def setupGRPCServerWithTLS(certPem, keyPem, mutual=False):
# create a gRPC server and adding the defined juzu servicer class to it
server = grpc.server(futures.ThreadPoolExecutor(max_workers=1))
juzu_pb2_grpc.add_JuzuServicer_to_server(JuzuServicer(), server)
# adding SSL credentials
if mutual:
creds = grpc.ssl_server_credentials([(keyPem, certPem)],
root_certificates=certPem,
require_client_auth=True)
else:
creds = grpc.ssl_server_credentials([(keyPem, certPem)])
serverAddress = 'localhost:2727'
server.add_secure_port(serverAddress, creds)
server.start()
return server, serverAddress
def _run_server(self, shutdown_event):
server_credentials = grpc.ssl_server_credentials(
[(self.config.grpc_server_key, self.config.grpc_server_cert)],
root_certificates=self.config.grpc_root_ca,
require_client_auth=True)
server = grpc.server(
futures.ThreadPoolExecutor(
max_workers=self.config.grpc_server_thread_num),
options=[
("grpc.so_reuseport", 1),
("grpc.use_local_subchannel_pool", 1),
],
)
grpc_lib.add_ForecastServicer_to_server(ForecastServicer(self.logger),
server)
server.add_secure_port(self.config.grpc_server_address,
server_credentials)
self.logger.info('starting python gRPC server...')
server.start()
while not shutdown_event.is_set():
time.sleep(1)
server.stop(5).wait()
self.logger.info('python gRPC server stopped')
def start(self):
log.debug("gRPC server {} is starting".format(self.id))
self._server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
grpc_endpoint_pb2_grpc.add_MockServiceServicer_to_server(
MockServiceServicer(self.get_context_data),
self._server,
)
if self._is_tls:
server_credentials = grpc.ssl_server_credentials(
private_key_certificate_chain_pairs=[(
self._load_credential_from_file(
self._context.data['keyfile']),
self._load_credential_from_file(
self._context.data['certfile']),
)],
root_certificates=self._load_credential_from_file(
self._context.data['cafile']),
require_client_auth=True,
)
self._server.add_secure_port(
'{}:{}'.format(
self._context.data['listen_ip'],
self._context.data['listen_port'],
),
server_credentials,
)
else:
self._server.add_insecure_port('{}:{}'.format(
self._context.data['listen_ip'],
self._context.data['listen_port'],
))
self._server.start()
def start(rpc_root_ruleconf, address_port=None, ssl=False, workers=4, interceptors=None, **kwargs):
if interceptors is None:
interceptors = (RequestInterceptor(),)
if isinstance(rpc_root_ruleconf, str):
rpc_root_ruleconf = import_module(rpc_root_ruleconf)
rpc_blueprint = getattr(rpc_root_ruleconf, 'rpc_blueprint', None)
assert rpc_blueprint, "not found rpc_blueprint"
server = grpc.server(futures.ThreadPoolExecutor(max_workers=workers), interceptors=interceptors)
rpc_blueprint.register_server(server)
address_port = address_port if address_port else "[::]:50051"
if ssl:
private_key_path = kwargs.get("private_key_path")
public_key_path = kwargs.get("public_key_path")
assert private_key_path and public_key_path, \
"certificate private_key_path and public_key_path can not be empty"
credentials = grpc.ssl_server_credentials(
((read_private_key(private_key_path), read_public_key(public_key_path),),))
server.add_secure_port(address_port, credentials)
else:
server.add_insecure_port(address_port)
server.start()
sys.stdout.write(f"Running GRPC server on {address_port} (Press CTRL+C to quit)\n")
sys.stdout.flush()
# logger.info(f"start grpc server: {address_port} (Press CTRL+C to quit)")
try:
while 1:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(0)
def serve():
parser = argparse.ArgumentParser()
parser.add_argument("--port", help="the port on which to serve", type=int)
parser.add_argument("--use_tls", help="require a secure connection", default=False, type=resources.parse_bool)
args = parser.parse_args()
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
test_pb2.add_TestServiceServicer_to_server(methods.TestService(), server)
if args.use_tls:
private_key = resources.private_key()
certificate_chain = resources.certificate_chain()
credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),))
server.add_secure_port("[::]:{}".format(args.port), credentials)
else:
server.add_insecure_port("[::]:{}".format(args.port))
server.start()
logging.info("Server serving.")
