()) + .build(); + return Grpc.newChannelBuilder(PEER_ENDPOINT, credentials) + .overrideAuthority(PEER_HOST_ALIAS) .build(); }