def test_check_on_config_fetcher(self):
cert_config = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
root_certificates=CA_1_PEM)
with self.assertRaises(TypeError):
grpc.dynamic_ssl_server_credentials(cert_config, None)
with self.assertRaises(TypeError):
grpc.dynamic_ssl_server_credentials(cert_config, 1)
def setUp(self):
self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
services_pb2_grpc.add_FirstServiceServicer_to_server(
_server_application.FirstServiceServicer(), self.server)
switch_cert_on_client_num = 10
initial_cert_config = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
root_certificates=CA_2_PEM)
self.cert_config_fetcher = CertConfigFetcher()
server_credentials = grpc.dynamic_ssl_server_credentials(
initial_cert_config,
self.cert_config_fetcher,
require_client_authentication=self.require_client_auth())
self.port = self.server.add_secure_port('[::]:0', server_credentials)
self.server.start()
def setUp(self):
self.server = test_common.test_server()
services_pb2_grpc.add_FirstServiceServicer_to_server(
_server_application.FirstServiceServicer(), self.server)
self.cert_config_A = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
root_certificates=CA_2_PEM)
self.cert_config_B = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
root_certificates=CA_1_PEM)
self.cert_config_fetcher = CertConfigFetcher()
server_credentials = grpc.dynamic_ssl_server_credentials(
self.cert_config_A,
self.cert_config_fetcher,
require_client_authentication=True)
self.port = self.server.add_secure_port('[::]:0', server_credentials)
self.server.start()
def setUp(self):
self.server = test_common.test_server()
services_pb2_grpc.add_FirstServiceServicer_to_server(
_server_application.FirstServiceServicer(), self.server)
self.cert_config_A = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
root_certificates=CA_2_PEM)
self.cert_config_B = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
root_certificates=CA_1_PEM)
self.cert_config_fetcher = CertConfigFetcher()
server_credentials = grpc.dynamic_ssl_server_credentials(
self.cert_config_A,
self.cert_config_fetcher,
require_client_authentication=True)
self.port = self.server.add_secure_port('[::]:0', server_credentials)
self.server.start()
def test_check_on_initial_config(self):
with self.assertRaises(TypeError):
grpc.dynamic_ssl_server_credentials(None, str)
with self.assertRaises(TypeError):
grpc.dynamic_ssl_server_credentials(1, str)
def serve():
initial_cert_config = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
root_certificates=CA_2_PEM, # for verifying clients
)
global cert_config_fetcher
cert_config_fetcher = CertConfigFetcher()
server_credentials = grpc.dynamic_ssl_server_credentials(
initial_cert_config,
cert_config_fetcher,
require_client_authentication=True)
print("CA_2_PEM length: {}".format(len(CA_2_PEM)))
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
helloworld_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server)
server.add_secure_port('[::]:50051', server_credentials)
server.start()
numOfKeyboardInterrupts = 0
while True:
try:
while True:
time.sleep(_ONE_DAY_IN_SECONDS)
except KeyboardInterrupt:
numOfKeyboardInterrupts += 1
if (numOfKeyboardInterrupts == 1):
print("first interrupt: changing certs...")
cert_config_new = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
root_certificates=CA_BOTH_PEM)
print("CA_BOTH_PEM length: {}".format(len(CA_BOTH_PEM)))
cert_config_fetcher.reset()
cert_config_fetcher.configure(False, cert_config_new)
print("certs changed")
continue
if (numOfKeyboardInterrupts == 2):
print("second interrupt: changing certs...")
cert_config_new = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
root_certificates=CA_BOTH_PEM)
print("SERVER_KEY_2_PEM length: {}".format(len(SERVER_KEY_2_PEM)))
print("SERVER_CERT_CHAIN_2_PEM length: {}".format(
len(SERVER_CERT_CHAIN_2_PEM)))
cert_config_fetcher.reset()
cert_config_fetcher.configure(False, cert_config_new)
print("certs changed")
continue
if (numOfKeyboardInterrupts == 3):
print("third interrupt: changing certs...")
cert_config_new = grpc.ssl_server_certificate_configuration(
[(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
root_certificates=CA_1_PEM)
print("CA_1_PEM length: {}".format(len(CA_1_PEM)))
cert_config_fetcher.reset()
cert_config_fetcher.configure(False, cert_config_new)
print("certs changed")
continue
if (numOfKeyboardInterrupts == 4):
print("fourth interrupt: stopping server...")
server.stop(0)
break