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except BaseException as e:
logging.info('Caught exception "%s"; stopping server...', e)
server.stop(None)
logging.info("Server stopped; exiting.")
def sslServe():
with open('server.key', 'rb') as f:
private_key = f.read()
with open('server.crt', 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
#service_pb2_grpc.add_ServerServicer_to_server(ServerServicer(), server)
helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server)
server.add_secure_port('[::]:' + port, server_credentials)
server.start()
print("Server started")
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(0)
def __init__(self, ip_address, port, max_workers, files_directory,
private_key_file, cert_file):
self.__ip_address = ip_address
self.__port = port
self.__max_workers = max_workers
self.__files_directory = files_directory
self.__private_key_file = private_key_file
self.__cert_file = cert_file
with open(self.__private_key_file, "rb") as fh:
private_key = fh.read()
with open(self.__cert_file, "rb") as fh:
certificate_chain = fh.read()
self.__server = grpc.server(
futures.ThreadPoolExecutor(max_workers=self.__max_workers))
file_pb2_grpc.add_FileServicer_to_server(
FileServicer(self.__files_directory), self.__server)
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
self.__server.add_secure_port(self.__ip_address + ":" + self.__port,
server_credentials)
logger.info("created instance " + str(self))
def _create_server(self, config):
if config.async_server_threads == 0:
# This is the default concurrent.futures thread pool size, but
# None doesn't seem to work
server_threads = multiprocessing.cpu_count() * 5
else:
server_threads = config.async_server_threads
server = grpc.server((), futures.ThreadPoolExecutor(
max_workers=server_threads))
if config.server_type == control_pb2.ASYNC_SERVER:
servicer = benchmark_server.BenchmarkServer()
services_pb2.add_BenchmarkServiceServicer_to_server(servicer, server)
elif config.server_type == control_pb2.ASYNC_GENERIC_SERVER:
resp_size = config.payload_config.bytebuf_params.resp_size
servicer = benchmark_server.GenericBenchmarkServer(resp_size)
method_implementations = {
'StreamingCall':
grpc.stream_stream_rpc_method_handler(servicer.StreamingCall),
'UnaryCall':
grpc.unary_unary_rpc_method_handler(servicer.UnaryCall),
}
handler = grpc.method_handlers_generic_handler(
'grpc.testing.BenchmarkService', method_implementations)
server.add_generic_rpc_handlers((handler,))
else:
raise Exception('Unsupported server type {}'.format(config.server_type))
if config.HasField('security_params'): # Use SSL
server_creds = grpc.ssl_server_credentials(
((resources.private_key(), resources.certificate_chain()),))
port = server.add_secure_port('[::]:{}'.format(config.port), server_creds)
else:
port = server.add_insecure_port('[::]:{}'.format(config.port))
return (server, port)
def serve():
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10),
interceptors = [GeneralLogger(),ExceptionToStatusInterceptor()])
service_pb2_grpc.add_PredictionsServicer_to_server(
PredictionsService(), server)
with open("server.key", "rb") as fp:
server_key = fp.read()
with open("server.pem", "rb") as fp:
server_cert = fp.read()
with open("ca.pem","rb") as fp:
ca_cert = fp.read()
creds = grpc.ssl_server_credentials(
[(server_key, server_cert)],
root_certificates=ca_cert,
require_client_auth=True)
server.add_secure_port("[::]:443", creds)
server.start()
def handle_sigterm(*_):
print("Received shutdown signal")
all_rpcs_done_event = server.stop(5)
all_rpcs_done_event.wait(5)
print("Shut down gracefully")
signal(SIGTERM, handle_sigterm)
server.wait_for_termination()
def create_ssl_server(max_workers, port, interceptors=None):
from django.conf import settings
config = getattr(settings, "GRPCSERVER", dict())
servicers_list = config.get(
"servicers", []
) # callbacks to add servicers to the server
interceptors = load_interceptors(config.get("interceptors", []))
maximum_concurrent_rpcs = config.get("maximum_concurrent_rpcs", None)
certificates = config.get("certificates", {})
# create a gRPC server
server = grpc.server(
