def setupGRPCServerWithTLS(certPem, keyPem, mutual=False): # create a gRPC server and adding the defined juzu servicer class to it server = grpc.server(futures.ThreadPoolExecutor(max_workers=1)) juzu_pb2_grpc.add_JuzuServicer_to_server(JuzuServicer(), server) # adding SSL credentials if mutual: creds = grpc.ssl_server_credentials([(keyPem, certPem)], root_certificates=certPem, require_client_auth=True) else: creds = grpc.ssl_server_credentials([(keyPem, certPem)]) serverAddress = 'localhost:2727' server.add_secure_port(serverAddress, creds) server.start() return server, serverAddress
def _run_server(self, shutdown_event): server_credentials = grpc.ssl_server_credentials( [(self.config.grpc_server_key, self.config.grpc_server_cert)], root_certificates=self.config.grpc_root_ca, require_client_auth=True) server = grpc.server( futures.ThreadPoolExecutor( max_workers=self.config.grpc_server_thread_num), options=[ ("grpc.so_reuseport", 1), ("grpc.use_local_subchannel_pool", 1), ], ) grpc_lib.add_ForecastServicer_to_server(ForecastServicer(self.logger), server) server.add_secure_port(self.config.grpc_server_address, server_credentials) self.logger.info('starting python gRPC server...') server.start() while not shutdown_event.is_set(): time.sleep(1) server.stop(5).wait() self.logger.info('python gRPC server stopped')
def start(self): log.debug("gRPC server {} is starting".format(self.id)) self._server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) grpc_endpoint_pb2_grpc.add_MockServiceServicer_to_server( MockServiceServicer(self.get_context_data), self._server, ) if self._is_tls: server_credentials = grpc.ssl_server_credentials( private_key_certificate_chain_pairs=[( self._load_credential_from_file( self._context.data['keyfile']), self._load_credential_from_file( self._context.data['certfile']), )], root_certificates=self._load_credential_from_file( self._context.data['cafile']), require_client_auth=True, ) self._server.add_secure_port( '{}:{}'.format( self._context.data['listen_ip'], self._context.data['listen_port'], ), server_credentials, ) else: self._server.add_insecure_port('{}:{}'.format( self._context.data['listen_ip'], self._context.data['listen_port'], )) self._server.start()
def start(rpc_root_ruleconf, address_port=None, ssl=False, workers=4, interceptors=None, **kwargs): if interceptors is None: interceptors = (RequestInterceptor(),) if isinstance(rpc_root_ruleconf, str): rpc_root_ruleconf = import_module(rpc_root_ruleconf) rpc_blueprint = getattr(rpc_root_ruleconf, 'rpc_blueprint', None) assert rpc_blueprint, "not found rpc_blueprint" server = grpc.server(futures.ThreadPoolExecutor(max_workers=workers), interceptors=interceptors) rpc_blueprint.register_server(server) address_port = address_port if address_port else "[::]:50051" if ssl: private_key_path = kwargs.get("private_key_path") public_key_path = kwargs.get("public_key_path") assert private_key_path and public_key_path, \ "certificate private_key_path and public_key_path can not be empty" credentials = grpc.ssl_server_credentials( ((read_private_key(private_key_path), read_public_key(public_key_path),),)) server.add_secure_port(address_port, credentials) else: server.add_insecure_port(address_port) server.start() sys.stdout.write(f"Running GRPC server on {address_port} (Press CTRL+C to quit)\n") sys.stdout.flush() # logger.info(f"start grpc server: {address_port} (Press CTRL+C to quit)") try: while 1: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0)
def serve(): parser = argparse.ArgumentParser() parser.add_argument("--port", help="the port on which to serve", type=int) parser.add_argument("--use_tls", help="require a secure connection", default=False, type=resources.parse_bool) args = parser.parse_args() server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) test_pb2.add_TestServiceServicer_to_server(methods.TestService(), server) if args.use_tls: private_key = resources.private_key() certificate_chain = resources.certificate_chain() credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),)) server.add_secure_port("[::]:{}".format(args.port), credentials) else: server.add_insecure_port("[::]:{}".format(args.port)) server.start() logging.info("Server serving.") try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except BaseException as e: logging.info('Caught exception "%s"; stopping server...', e) server.stop(None) logging.info("Server stopped; exiting.")
