This example suite shows secure communication between a Hello World client and a Hello World server authenticated by Google's Application Layer Transport Security (ALTS). For more information about ALTS itself, see ALTS Whiltepaper or grpc.io tutorial.
In the gRPC-java context, for both the ALTS client and the ALTS server, a
gRPC-client-backed handshaker is installed in their channel protocol
negotiator. Once a connection is established between the ALTS Client and the
ALTS Server, the protocol negotiators will trigger the ALTS handshaking process,
which fires multiple rounds of gRPC communication between multiple parties,
including the ALTS client, the ALTS server and a pre-deployed handshaker
server. At the end, they will reach a shared secret to be used to encrypt the
following RPC calls.
The example runs successfully in a GCP environment out-of-the-box, and can be further configured to run in any environments with a pre-deployed handshaker service.
To build the example,
-
Install gRPC Java library SNAPSHOT locally, including code generation plugin (Only need this step for non-released versions, e.g. master HEAD).
-
Run in this directory:
$ ../gradlew installDist
This creates the scripts hello-world-alts-server, hello-world-alts-client,
in the
build/install/example-atls/bin/ directory that run the example.
ALTS handshake protocol negotiation requires a separate handshaker service. It is available in the GCP environment, so we can run the application directly:
# Run the server:
./build/install/example-alts/bin/hello-world-alts-server
In another terminal run the client
./build/install/example-alts/bin/hello-world-alts-client
That's it!
To run the example in a non-GCP environment, you should first deploy a handshaker service and know its name. You should configure both the ALTS client and ALTS server to use the known handshaker server for testing. See example.