thread_pool=futures.ThreadPoolExecutor(max_workers=max_workers),
interceptors=interceptors,
maximum_concurrent_rpcs=maximum_concurrent_rpcs,
)
add_servicers(server, servicers_list)
# Loading credentials
server_credentials = grpc.ssl_server_credentials(
(
(
certificates["server_certificate_key"],
certificates["server_certificate"],
),
)
)
server.add_secure_port("[::]:%s" % port, server_credentials)
return server
def serve():
parser = argparse.ArgumentParser()
parser.add_argument('--port',
type=int,
required=True,
help='the port on which to serve')
parser.add_argument('--use_tls',
default=False,
type=resources.parse_bool,
help='require a secure connection')
args = parser.parse_args()
server = test_common.test_server()
test_pb2_grpc.add_TestServiceServicer_to_server(service.TestService(),
server)
if args.use_tls:
private_key = resources.private_key()
certificate_chain = resources.certificate_chain()
credentials = grpc.ssl_server_credentials(
((private_key, certificate_chain), ))
server.add_secure_port('[::]:{}'.format(args.port), credentials)
else:
server.add_insecure_port('[::]:{}'.format(args.port))
server.start()
_LOGGER.info('Server serving.')
server.wait_for_termination()
_LOGGER.info('Server stopped; exiting.')
def main():
parser = argparse.ArgumentParser(description='Py gRPC client')
parser.add_argument('-secured', help='Use SSL', action='store_true')
parser.add_argument('-host',
default='localhost:8080',
help='address:port of gRPC server')
args = parser.parse_args()
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10),
options=())
benchmark_pb2_grpc.add_MyRPC1Servicer_to_server(MyServer(), server)
if args.secured:
logging.info('py gRPC server starts secured (SSL) on {}'.format(
args.host))
# read in key and certificate
with open('../go-server/server.key', 'rb') as f:
private_key = f.read()
with open('../go-server/server.crt', 'rb') as f:
certificate_chain = f.read()
# create server credentials
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
# add secure port using crendentials
server.add_secure_port(args.host, server_credentials)
else:
logging.info('py gRPC server starts insecured (no SSL) on {}'.format(
args.host))
server.add_insecure_port(args.host)
server.start()
server.wait_for_termination()
def start(self):
if self.device_type == 'ponsim':
handler = FlowUpdateHandler(self.thread_pool, self.ponsim)
add_PonSimServicer_to_server(handler, self.server)
x_pon_handler = XPonHandler(self.thread_pool, self.x_pon_sim)
add_XPonSimServicer_to_server(x_pon_handler, self.server)
else:
handler = BalHandler(self.thread_pool, self.ponsim)
add_BalServicer_to_server(handler, self.server)
# read in key and certificate
try:
voltha_key = os.path.join(os.environ.get('VOLTHA_BASE'),"pki/voltha.key")
with open(voltha_key) as f:
private_key = f.read()
voltha_cert = os.path.join(os.environ.get('VOLTHA_BASE'),"pki/voltha.crt")
with open(voltha_cert) as f:
certificate_chain = f.read()
except Exception as e:
log.error('failed-to-read-cert-keys', reason=e)
# create server credentials
if self.device_type == 'ponsim':
server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain,),))
self.server.add_secure_port('[::]:%s' % self.port, server_credentials)
else:
self.server.add_insecure_port('[::]:%s' % self.port)
self.server.start()
log.info('started')
def run_server():
with open(KEYFILE, 'rb') as f:
private_key = f.read()
with open(CERTFILE, 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials(
((private_key, certificate_chain,),)
)
# create a gRPC server
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
# use the generated function `add_CalculatorServicer_to_server`
# to add the defined class to the server
calculator_pb2_grpc.add_CalculatorServicer_to_server(
CalculatorServicer(), server)
# listen on port
print('Starting server. Listening on port {}.'.format(LISTEN_PORT))
server.add_secure_port('[::]:{}'.format(LISTEN_PORT), server_credentials)
server.start()
# since server.start() will not block,
# a sleep-loop is added to keep alive
try:
while True:
time.sleep(86400)
except KeyboardInterrupt:
server.stop(0)
def main(argv):
del argv
tf.compat.v1.enable_v2_behavior()