def sslServe(): with open('server.key', 'rb') as f: private_key = f.read() with open('server.crt', 'rb') as f: certificate_chain = f.read() server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) #service_pb2_grpc.add_ServerServicer_to_server(ServerServicer(), server) helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server) server.add_secure_port('[::]:' + port, server_credentials) server.start() print("Server started") try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0)
def __init__(self, ip_address, port, max_workers, files_directory, private_key_file, cert_file): self.__ip_address = ip_address self.__port = port self.__max_workers = max_workers self.__files_directory = files_directory self.__private_key_file = private_key_file self.__cert_file = cert_file with open(self.__private_key_file, "rb") as fh: private_key = fh.read() with open(self.__cert_file, "rb") as fh: certificate_chain = fh.read() self.__server = grpc.server( futures.ThreadPoolExecutor(max_workers=self.__max_workers)) file_pb2_grpc.add_FileServicer_to_server( FileServicer(self.__files_directory), self.__server) server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) self.__server.add_secure_port(self.__ip_address + ":" + self.__port, server_credentials) logger.info("created instance " + str(self))
def _create_server(self, config): if config.async_server_threads == 0: # This is the default concurrent.futures thread pool size, but # None doesn't seem to work server_threads = multiprocessing.cpu_count() * 5 else: server_threads = config.async_server_threads server = grpc.server((), futures.ThreadPoolExecutor( max_workers=server_threads)) if config.server_type == control_pb2.ASYNC_SERVER: servicer = benchmark_server.BenchmarkServer() services_pb2.add_BenchmarkServiceServicer_to_server(servicer, server) elif config.server_type == control_pb2.ASYNC_GENERIC_SERVER: resp_size = config.payload_config.bytebuf_params.resp_size servicer = benchmark_server.GenericBenchmarkServer(resp_size) method_implementations = { 'StreamingCall': grpc.stream_stream_rpc_method_handler(servicer.StreamingCall), 'UnaryCall': grpc.unary_unary_rpc_method_handler(servicer.UnaryCall), } handler = grpc.method_handlers_generic_handler( 'grpc.testing.BenchmarkService', method_implementations) server.add_generic_rpc_handlers((handler,)) else: raise Exception('Unsupported server type {}'.format(config.server_type)) if config.HasField('security_params'): # Use SSL server_creds = grpc.ssl_server_credentials( ((resources.private_key(), resources.certificate_chain()),)) port = server.add_secure_port('[::]:{}'.format(config.port), server_creds) else: port = server.add_insecure_port('[::]:{}'.format(config.port)) return (server, port)
def serve(): server = grpc.server(futures.ThreadPoolExecutor(max_workers=10), interceptors = [GeneralLogger(),ExceptionToStatusInterceptor()]) service_pb2_grpc.add_PredictionsServicer_to_server( PredictionsService(), server) with open("server.key", "rb") as fp: server_key = fp.read() with open("server.pem", "rb") as fp: server_cert = fp.read() with open("ca.pem","rb") as fp: ca_cert = fp.read() creds = grpc.ssl_server_credentials( [(server_key, server_cert)], root_certificates=ca_cert, require_client_auth=True) server.add_secure_port("[::]:443", creds) server.start() def handle_sigterm(*_): print("Received shutdown signal") all_rpcs_done_event = server.stop(5) all_rpcs_done_event.wait(5) print("Shut down gracefully") signal(SIGTERM, handle_sigterm) server.wait_for_termination()
