From 5169f06654a57db4f01cde83406bbc1ba07d4a29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=BF=E9=AD=81?= <670569467@qq.com> Date: Wed, 15 May 2024 11:13:29 +0800 Subject: [PATCH] Support TLS Grpc communication between clusters. (#11549) * Fix exception code error.(#10925) * [ISSUE #11456]Add RpcClusterClientTlsConfig.java. * [ISSUE #11456]Add cluster rpc tls config. * [ISSUE #11456]Add RpcClusterClientTlsConfig UT. * [ISSUE #11456]Add cluster server tls. * [ISSUE #11456]Remove supportCommunicationTypes. * [ISSUE #11456]Fix unit testing and indentation handling * [ISSUE #11456]Indentation handling * [ISSUE #11456]Fix unit test and rpc constants. * [ISSUE #11456]Fix unit test. * [ISSUE #11456]Optimize code. * [ISSUE #11456]Fix check style. * [ISSUE #11456]Add unit test. * [ISSUE #11456]Fix check style. * [ISSUE #11456]Update unit test. * [ISSUE #11456]Fix unit test. * [ISSUE #11456]Add License. * [ISSUE #11456]Fix unit test. * [ISSUE #11456]Fix unit test. * [ISSUE #11456]Rename class. * [ISSUE #11456]Optimize code. * [ISSUE #11456]Handling indentation issues. * [ISSUE #11456]Handling indentation issues. * [ISSUE #11456]Handling indentation issues. * [ISSUE #11456]Optimize code. * [ISSUE #11456]Fix unit test. * [ISSUE #11456]Fix unit testing and compatibility handling. * [ISSUE #11456]Support TLS GRPC communication between clusters. * [ISSUE #11456] Fix bugs. * [ISSUE #11456]Fix bugs. * [ISSUE #11456]Adjusting parameter names (compatibility considerations). * [ISSUE #11456]Resolve conflict. * [ISSUE #11456]Remove ProtocolNegotiatorBuilderManager and abstract ProtocolNegotiatorBuilderSingleton. * [ISSUE #11456]Remove CommunicationType.java. * [ISSUE #11456]Optimize code. * [ISSUE #11456]Revert author. * Splitting RpcTlsConfigFactory. * Split RpcConstants. * Divided RpcTlsConfigFactory, adjusted cluster parameters to "nacos.remote.peer.rpc.tls". * check style. * check style. * unit test. --- .../api/remote/RpcScheduledExecutorTest.java | 19 +- .../client/config/impl/ClientWorker.java | 12 +- .../remote/gprc/NamingGrpcClientProxy.java | 4 +- .../client/config/impl/ClientWorkerTest.java | 42 ++--- .../remote/client/RpcClientFactory.java | 32 ++-- .../remote/client/RpcClientTlsConfig.java | 58 ------ .../client/RpcClientTlsConfigFactory.java | 97 ++++++++++ .../common/remote/client/RpcConstants.java | 169 +++++++++++++++--- .../remote/client/RpcTlsConfigFactory.java | 62 +++++++ .../client/grpc/DefaultGrpcClientConfig.java | 98 +++++----- .../common/remote/client/grpc/GrpcClient.java | 103 +++++------ .../remote/client/grpc/GrpcClientConfig.java | 15 +- .../remote/client/grpc/GrpcClusterClient.java | 22 +-- .../remote/client/grpc/GrpcSdkClient.java | 23 +-- .../remote/client/RpcClientFactoryTest.java | 15 +- .../remote/client/RpcClientTlsConfigTest.java | 22 +-- .../client/RpcClusterClientTlsConfigTest.java | 128 +++++++++++++ .../remote/client/RpcConstantsTest.java | 3 +- .../grpc/DefaultGrpcClientConfigTest.java | 2 +- .../remote/client/grpc/GrpcClientTest.java | 21 ++- .../client/grpc/GrpcClusterClientTest.java | 4 +- .../remote/client/grpc/GrpcSdkClientTest.java | 3 +- .../cluster/remote/ClusterRpcClientProxy.java | 11 +- .../nacos/core/remote/BaseRpcServer.java | 12 +- .../core/remote/grpc/BaseGrpcServer.java | 37 ++-- .../core/remote/grpc/GrpcClusterServer.java | 29 +-- .../nacos/core/remote/grpc/GrpcSdkServer.java | 34 +--- ...actProtocolNegotiatorBuilderSingleton.java | 96 ++++++++++ ...terProtocolNegotiatorBuilderSingleton.java | 81 +++++++++ .../ProtocolNegotiatorBuilderSingleton.java | 82 --------- ...SdkProtocolNegotiatorBuilderSingleton.java | 81 +++++++++ ...erDefaultTlsProtocolNegotiatorBuilder.java | 93 ++++++++++ .../DefaultTlsProtocolNegotiatorBuilder.java | 47 ----- .../tls/OptionalTlsProtocolNegotiator.java | 32 ++-- ...dkDefaultTlsProtocolNegotiatorBuilder.java | 91 ++++++++++ .../RpcServerSslContextRefresherHolder.java | 115 ++++++++---- .../core/remote/tls/RpcServerTlsConfig.java | 61 ++++--- .../remote/tls/RpcServerTlsConfigFactory.java | 103 +++++++++++ ....grpc.negotiator.ProtocolNegotiatorBuilder | 3 +- ...rotocolNegotiatorBuilderSingletonTest.java | 71 ++++++++ ...rotocolNegotiatorBuilderSingletonTest.java | 71 ++++++++ ...faultTlsProtocolNegotiatorBuilderTest.java | 84 +++++++++ .../tls/DefaultTlsContextBuilderTest.java | 120 ------------- ...pcServerSslContextRefresherHolderTest.java | 53 ++++++ .../tls/SdkDefaultTlsContextBuilderTest.java | 110 ++++++++++++ ...aultTlsProtocolNegotiatorBuilderTest.java} | 52 +++--- ...cClusterServerSslContextRefresherTest.java | 48 +++++ .../RpcSdkServerSslContextRefresherTest.java | 48 +++++ ...re.remote.tls.RpcServerSslContextRefresher | 18 ++ .../com/alibaba/nacos/sys/env/EnvUtil.java | 20 +++ ...ConfigServiceComTlsGrpcClient_CITCase.java | 35 ++-- ...nfigServiceNoComTlsGrpcClient_CITCase.java | 29 ++- .../NacosConfigV2MutualAuth_CITCase.java | 52 +++--- ...ationV1ServerNonCompatibility_CITCase.java | 58 +++--- ...ConfigIntegrationV2MutualAuth_CITCase.java | 71 ++++---- .../client/ConfigIntegrationV3_CITCase.java | 58 +++--- .../NamingCompatibilityServiceTls_ITCase.java | 54 +++--- .../NamingTlsServiceAndMutualAuth_ITCase.java | 79 ++++---- .../naming/NamingTlsServiceTls_ITCase.java | 50 +++--- 59 files changed, 2174 insertions(+), 969 deletions(-) create mode 100644 common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigFactory.java create mode 100644 common/src/main/java/com/alibaba/nacos/common/remote/client/RpcTlsConfigFactory.java create mode 100644 common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/AbstractProtocolNegotiatorBuilderSingleton.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingleton.java delete mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingleton.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java delete mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java create mode 100644 core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfigFactory.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingletonTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingletonTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java delete mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java rename core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/{DefaultTlsProtocolNegotiatorBuilderTest.java => SdkDefaultTlsProtocolNegotiatorBuilderTest.java} (58%) create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java create mode 100644 core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java create mode 100644 core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher diff --git a/api/src/test/java/com/alibaba/nacos/api/remote/RpcScheduledExecutorTest.java b/api/src/test/java/com/alibaba/nacos/api/remote/RpcScheduledExecutorTest.java index 695c74b5e99..097bd116fff 100644 --- a/api/src/test/java/com/alibaba/nacos/api/remote/RpcScheduledExecutorTest.java +++ b/api/src/test/java/com/alibaba/nacos/api/remote/RpcScheduledExecutorTest.java @@ -18,18 +18,19 @@ import org.junit.Test; -import java.util.HashMap; import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; public class RpcScheduledExecutorTest { private static final String NAME = "test.rpc.thread"; - Map threadNameMap = new HashMap<>(); + Map threadNameMap = new ConcurrentHashMap<>(); @Test public void testRpcScheduledExecutor() throws InterruptedException { @@ -37,10 +38,9 @@ public void testRpcScheduledExecutor() throws InterruptedException { CountDownLatch latch = new CountDownLatch(2); executor.submit(new TestRunner(1, latch)); executor.submit(new TestRunner(2, latch)); - latch.await(1, TimeUnit.SECONDS); + boolean await = latch.await(1, TimeUnit.SECONDS); + assertTrue(await); assertEquals(2, threadNameMap.size()); - assertEquals(NAME + ".0", threadNameMap.get("1")); - assertEquals(NAME + ".1", threadNameMap.get("2")); } private class TestRunner implements Runnable { @@ -56,13 +56,8 @@ public TestRunner(int id, CountDownLatch latch) { @Override public void run() { - try { - threadNameMap.put(String.valueOf(id), Thread.currentThread().getName()); - TimeUnit.MILLISECONDS.sleep(500); - } catch (InterruptedException ignored) { - } finally { - latch.countDown(); - } + threadNameMap.put(String.valueOf(id), Thread.currentThread().getName()); + latch.countDown(); } } } \ No newline at end of file diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java index 17e43f7d132..61b05615716 100644 --- a/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java +++ b/client/src/main/java/com/alibaba/nacos/client/config/impl/ClientWorker.java @@ -61,6 +61,7 @@ import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.utils.ConnLabelsUtils; import com.alibaba.nacos.common.utils.ConvertUtils; @@ -128,6 +129,8 @@ public class ClientWorker implements Closeable { */ private final AtomicReference> cacheMap = new AtomicReference<>(new HashMap<>()); + private final DefaultLabelsCollectorManager defaultLabelsCollectorManager = new DefaultLabelsCollectorManager(); + private Map appLables = new HashMap<>(); private final ConfigFilterChainManager configFilterChainManager; @@ -579,8 +582,6 @@ public boolean isHealthServer() { return agent.isHealthServer(); } - private static DefaultLabelsCollectorManager defaultLabelsCollectorManager = new DefaultLabelsCollectorManager(); - public class ConfigRpcTransportClient extends ConfigTransportClient { Map multiTaskExecutor = new HashMap<>(); @@ -1088,18 +1089,19 @@ private boolean checkListenCache(Map> listenCachesMap) t private RpcClient ensureRpcClient(String taskId) throws NacosException { synchronized (ClientWorker.this) { - Map labels = getLabels(); Map newLabels = new HashMap<>(labels); newLabels.put("taskId", taskId); + RpcClientTlsConfig clientTlsConfig = RpcClientTlsConfigFactory.getInstance() + .createSdkConfig(properties); RpcClient rpcClient = RpcClientFactory.createClient(uuid + "_config-" + taskId, getConnectionType(), - newLabels, this.properties, RpcClientTlsConfig.properties(this.properties)); + newLabels, clientTlsConfig); if (rpcClient.isWaitInitiated()) { initRpcClientHandler(rpcClient); rpcClient.setTenant(getTenant()); rpcClient.start(); } - + return rpcClient; } diff --git a/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java b/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java index f02379dbb97..a240d5d747d 100644 --- a/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java +++ b/client/src/main/java/com/alibaba/nacos/client/naming/remote/gprc/NamingGrpcClientProxy.java @@ -58,7 +58,7 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; -import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory; import com.alibaba.nacos.common.remote.client.ServerListFactory; import com.alibaba.nacos.common.utils.CollectionUtils; import com.alibaba.nacos.common.utils.JacksonUtils; @@ -104,7 +104,7 @@ public NamingGrpcClientProxy(String namespaceId, SecurityProxy securityProxy, Se labels.put(RemoteConstants.LABEL_MODULE, RemoteConstants.LABEL_MODULE_NAMING); labels.put(Constants.APPNAME, AppNameUtils.getAppName()); this.rpcClient = RpcClientFactory.createClient(uuid, ConnectionType.GRPC, labels, - RpcClientTlsConfig.properties(properties.asProperties())); + RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties.asProperties())); this.redoService = new NamingGrpcRedoService(this, properties); NAMING_LOGGER.info("Create naming rpc client for uuid->{}", uuid); start(serverListFactory, serviceInfoHolder); diff --git a/client/src/test/java/com/alibaba/nacos/client/config/impl/ClientWorkerTest.java b/client/src/test/java/com/alibaba/nacos/client/config/impl/ClientWorkerTest.java index 4e0632351a3..5c780ebbc9d 100644 --- a/client/src/test/java/com/alibaba/nacos/client/config/impl/ClientWorkerTest.java +++ b/client/src/test/java/com/alibaba/nacos/client/config/impl/ClientWorkerTest.java @@ -101,7 +101,7 @@ public void before() { any(RpcClientTlsConfig.class))).thenReturn(rpcClient); rpcClientFactoryMockedStatic.when( () -> RpcClientFactory.createClient(anyString(), any(ConnectionType.class), any(Map.class), - any(Properties.class), any(RpcClientTlsConfig.class))).thenReturn(rpcClient); + any(RpcClientTlsConfig.class))).thenReturn(rpcClient); localConfigInfoProcessorMockedStatic = Mockito.mockStatic(LocalConfigInfoProcessor.class); Properties properties = new Properties(); properties.put(PropertyKeyConst.NAMESPACE, TEST_NAMESPACE); @@ -149,8 +149,8 @@ public void testAddListenerWithoutTenant() throws NacosException { public void receiveConfigInfo(String configInfo) { } }; - - clientWorker.addListeners(dataId, group, Arrays.asList(listener)); + + clientWorker.addListeners(dataId, group, Collections.singletonList(listener)); List listeners = clientWorker.getCache(dataId, group).getListeners(); Assert.assertEquals(1, listeners.size()); Assert.assertEquals(listener, listeners.get(0)); @@ -180,8 +180,8 @@ public void receiveConfigInfo(String configInfo) { String dataId = "a"; String group = "b"; - - clientWorker.addTenantListeners(dataId, group, Arrays.asList(listener)); + + clientWorker.addTenantListeners(dataId, group, Collections.singletonList(listener)); List listeners = clientWorker.getCache(dataId, group).getListeners(); Assert.assertEquals(1, listeners.size()); Assert.assertEquals(listener, listeners.get(0)); @@ -191,7 +191,7 @@ public void receiveConfigInfo(String configInfo) { Assert.assertEquals(0, listeners.size()); String content = "d"; - clientWorker.addTenantListenersWithContent(dataId, group, content, null, Arrays.asList(listener)); + clientWorker.addTenantListenersWithContent(dataId, group, content, null, Collections.singletonList(listener)); listeners = clientWorker.getCache(dataId, group).getListeners(); Assert.assertEquals(1, listeners.size()); Assert.assertEquals(listener, listeners.get(0)); @@ -418,10 +418,10 @@ public void testHandleClientMetricsReqeust() throws Exception { String metricValues = jsonNode.get("metricValues") .get(ClientConfigMetricRequest.MetricsKey.build(ClientConfigMetricRequest.MetricsKey.CACHE_DATA, GroupKey.getKeyTenant(dataId, group, tenant)).toString()).textValue(); - - int colonIndex = metricValues.toString().lastIndexOf(":"); + + int colonIndex = metricValues.lastIndexOf(":"); Assert.assertEquals(content, metricValues.substring(0, colonIndex)); - Assert.assertEquals(md5, metricValues.substring(colonIndex + 1, metricValues.toString().length())); + Assert.assertEquals(md5, metricValues.substring(colonIndex + 1, metricValues.length())); } @@ -441,7 +441,7 @@ public void testGeConfigConfigNotFound() throws NacosException { Mockito.when(rpcClient.request(any(ConfigQueryRequest.class), anyLong())).thenReturn(configQueryResponse); ConfigResponse configResponse = clientWorker.getServerConfig(dataId, group, tenant, 100, true); - Assert.assertEquals(null, configResponse.getContent()); + Assert.assertNull(configResponse.getContent()); localConfigInfoProcessorMockedStatic.verify( () -> LocalConfigInfoProcessor.saveSnapshot(eq(clientWorker.getAgentName()), eq(dataId), eq(group), eq(tenant), eq(null)), times(1)); @@ -476,7 +476,7 @@ public void testShutdown() throws NacosException, NoSuchFieldException, IllegalA Properties prop = new Properties(); ConfigFilterChainManager filter = new ConfigFilterChainManager(new Properties()); ServerListManager agent = Mockito.mock(ServerListManager.class); - + final NacosClientProperties nacosClientProperties = NacosClientProperties.PROTOTYPE.derive(prop); ClientWorker clientWorker = new ClientWorker(filter, agent, nacosClientProperties); clientWorker.shutdown(); @@ -485,8 +485,8 @@ public void testShutdown() throws NacosException, NoSuchFieldException, IllegalA ConfigTransportClient o = (ConfigTransportClient) agent1.get(clientWorker); Assert.assertTrue(o.executor.isShutdown()); agent1.setAccessible(false); - - Assert.assertEquals(null, clientWorker.getAgentName()); + + Assert.assertNull(clientWorker.getAgentName()); } @Test @@ -552,13 +552,13 @@ public void receiveConfigInfo(String configInfo) { configContext.setGroup(group); configContext.setTenant(tenant); ConfigChangeBatchListenResponse response = new ConfigChangeBatchListenResponse(); - response.setChangedConfigs(Arrays.asList(configContext)); + response.setChangedConfigs(Collections.singletonList(configContext)); RpcClient rpcClientInner = Mockito.mock(RpcClient.class); Mockito.when(rpcClientInner.isWaitInitiated()).thenReturn(true, false); rpcClientFactoryMockedStatic.when( () -> RpcClientFactory.createClient(anyString(), any(ConnectionType.class), any(Map.class), - any(Properties.class), any(RpcClientTlsConfig.class))).thenReturn(rpcClientInner); + any(RpcClientTlsConfig.class))).thenReturn(rpcClientInner); // mock listen and remove listen request Mockito.when(rpcClientInner.request(any(ConfigBatchListenRequest.class), anyLong())) .thenReturn(response, response); @@ -620,20 +620,20 @@ public void testIsHealthServer() throws NacosException, NoSuchFieldException, Il Properties prop = new Properties(); ConfigFilterChainManager filter = new ConfigFilterChainManager(new Properties()); ServerListManager agent = Mockito.mock(ServerListManager.class); - + final NacosClientProperties nacosClientProperties = NacosClientProperties.PROTOTYPE.derive(prop); ClientWorker clientWorker = new ClientWorker(filter, agent, nacosClientProperties); ClientWorker.ConfigRpcTransportClient client = Mockito.mock(ClientWorker.ConfigRpcTransportClient.class); Mockito.when(client.isHealthServer()).thenReturn(Boolean.TRUE); - + Field declaredField = ClientWorker.class.getDeclaredField("agent"); declaredField.setAccessible(true); declaredField.set(clientWorker, client); - - Assert.assertEquals(true, clientWorker.isHealthServer()); - + + Assert.assertTrue(clientWorker.isHealthServer()); + Mockito.when(client.isHealthServer()).thenReturn(Boolean.FALSE); - Assert.assertEquals(false, clientWorker.isHealthServer()); + assertFalse(clientWorker.isHealthServer()); } @Test diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java index dec351ba387..92f02ef3af5 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientFactory.java @@ -121,30 +121,41 @@ public static RpcClient createClient(String clientName, ConnectionType connectio } /** - * create a rpc client. + * Creates an RPC client for cluster communication with default thread pool settings. * - * @param clientName client name. - * @param connectionType client type. - * @return rpc client. + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param labels Additional labels for RPC-related attributes. + * @return An RPC client for cluster communication. */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Map labels) { return createClusterClient(clientName, connectionType, null, null, labels); } + /** + * Creates an RPC client for cluster communication with TLS configuration. + * + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param labels Additional labels for RPC-related attributes. + * @param tlsConfig TLS configuration for secure communication. + * @return An RPC client for cluster communication with TLS configuration. + */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Map labels, RpcClientTlsConfig tlsConfig) { return createClusterClient(clientName, connectionType, null, null, labels, tlsConfig); } /** - * create a rpc client. + * Creates an RPC client for cluster communication with custom thread pool settings. * - * @param clientName client name. - * @param connectionType client type. - * @param threadPoolCoreSize grpc thread pool core size - * @param threadPoolMaxSize grpc thread pool max size - * @return rpc client. + * @param clientName The name of the client. + * @param connectionType The type of client connection. + * @param threadPoolCoreSize The core size of the gRPC thread pool. + * @param threadPoolMaxSize The maximum size of the gRPC thread pool. + * @param labels Additional labels for RPC-related attributes. + * @return An RPC client for cluster communication with custom thread pool settings. */ public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels) { @@ -162,7 +173,6 @@ public static RpcClient createClusterClient(String clientName, ConnectionType co * @param tlsConfig tlsConfig. * @return */ - public static RpcClient createClusterClient(String clientName, ConnectionType connectionType, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels, RpcClientTlsConfig tlsConfig) { diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java index 61b847e98ac..de5c2e5cdb2 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfig.java @@ -18,68 +18,10 @@ import com.alibaba.nacos.common.remote.TlsConfig; -import java.util.Properties; - /** * gRPC config for sdk. * * @author githubcheng2978 */ public class RpcClientTlsConfig extends TlsConfig { - - /** - * get tls config from properties. - * @param properties Properties. - * @return tls of config. - */ - public static RpcClientTlsConfig properties(Properties properties) { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_ENABLE)) { - tlsConfig.setEnableTls(Boolean.parseBoolean( - properties.getProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE))); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) { - tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_MUTUAL_AUTH)) { - tlsConfig.setMutualAuthEnable(Boolean.parseBoolean( - properties.getProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH))); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS)) { - tlsConfig.setProtocols(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CIPHERS)) { - tlsConfig.setCiphers(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)) { - tlsConfig.setTrustCollectionCertFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH)) { - tlsConfig.setCertChainFile(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_CERT_KEY)) { - tlsConfig.setCertPrivateKey(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL)) { - tlsConfig.setTrustAll(Boolean.parseBoolean(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL))); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD)) { - tlsConfig.setCertPrivateKeyPassword(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD)); - } - - if (properties.containsKey(RpcConstants.RPC_CLIENT_TLS_PROVIDER)) { - tlsConfig.setSslProvider(properties.getProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER)); - } - return tlsConfig; - } - } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigFactory.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigFactory.java new file mode 100644 index 00000000000..0c12d5e393d --- /dev/null +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigFactory.java @@ -0,0 +1,97 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote.client; + +import java.util.Properties; + +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.MUTUAL_AUTH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CERT_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CERT_KEY; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_CIPHERS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_ENABLE; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_PROTOCOLS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_PROVIDER; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_ALL; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ClientSuffix.TLS_TRUST_PWD; +import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_CLIENT_RPC; +import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_PEER_RPC; + +/** + * TlsConfigFactory. + * + * @author stone-98 + */ +public class RpcClientTlsConfigFactory implements RpcTlsConfigFactory { + + private static RpcClientTlsConfigFactory instance; + + private RpcClientTlsConfigFactory() { + } + + public static synchronized RpcClientTlsConfigFactory getInstance() { + if (instance == null) { + instance = new RpcClientTlsConfigFactory(); + } + return instance; + } + + /** + * Create SDK client TLS config. + * + * @param properties Properties containing TLS configuration + * @return RpcClientTlsConfig object representing the TLS configuration + */ + @Override + public RpcClientTlsConfig createSdkConfig(Properties properties) { + RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + tlsConfig.setEnableTls(getBooleanProperty(properties, NACOS_CLIENT_RPC + TLS_ENABLE, false)); + tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, NACOS_CLIENT_RPC + MUTUAL_AUTH, false)); + tlsConfig.setProtocols(properties.getProperty(NACOS_CLIENT_RPC + TLS_PROTOCOLS)); + tlsConfig.setCiphers(properties.getProperty(NACOS_CLIENT_RPC + TLS_CIPHERS)); + tlsConfig.setTrustCollectionCertFile(properties.getProperty(NACOS_CLIENT_RPC + TLS_TRUST_COLLECTION_CHAIN_PATH)); + tlsConfig.setCertChainFile(properties.getProperty(NACOS_CLIENT_RPC + TLS_CERT_CHAIN_PATH)); + tlsConfig.setCertPrivateKey(properties.getProperty(NACOS_CLIENT_RPC + TLS_CERT_KEY)); + tlsConfig.setTrustAll(getBooleanProperty(properties, NACOS_CLIENT_RPC + TLS_TRUST_ALL, true)); + tlsConfig.setCertPrivateKeyPassword(properties.getProperty(NACOS_CLIENT_RPC + TLS_TRUST_PWD)); + tlsConfig.setSslProvider(properties.getProperty(NACOS_CLIENT_RPC + TLS_PROVIDER)); + return tlsConfig; + } + + /** + * Create cluster client TLS config. + * + * @param properties Properties containing TLS configuration + * @return RpcClientTlsConfig object representing the TLS configuration + */ + @Override + public RpcClientTlsConfig createClusterConfig(Properties properties) { + RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); + tlsConfig.setEnableTls(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_ENABLE, false)); + tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.MUTUAL_AUTH, false)); + tlsConfig.setProtocols(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_PROTOCOLS)); + tlsConfig.setCiphers(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CIPHERS)); + tlsConfig.setTrustCollectionCertFile(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH)); + tlsConfig.setCertChainFile(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH)); + tlsConfig.setCertPrivateKey(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_CERT_KEY)); + tlsConfig.setTrustAll(getBooleanProperty(properties, NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_ALL, true)); + tlsConfig.setCertPrivateKeyPassword(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_TRUST_PWD)); + tlsConfig.setSslProvider(properties.getProperty(NACOS_PEER_RPC + RpcConstants.ServerSuffix.TLS_PROVIDER)); + return tlsConfig; + } + +} diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java index 0b0f40762b6..92ee198bcc7 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcConstants.java @@ -34,54 +34,51 @@ public class RpcConstants { public static final String NACOS_CLIENT_RPC = "nacos.remote.client.rpc"; - + + public static final String NACOS_SERVER_RPC = "nacos.remote.server.rpc.tls"; + + public static final String NACOS_PEER_RPC = "nacos.remote.peer.rpc.tls"; + @RpcConfigLabel - public static final String RPC_CLIENT_TLS_ENABLE = NACOS_CLIENT_RPC + ".tls.enable"; + public static final String RPC_CLIENT_TLS_ENABLE = NACOS_CLIENT_RPC + ClientSuffix.TLS_ENABLE; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_PROVIDER = NACOS_CLIENT_RPC + ".tls.provider"; + public static final String RPC_CLIENT_TLS_PROVIDER = NACOS_CLIENT_RPC + ClientSuffix.TLS_PROVIDER; @RpcConfigLabel - public static final String RPC_CLIENT_MUTUAL_AUTH = NACOS_CLIENT_RPC + ".tls.mutualAuth"; + public static final String RPC_CLIENT_MUTUAL_AUTH = NACOS_CLIENT_RPC + ClientSuffix.MUTUAL_AUTH; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_PROTOCOLS = NACOS_CLIENT_RPC + ".tls.protocols"; + public static final String RPC_CLIENT_TLS_PROTOCOLS = NACOS_CLIENT_RPC + ClientSuffix.TLS_PROTOCOLS; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CIPHERS = NACOS_CLIENT_RPC + ".tls.ciphers"; + public static final String RPC_CLIENT_TLS_CIPHERS = NACOS_CLIENT_RPC + ClientSuffix.TLS_CIPHERS; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = NACOS_CLIENT_RPC + ".tls.certChainFile"; + public static final String RPC_CLIENT_TLS_CERT_CHAIN_PATH = NACOS_CLIENT_RPC + ClientSuffix.TLS_CERT_CHAIN_PATH; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_CERT_KEY = NACOS_CLIENT_RPC + ".tls.certPrivateKey"; + public static final String RPC_CLIENT_TLS_CERT_KEY = NACOS_CLIENT_RPC + ClientSuffix.TLS_CERT_KEY; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_TRUST_PWD = NACOS_CLIENT_RPC + ".tls.certPrivateKeyPassword"; + public static final String RPC_CLIENT_TLS_TRUST_PWD = NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_PWD; @RpcConfigLabel public static final String RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH = - NACOS_CLIENT_RPC + ".tls.trustCollectionChainPath"; + NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH; @RpcConfigLabel - public static final String RPC_CLIENT_TLS_TRUST_ALL = NACOS_CLIENT_RPC + ".tls.trustAll"; + public static final String RPC_CLIENT_TLS_TRUST_ALL = NACOS_CLIENT_RPC + ClientSuffix.TLS_TRUST_ALL; private static final Set CONFIG_NAMES = new HashSet<>(); - @Documented - @Target(ElementType.FIELD) - @Retention(RetentionPolicy.RUNTIME) - protected @interface RpcConfigLabel { - - } - static { Class clazz = RpcConstants.class; Field[] declaredFields = clazz.getDeclaredFields(); for (Field declaredField : declaredFields) { declaredField.setAccessible(true); - if (declaredField.getType().equals(String.class) && null != declaredField - .getAnnotation(RpcConfigLabel.class)) { + if (declaredField.getType().equals(String.class) && null != declaredField.getAnnotation( + RpcConfigLabel.class)) { try { CONFIG_NAMES.add((String) declaredField.get(null)); } catch (IllegalAccessException ignored) { @@ -90,7 +87,139 @@ public class RpcConstants { } } + /** + * Enumeration of common suffixes for RPC configuration properties. Each enum constant represents a specific + * configuration attribute suffix. This allows for the construction of complete configuration property keys. + */ + public class ClientSuffix { + + /** + * Suffix for 'tls.enable' configuration property. + */ + public static final String TLS_ENABLE = ".tls.enable"; + + /** + * Suffix for 'tls.provider' configuration property. + */ + public static final String TLS_PROVIDER = ".tls.provider"; + + /** + * Suffix for 'tls.mutualAuth' configuration property. + */ + public static final String MUTUAL_AUTH = ".tls.mutualAuth"; + + /** + * Suffix for 'tls.protocols' configuration property. + */ + public static final String TLS_PROTOCOLS = ".tls.protocols"; + + /** + * Suffix for 'tls.ciphers' configuration property. + */ + public static final String TLS_CIPHERS = ".tls.ciphers"; + + /** + * Suffix for 'tls.certChainFile' configuration property. + */ + public static final String TLS_CERT_CHAIN_PATH = ".tls.certChainFile"; + + /** + * Suffix for 'tls.certPrivateKey' configuration property. + */ + public static final String TLS_CERT_KEY = ".tls.certPrivateKey"; + + /** + * Suffix for 'tls.certPrivateKeyPassword' configuration property. + */ + public static final String TLS_TRUST_PWD = ".tls.certPrivateKeyPassword"; + + /** + * Suffix for 'tls.trustCollectionChainPath' configuration property. + */ + public static final String TLS_TRUST_COLLECTION_CHAIN_PATH = ".tls.trustCollectionChainPath"; + + /** + * Suffix for 'tls.trustAll' configuration property. + */ + public static final String TLS_TRUST_ALL = ".tls.trustAll"; + } + + /** + * Enumeration of common suffixes for RPC configuration properties. Each enum constant represents a specific + * configuration attribute suffix. This allows for the construction of complete configuration property keys. + */ + public class ServerSuffix { + + /** + * Suffix for 'tls.enable' configuration property. + */ + public static final String TLS_ENABLE = ".enableTls"; + + /** + * Suffix for 'tls.provider' configuration property. + */ + public static final String TLS_PROVIDER = ".sslProvider"; + + /** + * Suffix for 'tls.mutualAuth' configuration property. + */ + public static final String MUTUAL_AUTH = ".mutualAuthEnable"; + + /** + * Suffix for 'tls.protocols' configuration property. + */ + public static final String TLS_PROTOCOLS = ".protocols"; + + /** + * Suffix for 'tls.ciphers' configuration property. + */ + public static final String TLS_CIPHERS = ".ciphers"; + + /** + * Suffix for 'tls.certChainFile' configuration property. + */ + public static final String TLS_CERT_CHAIN_PATH = ".certChainFile"; + + /** + * Suffix for 'tls.certPrivateKey' configuration property. + */ + public static final String TLS_CERT_KEY = ".certPrivateKey"; + + /** + * Suffix for 'tls.certPrivateKeyPassword' configuration property. + */ + public static final String TLS_TRUST_PWD = ".certPrivateKeyPassword"; + + /** + * Suffix for 'tls.trustCollectionChainPath' configuration property. + */ + public static final String TLS_TRUST_COLLECTION_CHAIN_PATH = ".trustCollectionCertFile"; + + /** + * Suffix for 'tls.trustAll' configuration property. + */ + public static final String TLS_TRUST_ALL = ".trustAll"; + + /** + * Suffix for '.sslContextRefresher' configuration property. + */ + public static final String SSL_CONTEXT_REFRESHER = ".sslContextRefresher"; + + /** + * Suffix for '.compatibility' configuration property. + */ + public static final String COMPATIBILITY = ".compatibility"; + } + + @Documented + @Target(ElementType.FIELD) + @Retention(RetentionPolicy.RUNTIME) + protected @interface RpcConfigLabel { + + } + public static Set getRpcParams() { return Collections.unmodifiableSet(CONFIG_NAMES); } + } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcTlsConfigFactory.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcTlsConfigFactory.java new file mode 100644 index 00000000000..eded7fdd78b --- /dev/null +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/RpcTlsConfigFactory.java @@ -0,0 +1,62 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote.client; + +import com.alibaba.nacos.common.remote.TlsConfig; + +import java.util.Properties; + +/** + * RpcTlsConfigFactory. + * + * @author stone-98 + * @date 2024/4/8 + */ +public interface RpcTlsConfigFactory { + + /** + * Create a TlsConfig for SDK connections based on the provided properties. + * + * @param properties Properties containing configuration + * @return TlsConfig instance for SDK connections + */ + TlsConfig createSdkConfig(Properties properties); + + /** + * Create a TlsConfig for cluster connections based on the provided properties. + * + * @param properties Properties containing configuration + * @return TlsConfig instance for cluster connections + */ + TlsConfig createClusterConfig(Properties properties); + + /** + * Get boolean property from properties. + * + * @param properties Properties containing configuration + * @param key Key of the property + * @param defaultValue Default value to return if the property is not found or is invalid + * @return Boolean value of the property, or the provided defaultValue if not found or invalid + */ + default Boolean getBooleanProperty(Properties properties, String key, Boolean defaultValue) { + String value = properties.getProperty(key); + if (value != null) { + return Boolean.parseBoolean(value); + } + return defaultValue; + } +} \ No newline at end of file diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java index cf6ac4787e5..05fbb825b9d 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfig.java @@ -16,7 +16,9 @@ package com.alibaba.nacos.common.remote.client.grpc; +import com.alibaba.nacos.common.remote.TlsConfig; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory; import com.alibaba.nacos.common.utils.ThreadUtils; import java.util.HashMap; @@ -32,37 +34,37 @@ */ public class DefaultGrpcClientConfig implements GrpcClientConfig { - private String name; + private final String name; - private int retryTimes; + private final int retryTimes; - private long timeOutMills; + private final long timeOutMills; - private long connectionKeepAlive; + private final long connectionKeepAlive; - private long channelKeepAliveTimeout; + private final long channelKeepAliveTimeout; - private long threadPoolKeepAlive; + private final long threadPoolKeepAlive; - private int threadPoolCoreSize; + private final int threadPoolCoreSize; - private int threadPoolMaxSize; + private final int threadPoolMaxSize; - private long serverCheckTimeOut; + private final long serverCheckTimeOut; - private int threadPoolQueueSize; + private final int threadPoolQueueSize; - private int maxInboundMessageSize; + private final int maxInboundMessageSize; - private int channelKeepAlive; + private final int channelKeepAlive; - private int healthCheckRetryTimes; + private final int healthCheckRetryTimes; - private long healthCheckTimeOut; + private final long healthCheckTimeOut; - private long capabilityNegotiationTimeout; + private final long capabilityNegotiationTimeout; - private Map labels; + private final Map labels; private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); @@ -98,7 +100,7 @@ private DefaultGrpcClientConfig(Builder builder) { this.labels.put("tls.enable", "false"); if (Objects.nonNull(builder.tlsConfig)) { this.tlsConfig = builder.tlsConfig; - if (builder.tlsConfig.getEnableTls()) { + if (Objects.nonNull(builder.tlsConfig.getEnableTls()) && builder.tlsConfig.getEnableTls()) { this.labels.put("tls.enable", "true"); } } @@ -173,7 +175,7 @@ public long channelKeepAliveTimeout() { } @Override - public RpcClientTlsConfig tlsConfig() { + public TlsConfig tlsConfig() { return tlsConfig; } @@ -237,12 +239,22 @@ public static class Builder { private long capabilityNegotiationTimeout = 5000L; - private Map labels = new HashMap<>(); + private final Map labels = new HashMap<>(); private RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); private Builder() { } + + public Builder buildSdkFromProperties(Properties properties) { + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); + return fromProperties(properties, tlsConfig); + } + + public Builder buildClusterFromProperties(Properties properties) { + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + return fromProperties(properties, tlsConfig); + } /** * Set config from properties. @@ -250,7 +262,7 @@ private Builder() { * @param properties properties * @return Builder */ - public Builder fromProperties(Properties properties) { + public Builder fromProperties(Properties properties, RpcClientTlsConfig tlsConfig) { if (properties.containsKey(GrpcConstants.GRPC_NAME)) { this.name = properties.getProperty(GrpcConstants.GRPC_NAME); } @@ -261,53 +273,53 @@ public Builder fromProperties(Properties properties) { this.timeOutMills = Long.parseLong(properties.getProperty(GrpcConstants.GRPC_TIMEOUT_MILLS)); } if (properties.containsKey(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)) { - this.connectionKeepAlive = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)); + this.connectionKeepAlive = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_CONNECT_KEEP_ALIVE_TIME)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)) { - this.threadPoolKeepAlive = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)); + this.threadPoolKeepAlive = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_KEEPALIVETIME)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)) { - this.threadPoolCoreSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)); + this.threadPoolCoreSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_CORE_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)) { - this.threadPoolMaxSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)); + this.threadPoolMaxSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_THREADPOOL_MAX_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)) { - this.serverCheckTimeOut = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)); + this.serverCheckTimeOut = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_SERVER_CHECK_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_QUEUESIZE)) { this.threadPoolQueueSize = Integer.parseInt(properties.getProperty(GrpcConstants.GRPC_QUEUESIZE)); } if (properties.containsKey(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)) { - this.maxInboundMessageSize = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)); + this.maxInboundMessageSize = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_MAX_INBOUND_MESSAGE_SIZE)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)) { - this.channelKeepAlive = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)); + this.channelKeepAlive = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIME)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)) { - this.capabilityNegotiationTimeout = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)); + this.capabilityNegotiationTimeout = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)) { - this.healthCheckRetryTimes = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)); + this.healthCheckRetryTimes = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_RETRY_TIMES)); } if (properties.containsKey(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)) { - this.healthCheckTimeOut = Long - .parseLong(properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)); + this.healthCheckTimeOut = Long.parseLong( + properties.getProperty(GrpcConstants.GRPC_HEALTHCHECK_TIMEOUT)); } if (properties.containsKey(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)) { - this.channelKeepAliveTimeout = Integer - .parseInt(properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)); + this.channelKeepAliveTimeout = Integer.parseInt( + properties.getProperty(GrpcConstants.GRPC_CHANNEL_KEEP_ALIVE_TIMEOUT)); } - this.tlsConfig = RpcClientTlsConfig.properties(properties); + this.tlsConfig = tlsConfig; return this; } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java index 25d213cb951..3cde9d830fa 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClient.java @@ -33,6 +33,7 @@ import com.alibaba.nacos.common.ability.discover.NacosAbilityManagerHolder; import com.alibaba.nacos.common.packagescan.resource.Resource; import com.alibaba.nacos.common.remote.ConnectionType; +import com.alibaba.nacos.common.remote.TlsConfig; import com.alibaba.nacos.common.remote.client.Connection; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientStatus; @@ -64,7 +65,6 @@ import java.util.HashMap; import java.util.Map; import java.util.Optional; -import java.util.Properties; import java.util.concurrent.CountDownLatch; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.ThreadPoolExecutor; @@ -109,15 +109,6 @@ public GrpcClient(String name) { this(DefaultGrpcClientConfig.newBuilder().setName(name).build()); } - /** - * constructor. - * - * @param properties . - */ - public GrpcClient(Properties properties) { - this(DefaultGrpcClientConfig.newBuilder().fromProperties(properties).build()); - } - /** * constructor. * @@ -209,8 +200,8 @@ protected RequestGrpc.RequestFutureStub createNewChannelStub(ManagedChannel mana private ManagedChannel createNewManagedChannel(String serverIp, int serverPort) { LOGGER.info("grpc client connection server:{} ip,serverPort:{},grpcTslConfig:{}", serverIp, serverPort, JacksonUtils.toJson(clientConfig.tlsConfig())); - ManagedChannelBuilder managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext()) - .executor(grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance()) + ManagedChannelBuilder managedChannelBuilder = buildChannel(serverIp, serverPort, buildSslContext()).executor( + grpcExecutor).compressorRegistry(CompressorRegistry.getDefaultInstance()) .decompressorRegistry(DecompressorRegistry.getDefaultInstance()) .maxInboundMessageSize(clientConfig.maxInboundMessageSize()) .keepAliveTime(clientConfig.channelKeepAlive(), TimeUnit.MILLISECONDS) @@ -288,8 +279,8 @@ public void onNext(Payload payload) { } catch (Exception e) { LoggerUtils.printIfErrorEnabled(LOGGER, "[{}]Handle server request exception: {}", grpcConn.getConnectionId(), payload.toString(), e.getMessage()); - Response errResponse = ErrorResponse - .build(NacosException.CLIENT_ERROR, "Handle server request error"); + Response errResponse = ErrorResponse.build(NacosException.CLIENT_ERROR, + "Handle server request error"); errResponse.setRequestId(request.getRequestId()); sendResponse(errResponse); } @@ -374,8 +365,8 @@ public Connection connectToServer(ServerInfo serverInfo) { ServerCheckResponse serverCheckResponse = (ServerCheckResponse) response; connectionId = serverCheckResponse.getConnectionId(); - BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc - .newStub(newChannelStubTemp.getChannel()); + BiRequestStreamGrpc.BiRequestStreamStub biRequestStreamStub = BiRequestStreamGrpc.newStub( + newChannelStubTemp.getChannel()); GrpcConnection grpcConn = new GrpcConnection(serverInfo, grpcExecutor); grpcConn.setConnectionId(connectionId); // if not supported, it will be false @@ -398,8 +389,8 @@ public Connection connectToServer(ServerInfo serverInfo) { conSetupRequest.setClientVersion(VersionUtils.getFullClientVersion()); conSetupRequest.setLabels(super.getLabels()); // set ability table - conSetupRequest - .setAbilityTable(NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode())); + conSetupRequest.setAbilityTable( + NacosAbilityManagerHolder.getInstance().getCurrentNodeAbilities(abilityMode())); conSetupRequest.setTenant(super.getTenant()); grpcConn.sendRequest(conSetupRequest); // wait for response @@ -531,44 +522,9 @@ public boolean check(Connection connection) { } } - /** - * Setup response handler. - */ - class SetupRequestHandler implements ServerRequestHandler { - - private final RecAbilityContext abilityContext; - - public SetupRequestHandler(RecAbilityContext abilityContext) { - this.abilityContext = abilityContext; - } - - @Override - public Response requestReply(Request request, Connection connection) { - // if finish setup - if (request instanceof SetupAckRequest) { - SetupAckRequest setupAckRequest = (SetupAckRequest) request; - // remove and count down - recAbilityContext - .release(Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0))); - return new SetupAckResponse(); - } - return null; - } - } - - private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional sslContext) { - if (sslContext.isPresent()) { - return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS) - .sslContext(sslContext.get()); - - } else { - return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext(); - } - } - private Optional buildSslContext() { - RpcClientTlsConfig tlsConfig = clientConfig.tlsConfig(); + TlsConfig tlsConfig = clientConfig.tlsConfig(); if (!tlsConfig.getEnableTls()) { return Optional.empty(); } @@ -595,8 +551,8 @@ private Optional buildSslContext() { } if (tlsConfig.getMutualAuthEnable()) { - if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils - .isBlank(tlsConfig.getCertPrivateKey())) { + if (StringUtils.isBlank(tlsConfig.getCertChainFile()) || StringUtils.isBlank( + tlsConfig.getCertPrivateKey())) { throw new IllegalArgumentException("client certChainFile or certPrivateKey must be not null"); } Resource certChainFile = resourceLoader.getResource(tlsConfig.getCertChainFile()); @@ -609,6 +565,41 @@ private Optional buildSslContext() { throw new RuntimeException("Unable to build SslContext", e); } } + + private ManagedChannelBuilder buildChannel(String serverIp, int port, Optional sslContext) { + if (sslContext.isPresent()) { + return NettyChannelBuilder.forAddress(serverIp, port).negotiationType(NegotiationType.TLS) + .sslContext(sslContext.get()); + + } else { + return ManagedChannelBuilder.forAddress(serverIp, port).usePlaintext(); + } + } + + /** + * Setup response handler. + */ + class SetupRequestHandler implements ServerRequestHandler { + + private final RecAbilityContext abilityContext; + + public SetupRequestHandler(RecAbilityContext abilityContext) { + this.abilityContext = abilityContext; + } + + @Override + public Response requestReply(Request request, Connection connection) { + // if finish setup + if (request instanceof SetupAckRequest) { + SetupAckRequest setupAckRequest = (SetupAckRequest) request; + // remove and count down + recAbilityContext.release( + Optional.ofNullable(setupAckRequest.getAbilityTable()).orElse(new HashMap<>(0))); + return new SetupAckResponse(); + } + return null; + } + } } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java index 1c1b4003bad..d16ebcc9dc9 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientConfig.java @@ -16,6 +16,7 @@ package com.alibaba.nacos.common.remote.client.grpc; +import com.alibaba.nacos.common.remote.TlsConfig; import com.alibaba.nacos.common.remote.client.RpcClientConfig; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; @@ -81,26 +82,26 @@ public interface GrpcClientConfig extends RpcClientConfig { * @return channelKeepAliveTimeout. */ long channelKeepAliveTimeout(); - + /** - * getTlsConfig. + * getTlsConfig. * * @return TlsConfig. */ - RpcClientTlsConfig tlsConfig(); - + TlsConfig tlsConfig(); + /** - *Set TlsConfig. + * Set TlsConfig. * * @param tlsConfig tlsConfig of client. */ void setTlsConfig(RpcClientTlsConfig tlsConfig); - + /** * get timeout of connection setup(TimeUnit.MILLISECONDS). * * @return timeout of connection setup */ long capabilityNegotiationTimeout(); - + } diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java index 7749f69b6f6..69530afd833 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClient.java @@ -21,7 +21,6 @@ import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; import java.util.Map; -import java.util.Properties; /** * gRPC client for cluster. @@ -48,16 +47,7 @@ public GrpcClusterClient(String name) { public GrpcClusterClient(GrpcClientConfig config) { super(config); } - - /** - * Constructor. - * - * @param properties . - */ - public GrpcClusterClient(Properties properties) { - super(properties); - } - + /** * Constructor. * @@ -67,20 +57,20 @@ public GrpcClusterClient(Properties properties) { * @param labels . */ public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, - Map labels) { + Map labels) { this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null); } - + public GrpcClusterClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, - Map labels, RpcClientTlsConfig tlsConfig) { + Map labels, RpcClientTlsConfig tlsConfig) { super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig); } - + @Override protected AbilityMode abilityMode() { return AbilityMode.CLUSTER_CLIENT; } - + @Override public int rpcPortOffset() { return Integer.parseInt(System.getProperty(GrpcConstants.NACOS_SERVER_GRPC_PORT_OFFSET_KEY, diff --git a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java index 0ede2af6de6..cf973416cca 100644 --- a/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java +++ b/common/src/main/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClient.java @@ -21,7 +21,6 @@ import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; import java.util.Map; -import java.util.Properties; /** * gRPC client for sdk. @@ -40,15 +39,6 @@ public GrpcSdkClient(String name) { super(name); } - /** - * Constructor. - * - * @param properties . - */ - public GrpcSdkClient(Properties properties) { - super(properties); - } - /** * Constructor. * @@ -57,20 +47,21 @@ public GrpcSdkClient(Properties properties) { * @param threadPoolMaxSize . * @param labels . */ - public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels) { + public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, + Map labels) { this(name, threadPoolCoreSize, threadPoolMaxSize, labels, null); } - + public GrpcSdkClient(String name, Integer threadPoolCoreSize, Integer threadPoolMaxSize, Map labels, - RpcClientTlsConfig tlsConfig) { + RpcClientTlsConfig tlsConfig) { super(name, threadPoolCoreSize, threadPoolMaxSize, labels, tlsConfig); } - + @Override protected AbilityMode abilityMode() { return AbilityMode.SDK_CLIENT; } - + /** * constructor. * @@ -86,4 +77,4 @@ public int rpcPortOffset() { String.valueOf(Constants.SDK_GRPC_PORT_DEFAULT_OFFSET))); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java index 1857a707c6e..4b81a36de3d 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientFactoryTest.java @@ -48,7 +48,10 @@ public class RpcClientFactoryTest { RpcClient rpcClient; @Mock(lenient = true) - RpcClientTlsConfig tlsConfig; + RpcClientTlsConfig clusterClientTlsConfig; + + @Mock(lenient = true) + RpcClientTlsConfig rpcClientTlsConfig; @BeforeClass public static void setUpBeforeClass() throws NoSuchFieldException, IllegalAccessException { @@ -166,9 +169,9 @@ public void testCreatedClusterClientWhenConnectionTypeNotMappingThenThrowExcepti @Test public void testCreateClusterClientTsl() { - Mockito.when(tlsConfig.getEnableTls()).thenReturn(true); + Mockito.when(clusterClientTlsConfig.getEnableTls()).thenReturn(true); RpcClient client = RpcClientFactory.createClusterClient("testClient", ConnectionType.GRPC, - Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + Collections.singletonMap("labelKey", "labelValue"), clusterClientTlsConfig); Map labesMap = new HashMap<>(); labesMap.put("labelKey", "labelValue"); labesMap.put("tls.enable", "true"); @@ -180,9 +183,9 @@ public void testCreateClusterClientTsl() { @Test public void testCreateClientTsl() { - Mockito.when(tlsConfig.getEnableTls()).thenReturn(true); + Mockito.when(rpcClientTlsConfig.getEnableTls()).thenReturn(true); RpcClient client = RpcClientFactory.createClient("testClient", ConnectionType.GRPC, - Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + Collections.singletonMap("labelKey", "labelValue"), rpcClientTlsConfig); Map labesMap = new HashMap<>(); labesMap.put("labelKey", "labelValue"); labesMap.put("tls.enable", "true"); @@ -191,4 +194,4 @@ public void testCreateClientTsl() { Assert.assertEquals("testClient", CollectionUtils.getOnlyElement(RpcClientFactory.getAllClientEntries()).getKey()); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java index f0e6b59ba02..31aba66baef 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClientTlsConfigTest.java @@ -29,7 +29,7 @@ public class RpcClientTlsConfigTest { public void testEnableTls() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertTrue(tlsConfig.getEnableTls()); } @@ -37,7 +37,7 @@ public void testEnableTls() { public void testSslProvider() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROVIDER, "provider"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("provider", tlsConfig.getSslProvider()); } @@ -45,7 +45,7 @@ public void testSslProvider() { public void testMutualAuthEnable() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertTrue(tlsConfig.getMutualAuthEnable()); } @@ -53,7 +53,7 @@ public void testMutualAuthEnable() { public void testProtocols() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_PROTOCOLS, "protocols"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("protocols", tlsConfig.getProtocols()); } @@ -61,7 +61,7 @@ public void testProtocols() { public void testCiphers() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CIPHERS, "ciphers"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("ciphers", tlsConfig.getCiphers()); } @@ -69,7 +69,7 @@ public void testCiphers() { public void testTrustCollectionCertFile() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile()); } @@ -77,7 +77,7 @@ public void testTrustCollectionCertFile() { public void testCertChainFile() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "certChainFile"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("certChainFile", tlsConfig.getCertChainFile()); } @@ -85,7 +85,7 @@ public void testCertChainFile() { public void testCertPrivateKey() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "certPrivateKey"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey()); } @@ -93,7 +93,7 @@ public void testCertPrivateKey() { public void testTrustAll() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertTrue(tlsConfig.getTrustAll()); } @@ -101,7 +101,7 @@ public void testTrustAll() { public void testCertPrivateKeyPassword() { Properties properties = new Properties(); properties.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_PWD, "trustPwd"); - RpcClientTlsConfig tlsConfig = RpcClientTlsConfig.properties(properties); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createSdkConfig(properties); assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword()); } -} \ No newline at end of file +} diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java new file mode 100644 index 00000000000..4f211428f89 --- /dev/null +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcClusterClientTlsConfigTest.java @@ -0,0 +1,128 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.common.remote.client; + +import org.junit.Test; + +import java.util.Properties; + +import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_PEER_RPC; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.MUTUAL_AUTH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_KEY; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CIPHERS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_ENABLE; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROTOCOLS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROVIDER; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_ALL; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_PWD; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class RpcClusterClientTlsConfigTest { + + @Test + public void testEnableTls() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertTrue(tlsConfig.getEnableTls()); + } + + @Test + public void testSslProvider() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_PROVIDER, "provider"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("provider", tlsConfig.getSslProvider()); + } + + @Test + public void testMutualAuthEnable() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + MUTUAL_AUTH, "true"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertTrue(tlsConfig.getMutualAuthEnable()); + } + + @Test + public void testProtocols() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_PROTOCOLS, "protocols"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("protocols", tlsConfig.getProtocols()); + } + + @Test + public void testCiphers() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_CIPHERS, "ciphers"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("ciphers", tlsConfig.getCiphers()); + } + + @Test + public void testTrustCollectionCertFile() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_COLLECTION_CHAIN_PATH, "trustCollectionCertFile"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("trustCollectionCertFile", tlsConfig.getTrustCollectionCertFile()); + } + + @Test + public void testCertChainFile() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_CERT_CHAIN_PATH, "certChainFile"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("certChainFile", tlsConfig.getCertChainFile()); + } + + @Test + public void testCertPrivateKey() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_CERT_KEY, "certPrivateKey"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("certPrivateKey", tlsConfig.getCertPrivateKey()); + } + + @Test + public void testTrustAll() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_ALL, "true"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertTrue(tlsConfig.getTrustAll()); + } + + @Test + public void testCertPrivateKeyPassword() { + Properties properties = new Properties(); + properties.setProperty(NACOS_PEER_RPC + TLS_ENABLE, "true"); + properties.setProperty(NACOS_PEER_RPC + TLS_TRUST_PWD, "trustPwd"); + RpcClientTlsConfig tlsConfig = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + assertEquals("trustPwd", tlsConfig.getCertPrivateKeyPassword()); + } +} + diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java index 6d4a88400f5..c5565393cd6 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/RpcConstantsTest.java @@ -26,8 +26,7 @@ public class RpcConstantsTest { @Test public void testGetRpcParams() { - Class clazz = RpcConstants.class; - Field[] declaredFields = clazz.getDeclaredFields(); + Field[] declaredFields = RpcConstants.class.getDeclaredFields(); int i = 0; for (Field declaredField : declaredFields) { declaredField.setAccessible(true); diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java index 718bab454e5..1e1a88af4b2 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/DefaultGrpcClientConfigTest.java @@ -84,7 +84,7 @@ public void testFromProperties() { properties.setProperty(GrpcConstants.GRPC_CHANNEL_CAPABILITY_NEGOTIATION_TIMEOUT, "5000"); DefaultGrpcClientConfig config = (DefaultGrpcClientConfig) DefaultGrpcClientConfig.newBuilder() - .fromProperties(properties).build(); + .fromProperties(properties, null).build(); assertEquals("test", config.name()); assertEquals(3, config.retryTimes()); diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java index 28b89e8c4f8..726a3e0c48f 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClientTest.java @@ -176,8 +176,8 @@ public void testBindRequestStreamOnNextSetupAckRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new SetupAckRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new SetupAckRequest())); return null; }); setCurrentConnection(grpcConnection, grpcClient); @@ -191,8 +191,8 @@ public void testBindRequestStreamOnNextOtherRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> { @@ -212,8 +212,8 @@ public void testBindRequestStreamOnNextNoRequest() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> null); @@ -228,8 +228,8 @@ public void testBindRequestStreamOnNextHandleException() BiRequestStreamGrpc.BiRequestStreamStub stub = mock(BiRequestStreamGrpc.BiRequestStreamStub.class); GrpcConnection grpcConnection = mock(GrpcConnection.class); when(stub.requestBiStream(any())).thenAnswer((Answer>) invocationOnMock -> { - ((StreamObserver) invocationOnMock.getArgument(0)) - .onNext(GrpcUtils.convert(new ConnectResetRequest())); + ((StreamObserver) invocationOnMock.getArgument(0)).onNext( + GrpcUtils.convert(new ConnectResetRequest())); return null; }); grpcClient.registerServerRequestHandler((request, connection) -> { @@ -325,9 +325,8 @@ public void testBindRequestStreamOnCompletedFromNotRunning() private void invokeBindRequestStream(GrpcClient grpcClient, BiRequestStreamGrpc.BiRequestStreamStub stub, GrpcConnection grpcConnection) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { - Method bindRequestStreamMethod = GrpcClient.class - .getDeclaredMethod("bindRequestStream", BiRequestStreamGrpc.BiRequestStreamStub.class, - GrpcConnection.class); + Method bindRequestStreamMethod = GrpcClient.class.getDeclaredMethod("bindRequestStream", + BiRequestStreamGrpc.BiRequestStreamStub.class, GrpcConnection.class); bindRequestStreamMethod.setAccessible(true); bindRequestStreamMethod.invoke(grpcClient, stub, grpcConnection); } diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClientTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClientTest.java index d50b3bfe2a2..7bd2c8d6538 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClientTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcClusterClientTest.java @@ -46,7 +46,9 @@ public void testAbilityMode() { @Test public void testRpcPortOffsetDefault() { - grpcClusterClient = new GrpcClusterClient(new Properties()); + DefaultGrpcClientConfig.Builder builder = DefaultGrpcClientConfig.newBuilder() + .buildClusterFromProperties(new Properties()); + grpcClusterClient = new GrpcClusterClient(builder.build()); assertEquals(1001, grpcClusterClient.rpcPortOffset()); } diff --git a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClientTest.java b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClientTest.java index 30b812ba862..1f518230b90 100644 --- a/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClientTest.java +++ b/common/src/test/java/com/alibaba/nacos/common/remote/client/grpc/GrpcSdkClientTest.java @@ -22,7 +22,6 @@ import org.junit.Test; import java.util.Collections; -import java.util.Properties; import static org.junit.Assert.assertEquals; @@ -46,7 +45,7 @@ public void testAbilityMode() { @Test public void testRpcPortOffsetDefault() { - grpcSdkClient = new GrpcSdkClient(new Properties()); + grpcSdkClient = new GrpcSdkClient("test"); assertEquals(1000, grpcSdkClient.rpcPortOffset()); } diff --git a/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java b/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java index ac6f8b9af3d..8294bfd0c9a 100644 --- a/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java +++ b/core/src/main/java/com/alibaba/nacos/core/cluster/remote/ClusterRpcClientProxy.java @@ -25,7 +25,9 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; +import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; import com.alibaba.nacos.common.remote.client.ServerListFactory; +import com.alibaba.nacos.common.remote.client.RpcClientTlsConfigFactory; import com.alibaba.nacos.common.utils.CollectionUtils; import com.alibaba.nacos.core.cluster.Member; import com.alibaba.nacos.core.cluster.MemberChangeListener; @@ -41,6 +43,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Properties; import java.util.Set; import java.util.stream.Collectors; @@ -152,10 +155,10 @@ public List getServerList() { * Using {@link EnvUtil#getAvailableProcessors(int)} to build cluster clients' grpc thread pool. */ private RpcClient buildRpcClient(ConnectionType type, Map labels, String memberClientKey) { - RpcClient clusterClient = RpcClientFactory - .createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2), - EnvUtil.getAvailableProcessors(8), labels); - return clusterClient; + Properties properties = EnvUtil.getProperties(); + RpcClientTlsConfig config = RpcClientTlsConfigFactory.getInstance().createClusterConfig(properties); + return RpcClientFactory.createClusterClient(memberClientKey, type, EnvUtil.getAvailableProcessors(2), + EnvUtil.getAvailableProcessors(8), labels, config); } /** diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java index 3b5fe849a8f..3ec0fe28674 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/BaseRpcServer.java @@ -47,8 +47,12 @@ public void start() throws Exception { startServer(); - if (RpcServerSslContextRefresherHolder.getInstance() != null) { - RpcServerSslContextRefresherHolder.getInstance().refresh(this); + if (RpcServerSslContextRefresherHolder.getSdkInstance() != null) { + RpcServerSslContextRefresherHolder.getSdkInstance().refresh(this); + } + + if (RpcServerSslContextRefresherHolder.getClusterInstance() != null) { + RpcServerSslContextRefresherHolder.getClusterInstance().refresh(this); } Loggers.REMOTE.info("Nacos {} Rpc server started at port {}", serverName, getServicePort()); @@ -75,8 +79,8 @@ public void start() throws Exception { * Reload protocol context if necessary. * *