# TODO(b/134543154): Replace this with the complete local executor stack.
executor = tff.framework.EagerExecutor()
service = tff.framework.ExecutorService(executor)
server = grpc.server(
concurrent.futures.ThreadPoolExecutor(max_workers=FLAGS.threads))
with open(FLAGS.private_key, 'rb') as f:
private_key = f.read()
with open(FLAGS.certificate_chain, 'rb') as f:
certificate_chain = f.read()
server_creds = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
server.add_secure_port(FLAGS.endpoint, server_creds)
executor_pb2_grpc.add_ExecutorServicer_to_server(service, server)
server.start()
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(None)
def serve():
conf = toml.load("../service.toml")
bindaddr = conf['grpc']['bind']
with open("../" + conf['grpc']['key']) as f:
#private_key = bytes(f.read(), "ascii")
private_key = bytes(f.read())
with open("../" + conf['grpc']['cert']) as f:
#certificate_chain = bytes(f.read(), 'ascii')
certificate_chain = bytes(f.read())
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
rpc_pb2_grpc.add_PredictServicer_to_server(PredictServicer(), server)
#server.add_insecure_port('[::]:50051')
server.add_secure_port(bindaddr, server_credentials)
server.start()
print("service runing on " + bindaddr)
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(0)
def testSecureClientCert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(
_SERVER_CERTS,
root_certificates=_TEST_ROOT_CERTIFICATES,
require_client_auth=True)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES,
private_key=_PRIVATE_KEY,
certificate_chain=_CERTIFICATE_CHAIN)
channel = grpc.secure_channel(
'localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
channel.close()
server.stop(None)
auth_data = pickle.loads(response)
auth_ctx = auth_data[_AUTH_CTX]
six.assertCountEqual(self, _CLIENT_IDS, auth_data[_ID])
self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY])
self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type'])
self.assertSequenceEqual([b'*.test.google.com'],
auth_ctx['x509_common_name'])
def serve():
# read in certificate
trusted_file = 'keys/ca.crt'
keyfile = 'keys/server.key'
certfile = 'keys/server.crt'
try:
with open(trusted_file, 'rb') as f:
trusted_certs = f.read()
with open(keyfile, 'rb') as f:
server_key = f.read()
with open(certfile, 'rb') as f:
server_cert = f.read()
except Exception as e:
log.error('failed-to-read-cert-keys', reason=e)
# create credentials
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server)
server_cred = grpc.ssl_server_credentials([(server_key, server_cert)], trusted_certs)
server.add_secure_port('localhost:50051', server_cred)
server.start()
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(0)
def testSecureClientCert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler, ))
server_cred = grpc.ssl_server_credentials(
_SERVER_CERTS,
root_certificates=_TEST_ROOT_CERTIFICATES,
require_client_auth=True)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES,
private_key=_PRIVATE_KEY,
certificate_chain=_CERTIFICATE_CHAIN)
channel = grpc.secure_channel('localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
server.stop(None)
auth_data = pickle.loads(response)
auth_ctx = auth_data[_AUTH_CTX]
six.assertCountEqual(self, _CLIENT_IDS, auth_data[_ID])
self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY])
self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type'])
self.assertSequenceEqual([b'*.test.google.com'],
auth_ctx['x509_common_name'])
def main():
port = '1337'
with open('serverchat.key', 'rb') as f:
private_key = f.read()
with open('serverchat.crt', 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