def create_ssl_server(max_workers, port, interceptors=None): from django.conf import settings config = getattr(settings, "GRPCSERVER", dict()) servicers_list = config.get( "servicers", [] ) # callbacks to add servicers to the server interceptors = load_interceptors(config.get("interceptors", [])) maximum_concurrent_rpcs = config.get("maximum_concurrent_rpcs", None) certificates = config.get("certificates", {}) # create a gRPC server server = grpc.server( thread_pool=futures.ThreadPoolExecutor(max_workers=max_workers), interceptors=interceptors, maximum_concurrent_rpcs=maximum_concurrent_rpcs, ) add_servicers(server, servicers_list) # Loading credentials server_credentials = grpc.ssl_server_credentials( ( ( certificates["server_certificate_key"], certificates["server_certificate"], ), ) ) server.add_secure_port("[::]:%s" % port, server_credentials) return server
def serve(): parser = argparse.ArgumentParser() parser.add_argument('--port', type=int, required=True, help='the port on which to serve') parser.add_argument('--use_tls', default=False, type=resources.parse_bool, help='require a secure connection') args = parser.parse_args() server = test_common.test_server() test_pb2_grpc.add_TestServiceServicer_to_server(service.TestService(), server) if args.use_tls: private_key = resources.private_key() certificate_chain = resources.certificate_chain() credentials = grpc.ssl_server_credentials( ((private_key, certificate_chain), )) server.add_secure_port('[::]:{}'.format(args.port), credentials) else: server.add_insecure_port('[::]:{}'.format(args.port)) server.start() _LOGGER.info('Server serving.') server.wait_for_termination() _LOGGER.info('Server stopped; exiting.')
def main(): parser = argparse.ArgumentParser(description='Py gRPC client') parser.add_argument('-secured', help='Use SSL', action='store_true') parser.add_argument('-host', default='localhost:8080', help='address:port of gRPC server') args = parser.parse_args() server = grpc.server(futures.ThreadPoolExecutor(max_workers=10), options=()) benchmark_pb2_grpc.add_MyRPC1Servicer_to_server(MyServer(), server) if args.secured: logging.info('py gRPC server starts secured (SSL) on {}'.format( args.host)) # read in key and certificate with open('../go-server/server.key', 'rb') as f: private_key = f.read() with open('../go-server/server.crt', 'rb') as f: certificate_chain = f.read() # create server credentials server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) # add secure port using crendentials server.add_secure_port(args.host, server_credentials) else: logging.info('py gRPC server starts insecured (no SSL) on {}'.format( args.host)) server.add_insecure_port(args.host) server.start() server.wait_for_termination()
def start(self): if self.device_type == 'ponsim': handler = FlowUpdateHandler(self.thread_pool, self.ponsim) add_PonSimServicer_to_server(handler, self.server) x_pon_handler = XPonHandler(self.thread_pool, self.x_pon_sim) add_XPonSimServicer_to_server(x_pon_handler, self.server) else: handler = BalHandler(self.thread_pool, self.ponsim) add_BalServicer_to_server(handler, self.server) # read in key and certificate try: voltha_key = os.path.join(os.environ.get('VOLTHA_BASE'),"pki/voltha.key") with open(voltha_key) as f: private_key = f.read() voltha_cert = os.path.join(os.environ.get('VOLTHA_BASE'),"pki/voltha.crt") with open(voltha_cert) as f: certificate_chain = f.read() except Exception as e: log.error('failed-to-read-cert-keys', reason=e) # create server credentials if self.device_type == 'ponsim': server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain,),)) self.server.add_secure_port('[::]:%s' % self.port, server_credentials) else: self.server.add_insecure_port('[::]:%s' % self.port) self.server.start() log.info('started')
def run_server(): with open(KEYFILE, 'rb') as f: private_key = f.read() with open(CERTFILE, 'rb') as f: certificate_chain = f.read() server_credentials = grpc.ssl_server_credentials( ((private_key, certificate_chain,),) ) # create a gRPC server server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) # use the generated function `add_CalculatorServicer_to_server` # to add the defined class to the server calculator_pb2_grpc.add_CalculatorServicer_to_server( CalculatorServicer(), server) # listen on port print('Starting server. Listening on port {}.'.format(LISTEN_PORT)) server.add_secure_port('[::]:{}'.format(LISTEN_PORT), server_credentials) server.start() # since server.start() will not block, # a sleep-loop is added to keep alive try: while True: time.sleep(86400) except KeyboardInterrupt: server.stop(0)
