diff --git a/core/src/main/java/io/grpc/ServerBuilder.java b/core/src/main/java/io/grpc/ServerBuilder.java index 5d6e4f18161..397010be8c1 100644 --- a/core/src/main/java/io/grpc/ServerBuilder.java +++ b/core/src/main/java/io/grpc/ServerBuilder.java @@ -17,6 +17,7 @@ package io.grpc; import java.io.File; +import java.io.InputStream; import java.util.concurrent.Executor; import java.util.concurrent.TimeUnit; import javax.annotation.Nullable; @@ -150,6 +151,22 @@ public T addStreamTracerFactory(ServerStreamTracer.Factory factory) { */ public abstract T useTransportSecurity(File certChain, File privateKey); + /** + * Makes the server use TLS. + * + * @param certChain InputStream containing the full certificate chain + * @param privateKey InputStream containing the private key + * + * @return this + * @throws UnsupportedOperationException if the server does not support TLS, or does not support + * reading these files from an InputStream. + * @since 1.12.0 + */ + public T useTransportSecurity(InputStream certChain, InputStream privateKey) { + throw new UnsupportedOperationException(); + } + + /** * Set the decompression registry for use in the channel. This is an advanced API call and * shouldn't be used unless you are using custom message encoding. The default supported diff --git a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java index 15dfb63b963..07b1a9a22fd 100644 --- a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java +++ b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java @@ -31,6 +31,7 @@ import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.SupportedCipherSuiteFilter; import java.io.File; +import java.io.InputStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.Provider; @@ -140,6 +141,27 @@ public static SslContextBuilder forServer( return configure(SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword)); } + /** + * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC. + * + * @see SslContextBuilder#forServer(InputStream, InputStream) + * @see #configure(SslContextBuilder) + */ + public static SslContextBuilder forServer(InputStream keyCertChain, InputStream key) { + return configure(SslContextBuilder.forServer(keyCertChain, key)); + } + + /** + * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC. + * + * @see SslContextBuilder#forServer(InputStream, InputStream, String) + * @see #configure(SslContextBuilder) + */ + public static SslContextBuilder forServer( + InputStream keyCertChain, InputStream key, String keyPassword) { + return configure(SslContextBuilder.forServer(keyCertChain, key, keyPassword)); + } + /** * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if * an application requires particular settings it should override the options set here. diff --git a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java index 4e7df63805e..ae7463ff763 100644 --- a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java +++ b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java @@ -38,6 +38,7 @@ import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.handler.ssl.SslContext; import java.io.File; +import java.io.InputStream; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.util.HashMap; @@ -438,4 +439,15 @@ public NettyServerBuilder useTransportSecurity(File certChain, File privateKey) } return this; } + + @Override + public NettyServerBuilder useTransportSecurity(InputStream certChain, InputStream privateKey) { + try { + sslContext = GrpcSslContexts.forServer(certChain, privateKey).build(); + } catch (SSLException e) { + // This should likely be some other, easier to catch exception. + throw new RuntimeException(e); + } + return this; + } } diff --git a/netty/src/test/java/io/grpc/netty/TlsTest.java b/netty/src/test/java/io/grpc/netty/TlsTest.java index c99d7f1ce1b..6628a39a646 100644 --- a/netty/src/test/java/io/grpc/netty/TlsTest.java +++ b/netty/src/test/java/io/grpc/netty/TlsTest.java @@ -176,7 +176,6 @@ public void basicClientServerIntegrationTest() throws Exception { client.unaryRpc(SimpleRequest.getDefaultInstance()); } - /** * Tests that a server configured to require client authentication refuses to accept connections * from a client that has an untrusted certificate.