Java 类io.grpc.okhttp.internal.Platform 实例源码

@Override
protected ManagedChannel createChannel() {
    try {
        final int port = server.getPort();
        return OkHttpChannelBuilder
                .forAddress("localhost", port)
                .negotiationType(NegotiationType.TLS)
                .maxInboundMessageSize(16 * 1024 * 1024)
                .connectionSpec(ConnectionSpec.MODERN_TLS)
                .overrideAuthority("example.com:" + port)
                .sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
                        Platform.get().getProvider(), ssc.certificate()))
                .build();
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}

/**
 * Override {@link Platform}'s configureTlsExtensions for Android older than 5.0, since OkHttp
 * (2.3+) only support such function for Android 5.0+.
 */
@Override
protected void configureTlsExtensions(
    SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
  // Enable SNI and session tickets.
  if (hostname != null) {
    SET_USE_SESSION_TICKETS.invokeOptionalWithoutCheckedException(sslSocket, true);
    SET_HOSTNAME.invokeOptionalWithoutCheckedException(sslSocket, hostname);
  }

  Object[] parameters = {Platform.concatLengthPrefixed(protocols)};
  if (platform.getTlsExtensionType() == TlsExtensionType.ALPN_AND_NPN) {
    SET_ALPN_PROTOCOLS.invokeWithoutCheckedException(sslSocket, parameters);
  }

  if (platform.getTlsExtensionType() != TlsExtensionType.NONE) {
    SET_NPN_PROTOCOLS.invokeWithoutCheckedException(sslSocket, parameters);
  } else {
    throw new RuntimeException("We can not do TLS handshake on this Android version, please"
        + " install the Google Play Services Dynamic Security Provider to use TLS");
  }
}

private OkHttpChannelBuilder createChannelBuilder() {
  OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", getPort())
      .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
      .connectionSpec(new ConnectionSpec.Builder(OkHttpChannelBuilder.DEFAULT_CONNECTION_SPEC)
          .cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
          .tlsVersions(ConnectionSpec.MODERN_TLS.tlsVersions().toArray(new TlsVersion[0]))
          .build())
      .overrideAuthority(GrpcUtil.authorityFromHostAndPort(
          TestUtils.TEST_SERVER_HOST, getPort()));
  io.grpc.internal.TestingAccessor.setStatsImplementation(
      builder, createClientCensusStatsModule());
  try {
    builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
        TestUtils.loadCert("ca.pem")));
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
  return builder;
}

@VisibleForTesting
@Nullable
SSLSocketFactory createSocketFactory() {
  switch (negotiationType) {
    case TLS:
      try {
        if (sslSocketFactory == null) {
          SSLContext sslContext;
          if (GrpcUtil.IS_RESTRICTED_APPENGINE) {
            // The following auth code circumvents the following AccessControlException:
            // access denied ("java.util.PropertyPermission" "javax.net.ssl.keyStore" "read")
            // Conscrypt will attempt to load the default KeyStore if a trust manager is not
            // provided, which is forbidden on AppEngine
            sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
            TrustManagerFactory trustManagerFactory =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            sslContext.init(
                null,
                trustManagerFactory.getTrustManagers(),
                // Use an algorithm that doesn't need /dev/urandom
                SecureRandom.getInstance("SHA1PRNG", Platform.get().getProvider()));

          } else {
            sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
          }
          sslSocketFactory = sslContext.getSocketFactory();
        }
        return sslSocketFactory;
      } catch (GeneralSecurityException gse) {
        throw new RuntimeException("TLS Provider failure", gse);
      }
    case PLAINTEXT:
      return null;
    default:
      throw new RuntimeException("Unknown negotiation type: " + negotiationType);
  }
}

@Test
public void negotiate_noSelectedProtocol() throws Exception {
  Platform platform = mock(Platform.class);

  OkHttpProtocolNegotiator negotiator = new OkHttpProtocolNegotiator(platform);

  thrown.expect(RuntimeException.class);
  thrown.expectMessage("protocol negotiation failed");

  negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2));
}

private static OkHttpChannelBuilder newOkhttpClientChannel(
    SocketAddress address, boolean tls, boolean testca, @Nullable String authorityOverride) {
  InetSocketAddress addr = (InetSocketAddress) address;
  OkHttpChannelBuilder builder =
      OkHttpChannelBuilder.forAddress(addr.getHostName(), addr.getPort());
  if (tls) {
    builder.negotiationType(io.grpc.okhttp.NegotiationType.TLS);
    SSLSocketFactory factory;
    if (testca) {
      builder.overrideAuthority(
          GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort()));
      try {
        factory = TestUtils.newSslSocketFactoryForCa(
            Platform.get().getProvider(),
            TestUtils.loadCert("ca.pem"));
      } catch (Exception e) {
        throw new RuntimeException(e);
      }
    } else {
      factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    }
    builder.sslSocketFactory(factory);
  } else {
    builder.negotiationType(io.grpc.okhttp.NegotiationType.PLAINTEXT);
  }
  return builder;
}

@VisibleForTesting
OkHttpProtocolNegotiator(Platform platform) {
  this.platform = checkNotNull(platform, "platform");
}

AndroidNegotiator(Platform platform) {
  super(platform);
}

@Override
protected ManagedChannel createChannel() {
  AbstractManagedChannelImplBuilder<?> builder;
  if (!useOkHttp) {
    SslContext sslContext = null;
    if (useTestCa) {
      try {
        sslContext = GrpcSslContexts.forClient().trustManager(
                TestUtils.loadCert("ca.pem")).build();
      } catch (Exception ex) {
        throw new RuntimeException(ex);
      }
    }
    NettyChannelBuilder nettyBuilder =
        NettyChannelBuilder.forAddress(serverHost, serverPort)
            .flowControlWindow(65 * 1024)
            .negotiationType(useTls ? NegotiationType.TLS : NegotiationType.PLAINTEXT)
            .sslContext(sslContext);
    if (serverHostOverride != null) {
      nettyBuilder.overrideAuthority(serverHostOverride);
    }
    if (fullStreamDecompression) {
      nettyBuilder.enableFullStreamDecompression();
    }
    builder = nettyBuilder;
  } else {
    OkHttpChannelBuilder okBuilder = OkHttpChannelBuilder.forAddress(serverHost, serverPort);
    if (serverHostOverride != null) {
      // Force the hostname to match the cert the server uses.
      okBuilder.overrideAuthority(
          GrpcUtil.authorityFromHostAndPort(serverHostOverride, serverPort));
    }
    if (useTls) {
      try {
        SSLSocketFactory factory = useTestCa
            ? TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
                TestUtils.loadCert("ca.pem"))
            : (SSLSocketFactory) SSLSocketFactory.getDefault();
        okBuilder.sslSocketFactory(factory);
      } catch (Exception e) {
        throw new RuntimeException(e);
      }
    } else {
      okBuilder.usePlaintext(true);
    }
    if (fullStreamDecompression) {
      okBuilder.enableFullStreamDecompression();
    }
    builder = okBuilder;
  }
  io.grpc.internal.TestingAccessor.setStatsImplementation(
      builder, createClientCensusStatsModule());
  return builder.build();
}