def main(argv): del argv tf.compat.v1.enable_v2_behavior() # TODO(b/134543154): Replace this with the complete local executor stack. executor = tff.framework.EagerExecutor() service = tff.framework.ExecutorService(executor) server = grpc.server( concurrent.futures.ThreadPoolExecutor(max_workers=FLAGS.threads)) with open(FLAGS.private_key, 'rb') as f: private_key = f.read() with open(FLAGS.certificate_chain, 'rb') as f: certificate_chain = f.read() server_creds = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) server.add_secure_port(FLAGS.endpoint, server_creds) executor_pb2_grpc.add_ExecutorServicer_to_server(service, server) server.start() try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(None)
def serve(): conf = toml.load("../service.toml") bindaddr = conf['grpc']['bind'] with open("../" + conf['grpc']['key']) as f: #private_key = bytes(f.read(), "ascii") private_key = bytes(f.read()) with open("../" + conf['grpc']['cert']) as f: #certificate_chain = bytes(f.read(), 'ascii') certificate_chain = bytes(f.read()) server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) rpc_pb2_grpc.add_PredictServicer_to_server(PredictServicer(), server) #server.add_insecure_port('[::]:50051') server.add_secure_port(bindaddr, server_credentials) server.start() print("service runing on " + bindaddr) try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0)
def testSecureClientCert(self): handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials( _SERVER_CERTS, root_certificates=_TEST_ROOT_CERTIFICATES, require_client_auth=True) port = server.add_secure_port('[::]:0', server_cred) server.start() channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES, private_key=_PRIVATE_KEY, certificate_chain=_CERTIFICATE_CHAIN) channel = grpc.secure_channel( 'localhost:{}'.format(port), channel_creds, options=_PROPERTY_OPTIONS) response = channel.unary_unary(_UNARY_UNARY)(_REQUEST) channel.close() server.stop(None) auth_data = pickle.loads(response) auth_ctx = auth_data[_AUTH_CTX] six.assertCountEqual(self, _CLIENT_IDS, auth_data[_ID]) self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY]) self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type']) self.assertSequenceEqual([b'*.test.google.com'], auth_ctx['x509_common_name'])
def serve(): # read in certificate trusted_file = 'keys/ca.crt' keyfile = 'keys/server.key' certfile = 'keys/server.crt' try: with open(trusted_file, 'rb') as f: trusted_certs = f.read() with open(keyfile, 'rb') as f: server_key = f.read() with open(certfile, 'rb') as f: server_cert = f.read() except Exception as e: log.error('failed-to-read-cert-keys', reason=e) # create credentials server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server) server_cred = grpc.ssl_server_credentials([(server_key, server_cert)], trusted_certs) server.add_secure_port('localhost:50051', server_cred) server.start() try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0)
def testSecureClientCert(self): handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler, )) server_cred = grpc.ssl_server_credentials( _SERVER_CERTS, root_certificates=_TEST_ROOT_CERTIFICATES, require_client_auth=True) port = server.add_secure_port('[::]:0', server_cred) server.start() channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES, private_key=_PRIVATE_KEY, certificate_chain=_CERTIFICATE_CHAIN) channel = grpc.secure_channel('localhost:{}'.format(port), channel_creds, options=_PROPERTY_OPTIONS) response = channel.unary_unary(_UNARY_UNARY)(_REQUEST) server.stop(None) auth_data = pickle.loads(response) auth_ctx = auth_data[_AUTH_CTX] six.assertCountEqual(self, _CLIENT_IDS, auth_data[_ID]) self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY]) self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type']) self.assertSequenceEqual([b'*.test.google.com'], auth_ctx['x509_common_name'])