- * protocol like: - *

  • Tls
    • + * protocol like: + *
  • Tls
    • *

    */ public abstract void reloadProtocolContext(); diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java index 5749a52d8cb..837924191ea 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/BaseGrpcServer.java @@ -20,6 +20,7 @@ import com.alibaba.nacos.common.remote.ConnectionType; import com.alibaba.nacos.core.remote.BaseRpcServer; import com.alibaba.nacos.core.remote.ConnectionManager; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; import io.grpc.CompressorRegistry; @@ -53,6 +54,11 @@ */ public abstract class BaseGrpcServer extends BaseRpcServer { + /** + * The ProtocolNegotiator instance used for communication. + */ + protected NacosGrpcProtocolNegotiator protocolNegotiator; + private Server server; @Autowired @@ -115,6 +121,15 @@ protected Optional newProtocolNeg * reload protocol negotiator If necessary. */ public void reloadProtocolNegotiator() { + if (protocolNegotiator != null) { + try { + protocolNegotiator.reloadNegotiator(); + } catch (Throwable throwable) { + Loggers.REMOTE.info("Nacos {} Rpc server reload negotiator fail at port {}.", + this.getClass().getSimpleName(), getServicePort()); + throw throwable; + } + } } protected long getPermitKeepAliveTime() { @@ -130,8 +145,8 @@ protected long getKeepAliveTimeout() { } protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -152,8 +167,8 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept // unary common call register. final MethodDescriptor unaryPayloadMethod = MethodDescriptor.newBuilder() - .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName(MethodDescriptor - .generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME, + .setType(MethodDescriptor.MethodType.UNARY).setFullMethodName( + MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_SERVICE_NAME, GrpcServerConstants.REQUEST_METHOD_NAME)) .setRequestMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build(); @@ -161,9 +176,8 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept final ServerCallHandler payloadHandler = ServerCalls.asyncUnaryCall( (request, responseObserver) -> grpcCommonRequestAcceptor.request(request, responseObserver)); - final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition - .builder(GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler) - .build(); + final ServerServiceDefinition serviceDefOfUnaryPayload = ServerServiceDefinition.builder( + GrpcServerConstants.REQUEST_SERVICE_NAME).addMethod(unaryPayloadMethod, payloadHandler).build(); handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfUnaryPayload, serverInterceptor)); // bi stream register. @@ -171,15 +185,14 @@ private void addServices(MutableHandlerRegistry handlerRegistry, ServerIntercept (responseObserver) -> grpcBiStreamRequestAcceptor.requestBiStream(responseObserver)); final MethodDescriptor biStreamMethod = MethodDescriptor.newBuilder() - .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName(MethodDescriptor - .generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME, + .setType(MethodDescriptor.MethodType.BIDI_STREAMING).setFullMethodName( + MethodDescriptor.generateFullMethodName(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME, GrpcServerConstants.REQUEST_BI_STREAM_METHOD_NAME)) .setRequestMarshaller(ProtoUtils.marshaller(Payload.newBuilder().build())) .setResponseMarshaller(ProtoUtils.marshaller(Payload.getDefaultInstance())).build(); - final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition - .builder(GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler) - .build(); + final ServerServiceDefinition serviceDefOfBiStream = ServerServiceDefinition.builder( + GrpcServerConstants.REQUEST_BI_STREAM_SERVICE_NAME).addMethod(biStreamMethod, biStreamHandler).build(); handlerRegistry.addService(ServerInterceptors.intercept(serviceDefOfBiStream, serverInterceptor)); } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java index f37c4c46b37..df50375a61a 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcClusterServer.java @@ -21,15 +21,18 @@ import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader; +import com.alibaba.nacos.core.remote.grpc.negotiator.ClusterProtocolNegotiatorBuilderSingleton; import com.alibaba.nacos.core.utils.GlobalExecutor; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; import io.grpc.ServerInterceptor; import io.grpc.ServerTransportFilter; +import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator; import org.springframework.stereotype.Service; import java.util.LinkedList; import java.util.List; +import java.util.Optional; import java.util.concurrent.ThreadPoolExecutor; /** @@ -56,8 +59,8 @@ public ThreadPoolExecutor getRpcExecutor() { @Override protected long getKeepAliveTime() { - Long property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, Long.class); + Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIME_PROPERTY, + Long.class); if (property != null) { return property; } @@ -66,14 +69,20 @@ protected long getKeepAliveTime() { @Override protected long getKeepAliveTimeout() { - Long property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, Long.class); + Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_KEEP_ALIVE_TIMEOUT_PROPERTY, + Long.class); if (property != null) { return property; } return super.getKeepAliveTimeout(); } + @Override + protected Optional newProtocolNegotiator() { + protocolNegotiator = ClusterProtocolNegotiatorBuilderSingleton.getSingleton().build(); + return Optional.ofNullable(protocolNegotiator); + } + @Override protected long getPermitKeepAliveTime() { Long property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_PERMIT_KEEP_ALIVE_TIME, Long.class); @@ -85,8 +94,8 @@ protected long getPermitKeepAliveTime() { @Override protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.CLUSTER_MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -104,8 +113,8 @@ protected int getMaxInboundMessageSize() { protected List getSeverInterceptors() { List result = new LinkedList<>(); result.addAll(super.getSeverInterceptors()); - result.addAll(NacosGrpcServerInterceptorServiceLoader - .loadServerInterceptors(NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR)); + result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors( + NacosGrpcServerInterceptor.CLUSTER_INTERCEPTOR)); return result; } @@ -113,8 +122,8 @@ protected List getSeverInterceptors() { protected List getServerTransportFilters() { List result = new LinkedList<>(); result.addAll(super.getServerTransportFilters()); - result.addAll(NacosGrpcServerTransportFilterServiceLoader - .loadServerTransportFilters(NacosGrpcServerTransportFilter.CLUSTER_FILTER)); + result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters( + NacosGrpcServerTransportFilter.CLUSTER_FILTER)); return result; } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java index 6e9e58fb8ab..b99364e4c87 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcSdkServer.java @@ -21,8 +21,7 @@ import com.alibaba.nacos.core.remote.grpc.filter.NacosGrpcServerTransportFilterServiceLoader; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptor; import com.alibaba.nacos.core.remote.grpc.interceptor.NacosGrpcServerInterceptorServiceLoader; -import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; -import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilderSingleton; +import com.alibaba.nacos.core.remote.grpc.negotiator.SdkProtocolNegotiatorBuilderSingleton; import com.alibaba.nacos.core.utils.GlobalExecutor; import com.alibaba.nacos.core.utils.Loggers; import com.alibaba.nacos.sys.env.EnvUtil; @@ -45,8 +44,6 @@ @Service public class GrpcSdkServer extends BaseGrpcServer { - private NacosGrpcProtocolNegotiator protocolNegotiator; - @Override public int rpcPortOffset() { return Constants.SDK_GRPC_PORT_DEFAULT_OFFSET; @@ -78,8 +75,8 @@ protected long getKeepAliveTimeout() { @Override protected int getMaxInboundMessageSize() { - Integer property = EnvUtil - .getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, Integer.class); + Integer property = EnvUtil.getProperty(GrpcServerConstants.GrpcConfig.SDK_MAX_INBOUND_MSG_SIZE_PROPERTY, + Integer.class); if (property != null) { return property; } @@ -106,7 +103,7 @@ protected long getPermitKeepAliveTime() { @Override protected Optional newProtocolNegotiator() { - protocolNegotiator = ProtocolNegotiatorBuilderSingleton.getSingleton().build(); + protocolNegotiator = SdkProtocolNegotiatorBuilderSingleton.getSingleton().build(); return Optional.ofNullable(protocolNegotiator); } @@ -114,8 +111,8 @@ protected Optional newProtocolNeg protected List getSeverInterceptors() { List result = new LinkedList<>(); result.addAll(super.getSeverInterceptors()); - result.addAll(NacosGrpcServerInterceptorServiceLoader - .loadServerInterceptors(NacosGrpcServerInterceptor.SDK_INTERCEPTOR)); + result.addAll(NacosGrpcServerInterceptorServiceLoader.loadServerInterceptors( + NacosGrpcServerInterceptor.SDK_INTERCEPTOR)); return result; } @@ -123,24 +120,9 @@ protected List getSeverInterceptors() { protected List getServerTransportFilters() { List result = new LinkedList<>(); result.addAll(super.getServerTransportFilters()); - result.addAll(NacosGrpcServerTransportFilterServiceLoader - .loadServerTransportFilters(NacosGrpcServerTransportFilter.SDK_FILTER)); + result.addAll(NacosGrpcServerTransportFilterServiceLoader.loadServerTransportFilters( + NacosGrpcServerTransportFilter.SDK_FILTER)); return result; } - /** - * reload ssl context. - */ - public void reloadProtocolNegotiator() { - if (protocolNegotiator != null) { - try { - protocolNegotiator.reloadNegotiator(); - } catch (Throwable throwable) { - Loggers.REMOTE - .info("Nacos {} Rpc server reload negotiator fail at port {}.", this.getClass().getSimpleName(), - getServicePort()); - throw throwable; - } - } - } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/AbstractProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/AbstractProtocolNegotiatorBuilderSingleton.java new file mode 100644 index 00000000000..d8a5413cb76 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/AbstractProtocolNegotiatorBuilderSingleton.java @@ -0,0 +1,96 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator; + +import com.alibaba.nacos.common.spi.NacosServiceLoader; +import com.alibaba.nacos.common.utils.Pair; +import com.alibaba.nacos.core.utils.Loggers; +import com.alibaba.nacos.sys.env.EnvUtil; + +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +/** + * Abstract base class for ProtocolNegotiatorBuilder singletons. This class provides a common implementation for + * building ProtocolNegotiator instances based on a given type. Subclasses should provide implementations for loading + * ProtocolNegotiatorBuilder instances via SPI and defining default builders. + * + * @author stone-98 + * @date 2024/2/21 + */ +public abstract class AbstractProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder { + + /** + * Map to store ProtocolNegotiatorBuilders based on their types. + */ + protected static final Map BUILDER_MAP = new ConcurrentHashMap<>(); + + static { + try { + for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) { + BUILDER_MAP.put(each.type(), each); + Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(), + each.type()); + } + } catch (Exception e) { + Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed.", e); + } + } + + /** + * The property key to retrieve the actual type of ProtocolNegotiatorBuilder. + */ + protected final String typePropertyKey; + + /** + * The actual type of ProtocolNegotiatorBuilder, retrieved from system properties. + */ + protected String actualType; + + /** + * Constructs an instance of AbstractProtocolNegotiatorBuilderSingleton with the specified type property key. + * + * @param typePropertyKey the property key to retrieve the actual type + */ + public AbstractProtocolNegotiatorBuilderSingleton(String typePropertyKey) { + this.typePropertyKey = typePropertyKey; + this.actualType = EnvUtil.getProperty(typePropertyKey, defaultBuilderPair().getFirst()); + } + + /** + * Builds a ProtocolNegotiator instance based on the actual type. + * + * @return a ProtocolNegotiator instance + */ + @Override + public NacosGrpcProtocolNegotiator build() { + ProtocolNegotiatorBuilder actualBuilder = BUILDER_MAP.get(actualType); + if (null == actualBuilder) { + Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default type {}", actualType, + defaultBuilderPair().getFirst()); + return defaultBuilderPair().getSecond().build(); + } + return actualBuilder.build(); + } + + /** + * Declare default ProtocolNegotiatorBuilders in case loading from SPI fails. + * + * @return a Pair of String and ProtocolNegotiatorBuilder representing the default builder + */ + protected abstract Pair defaultBuilderPair(); +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingleton.java new file mode 100644 index 00000000000..d790a84558c --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingleton.java @@ -0,0 +1,81 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator; + +import com.alibaba.nacos.common.utils.Pair; +import com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder; + +/** + * Manages ProtocolNegotiatorBuilders for cluster communication. Provides a singleton instance of + * ProtocolNegotiatorBuilder configured for this purpose. Defaults to TLS protocol negotiation but can be overridden via + * system properties. + * + * + *

