How to use ApiWrapper to load certificate for access

[Borkes]

No description provided.

[eodiandie]

No description provided.
hi, @Borkes
From the issue title, I guess you may mean adding support for 'API Key' to ApiWrapper in order to access the Java-Tron gRPC endpoints more flexible. So could you provide more information about your question?

[borkesmao]

hi @xq-lu
our tron node server do not support NO TLS access, so grpcurl -plaintext request will response error.
grpcurl -import-path . -proto ./api/api.proto -plaintext host:50051 protocol.Wallet/GetNowBlock
ERROR:
Code: Unavailable
Message: error reading from server: EOF
and if I use TLS, it will response block info. same as ApiWrapper, I have no idea to set TSL

ApiWrapper wrapper = new ApiWrapper("host:50051", "host:50051","api key");
Chain.Block block = wrapper.getNowBlock();

then I get:

io.grpc.StatusRuntimeException: UNAVAILABLE: Network closed for unknown reason

	at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:271)
	at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:252)
	at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:165)
	at org.tron.trident.api.WalletGrpc$WalletBlockingStub.getNowBlock(WalletGrpc.java:4763)
	at org.tron.trident.core.ApiWrapper.getNowBlock(ApiWrapper.java:780)
	at AddressCheckTest.testAddress(AddressCheckTest.java:22)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
	at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
	at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
	at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
	at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)
	at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
	at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
	at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
	at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:232)
	at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:55)

[eodiandie]

Hi @Borkes if you are accessing the network from your node, then no API key is needed, just need to include your private key as shown below,
ApiWrapper wrapper = new ApiWrapper("grpc endpoint", "solidity grpc endpoint", "hex private key");
where,
grpc port = 50051
solidity grpc port = 50061
These ports as set default as above, you may check your node config.conf file and see if the ports remain the same.

[borkesmao]

hi @xq-lu, my node has already set the default port 50051, maybe you are not aware of my problem. As my nodes are accessed using ssl and certificates, so I want to initialize ApiWrapper with something like TSL

1. use grpcurl access node with TSL, response correct blockInfo

grpcurl -import-path . -proto ./api/api.proto host:50051 protocol.Wallet/GetNowBlock

2. use grpcurl access node with NO TSL

grpcurl -import-path . -proto ./api/api.proto -plaintext host:50051 protocol.Wallet/GetNowBlock
Code: Unavailable
Message: error reading from server: EOF

3. use ApiWrapper access node, so I guess there's no TSL

ApiWrapper wrapper = new ApiWrapper("host:50051", "host:50051","api key");
Chain.Block block = wrapper.getNowBlock();
io.grpc.StatusRuntimeException: UNAVAILABLE: Network closed for unknown reason

[eodiandie]

hi, @borkesmao
I kind of know what's your problem mentioned above. Let's clarify it. you enable TLS in your Tron node. when you access the node with TLS setup on the client side, it works fine. but when you use ApiWrapper to access it, it throws errors.
Currently, the latest version trident-sdk does not support gRPC authentication with SSL/TLS.
If you want to config Apiwrapper to support TLS, you can try with the codes below and replace the default channel in Apiwrapper constructor function:

// With server authentication SSL/TLS
ManagedChannel channel = Grpc.newChannelBuilder(
        "myservice.example.com:443", TlsChannelCredentials.create())
    .build();
blockingStub = WalletGrpc.newBlockingStub(channel);
or
// With server authentication SSL/TLS; custom CA root certificates
ChannelCredentials creds = TlsChannelCredentials.newBuilder()
    .trustManager(new File("roots.pem"))
    .build();
ManagedChannel channel = Grpc.newChannelBuilder("myservice.example.com:443", creds)
    .build();
blockingStub = WalletGrpc.newBlockingStub(channel);

for the details, you may refer to this doc:https://grpc.io/docs/guides/auth/#with-server-authentication-ssltls-4

By the way,' support gRPC authentication in TLS in Apiwrapper'is a good feature, and it may be included in the later release.

[shamoh]

I would appreciate the feature. 🙏