def main(): port = '1337' with open('serverchat.key', 'rb') as f: private_key = f.read() with open('serverchat.crt', 'rb') as f: certificate_chain = f.read() server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) server = grpc.server(futures.ThreadPoolExecutor(max_workers=100)) str_grpc.add_ChatServicer_to_server(ChatServer(), server) print('Servidor iniciado') #server.add_insecure_port('localhost:' + str(port)) server.add_secure_port('[::]:' + port, server_credentials) #server.add_insecure_port('[::]:50051') server.start() try: while True: time.sleep(60 * 60 * 24) except KeyboardInterrupt: server.stop(0)
def add_server_port(cls, keys: GRPCSecureKeyCollection, server, host, ssl_auth_type: conf.SSLAuthType): credentials = grpc.ssl_server_credentials( [(keys.ssl_pk, keys.ssl_crt)], root_certificates=keys.ssl_root_crt, require_client_auth=True) server.add_secure_port(host, credentials)
def main(): port = '50051' with open('server.key', 'rb') as f: private_key = f.read() with open('server.crt', 'rb') as f: certificate_chain = f.read() server_credentials = grpc.ssl_server_credentials((( private_key, certificate_chain, ), )) server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) service_pb2_grpc.add_ProdServerServicer_to_server(ProdServerServicer(), server) service_pb2_grpc.add_StageServerServicer_to_server(StageServerServicer(), server) server.add_secure_port('[::]:' + port, server_credentials) print('Starting server secure. Listening on port {}.'.format(port)) server.start() try: while True: signal.pause() except KeyboardInterrupt: pass server.stop(0)
def get_server_credentials(): """ https://www.sandtable.com/using-ssl-with-grpc-in-python/ :return: """ client_cert_pem = os.getenv(PluginCertKey) if not client_cert_pem: return None, b'' private_key, private_key_bytes = generate_private_key() certificate = generate_certificate(private_key) certificate_chain_bytes: bytes = b'\n'.join( (certificate.public_bytes(serialization.Encoding.DER), )) credentials: grpc.ServerCredentials = grpc.ssl_server_credentials( private_key_certificate_chain_pairs=(( private_key_bytes, certificate.public_bytes(serialization.Encoding.PEM), ), ), root_certificates=client_cert_pem, require_client_auth=bool(client_cert_pem), ) return credentials, certificate_chain_bytes
def __init__(self, targetUrl, tlsEnabled, caCertPath, privKeyPath, isDbgTest): self.is_stopped = False self.is_ready = False self.grpcServer = grpc.server( futures.ThreadPoolExecutor(max_workers=10)) self.grpcServicer = gNMITargetServicer(isDbgTest) gnmi_pb2_grpc.add_gNMIServicer_to_server(self.grpcServicer, self.grpcServer) if tlsEnabled == True: # secure connection print privKeyPath, caCertPath with open(privKeyPath) as f: privateKey = f.read() with open(caCertPath) as f: certChain = f.read() credentials = grpc.ssl_server_credentials((( privateKey, certChain, ), )) self.grpcServer.add_secure_port(targetUrl, credentials) else: # insecure connection self.grpcServer.add_insecure_port(targetUrl)
def server_credentials(self): if not self._server_credentials: self._server_credentials = grpc.ssl_server_credentials((( self.private_key, self.certificate, ), )) return self._server_credentials
def serve(gw_config_filename): nvme_config = nvme_gw_config.NVMeGWConfig(gw_config_filename) enable_auth = nvme_config.getboolean("config", "enable_auth") gateway_addr = nvme_config.get("config", "gateway_addr") gateway_port = nvme_config.get("config", "gateway_port") server_key = nvme_config.get("mtls", "server_key") server_cert = nvme_config.get("mtls", "server_cert") client_cert = nvme_config.get("mtls", "client_cert") grpc_max_workers = nvme_config.getint("config", "grpc_server_max_workers") if enable_auth: # read in key and certificate with open(server_key, "rb") as f: private_key = f.read() with