From bf69d6750e6d99d1ca276864be82ec0ed90614e9 Mon Sep 17 00:00:00 2001 From: yifeizhuang Date: Tue, 26 Jan 2021 09:50:42 -0800 Subject: [PATCH 1/5] interop-testing: add fake altsHandshakerService for test --- .../AltsHandshakerTestService.java | 144 ++++++++++++++++++ .../integration/TestServiceServer.java | 4 +- .../integration/AltsHandshakeTest.java | 96 ++++++++++++ 3 files changed, 242 insertions(+), 2 deletions(-) create mode 100644 interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java create mode 100644 interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java b/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java new file mode 100644 index 00000000000..141e669e293 --- /dev/null +++ b/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java @@ -0,0 +1,144 @@ +/* + * Copyright 2021 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.testing.integration; + +import static com.google.common.base.Preconditions.checkState; +import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.CLIENT_START; +import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.NEXT; +import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.SERVER_START; + +import com.google.protobuf.ByteString; +import io.grpc.alts.internal.HandshakerReq; +import io.grpc.alts.internal.HandshakerResp; +import io.grpc.alts.internal.HandshakerResult; +import io.grpc.alts.internal.HandshakerServiceGrpc.HandshakerServiceImplBase; +import io.grpc.alts.internal.Identity; +import io.grpc.alts.internal.RpcProtocolVersions; +import io.grpc.alts.internal.RpcProtocolVersions.Version; +import io.grpc.stub.StreamObserver; +import java.util.Random; +import java.util.logging.Level; +import java.util.logging.Logger; + +public class AltsHandshakerTestService extends HandshakerServiceImplBase { + private static final Logger log = Logger.getLogger(AltsHandshakerTestService.class.getName()); + + private final ByteString secret = generateKey(); + private final ByteString fakeOutput = digest(); + private static final int FIXED_LENGTH_OUTPUT = 16; + private static final int KEY_LENGTH = 128; + private State expectState = State.CLIENT_INIT; + + @Override + public StreamObserver doHandshake( + final StreamObserver responseObserver) { + return new StreamObserver() { + @Override + public void onNext(HandshakerReq value) { + log.log(Level.INFO, "echo request received: " + value); + switch (expectState) { + case CLIENT_INIT: + checkState(CLIENT_START.equals(value.getReqOneofCase())); + HandshakerResp initClient = HandshakerResp.newBuilder() + .setOutFrames(fakeOutput) + .build(); + log.log(Level.INFO, "replying init response to client " + initClient); + responseObserver.onNext(initClient); + expectState = State.SERVER_INIT; + break; + case SERVER_INIT: + checkState(SERVER_START.equals(value.getReqOneofCase())); + HandshakerResp initServer = HandshakerResp.newBuilder() + .setBytesConsumed(FIXED_LENGTH_OUTPUT) + .setOutFrames(fakeOutput) + .build(); + log.log(Level.INFO, "replying init response to server" + initServer); + responseObserver.onNext(initServer); + expectState = State.CLIENT_FINISH; + break; + case CLIENT_FINISH: + checkState(NEXT.equals(value.getReqOneofCase())); + HandshakerResp resp = HandshakerResp.newBuilder() + .setResult(getResult()) + .setBytesConsumed(FIXED_LENGTH_OUTPUT) + .setOutFrames(fakeOutput) + .build(); + log.log(Level.INFO, "returning result " + resp); + responseObserver.onNext(resp); + expectState = State.SERVER_FINISH; + break; + case SERVER_FINISH: + resp = HandshakerResp.newBuilder() + .setResult(getResult()) + .setBytesConsumed(FIXED_LENGTH_OUTPUT) + .build(); + log.log(Level.INFO, "returning result " + resp); + responseObserver.onNext(resp); + break; + default: + throw new RuntimeException("unknown type"); + } + } + + @Override + public void onError(Throwable t) { + } + + @Override + public void onCompleted() { + } + }; + } + + private HandshakerResult getResult() { + return HandshakerResult.newBuilder().setApplicationProtocol("grpc") + .setRecordProtocol("ALTSRP_GCM_AES128_REKEY") + .setKeyData(secret) + .setMaxFrameSize(131072) + .setPeerIdentity(Identity.newBuilder() + .setServiceAccount("123456789-compute@developer.gserviceaccount.com") + .build()) + .setPeerRpcVersions(RpcProtocolVersions.newBuilder() + .setMaxRpcVersion(Version.newBuilder() + .setMajor(2).setMinor(1) + .build()) + .setMinRpcVersion(Version.newBuilder() + .setMajor(2).setMinor(1) + .build()) + .build()) + .build(); + } + + private