    Property key for configuring the ProtocolNegotiator type for cluster communication. + * + * @author stone-98 + * @date 2024/2/21 + */ +public class ClusterProtocolNegotiatorBuilderSingleton extends AbstractProtocolNegotiatorBuilderSingleton { + + /** + * Property key for configuring the ProtocolNegotiator type for cluster communication. + */ + public static final String TYPE_PROPERTY_KEY = "nacos.remote.cluster.server.rpc.protocol.negotiator.type"; + + /** + * Singleton instance of ClusterProtocolNegotiatorBuilderSingleton. + */ + private static final ClusterProtocolNegotiatorBuilderSingleton SINGLETON = new ClusterProtocolNegotiatorBuilderSingleton(); + + /** + * Constructs a new instance of ClusterProtocolNegotiatorBuilderSingleton. Sets up the type property key for + * ProtocolNegotiatorBuilder. + */ + public ClusterProtocolNegotiatorBuilderSingleton() { + super(TYPE_PROPERTY_KEY); + } + + /** + * Retrieves the singleton instance of ClusterProtocolNegotiatorBuilderSingleton. + * + * @return the singleton instance + */ + public static AbstractProtocolNegotiatorBuilderSingleton getSingleton() { + return SINGLETON; + } + + /** + * Provides the default ProtocolNegotiatorBuilder pair. + * + * @return a Pair containing the default type and builder instance + */ + @Override + protected Pair defaultBuilderPair() { + return Pair.with(TYPE_PROPERTY_KEY, new ClusterDefaultTlsProtocolNegotiatorBuilder()); + } + + /** + * Retrieves the type of ProtocolNegotiatorBuilder configured for cluster communication. + * + * @return the type of ProtocolNegotiatorBuilder + */ + @Override + public String type() { + return super.actualType; + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java deleted file mode 100644 index 9d30d3676ca..00000000000 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/ProtocolNegotiatorBuilderSingleton.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 1999-2023 Alibaba Group Holding Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.alibaba.nacos.core.remote.grpc.negotiator; - -import com.alibaba.nacos.common.spi.NacosServiceLoader; -import com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder; -import com.alibaba.nacos.core.utils.Loggers; -import com.alibaba.nacos.sys.env.EnvUtil; - -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import static com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder.TYPE_DEFAULT_TLS; - -/** - * Protocol Negotiator Builder Singleton. - * - * @author xiweng.yy - */ -public class ProtocolNegotiatorBuilderSingleton implements ProtocolNegotiatorBuilder { - - private static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type"; - - private static final ProtocolNegotiatorBuilderSingleton SINGLETON = new ProtocolNegotiatorBuilderSingleton(); - - private final Map builderMap; - - private String actualType; - - private ProtocolNegotiatorBuilderSingleton() { - actualType = EnvUtil.getProperty(TYPE_PROPERTY_KEY, TYPE_DEFAULT_TLS); - builderMap = new ConcurrentHashMap<>(); - loadAllBuilders(); - } - - private void loadAllBuilders() { - try { - for (ProtocolNegotiatorBuilder each : NacosServiceLoader.load(ProtocolNegotiatorBuilder.class)) { - builderMap.put(each.type(), each); - Loggers.REMOTE.info("Load ProtocolNegotiatorBuilder {} for type {}", each.getClass().getCanonicalName(), - each.type()); - } - } catch (Exception e) { - Loggers.REMOTE.warn("Load ProtocolNegotiatorBuilder failed, use default ProtocolNegotiatorBuilder", e); - builderMap.put(TYPE_DEFAULT_TLS, new DefaultTlsProtocolNegotiatorBuilder()); - actualType = TYPE_DEFAULT_TLS; - } - } - - public static ProtocolNegotiatorBuilderSingleton getSingleton() { - return SINGLETON; - } - - @Override - public NacosGrpcProtocolNegotiator build() { - ProtocolNegotiatorBuilder actualBuilder = builderMap.get(actualType); - if (null == actualBuilder) { - Loggers.REMOTE.warn("Not found ProtocolNegotiatorBuilder for type {}, will use default", actualType); - return builderMap.get(TYPE_DEFAULT_TLS).build(); - } - return actualBuilder.build(); - } - - @Override - public String type() { - return actualType; - } -} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingleton.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingleton.java new file mode 100644 index 00000000000..82f150c8c4d --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingleton.java @@ -0,0 +1,81 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator; + +import com.alibaba.nacos.common.utils.Pair; +import com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder; + +/** + * Manages ProtocolNegotiatorBuilders for the interaction between Nacos and SDK. Provides a singleton instance of + * ProtocolNegotiatorBuilder configured for this interaction. Defaults to TLS protocol negotiation but can be overridden + * via system properties. + * + * + *

    Property key for configuring the ProtocolNegotiator type for Nacos and SDK interaction. + * + * @author stone-98 + * @date 2024/2/21 + */ +public class SdkProtocolNegotiatorBuilderSingleton extends AbstractProtocolNegotiatorBuilderSingleton { + + /** + * Property key to retrieve the type of ProtocolNegotiatorBuilder. + */ + public static final String TYPE_PROPERTY_KEY = "nacos.remote.server.rpc.protocol.negotiator.type"; + + /** + * Singleton instance of SdkProtocolNegotiatorBuilderSingleton. + */ + private static final SdkProtocolNegotiatorBuilderSingleton SINGLETON = new SdkProtocolNegotiatorBuilderSingleton(); + + /** + * Constructs a new instance of SdkProtocolNegotiatorBuilderSingleton. Sets up the type property key for + * ProtocolNegotiatorBuilder. + */ + public SdkProtocolNegotiatorBuilderSingleton() { + super(TYPE_PROPERTY_KEY); + } + + /** + * Retrieves the singleton instance of SdkProtocolNegotiatorBuilderSingleton. + * + * @return the singleton instance + */ + public static AbstractProtocolNegotiatorBuilderSingleton getSingleton() { + return SINGLETON; + } + + /** + * Provides the default ProtocolNegotiatorBuilder pair. + * + * @return a Pair containing the default type and builder instance + */ + @Override + protected Pair defaultBuilderPair() { + return Pair.with(TYPE_PROPERTY_KEY, new SdkDefaultTlsProtocolNegotiatorBuilder()); + } + + /** + * Retrieves the type of ProtocolNegotiatorBuilder configured for the SDK. + * + * @return the type of ProtocolNegotiatorBuilder + */ + @Override + public String type() { + return super.actualType; + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java new file mode 100644 index 00000000000..d9250f335a5 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilder.java @@ -0,0 +1,93 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfigFactory; +import com.alibaba.nacos.sys.env.EnvUtil; +import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; + +import java.util.Properties; + +/** + * The {@code ClusterDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the + * {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for cluster-to-cluster + * communication with TLS encryption. + * + *

    It defines the type as {@code CLUSTER_DEFAULT_TLS} and supports communication types for clusters. + *

    + * + *

    The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the + * configuration provided by the {@link RpcServerTlsConfig} class. If TLS encryption is enabled, it creates an + * {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns + * null. + *

    + * + *

    The {@code type()} method returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator + * builder. + *

    + * + *

    Example Usage: + * 

    {@code
+ * ProtocolNegotiatorBuilder builder = new ClusterDefaultTlsProtocolNegotiatorBuilder();
+ * NacosGrpcProtocolNegotiator negotiator = builder.build();
+ * }
    + *

    + * + * @author stone-98 + * @date 2023/12/23 + * @see ProtocolNegotiatorBuilder + * @see NacosGrpcProtocolNegotiator + * @see RpcServerTlsConfig + * @see OptionalTlsProtocolNegotiator + */ +public class ClusterDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { + + /** + * The unique identifier for this negotiator builder. + */ + public static final String CLUSTER_TYPE_DEFAULT_TLS = "CLUSTER_DEFAULT_TLS"; + + /** + * Constructs and returns a ProtocolNegotiator for cluster-to-cluster communication with TLS encryption. + * + * @return ProtocolNegotiator, or null if TLS is not enabled. + */ + @Override + public NacosGrpcProtocolNegotiator build() { + Properties properties = EnvUtil.getProperties(); + RpcServerTlsConfig config = RpcServerTlsConfigFactory.getInstance().createClusterConfig(properties); + if (config.getEnableTls()) { + SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config); + return new OptionalTlsProtocolNegotiator(sslContext, config); + } + return null; + } + + /** + * Returns the unique identifier {@code CLUSTER_TYPE_DEFAULT_TLS} for this negotiator builder. + * + * @return The type identifier. + */ + @Override + public String type() { + return CLUSTER_TYPE_DEFAULT_TLS; + } +} + diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java deleted file mode 100644 index aa64cf91d04..00000000000 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilder.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 1999-2023 Alibaba Group Holding Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.alibaba.nacos.core.remote.grpc.negotiator.tls; - -import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; -import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; -import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; - -/** - * Default optional tls protocol negotiator builder. - * - * @author xiweng.yy - */ -public class DefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { - - public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS"; - - @Override - public NacosGrpcProtocolNegotiator build() { - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - if (rpcServerTlsConfig.getEnableTls()) { - SslContext sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); - return new OptionalTlsProtocolNegotiator(sslContext, rpcServerTlsConfig.getCompatibility()); - } - return null; - } - - @Override - public String type() { - return TYPE_DEFAULT_TLS; - } -} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java index c73f51250dc..a41ee4244fb 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/OptionalTlsProtocolNegotiator.java @@ -43,11 +43,14 @@ public class OptionalTlsProtocolNegotiator implements NacosGrpcProtocolNegotiato private final boolean supportPlainText; + private final RpcServerTlsConfig config; + private SslContext sslContext; - public OptionalTlsProtocolNegotiator(SslContext sslContext, boolean supportPlainText) { + public OptionalTlsProtocolNegotiator(SslContext sslContext, RpcServerTlsConfig config) { this.sslContext = sslContext; - this.supportPlainText = supportPlainText; + this.config = config; + this.supportPlainText = config.getCompatibility(); } void setSslContext(SslContext sslContext) { @@ -63,8 +66,7 @@ public AsciiString scheme() { public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) { ChannelHandler plaintext = InternalProtocolNegotiators.serverPlaintext().newHandler(grpcHttp2ConnectionHandler); ChannelHandler ssl = InternalProtocolNegotiators.serverTls(sslContext).newHandler(grpcHttp2ConnectionHandler); - ChannelHandler decoder = new PortUnificationServerHandler(ssl, plaintext); - return decoder; + return new PortUnificationServerHandler(ssl, plaintext); } @Override @@ -74,27 +76,25 @@ public void close() { @Override public void reloadNegotiator() { - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - if (rpcServerTlsConfig.getEnableTls()) { - sslContext = DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + if (config.getEnableTls()) { + sslContext = DefaultTlsContextBuilder.getSslContext(config); } } private ProtocolNegotiationEvent getDefPne() { - ProtocolNegotiationEvent protocolNegotiationEvent = null; try { Field aDefault = ProtocolNegotiationEvent.class.getDeclaredField("DEFAULT"); aDefault.setAccessible(true); - return (ProtocolNegotiationEvent) aDefault.get(protocolNegotiationEvent); + return (ProtocolNegotiationEvent) aDefault.get(null); } catch (Exception e) { e.printStackTrace(); } - return protocolNegotiationEvent; + return null; } public class PortUnificationServerHandler extends ByteToMessageDecoder { - private ProtocolNegotiationEvent pne; + private final ProtocolNegotiationEvent pne; private final ChannelHandler ssl; @@ -116,14 +116,12 @@ protected void decode(ChannelHandlerContext ctx, ByteBuf in, List out) t return; } if (isSsl(in) || !supportPlainText) { - ctx.pipeline().addAfter(ctx.name(), (String) null, this.ssl); - ctx.fireUserEventTriggered(pne); - ctx.pipeline().remove(this); + ctx.pipeline().addAfter(ctx.name(), null, this.ssl); } else { - ctx.pipeline().addAfter(ctx.name(), (String) null, this.plaintext); - ctx.fireUserEventTriggered(pne); - ctx.pipeline().remove(this); + ctx.pipeline().addAfter(ctx.name(), null, this.plaintext); } + ctx.fireUserEventTriggered(pne); + ctx.pipeline().remove(this); } } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java new file mode 100644 index 00000000000..f9bc7303ad5 --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilder.java @@ -0,0 +1,91 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfigFactory; +import com.alibaba.nacos.sys.env.EnvUtil; +import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext; + +import java.util.Properties; + +/** + * The {@code SdkDefaultTlsProtocolNegotiatorBuilder} class is an implementation of the + * {@link ProtocolNegotiatorBuilder} interface for constructing a ProtocolNegotiator specifically for SDK-to-Server + * communication with optional TLS encryption. + * + *