open(server_cert, "rb") as f: server_crt = f.read() with open(client_cert, "rb") as f: client_crt = f.read() # create server credentials & set client root certificate & set require_client_auth to True server_credentials = grpc.ssl_server_credentials( private_key_certificate_chain_pairs=[(private_key, server_crt)], root_certificates=client_crt, require_client_auth=True, ) # create server server = grpc.server( futures.ThreadPoolExecutor(max_workers=grpc_max_workers)) gw_service = GWService(nvme_config) gw_service.start_spdk() pb2_grpc.add_NVMEGatewayServicer_to_server(gw_service, server) # add secure port using crendentials server.add_secure_port("{}:{}".format(gateway_addr, gateway_port), server_credentials) else: # Authentication is not enabled server = grpc.server( futures.ThreadPoolExecutor(max_workers=grpc_max_workers)) gw_service = GWService(nvme_config) gw_service.start_spdk() pb2_grpc.add_NVMEGatewayServicer_to_server(gw_service, server) server.add_insecure_port("{}:{}".format(gateway_addr, gateway_port)) server.start() while True: timedout = server.wait_for_termination(timeout=1) if not timedout: break alive = gw_service.ping() if not alive: break
def start(self, address, port, *args, **kwargs): self.add_services() if self.ssl is True: server_certificate_key = kwargs.pop('certificate_key', None) server_certificate = kwargs.pop('certificate', None) root_certificate = kwargs.pop('root_certificate', None) if not server_certificate_key or not server_certificate: raise ServerException require_client_auth = True if root_certificate else False server_credentials = grpc.ssl_server_credentials( ((server_certificate_key, server_certificate), ), root_certificate, require_client_auth) self.server.add_secure_port(f'{address}:{port}', server_credentials) else: self.server.add_insecure_port(f'{address}:{port}') grpc_server_started.send(None, server=self.server) self.server.start() try: yield self.server finally: grpc_server_shutdown.send(None, server=self.server)
def testSessionResumption(self): # Set up a secure server handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials(_SERVER_CERTS) port = server.add_secure_port('[::]:0', server_cred) server.start() # Create a cache for TLS session tickets cache = session_cache.ssl_session_cache_lru(1) channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES) channel_options = _PROPERTY_OPTIONS + ( ('grpc.ssl_session_cache', cache),) # Initial connection has no session to resume self._do_one_shot_client_rpc(channel_creds, channel_options, port, expect_ssl_session_reused=[b'false']) # Subsequent connections resume sessions self._do_one_shot_client_rpc(channel_creds, channel_options, port, expect_ssl_session_reused=[b'true']) server.stop(None)
def testSecureNoCert(self): handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials(_SERVER_CERTS) port = server.add_secure_port('[::]:0', server_cred) server.start() channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES) channel = grpc.secure_channel('localhost:{}'.format(port), channel_creds, options=_PROPERTY_OPTIONS) response = channel.unary_unary(_UNARY_UNARY)(_REQUEST) channel.close() server.stop(None) auth_data = pickle.loads(response) self.assertIsNone(auth_data[_ID]) self.assertIsNone(auth_data[_ID_KEY]) self.assertDictEqual( { 'security_level': [b'TSI_PRIVACY_AND_INTEGRITY'], 'transport_security_type': [b'ssl'], 'ssl_session_reused': [b'false'], }, auth_data[_AUTH_CTX])
def testSecureNoCert(self): handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials(_SERVER_CERTS) port = server.add_secure_port('[::]:0', server_cred) server.start() channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES) channel = grpc.secure_channel( 'localhost:{}'.format(port), channel_creds, options=_PROPERTY_OPTIONS) response = channel.unary_unary(_UNARY_UNARY)(_REQUEST) channel.close() server.stop(None) auth_data = pickle.loads(response) self.assertIsNone(auth_data[_ID]) self.assertIsNone(auth_data[_ID_KEY]) self.assertDictEqual({ 'transport_security_type': [b'ssl'], 'ssl_session_reused': [b'false'], }, auth_data[_AUTH_CTX])