server = grpc.server(futures.ThreadPoolExecutor(max_workers=100))
str_grpc.add_ChatServicer_to_server(ChatServer(), server)
print('Servidor iniciado')
#server.add_insecure_port('localhost:' + str(port))
server.add_secure_port('[::]:' + port, server_credentials)
#server.add_insecure_port('[::]:50051')
server.start()
try:
while True:
time.sleep(60 * 60 * 24)
except KeyboardInterrupt:
server.stop(0)
def add_server_port(cls, keys: GRPCSecureKeyCollection, server, host,
ssl_auth_type: conf.SSLAuthType):
credentials = grpc.ssl_server_credentials(
[(keys.ssl_pk, keys.ssl_crt)],
root_certificates=keys.ssl_root_crt,
require_client_auth=True)
server.add_secure_port(host, credentials)
def main():
port = '50051'
with open('server.key', 'rb') as f:
private_key = f.read()
with open('server.crt', 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials(((
private_key,
certificate_chain,
), ))
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
service_pb2_grpc.add_ProdServerServicer_to_server(ProdServerServicer(),
server)
service_pb2_grpc.add_StageServerServicer_to_server(StageServerServicer(),
server)
server.add_secure_port('[::]:' + port, server_credentials)
print('Starting server secure. Listening on port {}.'.format(port))
server.start()
try:
while True:
signal.pause()
except KeyboardInterrupt:
pass
server.stop(0)
def get_server_credentials():
"""
https://www.sandtable.com/using-ssl-with-grpc-in-python/
:return:
"""
client_cert_pem = os.getenv(PluginCertKey)
if not client_cert_pem:
return None, b''
private_key, private_key_bytes = generate_private_key()
certificate = generate_certificate(private_key)
certificate_chain_bytes: bytes = b'\n'.join(
(certificate.public_bytes(serialization.Encoding.DER), ))
credentials: grpc.ServerCredentials = grpc.ssl_server_credentials(
private_key_certificate_chain_pairs=((
private_key_bytes,
certificate.public_bytes(serialization.Encoding.PEM),
), ),
root_certificates=client_cert_pem,
require_client_auth=bool(client_cert_pem),
)
return credentials, certificate_chain_bytes
def __init__(self, targetUrl, tlsEnabled, caCertPath, privKeyPath,
isDbgTest):
self.is_stopped = False
self.is_ready = False
self.grpcServer = grpc.server(
futures.ThreadPoolExecutor(max_workers=10))
self.grpcServicer = gNMITargetServicer(isDbgTest)
gnmi_pb2_grpc.add_gNMIServicer_to_server(self.grpcServicer,
self.grpcServer)
if tlsEnabled == True:
# secure connection
print privKeyPath, caCertPath
with open(privKeyPath) as f:
privateKey = f.read()
with open(caCertPath) as f:
certChain = f.read()
credentials = grpc.ssl_server_credentials(((
privateKey,
certChain,
), ))
self.grpcServer.add_secure_port(targetUrl, credentials)
else:
# insecure connection
self.grpcServer.add_insecure_port(targetUrl)
def server_credentials(self):
if not self._server_credentials:
self._server_credentials = grpc.ssl_server_credentials(((
self.private_key,
self.certificate,
), ))
return self._server_credentials
def serve(gw_config_filename):
nvme_config = nvme_gw_config.NVMeGWConfig(gw_config_filename)
enable_auth = nvme_config.getboolean("config", "enable_auth")
gateway_addr = nvme_config.get("config", "gateway_addr")
gateway_port = nvme_config.get("config", "gateway_port")
server_key = nvme_config.get("mtls", "server_key")
server_cert = nvme_config.get("mtls", "server_cert")
client_cert = nvme_config.get("mtls", "client_cert")
grpc_max_workers = nvme_config.getint("config", "grpc_server_max_workers")
if enable_auth:
# read in key and certificate
with open(server_key, "rb") as f:
private_key = f.read()
with open(server_cert, "rb") as f:
server_crt = f.read()
with open(client_cert, "rb") as f:
client_crt = f.read()
