def test_check_on_config_fetcher(self): cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) with self.assertRaises(TypeError): grpc.dynamic_ssl_server_credentials(cert_config, None) with self.assertRaises(TypeError): grpc.dynamic_ssl_server_credentials(cert_config, 1)
def setUp(self): self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) services_pb2_grpc.add_FirstServiceServicer_to_server( _server_application.FirstServiceServicer(), self.server) switch_cert_on_client_num = 10 initial_cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM) self.cert_config_fetcher = CertConfigFetcher() server_credentials = grpc.dynamic_ssl_server_credentials( initial_cert_config, self.cert_config_fetcher, require_client_authentication=self.require_client_auth()) self.port = self.server.add_secure_port('[::]:0', server_credentials) self.server.start()
def setUp(self): self.server = test_common.test_server() services_pb2_grpc.add_FirstServiceServicer_to_server( _server_application.FirstServiceServicer(), self.server) self.cert_config_A = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM) self.cert_config_B = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) self.cert_config_fetcher = CertConfigFetcher() server_credentials = grpc.dynamic_ssl_server_credentials( self.cert_config_A, self.cert_config_fetcher, require_client_authentication=True) self.port = self.server.add_secure_port('[::]:0', server_credentials) self.server.start()
def setUp(self): self.server = test_common.test_server() services_pb2_grpc.add_FirstServiceServicer_to_server( _server_application.FirstServiceServicer(), self.server) self.cert_config_A = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM) self.cert_config_B = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) self.cert_config_fetcher = CertConfigFetcher() server_credentials = grpc.dynamic_ssl_server_credentials( self.cert_config_A, self.cert_config_fetcher, require_client_authentication=True) self.port = self.server.add_secure_port('[::]:0', server_credentials) self.server.start()
def test_check_on_initial_config(self): with self.assertRaises(TypeError): grpc.dynamic_ssl_server_credentials(None, str) with self.assertRaises(TypeError): grpc.dynamic_ssl_server_credentials(1, str)
def serve(): initial_cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM, # for verifying clients ) global cert_config_fetcher cert_config_fetcher = CertConfigFetcher() server_credentials = grpc.dynamic_ssl_server_credentials( initial_cert_config, cert_config_fetcher, require_client_authentication=True) print("CA_2_PEM length: {}".format(len(CA_2_PEM))) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server) server.add_secure_port('[::]:50051', server_credentials) server.start() numOfKeyboardInterrupts = 0 while True: try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: numOfKeyboardInterrupts += 1 if (numOfKeyboardInterrupts == 1): print("first interrupt: changing certs...") cert_config_new = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_BOTH_PEM) print("CA_BOTH_PEM length: {}".format(len(CA_BOTH_PEM))) cert_config_fetcher.reset() cert_config_fetcher.configure(False, cert_config_new) print("certs changed") continue if (numOfKeyboardInterrupts == 2): print("second interrupt: changing certs...") cert_config_new = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_BOTH_PEM) print("SERVER_KEY_2_PEM length: {}".format(len(SERVER_KEY_2_PEM))) print("SERVER_CERT_CHAIN_2_PEM length: {}".format( len(SERVER_CERT_CHAIN_2_PEM))) cert_config_fetcher.reset() cert_config_fetcher.configure(False, cert_config_new) print("certs changed") continue if (numOfKeyboardInterrupts == 3): print("third interrupt: changing certs...") cert_config_new = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) print("CA_1_PEM length: {}".format(len(CA_1_PEM))) cert_config_fetcher.reset() cert_config_fetcher.configure(False, cert_config_new) print("certs changed") continue if (numOfKeyboardInterrupts == 4): print("fourth interrupt: stopping server...") server.stop(0) break