def testSessionResumption(self): # Set up a secure server handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials(_SERVER_CERTS) port = server.add_secure_port('[::]:0', server_cred) server.start() # Create a cache for TLS session tickets cache = session_cache.ssl_session_cache_lru(1) channel_creds = grpc.ssl_channel_credentials( root_certificates=_TEST_ROOT_CERTIFICATES) channel_options = _PROPERTY_OPTIONS + ( ('grpc.ssl_session_cache', cache),) # Initial connection has no session to resume self._do_one_shot_client_rpc( channel_creds, channel_options, port, expect_ssl_session_reused=[b'false']) # Subsequent connections resume sessions self._do_one_shot_client_rpc( channel_creds, channel_options, port, expect_ssl_session_reused=[b'true']) server.stop(None)
def _generate_tls_credentials(self): blocks = [] file_paths = [] dir_paths = [] for path in self.meta.root_cert_paths: if os.path.isdir(path) == True: dir_paths.append(path) else: file_paths.append(path) for path in dir_paths: for child in os.listdir(path): child_path = os.path.join(path, child) if os.path.isfile(child_path) == True: file_paths.append(child_path) else: LOG.debug( "skipping second level directory {} found under path {}" .format(child_path, path)) for path in file_paths: try: cert = open(path).read().encode() blocks.append(cert) except Exception as e: raise Exception( "{} failed to load as a root certificate: {}".format( path, str(e))) root_certs = b"".join(blocks) key = open(self.meta.private_key_path).read().encode() cert = open(self.meta.server_cert_path).read().encode() return grpc.ssl_server_credentials([(key, cert)], root_certs, True)
def Serve(self, port, pem_dir): """ Sets up the gRPC Server with insecure connection on port :param port: port to listen on. :param pem_dir: Directory including certificates :return: None """ # Create gRPC server server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) SSE.add_ConnectorServicer_to_server(self, server) if pem_dir: # Secure connection with open(os.path.join(pem_dir, 'sse_server_key.pem'), 'rb') as f: private_key = f.read() with open(os.path.join(pem_dir, 'sse_server_cert.pem'), 'rb') as f: cert_chain = f.read() with open(os.path.join(pem_dir, 'root_cert.pem'), 'rb') as f: root_cert = f.read() credentials = grpc.ssl_server_credentials([(private_key, cert_chain)], root_cert, True) server.add_secure_port('[::]:{}'.format(port), credentials) logging.info('*** Running server in secure mode on port: {} ***'.format(port)) else: # Insecure connection server.add_insecure_port('[::]:{}'.format(port)) logging.info('*** Running server in insecure mode on port: {} ***'.format(port)) # Start gRPC server server.start() try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0)
async def start_test_server(port=0, secure=False, server_credentials=None, interceptors=None): server = aio.server(options=(('grpc.so_reuseport', 0), ), interceptors=interceptors) servicer = TestServiceServicer() test_pb2_grpc.add_TestServiceServicer_to_server(servicer, server) server.add_generic_rpc_handlers( (_create_extra_generic_handler(servicer), )) if secure: if server_credentials is None: server_credentials = grpc.ssl_server_credentials([ (resources.private_key(), resources.certificate_chain()) ]) port = server.add_secure_port('[::]:%d' % port, server_credentials) else: port = server.add_insecure_port('[::]:%d' % port) await server.start() # NOTE(lidizheng) returning the server to prevent it from deallocation return 'localhost:%d' % port, server