# create server credentials & set client root certificate & set require_client_auth to True
server_credentials = grpc.ssl_server_credentials(
private_key_certificate_chain_pairs=[(private_key, server_crt)],
root_certificates=client_crt,
require_client_auth=True,
)
# create server
server = grpc.server(
futures.ThreadPoolExecutor(max_workers=grpc_max_workers))
gw_service = GWService(nvme_config)
gw_service.start_spdk()
pb2_grpc.add_NVMEGatewayServicer_to_server(gw_service, server)
# add secure port using crendentials
server.add_secure_port("{}:{}".format(gateway_addr, gateway_port),
server_credentials)
else:
# Authentication is not enabled
server = grpc.server(
futures.ThreadPoolExecutor(max_workers=grpc_max_workers))
gw_service = GWService(nvme_config)
gw_service.start_spdk()
pb2_grpc.add_NVMEGatewayServicer_to_server(gw_service, server)
server.add_insecure_port("{}:{}".format(gateway_addr, gateway_port))
server.start()
while True:
timedout = server.wait_for_termination(timeout=1)
if not timedout:
break
alive = gw_service.ping()
if not alive:
break
def start(self, address, port, *args, **kwargs):
self.add_services()
if self.ssl is True:
server_certificate_key = kwargs.pop('certificate_key', None)
server_certificate = kwargs.pop('certificate', None)
root_certificate = kwargs.pop('root_certificate', None)
if not server_certificate_key or not server_certificate:
raise ServerException
require_client_auth = True if root_certificate else False
server_credentials = grpc.ssl_server_credentials(
((server_certificate_key, server_certificate), ),
root_certificate, require_client_auth)
self.server.add_secure_port(f'{address}:{port}',
server_credentials)
else:
self.server.add_insecure_port(f'{address}:{port}')
grpc_server_started.send(None, server=self.server)
self.server.start()
try:
yield self.server
finally:
grpc_server_shutdown.send(None, server=self.server)
def testSessionResumption(self):
# Set up a secure server
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
# Create a cache for TLS session tickets
cache = session_cache.ssl_session_cache_lru(1)
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES)
channel_options = _PROPERTY_OPTIONS + (
('grpc.ssl_session_cache', cache),)
# Initial connection has no session to resume
self._do_one_shot_client_rpc(channel_creds,
channel_options,
port,
expect_ssl_session_reused=[b'false'])
# Subsequent connections resume sessions
self._do_one_shot_client_rpc(channel_creds,
channel_options,
port,
expect_ssl_session_reused=[b'true'])
server.stop(None)
def testSecureNoCert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES)
channel = grpc.secure_channel('localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
channel.close()
server.stop(None)
auth_data = pickle.loads(response)
self.assertIsNone(auth_data[_ID])
self.assertIsNone(auth_data[_ID_KEY])
self.assertDictEqual(
{
'security_level': [b'TSI_PRIVACY_AND_INTEGRITY'],
'transport_security_type': [b'ssl'],
'ssl_session_reused': [b'false'],
}, auth_data[_AUTH_CTX])
def testSecureNoCert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES)
channel = grpc.secure_channel(
'localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
channel.close()
server.stop(None)
auth_data = pickle.loads(response)
self.assertIsNone(auth_data[_ID])
self.assertIsNone(auth_data[_ID_KEY])
self.assertDictEqual({
'transport_security_type': [b'ssl'],
'ssl_session_reused': [b'false'],
}, auth_data[_AUTH_CTX])
def testSessionResumption(self):
# Set up a secure server
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
# Create a cache for TLS session tickets
cache = session_cache.ssl_session_cache_lru(1)
