Use Java gRPC instead of Netty API to establish TLS connections

Include specific gRPC TLS implementation in dependencies instead of relying on an appropriate one to be present as a transitive dependency.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>

asset-transfer-basic/application-gateway-java/build.gradle

@@ -19,9 +19,10 @@ repositories {
 }
 
 dependencies {
-    implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1'
+    implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2'
-    implementation 'io.grpc:grpc-netty-shaded:1.50.1'
+    compileOnly 'io.grpc:grpc-api:1.54.1'
-    implementation 'com.google.code.gson:gson:2.9.1'
+    runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1'
+    implementation 'com.google.code.gson:gson:2.10.1'
 }
 
 java {

asset-transfer-basic/application-gateway-java/src/main/java/App.java

@@ -7,9 +7,9 @@
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonParser;
+import io.grpc.Grpc;
 import io.grpc.ManagedChannel;
-import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
+import io.grpc.TlsChannelCredentials;
-import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
 import org.hyperledger.fabric.client.CommitException;
 import org.hyperledger.fabric.client.CommitStatusException;
 import org.hyperledger.fabric.client.Contract;
@@ -74,12 +74,12 @@ public final class App {
 		}
 	}
 
-	private static ManagedChannel newGrpcConnection() throws IOException, CertificateException {
+	private static ManagedChannel newGrpcConnection() throws IOException {
-		var tlsCertReader = Files.newBufferedReader(TLS_CERT_PATH);
+		var credentials = TlsChannelCredentials.newBuilder()
-		var tlsCert = Identities.readX509Certificate(tlsCertReader);
+				.trustManager(TLS_CERT_PATH.toFile())
-
+				.build();
-		return NettyChannelBuilder.forTarget(PEER_ENDPOINT)
+		return Grpc.newChannelBuilder(PEER_ENDPOINT, credentials)
-				.sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(OVERRIDE_AUTH)
+				.overrideAuthority(OVERRIDE_AUTH)
 				.build();
 	}
 

asset-transfer-events/application-gateway-java/build.gradle

@@ -8,9 +8,10 @@ repositories {
 }
 
 dependencies {
-    implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1'
+    implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2'
-    implementation 'io.grpc:grpc-netty-shaded:1.50.1'
+    compileOnly 'io.grpc:grpc-api:1.54.1'
-    implementation 'com.google.code.gson:gson:2.9.1'
+    runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1'
+    implementation 'com.google.code.gson:gson:2.10.1'
 }
 
 java {

asset-transfer-events/application-gateway-java/src/main/java/Connections.java

@@ -4,9 +4,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+import io.grpc.Grpc;
 import io.grpc.ManagedChannel;
-import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
+import io.grpc.TlsChannelCredentials;
-import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
 import org.hyperledger.fabric.client.identity.Identities;
 import org.hyperledger.fabric.client.identity.Identity;
 import org.hyperledger.fabric.client.identity.Signer;
@@ -40,12 +40,12 @@ public final class Connections {
         // Private constructor to prevent instantiation
     }
 
-    public static ManagedChannel newGrpcConnection() throws IOException, CertificateException {
+    public static ManagedChannel newGrpcConnection() throws IOException {
-        var tlsCertReader = Files.newBufferedReader(tlsCertPath);
+        var credentials = TlsChannelCredentials.newBuilder()
-        var tlsCert = Identities.readX509Certificate(tlsCertReader);
+                .trustManager(tlsCertPath.toFile())
-
+                .build();
-        return NettyChannelBuilder.forTarget(peerEndpoint)
+        return Grpc.newChannelBuilder(peerEndpoint, credentials)
-                .sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(overrideAuth)
+                .overrideAuthority(overrideAuth)
                 .build();
     }
 

off_chain_data/application-java/app/build.gradle

@@ -14,10 +14,11 @@ repositories {
 }
 
 dependencies {
-    implementation 'org.hyperledger.fabric:fabric-gateway:1.1.1'
+    implementation 'org.hyperledger.fabric:fabric-gateway:1.2.2'
-    implementation 'org.hyperledger.fabric:fabric-protos:0.1.5'
+    implementation 'org.hyperledger.fabric:fabric-protos:0.2.0'
-    implementation 'io.grpc:grpc-netty-shaded:1.50.1'
+    compileOnly 'io.grpc:grpc-api:1.54.1'
-    implementation 'com.google.code.gson:gson:2.9.1'
+    runtimeOnly 'io.grpc:grpc-netty-shaded:1.54.1'
+    implementation 'com.google.code.gson:gson:2.10.1'
 }
 
 java {

off_chain_data/application-java/app/src/main/java/Connections.java

@@ -5,9 +5,9 @@
  */
 
 import io.grpc.Channel;
+import io.grpc.Grpc;
 import io.grpc.ManagedChannel;
-import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
+import io.grpc.TlsChannelCredentials;
-import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
 import org.hyperledger.fabric.client.Gateway;
 import org.hyperledger.fabric.client.identity.Identities;
 import org.hyperledger.fabric.client.identity.Identity;
@@ -73,12 +73,12 @@ public final class Connections {
         // Private constructor to prevent instantiation
     }
 
-    public static ManagedChannel newGrpcConnection() throws IOException, CertificateException {
+    public static ManagedChannel newGrpcConnection() throws IOException {
-        var tlsCertReader = Files.newBufferedReader(TLS_CERT_PATH);
+        var credentials = TlsChannelCredentials.newBuilder()
-        var tlsCert = Identities.readX509Certificate(tlsCertReader);
+                .trustManager(TLS_CERT_PATH.toFile())
-
+                .build();
-        return NettyChannelBuilder.forTarget(PEER_ENDPOINT)
+        return Grpc.newChannelBuilder(PEER_ENDPOINT, credentials)
-                .sslContext(GrpcSslContexts.forClient().trustManager(tlsCert).build()).overrideAuthority(PEER_HOST_ALIAS)
+                .overrideAuthority(PEER_HOST_ALIAS)
                 .build();
     }