def __init__(self, servicer, modelservicer, config): self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=350)) self.certificate = None if isinstance(servicer, rpc.CombinerServicer): rpc.add_CombinerServicer_to_server(servicer, self.server) if isinstance(servicer, rpc.ConnectorServicer): rpc.add_ConnectorServicer_to_server(servicer, self.server) if isinstance(servicer, rpc.ReducerServicer): rpc.add_ReducerServicer_to_server(servicer, self.server) if isinstance(modelservicer, rpc.ModelServiceServicer): rpc.add_ModelServiceServicer_to_server(modelservicer, self.server) if isinstance(servicer, rpc.CombinerServicer): rpc.add_ControlServicer_to_server(servicer, self.server) if config['secure']: from fedn.common.security.certificate import Certificate import os # self.certificate = Certificate(os.getcwd() + '/certs/', cert_name='combiner-cert.pem', key_name='combiner-key.pem') # self.certificate.set_keypair_raw(config['certificate'], config['key']) server_credentials = grpc.ssl_server_credentials((( config['key'], config['certificate'], ), )) self.server.add_secure_port('[::]:' + str(config['port']), server_credentials) else: self.server.add_insecure_port('[::]:' + str(config['port']))
def serve(): parser = argparse.ArgumentParser() parser.add_argument( '--port', type=int, required=True, help='the port on which to serve') parser.add_argument( '--use_tls', default=False, type=resources.parse_bool, help='require a secure connection') args = parser.parse_args() server = test_common.test_server() test_pb2_grpc.add_TestServiceServicer_to_server(methods.TestService(), server) if args.use_tls: private_key = resources.private_key() certificate_chain = resources.certificate_chain() credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),)) server.add_secure_port('[::]:{}'.format(args.port), credentials) else: server.add_insecure_port('[::]:{}'.format(args.port)) server.start() _LOGGER.info('Server serving.') try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except BaseException as e: _LOGGER.info('Caught exception "%s"; stopping server...', e) server.stop(None) _LOGGER.info('Server stopped; exiting.')
def start_secure_server(): handler = grpc.method_handlers_generic_handler('test', { 'UnaryUnary': grpc.unary_unary_rpc_method_handler(handle_unary_unary) }) server = test_common.test_server() server.add_generic_rpc_handlers((handler,)) server_cred = grpc.ssl_server_credentials(_SERVER_CERTS) port = server.add_secure_port('[::]:0', server_cred) server.start() return server, port
def setUp(self): self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) test_pb2.add_TestServiceServicer_to_server( methods.TestService(), self.server) port = self.server.add_secure_port( '[::]:0', grpc.ssl_server_credentials( [(resources.private_key(), resources.certificate_chain())])) self.server.start() self.stub = test_pb2.TestServiceStub( grpc.secure_channel( 'localhost:{}'.format(port), grpc.ssl_channel_credentials(resources.test_root_certificates()), (('grpc.ssl_target_name_override', _SERVER_HOST_OVERRIDE,),)))
def setUp(self): self.server = test_common.test_server() test_pb2_grpc.add_TestServiceServicer_to_server(service.TestService(), self.server) port = self.server.add_secure_port( '[::]:0', grpc.ssl_server_credentials([(resources.private_key(), resources.certificate_chain())])) self.server.start() self.stub = test_pb2_grpc.TestServiceStub( grpc.secure_channel('localhost:{}'.format(port), grpc.ssl_channel_credentials( resources.test_root_certificates()), (( 'grpc.ssl_target_name_override', _SERVER_HOST_OVERRIDE, ),)))
def __init__(self, port=50055, model_status=0, model_output=""): self.port = port self.model_status = model_status self.model_output = model_output log.info("Initializing GRPC Server", port=port) self.thread_pool = futures.ThreadPoolExecutor(max_workers=1) self.server = grpc.server(self.thread_pool) self.django_initialized = False self.django_apps = [] server_key = open(SERVER_KEY, "r").read() server_cert = open(SERVER_CERT, "r").read() server_ca = open(SERVER_CA, "r").read() self.credentials = grpc.ssl_server_credentials( [(server_key, server_cert)], server_ca, False ) self.delayed_shutdown_timer = None self.exit_event = threading.Event() self.services = []