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES)
channel_options = _PROPERTY_OPTIONS + (
('grpc.ssl_session_cache', cache),)
# Initial connection has no session to resume
self._do_one_shot_client_rpc(
channel_creds,
channel_options,
port,
expect_ssl_session_reused=[b'false'])
# Subsequent connections resume sessions
self._do_one_shot_client_rpc(
channel_creds,
channel_options,
port,
expect_ssl_session_reused=[b'true'])
server.stop(None)
def _generate_tls_credentials(self):
blocks = []
file_paths = []
dir_paths = []
for path in self.meta.root_cert_paths:
if os.path.isdir(path) == True:
dir_paths.append(path)
else:
file_paths.append(path)
for path in dir_paths:
for child in os.listdir(path):
child_path = os.path.join(path, child)
if os.path.isfile(child_path) == True:
file_paths.append(child_path)
else:
LOG.debug(
"skipping second level directory {} found under path {}"
.format(child_path, path))
for path in file_paths:
try:
cert = open(path).read().encode()
blocks.append(cert)
except Exception as e:
raise Exception(
"{} failed to load as a root certificate: {}".format(
path, str(e)))
root_certs = b"".join(blocks)
key = open(self.meta.private_key_path).read().encode()
cert = open(self.meta.server_cert_path).read().encode()
return grpc.ssl_server_credentials([(key, cert)], root_certs, True)
def Serve(self, port, pem_dir):
"""
Sets up the gRPC Server with insecure connection on port
:param port: port to listen on.
:param pem_dir: Directory including certificates
:return: None
"""
# Create gRPC server
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
SSE.add_ConnectorServicer_to_server(self, server)
if pem_dir:
# Secure connection
with open(os.path.join(pem_dir, 'sse_server_key.pem'), 'rb') as f:
private_key = f.read()
with open(os.path.join(pem_dir, 'sse_server_cert.pem'), 'rb') as f:
cert_chain = f.read()
with open(os.path.join(pem_dir, 'root_cert.pem'), 'rb') as f:
root_cert = f.read()
credentials = grpc.ssl_server_credentials([(private_key, cert_chain)], root_cert, True)
server.add_secure_port('[::]:{}'.format(port), credentials)
logging.info('*** Running server in secure mode on port: {} ***'.format(port))
else:
# Insecure connection
server.add_insecure_port('[::]:{}'.format(port))
logging.info('*** Running server in insecure mode on port: {} ***'.format(port))
# Start gRPC server
server.start()
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
server.stop(0)
async def start_test_server(port=0,
secure=False,
server_credentials=None,
interceptors=None):
server = aio.server(options=(('grpc.so_reuseport', 0), ),
interceptors=interceptors)
servicer = TestServiceServicer()
test_pb2_grpc.add_TestServiceServicer_to_server(servicer, server)
server.add_generic_rpc_handlers(
(_create_extra_generic_handler(servicer), ))
if secure:
if server_credentials is None:
server_credentials = grpc.ssl_server_credentials([
(resources.private_key(), resources.certificate_chain())
])
port = server.add_secure_port('[::]:%d' % port, server_credentials)
else:
port = server.add_insecure_port('[::]:%d' % port)
await server.start()
# NOTE(lidizheng) returning the server to prevent it from deallocation
return 'localhost:%d' % port, server
def __init__(self, servicer, modelservicer, config):
self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=350))
self.certificate = None
if isinstance(servicer, rpc.CombinerServicer):
rpc.add_CombinerServicer_to_server(servicer, self.server)
if isinstance(servicer, rpc.ConnectorServicer):
rpc.add_ConnectorServicer_to_server(servicer, self.server)
if isinstance(servicer, rpc.ReducerServicer):
rpc.add_ReducerServicer_to_server(servicer, self.server)