    It defines the type as {@code SDK_DEFAULT_TLS} and supports communication types for SDKs. + *

    + * + *

    The {@code build()} method constructs and returns a {@link NacosGrpcProtocolNegotiator} instance based on the + * configuration provided by the {@link RpcServerTlsConfig} class. If TLS encryption is enabled, it creates an + * {@link OptionalTlsProtocolNegotiator} with the corresponding SSL context and configuration; otherwise, it returns + * null. + *

    + * + *

    The {@code type()} method returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder. + *

    + * + *

    Example Usage: + * 

    {@code
+ * ProtocolNegotiatorBuilder builder = new SdkDefaultTlsProtocolNegotiatorBuilder();
+ * NacosGrpcProtocolNegotiator negotiator = builder.build();
+ * }
    + *

    + * + * @author xiweng.yy + * @date 2023/12/23 + * @see ProtocolNegotiatorBuilder + * @see NacosGrpcProtocolNegotiator + * @see RpcServerTlsConfig + * @see OptionalTlsProtocolNegotiator + */ +public class SdkDefaultTlsProtocolNegotiatorBuilder implements ProtocolNegotiatorBuilder { + + /** + * The unique identifier for this negotiator builder. + */ + public static final String TYPE_DEFAULT_TLS = "DEFAULT_TLS"; + + /** + * Constructs and returns a ProtocolNegotiator for SDK-to-Server communication with optional TLS encryption. + * + * @return ProtocolNegotiator, or null if TLS is not enabled. + */ + @Override + public NacosGrpcProtocolNegotiator build() { + Properties properties = EnvUtil.getProperties(); + RpcServerTlsConfig config = RpcServerTlsConfigFactory.getInstance().createSdkConfig(properties); + if (config.getEnableTls()) { + SslContext sslContext = DefaultTlsContextBuilder.getSslContext(config); + return new OptionalTlsProtocolNegotiator(sslContext, config); + } + return null; + } + + /** + * Returns the unique identifier {@code SDK_TYPE_DEFAULT_TLS} for this negotiator builder. + * + * @return The type identifier. + */ + @Override + public String type() { + return TYPE_DEFAULT_TLS; + } +} diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java index b423442319c..c4b212ac225 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerSslContextRefresherHolder.java @@ -19,56 +19,95 @@ import com.alibaba.nacos.common.spi.NacosServiceLoader; import com.alibaba.nacos.common.utils.StringUtils; import com.alibaba.nacos.core.utils.Loggers; +import com.alibaba.nacos.sys.env.EnvUtil; import java.util.Collection; +import java.util.Properties; /** - * ssl context refresher spi holder. + * Holder for managing instances of {@link RpcServerSslContextRefresher}. This class is responsible for initializing and + * providing instances of the SSL context refresher based on the communication type (SDK or Cluster). * * @author liuzunfei - * @version $Id: RequestFilters.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $ + * @version $Id: RpcServerSslContextRefresherHolder.java, v 0.1 2023年03月17日 12:00 PM liuzunfei Exp $ */ public class RpcServerSslContextRefresherHolder { - - private static RpcServerSslContextRefresher instance; - - private static volatile boolean init = false; - - public static RpcServerSslContextRefresher getInstance() { - if (init) { - return instance; - } + + /** + * The instance of {@link RpcServerSslContextRefresher} for SDK communication. + */ + private static RpcServerSslContextRefresher sdkInstance; + + /** + * The instance of {@link RpcServerSslContextRefresher} for Cluster communication. + */ + private static RpcServerSslContextRefresher clusterInstance; + + static { + init(); + } + + /** + * Gets the instance of {@link RpcServerSslContextRefresher} for SDK communication. + * + * @return The instance of {@link RpcServerSslContextRefresher} for SDK communication. + */ + public static RpcServerSslContextRefresher getSdkInstance() { + return sdkInstance; + } + + /** + * Gets the instance of {@link RpcServerSslContextRefresher} for Cluster communication. + * + * @return The instance of {@link RpcServerSslContextRefresher} for Cluster communication. + */ + public static RpcServerSslContextRefresher getClusterInstance() { + return clusterInstance; + } + + /** + * Initializes the holder by loading SSL context refreshers and matching them with the configured types (SDK and + * Cluster). + */ + private static void init() { synchronized (RpcServerSslContextRefresherHolder.class) { - if (init) { - return instance; - } - RpcServerTlsConfig rpcServerTlsConfig = RpcServerTlsConfig.getInstance(); - String sslContextRefresher = rpcServerTlsConfig.getSslContextRefresher(); - if (StringUtils.isNotBlank(sslContextRefresher)) { - Collection load = NacosServiceLoader - .load(RpcServerSslContextRefresher.class); - for (RpcServerSslContextRefresher contextRefresher : load) { - if (sslContextRefresher.equals(contextRefresher.getName())) { - instance = contextRefresher; - Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} Founded->{}", sslContextRefresher, - contextRefresher.getClass().getSimpleName()); - break; - } - } - if (instance == null) { - Loggers.REMOTE.info("RpcServerSslContextRefresher of Name {} not found", sslContextRefresher); + Properties properties = EnvUtil.getProperties(); + RpcServerTlsConfig clusterServerTlsConfig = RpcServerTlsConfigFactory.getInstance().createClusterConfig(properties); + RpcServerTlsConfig sdkServerTlsConfig = RpcServerTlsConfigFactory.getInstance().createSdkConfig(properties); + Collection refreshers = NacosServiceLoader.load( + RpcServerSslContextRefresher.class); + sdkInstance = getSslContextRefresher(refreshers, sdkServerTlsConfig); + clusterInstance = getSslContextRefresher(refreshers, clusterServerTlsConfig); + Loggers.REMOTE.info("RpcServerSslContextRefresher initialization completed."); + } + } + + /** + * Initializes the SSL context refresher instance based on the specified configuration. + * + * @param refreshers Collection of SSL context refreshers to choose from. + * @param serverTlsConfig Configuration instance for the SSL context refresher. + * @return The instance of {@link RpcServerSslContextRefresher}. + */ + private static RpcServerSslContextRefresher getSslContextRefresher( + Collection refreshers, RpcServerTlsConfig serverTlsConfig) { + String refresherName = serverTlsConfig.getSslContextRefresher(); + RpcServerSslContextRefresher instance = null; + if (StringUtils.isNotBlank(refresherName)) { + for (RpcServerSslContextRefresher contextRefresher : refreshers) { + if (refresherName.equals(contextRefresher.getName())) { + instance = contextRefresher; + Loggers.REMOTE.info("RpcServerSslContextRefresher initialized using {}.", + contextRefresher.getClass().getSimpleName()); + break; } - - } else { - Loggers.REMOTE - .info("No RpcServerSslContextRefresher specified,Ssl Context auto refresh not supported."); } - - Loggers.REMOTE.info("RpcServerSslContextRefresher init end"); - init = true; + if (instance == null) { + Loggers.REMOTE.warn("Failed to find RpcServerSslContextRefresher with name {}.", refresherName); + } + } else { + Loggers.REMOTE.info("Ssl Context auto refresh is not supported."); } - return instance; } - } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java index e0b0068462e..3cf71ffab41 100644 --- a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfig.java @@ -17,50 +17,57 @@ package com.alibaba.nacos.core.remote.tls; import com.alibaba.nacos.common.remote.TlsConfig; -import com.alibaba.nacos.common.utils.JacksonUtils; -import com.alibaba.nacos.core.utils.Loggers; -import com.alibaba.nacos.sys.env.EnvUtil; -import com.alibaba.nacos.sys.utils.PropertiesUtil; /** - * Grpc config. + * Represents the TLS configuration for an RPC server. + * This class extends TlsConfig to inherit common TLS configuration properties. * * @author githubcheng2978. */ public class RpcServerTlsConfig extends TlsConfig { - - public static final String PREFIX = "nacos.remote.server.rpc.tls"; - - private static RpcServerTlsConfig instance; - + + /** + * The class representing the configuration for SSL context refreshing in the RPC server. + */ private String sslContextRefresher = ""; - + + /** + * Indicates whether compatibility mode is enabled. + */ private Boolean compatibility = true; - - public static synchronized RpcServerTlsConfig getInstance() { - if (null == instance) { - instance = PropertiesUtil.handleSpringBinder(EnvUtil.getEnvironment(), PREFIX, RpcServerTlsConfig.class); - if (instance == null) { - Loggers.REMOTE.debug("TLS configuration is empty, use default value"); - instance = new RpcServerTlsConfig(); - } - } - Loggers.REMOTE.info("Nacos Rpc server tls config:{}", JacksonUtils.toJson(instance)); - return instance; - } - + + /** + * Gets the compatibility mode status. + * + * @return true if compatibility mode is enabled, false otherwise. + */ public Boolean getCompatibility() { return compatibility; } - + + /** + * Sets the compatibility mode status. + * + * @param compatibility true to enable compatibility mode, false otherwise. + */ public void setCompatibility(Boolean compatibility) { this.compatibility = compatibility; } - + + /** + * Gets the SSL context refresher. + * + * @return the SSL context refresher. + */ public String getSslContextRefresher() { return sslContextRefresher; } - + + /** + * Sets the SSL context refresher. + * + * @param sslContextRefresher the SSL context refresher to set. + */ public void setSslContextRefresher(String sslContextRefresher) { this.sslContextRefresher = sslContextRefresher; } diff --git a/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfigFactory.java b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfigFactory.java new file mode 100644 index 00000000000..e109d6be27b --- /dev/null +++ b/core/src/main/java/com/alibaba/nacos/core/remote/tls/RpcServerTlsConfigFactory.java @@ -0,0 +1,103 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.common.remote.client.RpcTlsConfigFactory; +import com.alibaba.nacos.common.remote.client.RpcConstants; + +import java.util.Properties; + +import static com.alibaba.nacos.common.remote.client.RpcConstants.NACOS_SERVER_RPC; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.COMPATIBILITY; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.MUTUAL_AUTH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.SSL_CONTEXT_REFRESHER; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CERT_KEY; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_CIPHERS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_ENABLE; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROTOCOLS; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_PROVIDER; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_ALL; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_COLLECTION_CHAIN_PATH; +import static com.alibaba.nacos.common.remote.client.RpcConstants.ServerSuffix.TLS_TRUST_PWD; + +/** + * RpcServerTlsConfigFactory. + * + * @author stone-98 + * @date 2024/4/8 + */ +public class RpcServerTlsConfigFactory implements RpcTlsConfigFactory { + + private static RpcServerTlsConfigFactory instance; + + private RpcServerTlsConfigFactory() { + } + + public static synchronized RpcServerTlsConfigFactory getInstance() { + if (instance == null) { + instance = new RpcServerTlsConfigFactory(); + } + return instance; + } + + /** + * Create SDK client TLS config. + * + * @param properties Properties containing TLS configuration + * @return RpcClientTlsConfig object representing the TLS configuration + */ + @Override + public RpcServerTlsConfig createSdkConfig(Properties properties) { + return createServerTlsConfig(properties, NACOS_SERVER_RPC); + } + + /** + * Create cluster client TLS config. + * + * @param properties Properties containing TLS configuration + * @return RpcClientTlsConfig object representing the TLS configuration + */ + @Override + public RpcServerTlsConfig createClusterConfig(Properties properties) { + return createServerTlsConfig(properties, RpcConstants.NACOS_PEER_RPC); + } + + /** + * create sdk server tls config. + * + * @param properties properties + * @param prefix prefix + * @return + */ + public RpcServerTlsConfig createServerTlsConfig(Properties properties, String prefix) { + RpcServerTlsConfig tlsConfig = new RpcServerTlsConfig(); + tlsConfig.setEnableTls(getBooleanProperty(properties, prefix + TLS_ENABLE, false)); + tlsConfig.setMutualAuthEnable(getBooleanProperty(properties, prefix + MUTUAL_AUTH, false)); + tlsConfig.setProtocols(properties.getProperty(prefix + TLS_PROTOCOLS)); + tlsConfig.setCiphers(properties.getProperty(prefix + TLS_CIPHERS)); + tlsConfig.setTrustCollectionCertFile(properties.getProperty(prefix + TLS_TRUST_COLLECTION_CHAIN_PATH)); + tlsConfig.setCertChainFile(properties.getProperty(prefix + TLS_CERT_CHAIN_PATH)); + tlsConfig.setCertPrivateKey(properties.getProperty(prefix + TLS_CERT_KEY)); + tlsConfig.setTrustAll(getBooleanProperty(properties, prefix + TLS_TRUST_ALL, true)); + tlsConfig.setCertPrivateKeyPassword(properties.getProperty(prefix + TLS_TRUST_PWD)); + tlsConfig.setSslProvider(properties.getProperty(prefix + TLS_PROVIDER)); + tlsConfig.setSslContextRefresher(properties.getProperty(prefix + SSL_CONTEXT_REFRESHER)); + tlsConfig.setCompatibility(getBooleanProperty(properties, prefix + COMPATIBILITY, true)); + return tlsConfig; + } +} diff --git a/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder index 1ea83c1f0b2..e0065225026 100644 --- a/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder +++ b/core/src/main/resources/META-INF/services/com.alibaba.nacos.core.remote.grpc.negotiator.ProtocolNegotiatorBuilder @@ -14,4 +14,5 @@ # limitations under the License. # -com.alibaba.nacos.core.remote.grpc.negotiator.tls.DefaultTlsProtocolNegotiatorBuilder \ No newline at end of file +com.alibaba.nacos.core.remote.grpc.negotiator.tls.SdkDefaultTlsProtocolNegotiatorBuilder +com.alibaba.nacos.core.remote.grpc.negotiator.tls.ClusterDefaultTlsProtocolNegotiatorBuilder diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingletonTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingletonTest.java new file mode 100644 index 00000000000..f3086d96f1b --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/ClusterProtocolNegotiatorBuilderSingletonTest.java @@ -0,0 +1,71 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator; + +import com.alibaba.nacos.common.utils.Pair; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.mock.env.MockEnvironment; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertSame; + +/** + * Test ClusterProtocolNegotiatorBuilderSingleton. + * + * @author stone-98 + * @date 2024/2/21 + */ +public class ClusterProtocolNegotiatorBuilderSingletonTest { + + @Before + public void setUp() throws Exception { + ConfigurableEnvironment environment = new MockEnvironment(); + EnvUtil.setEnvironment(environment); + } + + @After + public void tearDown() throws Exception { + } + + @Test + public void testSingletonInstance() { + AbstractProtocolNegotiatorBuilderSingleton singleton1 = ClusterProtocolNegotiatorBuilderSingleton.getSingleton(); + AbstractProtocolNegotiatorBuilderSingleton singleton2 = ClusterProtocolNegotiatorBuilderSingleton.getSingleton(); + assertSame(singleton1, singleton2); + } + + @Test + public void testDefaultBuilderPair() { + Pair defaultPair = ClusterProtocolNegotiatorBuilderSingleton.getSingleton() + .defaultBuilderPair(); + assertNotNull(defaultPair); + assertEquals(ClusterProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, defaultPair.getFirst()); + assertNotNull(defaultPair.getSecond()); + } + + @Test + public void testType() { + String type = ClusterProtocolNegotiatorBuilderSingleton.getSingleton().type(); + assertNotNull(type); + assertEquals(ClusterProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, type); + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingletonTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingletonTest.java new file mode 100644 index 00000000000..b7a08527d09 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/SdkProtocolNegotiatorBuilderSingletonTest.java @@ -0,0 +1,71 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator; + +import com.alibaba.nacos.common.utils.Pair; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.mock.env.MockEnvironment; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertSame; + +/** + * Test SdkProtocolNegotiatorBuilderSingleton. + * + * @author stone-98 + * @date 2024/2/21 + */ +public class SdkProtocolNegotiatorBuilderSingletonTest { + + @Before + public void setUp() throws Exception { + ConfigurableEnvironment environment = new MockEnvironment(); + EnvUtil.setEnvironment(environment); + } + + @After + public void tearDown() throws Exception { + } + + @Test + public void testSingletonInstance() { + AbstractProtocolNegotiatorBuilderSingleton singleton1 = SdkProtocolNegotiatorBuilderSingleton.getSingleton(); + AbstractProtocolNegotiatorBuilderSingleton singleton2 = SdkProtocolNegotiatorBuilderSingleton.getSingleton(); + assertSame(singleton1, singleton2); + } + + @Test + public void testDefaultBuilderPair() { + Pair defaultPair = SdkProtocolNegotiatorBuilderSingleton.getSingleton() + .defaultBuilderPair(); + assertNotNull(defaultPair); + assertEquals(SdkProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, defaultPair.getFirst()); + assertNotNull(defaultPair.getSecond()); + } + + @Test + public void testType() { + String type = SdkProtocolNegotiatorBuilderSingleton.getSingleton().type(); + assertNotNull(type); + assertEquals(SdkProtocolNegotiatorBuilderSingleton.TYPE_PROPERTY_KEY, type); + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java new file mode 100644 index 00000000000..c0afcfd8f38 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/ClusterDefaultTlsProtocolNegotiatorBuilderTest.java @@ -0,0 +1,84 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.common.remote.client.RpcConstants; +import com.alibaba.nacos.core.remote.grpc.negotiator.NacosGrpcProtocolNegotiator; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.MutablePropertySources; +import org.springframework.core.env.PropertiesPropertySource; +import org.springframework.mock.env.MockEnvironment; + +import java.util.Properties; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +/** + * Test ClusterDefaultTlsProtocolNegotiatorBuilder. + * + * @author stone-98 + * @date 2023/12/25 + */ +public class ClusterDefaultTlsProtocolNegotiatorBuilderTest { + + private ConfigurableEnvironment environment; + + private ClusterDefaultTlsProtocolNegotiatorBuilder builder; + + @Before + public void setUp() { + environment = new MockEnvironment(); + EnvUtil.setEnvironment(environment); + builder = new ClusterDefaultTlsProtocolNegotiatorBuilder(); + } + + @After + public void tearDown() throws NoSuchFieldException, IllegalAccessException { + } + + @Test + public void testBuildTlsDisabled() { + assertNull(builder.build()); + } + + @Test + public void testBuildTlsEnabled() { + Properties properties = new Properties(); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".enableTls", "true"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".compatibility", "false"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".ciphers", + "ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".protocols", "TLSv1.2,TLSv1.3"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".certPrivateKey", "test-server-key.pem"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".certChainFile", "test-server-cert.pem"); + properties.setProperty(RpcConstants.NACOS_PEER_RPC + ".trustCollectionCertFile", + "test-ca-cert.pem"); + + PropertiesPropertySource propertySource = new PropertiesPropertySource("myPropertySource", properties); + MutablePropertySources propertySources = environment.getPropertySources(); + propertySources.addLast(propertySource); + + NacosGrpcProtocolNegotiator negotiator = builder.build(); + assertNotNull(negotiator); + } + +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java deleted file mode 100644 index f947a367a83..00000000000 --- a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsContextBuilderTest.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 1999-2023 Alibaba Group Holding Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.alibaba.nacos.core.remote.grpc.negotiator.tls; - -import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; -import com.alibaba.nacos.sys.env.EnvUtil; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.mock.env.MockEnvironment; - -import java.lang.reflect.Field; - -public class DefaultTlsContextBuilderTest { - - private ConfigurableEnvironment environment; - - @Before - public void setUp() throws Exception { - environment = new MockEnvironment(); - EnvUtil.setEnvironment(environment); - RpcServerTlsConfig.getInstance().setEnableTls(true); - } - - @After - public void tearDown() throws Exception { - RpcServerTlsConfig.getInstance().setEnableTls(false); - RpcServerTlsConfig.getInstance().setTrustAll(false); - RpcServerTlsConfig.getInstance().setMutualAuthEnable(false); - RpcServerTlsConfig.getInstance().setCertChainFile(null); - RpcServerTlsConfig.getInstance().setCertPrivateKey(null); - RpcServerTlsConfig.getInstance().setCiphers(null); - RpcServerTlsConfig.getInstance().setProtocols(null); - RpcServerTlsConfig.getInstance().setTrustCollectionCertFile(null); - RpcServerTlsConfig.getInstance().setSslProvider(""); - clearRpcServerTlsConfigInstance(); - } - - @Test(expected = IllegalArgumentException.class) - public void testGetSslContextIllegal() { - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - @Test - public void testGetSslContextWithoutMutual() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); - grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); - grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); - grpcServerConfig.setCertPrivateKey("test-server-key.pem"); - grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - @Test - public void testGetSslContextWithMutual() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); - grpcServerConfig.setTrustAll(true); - grpcServerConfig.setMutualAuthEnable(true); - grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); - grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); - grpcServerConfig.setCertPrivateKey("test-server-key.pem"); - grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - @Test - public void testGetSslContextWithMutualAndPart() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); - grpcServerConfig.setMutualAuthEnable(true); - grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); - grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); - grpcServerConfig.setCertPrivateKey("test-server-key.pem"); - grpcServerConfig.setCertChainFile("test-server-cert.pem"); - grpcServerConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - @Test(expected = IllegalArgumentException.class) - public void testGetSslContextWithMutualAndPartIllegal() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); - grpcServerConfig.setMutualAuthEnable(true); - grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); - grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); - grpcServerConfig.setCertPrivateKey("test-server-key.pem"); - grpcServerConfig.setCertChainFile("test-server-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - @Test(expected = NacosRuntimeException.class) - public void testGetSslContextForNonExistFile() { - RpcServerTlsConfig grpcServerConfig = RpcServerTlsConfig.getInstance(); - grpcServerConfig.setCiphers("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); - grpcServerConfig.setProtocols("TLSv1.2,TLSv1.3"); - grpcServerConfig.setCertPrivateKey("non-exist-server-key.pem"); - grpcServerConfig.setCertChainFile("non-exist-cert.pem"); - DefaultTlsContextBuilder.getSslContext(RpcServerTlsConfig.getInstance()); - } - - private static void clearRpcServerTlsConfigInstance() throws Exception { - Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance"); - instanceField.setAccessible(true); - instanceField.set(null, null); - } -} \ No newline at end of file diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java new file mode 100644 index 00000000000..3d426d18f3c --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/RpcServerSslContextRefresherHolderTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 1999-2020 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.core.env.ConfigurableEnvironment; + + +/** + * Test RpcServerSslContextRefresherHolder. + * + * @author stone-98 + */ +@RunWith(MockitoJUnitRunner.class) +public class RpcServerSslContextRefresherHolderTest { + + @Mock + private ConfigurableEnvironment environment; + + @Before + public void setUp() { + EnvUtil.setEnvironment(environment); + } + + @After + public void tearDown() { + } + + @Test + public void testInit() { + } + +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java new file mode 100644 index 00000000000..3b413ffdec3 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsContextBuilderTest.java @@ -0,0 +1,110 @@ +/* + * Copyright 1999-2023 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.core.remote.grpc.negotiator.tls; + +import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException; +import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.sys.env.EnvUtil; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.mock.env.MockEnvironment; + +import static org.mockito.Mockito.when; + +/** + * {@link DefaultTlsContextBuilder} unit test. + * + * @author stone-98 + * @date 2024-03-11 17:11 + */ +@RunWith(MockitoJUnitRunner.class) +public class SdkDefaultTlsContextBuilderTest { + + private ConfigurableEnvironment environment; + + @Mock + private RpcServerTlsConfig rpcServerTlsConfig; + + @Before + public void setUp() throws Exception { + environment = new MockEnvironment(); + EnvUtil.setEnvironment(environment); + } + + @After + public void tearDown() throws Exception { + } + + @Test(expected = IllegalArgumentException.class) + public void testGetSslContextIllegal() { + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + + @Test + public void testGetSslContextWithoutMutual() { + when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); + when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3"); + when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem"); + when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem"); + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + + @Test + public void testGetSslContextWithMutual() { + when(rpcServerTlsConfig.getTrustAll()).thenReturn(true); + when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true); + when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); + when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3"); + when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem"); + when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem"); + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + + @Test + public void testGetSslContextWithMutualAndPart() { + when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true); + when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); + when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3"); + when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem"); + when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem"); + when(rpcServerTlsConfig.getTrustCollectionCertFile()).thenReturn("test-ca-cert.pem"); + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + + @Test(expected = IllegalArgumentException.class) + public void testGetSslContextWithMutualAndPartIllegal() { + when(rpcServerTlsConfig.getMutualAuthEnable()).thenReturn(true); + when(rpcServerTlsConfig.getCiphers()).thenReturn("ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384"); + when(rpcServerTlsConfig.getProtocols()).thenReturn("TLSv1.2,TLSv1.3"); + when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("test-server-key.pem"); + when(rpcServerTlsConfig.getCertChainFile()).thenReturn("test-server-cert.pem"); + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + + @Test(expected = NacosRuntimeException.class) + public void testGetSslContextForNonExistFile() { + when(rpcServerTlsConfig.getCertPrivateKey()).thenReturn("non-exist-server-key.pem"); + when(rpcServerTlsConfig.getCertChainFile()).thenReturn("non-exist-cert.pem"); + DefaultTlsContextBuilder.getSslContext(rpcServerTlsConfig); + } + +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java similarity index 58% rename from core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java rename to core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java index 24e0a6fd782..95d83dba865 100644 --- a/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/DefaultTlsProtocolNegotiatorBuilderTest.java +++ b/core/src/test/java/com/alibaba/nacos/core/remote/grpc/negotiator/tls/SdkDefaultTlsProtocolNegotiatorBuilderTest.java @@ -16,56 +16,58 @@ package com.alibaba.nacos.core.remote.grpc.negotiator.tls; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import com.alibaba.nacos.sys.env.EnvUtil; import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.Mockito; +import org.mockito.junit.MockitoJUnitRunner; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.mock.env.MockEnvironment; -import java.lang.reflect.Field; +import java.util.Properties; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class SdkDefaultTlsProtocolNegotiatorBuilderTest { -public class DefaultTlsProtocolNegotiatorBuilderTest { - private ConfigurableEnvironment environment; - - private DefaultTlsProtocolNegotiatorBuilder builder; - + + private SdkDefaultTlsProtocolNegotiatorBuilder builder; + + @Mock + private Properties properties; + @Before public void setUp() throws Exception { environment = new MockEnvironment(); EnvUtil.setEnvironment(environment); - builder = new DefaultTlsProtocolNegotiatorBuilder(); + builder = new SdkDefaultTlsProtocolNegotiatorBuilder(); } - + @After public void tearDown() throws Exception { - RpcServerTlsConfig.getInstance().setEnableTls(false); - RpcServerTlsConfig.getInstance().setCertChainFile(null); - RpcServerTlsConfig.getInstance().setCertPrivateKey(null); - clearRpcServerTlsConfigInstance(); } - + @Test public void testBuildDisabled() { assertNull(builder.build()); } - + @Test public void testBuildEnabled() { - RpcServerTlsConfig.getInstance().setEnableTls(true); - RpcServerTlsConfig.getInstance().setCertPrivateKey("test-server-key.pem"); - RpcServerTlsConfig.getInstance().setCertChainFile("test-server-cert.pem"); + final MockedStatic envUtilMockedStatic = Mockito.mockStatic(EnvUtil.class); + when(EnvUtil.getProperties()).thenReturn(properties); + when(properties.getProperty("nacos.remote.server.rpc.tls.enableTls")).thenReturn("true"); + when(properties.getProperty("nacos.remote.server.rpc.tls.certPrivateKey")).thenReturn("test-server-key.pem"); + when(properties.getProperty("nacos.remote.server.rpc.tls.certChainFile")).thenReturn("test-server-cert.pem"); assertNotNull(builder.build()); + envUtilMockedStatic.close(); } - - private static void clearRpcServerTlsConfigInstance() throws Exception { - Field instanceField = RpcServerTlsConfig.class.getDeclaredField("instance"); - instanceField.setAccessible(true); - instanceField.set(null, null); - } -} \ No newline at end of file +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java new file mode 100644 index 00000000000..f9b4fda663c --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcClusterServerSslContextRefresherTest.java @@ -0,0 +1,48 @@ +/* + * Copyright 1999-2021 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.core.remote.BaseRpcServer; + +public class RpcClusterServerSslContextRefresherTest implements RpcServerSslContextRefresher { + + @Override + public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) { + return new SslContextChangeAware() { + @Override + public void init(BaseRpcServer baseRpcServer) { + + } + + @Override + public void onSslContextChange() { + + } + + @Override + public void shutdown() { + + } + }; + } + + @Override + public String getName() { + return "cluster-refresher-test"; + } +} diff --git a/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java new file mode 100644 index 00000000000..3a39b7830c7 --- /dev/null +++ b/core/src/test/java/com/alibaba/nacos/core/remote/tls/RpcSdkServerSslContextRefresherTest.java @@ -0,0 +1,48 @@ +/* + * Copyright 1999-2021 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.alibaba.nacos.core.remote.tls; + +import com.alibaba.nacos.core.remote.BaseRpcServer; + +public class RpcSdkServerSslContextRefresherTest implements RpcServerSslContextRefresher { + + @Override + public SslContextChangeAware refresh(BaseRpcServer baseRpcServer) { + return new SslContextChangeAware() { + @Override + public void init(BaseRpcServer baseRpcServer) { + + } + + @Override + public void onSslContextChange() { + + } + + @Override + public void shutdown() { + + } + }; + } + + @Override + public String getName() { + return "sdk-refresher-test"; + } +} diff --git a/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher b/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher new file mode 100644 index 00000000000..0c84c41b275 --- /dev/null +++ b/core/src/test/resources/META-INF/services/com.alibaba.nacos.core.remote.tls.RpcServerSslContextRefresher @@ -0,0 +1,18 @@ +# +# Copyright 1999-2021 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +com.alibaba.nacos.core.remote.tls.RpcSdkServerSslContextRefresherTest +com.alibaba.nacos.core.remote.tls.RpcClusterServerSslContextRefresherTest diff --git a/sys/src/main/java/com/alibaba/nacos/sys/env/EnvUtil.java b/sys/src/main/java/com/alibaba/nacos/sys/env/EnvUtil.java index 84a85825be9..c56ab34bfdb 100644 --- a/sys/src/main/java/com/alibaba/nacos/sys/env/EnvUtil.java +++ b/sys/src/main/java/com/alibaba/nacos/sys/env/EnvUtil.java @@ -24,8 +24,10 @@ import com.alibaba.nacos.sys.utils.DiskUtils; import com.alibaba.nacos.sys.utils.InetUtils; import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; import org.springframework.core.env.MapPropertySource; import org.springframework.core.env.MutablePropertySources; +import org.springframework.core.env.PropertySource; import org.springframework.core.io.InputStreamResource; import org.springframework.core.io.Resource; @@ -43,6 +45,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Properties; import java.util.Set; import java.util.HashMap; @@ -169,6 +172,23 @@ public static String getRequiredProperty(String key) throws IllegalStateExceptio public static T getRequiredProperty(String key, Class targetType) throws IllegalStateException { return environment.getRequiredProperty(key, targetType); } + + public static Properties getProperties() { + Properties properties = new Properties(); + for (PropertySource propertySource : environment.getPropertySources()) { + if (propertySource instanceof EnumerablePropertySource) { + EnumerablePropertySource enumerablePropertySource = (EnumerablePropertySource) propertySource; + String[] propertyNames = enumerablePropertySource.getPropertyNames(); + for (String propertyName : propertyNames) { + Object propertyValue = enumerablePropertySource.getProperty(propertyName); + if (propertyValue != null) { + properties.put(propertyName, propertyValue.toString()); + } + } + } + } + return properties; + } public static String resolvePlaceholders(String text) { return environment.resolvePlaceholders(text); diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java index b15c1e05f22..4982a1b9502 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceComTlsGrpcClient_CITCase.java @@ -23,13 +23,15 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; -import org.junit.*; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.FixMethodOrder; +import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.MethodSorters; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.web.server.LocalServerPort; import org.springframework.test.context.junit4.SpringRunner; import java.io.IOException; @@ -46,36 +48,27 @@ */ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".compatibility=true", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigServiceComTlsGrpcClient_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); - - @LocalServerPort - private int port; - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceComTlsGrpcClient_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - - + @Test - public void test_e_TlsServerAndPlainClient() throws Exception { + public void test_e_TlsServerAndPlainClient() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false"); propertiesfalse.put("serverAddr", "127.0.0.1"); diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java index da5ee0a6b05..f88b4f59268 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigServiceNoComTlsGrpcClient_CITCase.java @@ -23,7 +23,6 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; import org.junit.AfterClass; import org.junit.Assert; @@ -47,30 +46,25 @@ * @author githubcheng2978. */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem"}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigServiceNoComTlsGrpcClient_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigServiceNoComTlsGrpcClient_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_e_TlsServerAndTlsClient() throws Exception { @@ -83,7 +77,8 @@ public void test_e_TlsServerAndTlsClient() throws Exception { String content = UUID.randomUUID().toString(); String dataId = "test-group" + increment.getAndIncrement(); String groupId = "test-data" + increment.getAndIncrement(); - boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(), "test-data" + increment.getAndIncrement(), content); + boolean b = configService.publishConfig("test-group" + increment.getAndIncrement(), + "test-data" + increment.getAndIncrement(), content); CountDownLatch latch = new CountDownLatch(1); configService.addListener(dataId, groupId, new AbstractConfigChangeListener() { @Override @@ -99,9 +94,9 @@ public void receiveConfigChange(ConfigChangeEvent event) { latch.await(5, TimeUnit.SECONDS); Assert.assertTrue(b); } - + @Test - public void test_e_TlsServerAndPlainClient() throws Exception { + public void test_e_TlsServerAndPlainClient() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "false"); propertiesfalse.put("serverAddr", "127.0.0.1"); diff --git a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java index b06c6d62095..7174de8d67d 100644 --- a/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java +++ b/test/config-test/src/test/java/com/alibaba/nacos/test/config/NacosConfigV2MutualAuth_CITCase.java @@ -14,7 +14,6 @@ * limitations under the License. */ - package com.alibaba.nacos.test.config; import com.alibaba.nacos.Nacos; @@ -24,7 +23,6 @@ import com.alibaba.nacos.client.config.NacosConfigService; import com.alibaba.nacos.client.config.listener.impl.AbstractConfigChangeListener; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import com.alibaba.nacos.test.base.ConfigCleanUtils; import org.junit.After; import org.junit.Assert; @@ -48,43 +46,37 @@ * @author githubcheng2978. */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", + RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem", RpcConstants.NACOS_SERVER_RPC + + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NacosConfigV2MutualAuth_CITCase { - - + + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass - public static void beforeClass() throws IOException { + public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(NacosConfigV2MutualAuth_CITCase.class.getSimpleName()); - + } - + @After - public void cleanClientCache() throws Exception { + public void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_d_MutualAuth() throws Exception { Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem"); propertiesfalse.put("serverAddr", "127.0.0.1"); ConfigService configServiceFalse = new NacosConfigService(propertiesfalse); String dataId = "test-group" + increment.getAndIncrement(); @@ -106,14 +98,14 @@ public void receiveConfigChange(ConfigChangeEvent event) { latch2.await(5, TimeUnit.SECONDS); Assert.assertTrue(res); } - + @Test public void test_d_MutualAuthButClientNot() throws Exception { - + Properties propertiesfalse = new Properties(); propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); - propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-client-cert.pem"); - + propertiesfalse.put(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-client-cert.pem"); + propertiesfalse.put("serverAddr", "127.0.0.1"); ConfigService configServiceFalse = new NacosConfigService(propertiesfalse); String dataId = "test-group" + increment.getAndIncrement(); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java index 74a4d18b423..c1039830cde 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV1ServerNonCompatibility_CITCase.java @@ -14,7 +14,6 @@ * limitations under the License. */ - package com.alibaba.nacos.test.client; import com.alibaba.nacos.Nacos; @@ -25,7 +24,7 @@ import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcConstants; import com.alibaba.nacos.test.ConfigCleanUtils; import org.junit.AfterClass; import org.junit.Assert; @@ -45,89 +44,88 @@ import java.util.concurrent.atomic.AtomicInteger; /** - * use configPublishRequest for communication verification between client and server + * use configPublishRequest for communication verification between client and server. * * @author githubcheng2978 */ @RunWith(SpringRunner.class) @TestConfiguration -@SpringBootTest(classes = {Nacos.class}, - properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"server.servlet.context-path=/nacos", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class ConfigIntegrationV1ServerNonCompatibility_CITCase { - + public static AtomicInteger increment = new AtomicInteger(100); + @LocalServerPort private int port; - + @BeforeClass public static void beforeClass() throws IOException { - ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName()); + ConfigCleanUtils.changeToNewTestNacosHome( + ConfigIntegrationV1ServerNonCompatibility_CITCase.class.getSimpleName()); } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test public void test_a_TlsServer() throws Exception { - RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null); + RpcClient client = RpcClientFactory.createClient("testTlsServer", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), null); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - + Connection connection = client.connectToServer(serverInfo); Assert.assertNull(connection); } - - + @Test public void test_b_ServerTlsTrustAll() throws Exception { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustAll(true); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); String content = UUID.randomUUID().toString(); configPublishRequest.setContent(content); configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); - + Response response = connectionTrustCa.