如何为安全的go grpc服务创建不安全的Java grpc客户端

我正在尝试用Java创建grpc服务客户端,其中服务器位于goLang中,并使用https进行部署。 我试图建立非安全连接的位置[我不想通过证书] </ p>

 公共类testgrpc {
ManagedChannel channel;
ServiceGrpc.ServiceBlockingStub BlockingStub;
字符串host =“ remotesecuredhost”;
int port =“ XXX”;

@Test
public void testgrpc()
{
channel = ManagedChannelBuilder.forAddress(host,port).build ();

blockingStub = ServiceGrpc.newBlockingStub(channel);

response = blockingStub.health(Empty.newBuilder()。build());

}

}
< / code> </ pre>

上面的代码给出了以下异常</ p>

  io.grpc.StatusRuntimeException:不可用:io异常
在io.grpc .stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:221)
在io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:202)
在io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:131 )
</ code> </ pre>

有人可以帮助客户代码</ p>
</ div>

展开原文

原文

I am trying to create grpc service client in Java where server is in goLang and deployed with the https . where I am trying to achieve a non-secured connection [I don't want to pass the certificate ]

public class testgrpc {
    ManagedChannel channel ;
    ServiceGrpc.ServiceBlockingStub  blockingStub;
    String host = "remotesecuredhost";
    int port ="XXX";

    @Test
    public void testgrpc()
    {
    channel = ManagedChannelBuilder.forAddress(host,port).build();

     blockingStub = ServiceGrpc.newBlockingStub(channel);

    response =  blockingStub.health(Empty.newBuilder().build());

    }

}

the above code gives following exception

io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
    at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:221)
    at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:202)
    at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:131)

can someone help with Client code

dongsi0625
dongsi0625 感谢您的建议,我终于找到了解决方案,这主要是与下侧而不是客户端有关。
一年多之前 回复
douwei1930
douwei1930 要模拟grpc.WithInsecure(),您可以在Java中执行managedChannelBuilder.usePlaintext()。在这种情况下,没有TLS,因此没有证书验证。
一年多之前 回复
donglinli2027
donglinli2027 我已经在golib中看到了这段代码---conn,err:=grpc.Dial(serverAddress,grpc.WithInsecure()),是否还需要对证书进行验证?您将能够帮助处理trustmanager代码吗?
一年多之前 回复
doulang6695
doulang6695 gRPC强烈建议不要忽略证书,也不要“支持”忽略证书,因为这实际上使它不安全。纯文本更容易使用。我们发现,即使使用TLS进行测试,也没有必要的用例。在Java中,可以通过提供自己的TrustManager(例如Netty的InsecureTrustManagerFactory)来实现,但是在使用它时“只能靠自己”。在您的情况下,您可以在服务器上使用硬编码的证书,并且仍然获得相同的效果,这将使证书验证保持启用状态。
一年多之前 回复
doufen1933
doufen1933 或者换句话说,我想绕过安全证书步骤,这可能吗?
一年多之前 回复
dongmei1911
dongmei1911 不是自定义的,而是特定于环境的自签名证书
一年多之前 回复
dongmibeng5885
dongmibeng5885 您不想通过证书是什么意思?Go服务器是否使用自定义CA作为其证书?
一年多之前 回复

3个回答



我终于找到了解决方案,对于我来说</ p>


  1. 净值 版本在我的build.gradle中不同步,因为我收到以下异常</ li>
    </ ol>

     找不到TLS ALPN提供程序; 没有可用的netty-tcnative,
    Conscrypt或Jetty NPN / ALPN
    </ code> </ pre>

    要解决此问题,我已经按照以下步骤设置了版本</ p>


    grpc-netty-1.20.x- ||| netty-handler-4.1.34.Final
    ||| netty-tcnative-boringssl静态版本2.0.22.Final
    从这里想起 </ p>
    </ blockquote>