if isinstance(modelservicer, rpc.ModelServiceServicer):
rpc.add_ModelServiceServicer_to_server(modelservicer, self.server)
if isinstance(servicer, rpc.CombinerServicer):
rpc.add_ControlServicer_to_server(servicer, self.server)
if config['secure']:
from fedn.common.security.certificate import Certificate
import os
# self.certificate = Certificate(os.getcwd() + '/certs/', cert_name='combiner-cert.pem', key_name='combiner-key.pem')
# self.certificate.set_keypair_raw(config['certificate'], config['key'])
server_credentials = grpc.ssl_server_credentials(((
config['key'],
config['certificate'],
), ))
self.server.add_secure_port('[::]:' + str(config['port']),
server_credentials)
else:
self.server.add_insecure_port('[::]:' + str(config['port']))
def serve():
parser = argparse.ArgumentParser()
parser.add_argument(
'--port', type=int, required=True, help='the port on which to serve')
parser.add_argument(
'--use_tls',
default=False,
type=resources.parse_bool,
help='require a secure connection')
args = parser.parse_args()
server = test_common.test_server()
test_pb2_grpc.add_TestServiceServicer_to_server(methods.TestService(),
server)
if args.use_tls:
private_key = resources.private_key()
certificate_chain = resources.certificate_chain()
credentials = grpc.ssl_server_credentials(((private_key,
certificate_chain),))
server.add_secure_port('[::]:{}'.format(args.port), credentials)
else:
server.add_insecure_port('[::]:{}'.format(args.port))
server.start()
_LOGGER.info('Server serving.')
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except BaseException as e:
_LOGGER.info('Caught exception "%s"; stopping server...', e)
server.stop(None)
_LOGGER.info('Server stopped; exiting.')
def start_secure_server():
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = test_common.test_server()
server.add_generic_rpc_handlers((handler,))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
server.start()
return server, port
def setUp(self):
self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
test_pb2.add_TestServiceServicer_to_server(
methods.TestService(), self.server)
port = self.server.add_secure_port(
'[::]:0', grpc.ssl_server_credentials(
[(resources.private_key(), resources.certificate_chain())]))
self.server.start()
self.stub = test_pb2.TestServiceStub(
grpc.secure_channel(
'localhost:{}'.format(port),
grpc.ssl_channel_credentials(resources.test_root_certificates()),
(('grpc.ssl_target_name_override', _SERVER_HOST_OVERRIDE,),)))
def setUp(self):
self.server = test_common.test_server()
test_pb2_grpc.add_TestServiceServicer_to_server(service.TestService(),
self.server)
port = self.server.add_secure_port(
'[::]:0',
grpc.ssl_server_credentials([(resources.private_key(),
resources.certificate_chain())]))
self.server.start()
self.stub = test_pb2_grpc.TestServiceStub(
grpc.secure_channel('localhost:{}'.format(port),
grpc.ssl_channel_credentials(
resources.test_root_certificates()), ((
'grpc.ssl_target_name_override',
_SERVER_HOST_OVERRIDE,
),)))
def __init__(self, port=50055, model_status=0, model_output=""):
self.port = port
self.model_status = model_status
self.model_output = model_output
log.info("Initializing GRPC Server", port=port)
self.thread_pool = futures.ThreadPoolExecutor(max_workers=1)
self.server = grpc.server(self.thread_pool)
self.django_initialized = False
self.django_apps = []
server_key = open(SERVER_KEY, "r").read()
server_cert = open(SERVER_CERT, "r").read()
server_ca = open(SERVER_CA, "r").read()
self.credentials = grpc.ssl_server_credentials(
[(server_key, server_cert)], server_ca, False
)
self.delayed_shutdown_timer = None
self.exit_event = threading.Event()
self.services = []