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connectionTrustCa.close(); } - + @Test public void test_c_ServerTlsTrustCa() throws Exception { - + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - + RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest(); String contentCa = UUID.randomUUID().toString(); - + configPublishRequestCa.setContent(contentCa); configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement()); configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement()); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java index 2d28d0621e5..f39b1d6d4e0 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV2MutualAuth_CITCase.java @@ -25,9 +25,13 @@ import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcConstants; import com.alibaba.nacos.test.ConfigCleanUtils; -import org.junit.*; +import org.junit.After; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.web.server.LocalServerPort; @@ -40,79 +44,76 @@ import java.util.concurrent.atomic.AtomicInteger; /** - * use configPublishRequest for communication verification between client and server + * use configPublishRequest for communication verification between client and server. * * @author githubcheng2978 */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", + RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem", + RpcConstants.NACOS_SERVER_RPC + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class ConfigIntegrationV2MutualAuth_CITCase { - + @LocalServerPort private int port; - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass - public static void beforeClass() throws IOException { + public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV2MutualAuth_CITCase.class.getSimpleName()); - + } - + @After - public void cleanClientCache() throws Exception { + public void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test @Ignore("TODO, fix the cert expired problem") public void test_d_MutualAuth() throws Exception { - + RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setMutualAuthEnable(true); tlsConfig.setCertChainFile("test-client-cert.pem"); tlsConfig.setCertPrivateKey("test-client-key.pem"); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); - + RpcClient client = RpcClientFactory.createClient("testMutualAuth", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - + Connection connection = client.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); - + String content = UUID.randomUUID().toString(); - + configPublishRequest.setContent(content); - configPublishRequest.setGroup("test-group"+increment.getAndIncrement()); - configPublishRequest.setDataId("test-data"+increment.getAndIncrement()); + configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); + configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); configPublishRequest.setRequestId(content); Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(5)); Assert.assertTrue(response.isSuccess()); connection.close(); } - + @Test public void test_e_ServerMutualAuthOnly() throws Exception { - + RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); - + RpcClient client = RpcClientFactory.createClient("testServerMutualAuthNoly", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); diff --git a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java index 17e93a6e560..269fb7b0a36 100644 --- a/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java +++ b/test/core-test/src/test/java/com/alibaba/nacos/test/client/ConfigIntegrationV3_CITCase.java @@ -25,10 +25,14 @@ import com.alibaba.nacos.common.remote.client.RpcClient; import com.alibaba.nacos.common.remote.client.RpcClientFactory; import com.alibaba.nacos.common.remote.client.RpcClientTlsConfig; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcConstants; import com.alibaba.nacos.sys.env.EnvUtil; import com.alibaba.nacos.test.ConfigCleanUtils; -import org.junit.*; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.web.server.LocalServerPort; @@ -46,44 +50,40 @@ * @author githubcheng2978 */ @RunWith(SpringRunner.class) -@SpringBootTest(classes = {Nacos.class}, - properties = { - "nacos.standalone=true", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem" - }, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = {Nacos.class}, properties = {"nacos.standalone=true", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", + RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class ConfigIntegrationV3_CITCase { - + @LocalServerPort private int port; - + public static AtomicInteger increment = new AtomicInteger(100); - + @BeforeClass public static void beforeClass() throws IOException { ConfigCleanUtils.changeToNewTestNacosHome(ConfigIntegrationV3_CITCase.class.getSimpleName()); - } - + @BeforeClass @AfterClass public static void cleanClientCache() throws Exception { ConfigCleanUtils.cleanClientCache(); } - + @Test public void test_e_TlsServerAndPlainClient() throws Exception { - RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), null); + RpcClient client = RpcClientFactory.createClient("testTlsServerAndPlainClient", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), null); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); Connection connection = client.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); - + String content = UUID.randomUUID().toString(); - + configPublishRequest.setContent(content); configPublishRequest.setGroup("test-group" + increment.getAndIncrement()); configPublishRequest.setDataId("test-data" + increment.getAndIncrement()); @@ -91,19 +91,18 @@ public void test_e_TlsServerAndPlainClient() throws Exception { Response response = connection.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connection.close(); - } - + @Test public void test_f_ServerTlsTrustAll() throws Exception { - RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustAll(true); RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); serverInfo.setServerPort(port); - RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustAll = RpcClientFactory.createClient("testServerTlsTrustAll", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustAll = clientTrustAll.connectToServer(serverInfo); ConfigPublishRequest configPublishRequest = new ConfigPublishRequest(); String content = UUID.randomUUID().toString(); @@ -113,25 +112,26 @@ public void test_f_ServerTlsTrustAll() throws Exception { Response response = connectionTrustAll.request(configPublishRequest, TimeUnit.SECONDS.toMillis(3)); Assert.assertTrue(response.isSuccess()); connectionTrustAll.close(); - + } - + @Test @Ignore("TODO, Fix cert expired problem") public void test_g_ServerTlsTrustCa() throws Exception { - + RpcClient.ServerInfo serverInfo = new RpcClient.ServerInfo(); serverInfo.setServerIp("127.0.0.1"); - + serverInfo.setServerPort(EnvUtil.getPort()); RpcClientTlsConfig tlsConfig = new RpcClientTlsConfig(); tlsConfig.setEnableTls(true); tlsConfig.setTrustCollectionCertFile("test-ca-cert.pem"); - RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, Collections.singletonMap("labelKey", "labelValue"), tlsConfig); + RpcClient clientTrustCa = RpcClientFactory.createClient("testServerTlsTrustCa", ConnectionType.GRPC, + Collections.singletonMap("labelKey", "labelValue"), tlsConfig); Connection connectionTrustCa = clientTrustCa.connectToServer(serverInfo); ConfigPublishRequest configPublishRequestCa = new ConfigPublishRequest(); String contentCa = UUID.randomUUID().toString(); - + configPublishRequestCa.setContent(contentCa); configPublishRequestCa.setGroup("test-group" + increment.getAndIncrement()); configPublishRequestCa.setDataId("test-data" + increment.getAndIncrement()); diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java index 1379445f621..bb596aa6504 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingCompatibilityServiceTls_ITCase.java @@ -27,7 +27,7 @@ import com.alibaba.nacos.api.naming.pojo.Service; import com.alibaba.nacos.api.selector.ExpressionSelector; import com.alibaba.nacos.api.selector.NoneSelector; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; +import com.alibaba.nacos.common.remote.client.RpcConstants; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -45,43 +45,45 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingCompatibilityServiceTls_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=true", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=true", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", + RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) public class NamingCompatibilityServiceTls_ITCase { - + private NamingMaintainService namingMaintainService; + private NamingService namingService; + private Instance instance; + private String serviceName; - + @LocalServerPort private int port; - + @Before public void init() throws Exception { - + NamingBase.prepareServer(port); - + if (namingMaintainService == null) { TimeUnit.SECONDS.sleep(10); namingMaintainService = NamingMaintainFactory.createMaintainService("127.0.0.1" + ":" + port); } - + if (namingService == null) { TimeUnit.SECONDS.sleep(10); namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); } - + instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); @@ -91,11 +93,11 @@ public void init() throws Exception { map.put("netType", "external"); map.put("version", "1.0"); instance.setMetadata(map); - + serviceName = randomDomainName(); - + } - + @Test public void updateInstance() throws NacosException, InterruptedException { Map map = new HashMap(); @@ -110,7 +112,7 @@ public void updateInstance() throws NacosException, InterruptedException { Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); System.out.println(instances.get(0)); } - + @Test public void updateInstanceWithDisable() throws NacosException, InterruptedException { Map map = new HashMap(); @@ -124,7 +126,7 @@ public void updateInstanceWithDisable() throws NacosException, InterruptedExcept List instances = namingService.getAllInstances(serviceName, false); Assert.assertEquals(0, instances.size()); } - + @Test public void createAndUpdateService() throws NacosException { String serviceName = randomDomainName(); @@ -138,13 +140,13 @@ public void createAndUpdateService() throws NacosException { preService.setMetadata(metadata); ExpressionSelector selector = new ExpressionSelector(); selector.setExpression("CONSUMER.label.A=PROVIDER.label.A &CONSUMER.label.B=PROVIDER.label.B"); - + System.out.println("service info : " + preService); namingMaintainService.createService(preService, selector); Service remoteService = namingMaintainService.queryService(serviceName); System.out.println("remote service info : " + remoteService); Assert.assertEquals(preService.toString(), remoteService.toString()); - + // update service Service nowService = new Service(); nowService.setName(serviceName); @@ -153,13 +155,13 @@ public void createAndUpdateService() throws NacosException { metadata.clear(); metadata.put(serviceName, "this is a update metadata"); nowService.setMetadata(metadata); - + namingMaintainService.updateService(nowService, new NoneSelector()); remoteService = namingMaintainService.queryService(serviceName); System.out.println("remote service info : " + remoteService); Assert.assertEquals(nowService.toString(), remoteService.toString()); } - + @Test public void deleteService() throws NacosException { String serviceName = randomDomainName(); @@ -167,7 +169,7 @@ public void deleteService() throws NacosException { preService.setName(serviceName); System.out.println("service info : " + preService); namingMaintainService.createService(preService, new NoneSelector()); - + Assert.assertTrue(namingMaintainService.deleteService(serviceName)); } diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java index 2b598cdd294..d557fa0b933 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceAndMutualAuth_ITCase.java @@ -23,7 +23,6 @@ import com.alibaba.nacos.api.naming.NamingService; import com.alibaba.nacos.api.naming.pojo.Instance; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import org.junit.After; import org.junit.Assert; import org.junit.FixMethodOrder; @@ -43,38 +42,36 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingTlsServiceAndMutualAuth_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".mutualAuthEnable=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", - RpcServerTlsConfig.PREFIX+".trustCollectionCertFile=test-ca-cert.pem", - -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".mutualAuthEnable=true", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", + RpcConstants.NACOS_SERVER_RPC + ".certPrivateKey=test-server-key.pem", RpcConstants.NACOS_SERVER_RPC + + ".trustCollectionCertFile=test-ca-cert.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class NamingTlsServiceAndMutualAuth_ITCase { - - + + @LocalServerPort private int port; - + @Test public void test_a_MutualAuth() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,"test-client-cert.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,"test-client-key.pem"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, "test-client-cert.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, "test-client-key.pem"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -94,19 +91,19 @@ public void test_a_MutualAuth() throws NacosException { Assert.assertEquals(instances.size(), 1); Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); namingService.shutDown(); - + } - - + + @Test(expected = NacosException.class) public void test_b_MutualAuthClientTrustCa() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -118,18 +115,18 @@ public void test_b_MutualAuthClientTrustCa() throws NacosException { instance.setMetadata(map); namingService.registerInstance(serviceName, instance); namingService.shutDown(); - + } - + @Test(expected = NacosException.class) public void test_c_MutualAuthClientTrustALl() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY,""); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_MUTUAL_AUTH, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_CHAIN_PATH, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_CERT_KEY, ""); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -142,9 +139,9 @@ public void test_c_MutualAuthClientTrustALl() throws NacosException { namingService.registerInstance(serviceName, instance); namingService.shutDown(); } - + @After - public void after(){ - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,""); + public void after() { + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, ""); } } diff --git a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java index 8597a1aad2b..94bca1807e5 100644 --- a/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java +++ b/test/naming-test/src/test/java/com/alibaba/nacos/test/naming/NamingTlsServiceTls_ITCase.java @@ -23,7 +23,6 @@ import com.alibaba.nacos.api.naming.NamingService; import com.alibaba.nacos.api.naming.pojo.Instance; import com.alibaba.nacos.common.remote.client.RpcConstants; -import com.alibaba.nacos.core.remote.tls.RpcServerTlsConfig; import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Ignore; @@ -42,30 +41,29 @@ import static com.alibaba.nacos.test.naming.NamingBase.randomDomainName; /** + * NamingTlsServiceTls_ITCase. + * * @author githucheng2978. * @date . **/ @RunWith(SpringRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) -@SpringBootTest(classes = Nacos.class, properties = { - "server.servlet.context-path=/nacos", - RpcServerTlsConfig.PREFIX+".enableTls=true", - RpcServerTlsConfig.PREFIX+".compatibility=false", - RpcServerTlsConfig.PREFIX+".certChainFile=test-server-cert.pem", - RpcServerTlsConfig.PREFIX+".certPrivateKey=test-server-key.pem", -}, - webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(classes = Nacos.class, properties = {"server.servlet.context-path=/nacos", + RpcConstants.NACOS_SERVER_RPC + ".enableTls=true", + RpcConstants.NACOS_SERVER_RPC + ".compatibility=false", + RpcConstants.NACOS_SERVER_RPC + ".certChainFile=test-server-cert.pem", RpcConstants.NACOS_SERVER_RPC + + ".certPrivateKey=test-server-key.pem"}, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @Ignore("TODO, Fix cert expired problem") public class NamingTlsServiceTls_ITCase { - - + + @LocalServerPort private int port; - + @Test(expected = NacosException.class) public void Tls_a_ServerAndPlainClient() throws NacosException { - - Instance instance = new Instance(); + + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); @@ -76,20 +74,20 @@ public void Tls_a_ServerAndPlainClient() throws NacosException { map.put("version", "2.0"); namingService.registerInstance(randomDomainName(), instance); namingService.shutDown(); - + } - + @Test public void Tls_b_ServerAndTlsClientTrustCa() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH,"test-ca-cert.pem"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_COLLECTION_CHAIN_PATH, "test-ca-cert.pem"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME); - NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); + NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); Map map = new HashMap(); map.put("netType", "external-update"); map.put("version", "2.0"); @@ -105,20 +103,20 @@ public void Tls_b_ServerAndTlsClientTrustCa() throws NacosException { Assert.assertEquals(instances.size(), 1); Assert.assertEquals("2.0", instances.get(0).getMetadata().get("version")); namingService.shutDown(); - + } - + @Test public void Tls_c_ServerAndTlsClientAll() throws NacosException { String serviceName = randomDomainName(); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE,"true"); - System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL,"true"); - Instance instance = new Instance(); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_ENABLE, "true"); + System.setProperty(RpcConstants.RPC_CLIENT_TLS_TRUST_ALL, "true"); + Instance instance = new Instance(); instance.setIp("127.0.0.1"); instance.setPort(8081); instance.setWeight(2); instance.setClusterName(Constants.DEFAULT_CLUSTER_NAME); - NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); + NamingService namingService = NamingFactory.createNamingService("127.0.0.1" + ":" + port); Map map = new HashMap(); map.put("netType", "external-update"); map.put("version", "2.0");