    1. 进行tls连接,这可行</ li>
      </ ol >

        channel = NettyChannelBuilder 
      .forAddress(“ host”,port)
      .sslContext(GrpcSslContexts.forClient()。trustManager(InsecureTrustManagerFactory.INSTANCE).build())
      。 build();

      </ code> </ pre>


      1. 非tls </ li>
        </ ol>

          
        channel = NettyChannelBuilder
        .forAddress(“ host”,port).usePlaintext()
        .build();
        </ code> </ pre>
        </ div>

展开原文

原文

I have figured out the solution finally , in my case

  1. Netty versions were not in sync in my build.gradle , because of that I was receiving the exception as below
Could not find TLS ALPN provider; no working netty-tcnative,
Conscrypt, or Jetty NPN/ALPN available

to resolve this I have setup the versions as followed

grpc-netty - 1.20.x- ||| netty-handler-4.1.34.Final ||| netty-tcnative-boringssl-static version 2.0.22.Final got idea from here

  1. for tls connection this works
channel  = NettyChannelBuilder
                .forAddress("host",port)
               .sslContext(GrpcSslContexts.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build())
                .build();

  1. for non tls

              channel  = NettyChannelBuilder
            .forAddress("host",port).usePlaintext()
       .build();



可能是您的代码中的错误。 我的代码运行良好,请克隆它。 </ p>

https://github.com/kubesure/publisher </ p>
</ div>

展开原文

原文

could be an error within your code. my code works well, clone it.

https://github.com/kubesure/publisher


import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

import io.grpc.ManagedChannel;
import io.grpc.ManagedChannelBuilder;
import io.grpc.StatusRuntimeException;
import io.kubesure.publish.PublisherGrpc;
import io.kubesure.publish.PublisherProtos.Ack;
import io.kubesure.publish.PublisherProtos.Message;
import io.kubesure.publish.PublisherProtos.Message.Builder;

public class AppClient {

    private static final Logger logger = Logger.getLogger(AppClient.class.getName());
    private final ManagedChannel channel;
    private final PublisherGrpc.PublisherBlockingStub blockingStub;

    public AppClient(String host, int port) {
        this(ManagedChannelBuilder.forAddress(host, port)
                // Channels are secure by default (via SSL/TLS). For the example we disable TLS
                // to avoid
                // needing certificates.
                .usePlaintext().build());
    }

    AppClient(ManagedChannel channel) {
        this.channel = channel;
        blockingStub = PublisherGrpc.newBlockingStub(channel);
    }

    public Ack publish(String payload) {
        logger.info("Payload sent to publisher ");
        Builder builder = Message.newBuilder();
        builder.setPayload(payload);
        builder.setVersion("v1");
        builder.setType("Policy");
        builder.setDestination("policyissued");
        Message message = builder.build();
        try {
            Ack ack = blockingStub.publish(message);
            logger.info("is published: " + ack.getOk());
            return ack;
        } catch (StatusRuntimeException e) {
            logger.log(Level.WARNING, "RPC failed: {0}", e.getStatus());
            return Ack.newBuilder().setOk(false).build(); 
        }
    }

    public void shutdown() throws InterruptedException {
        channel.shutdown().awaitTermination(5, TimeUnit.SECONDS);
    }

    public static void main(String[] args) throws Exception {
        AppClient client = new AppClient("localhost", 50051);
        try {
            /* Access a service running on the local machine on port 50051 */
            String payload = "supplies to mars";
            if (args.length > 0) {
                payload = args[0]; /* Use the arg as the name to greet if provided */
            }
            client.publish(payload);
        } finally {
            client.shutdown();
        }
    }
}
dsxpt62448
dsxpt62448 就我而言,如果我使用服务运行类似的代码,则会引发INTERNAL:http2异常io.grpc.StatusRuntimeException:INTERNAL:io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:221)处的http2异常 io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:131)上的.stub.ClientCalls.getUnchecked(ClientCalls.java:202)
一年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