ByteString generateKey() { + byte[] k = new byte[KEY_LENGTH]; + new Random().nextBytes(k); + return ByteString.copyFrom(k); + } + + private ByteString digest() { + byte[] r = new byte[FIXED_LENGTH_OUTPUT]; + new Random().nextBytes(r); + return ByteString.copyFrom(r); + } + + private enum State { + CLIENT_INIT, + SERVER_INIT, + CLIENT_FINISH, + SERVER_FINISH + } +} diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java index 2a5c0ebe557..3decc7b0eee 100644 --- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java +++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java @@ -92,8 +92,8 @@ void parseArgs(String[] args) { break; } String value = parts[1]; - if ("port".equals(key)) { - port = Integer.parseInt(value); + if ("port".equals(value)) { + port = Integer.parseInt(key); } else if ("use_tls".equals(key)) { useTls = Boolean.parseBoolean(value); } else if ("use_alts".equals(key)) { diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java new file mode 100644 index 00000000000..861ca40ddd6 --- /dev/null +++ b/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java @@ -0,0 +1,96 @@ +/* + * Copyright 2021 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.testing.integration; + +import static io.grpc.testing.integration.AbstractInteropTest.EMPTY; +import static org.junit.Assert.assertEquals; + +import com.google.common.util.concurrent.MoreExecutors; +import io.grpc.ChannelCredentials; +import io.grpc.Grpc; +import io.grpc.InsecureServerCredentials; +import io.grpc.ManagedChannel; +import io.grpc.Server; +import io.grpc.ServerCredentials; +import io.grpc.ServerInterceptors; +import io.grpc.alts.AltsChannelCredentials; +import io.grpc.alts.AltsServerCredentials; +import java.util.concurrent.Executors; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.TimeUnit; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public class AltsHandshakeTest { + + private ScheduledExecutorService executor; + private Server testServer; + private Server handshakeServer; + + private final int handshakerServerPort = 8000; + private final int testServerPort = 8080; + private final String serverHost = "localhost"; + + private void startHandshakeServer() throws Exception { + handshakeServer = Grpc.newServerBuilderForPort(handshakerServerPort, + InsecureServerCredentials.create()) + .addService(ServerInterceptors.intercept(new AltsHandshakerTestService(), + TestServiceImpl.interceptors())) + .build() + .start(); + } + + private void startAltsServer() throws Exception { + executor = Executors.newSingleThreadScheduledExecutor(); + ServerCredentials serverCreds = AltsServerCredentials.newBuilder() + .enableUntrustedAltsForTesting() + .setHandshakerAddressForTesting(serverHost + ":" + handshakerServerPort).build(); + testServer = Grpc.newServerBuilderForPort(testServerPort, serverCreds) + .addService(ServerInterceptors.intercept( + new TestServiceImpl(executor), TestServiceImpl.interceptors())) + .build() + .start(); + } + + @Before + public void setup() throws Exception { + startHandshakeServer(); + startAltsServer(); + } + + @After + public void stop() { + testServer.shutdownNow(); + handshakeServer.shutdownNow(); + MoreExecutors.shutdownAndAwaitTermination(executor, 5, TimeUnit.SECONDS); + } + + @Test + public void testAlts() { + ChannelCredentials channelCredentials = AltsChannelCredentials.newBuilder() + .enableUntrustedAltsForTesting() + .setHandshakerAddressForTesting(serverHost + ":" + handshakerServerPort).build(); + ManagedChannel channel = + Grpc.newChannelBuilderForAddress(serverHost, testServerPort, channelCredentials).build(); + TestServiceGrpc.TestServiceBlockingStub blockingStub = TestServiceGrpc.newBlockingStub(channel); + assertEquals(EMPTY, blockingStub.emptyCall(EMPTY)); + } +} From 0ceb88e7a24aa7e874fda10b9766f5c3e9900df8 Mon Sep 17 00:00:00 2001 From: yifeizhuang Date: Mon, 1 Feb 2021 16:39:49 -0800 Subject: [PATCH 2/5] add alts example readme --- examples/example-alts/example-alts/README.md | 54 ++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 examples/example-alts/example-alts/README.md diff --git a/examples/example-alts/example-alts/README.md b/examples/example-alts/example-alts/README.md new file mode 100644 index 00000000000..e53bda334f4 --- /dev/null +++ b/examples/example-alts/example-alts/README.md @@ -0,0 +1,54 @@ +gRPC ALTS Example +================== + +This example suite shows secure communication between a Hello World +client and a Hello World server authenticated by Google's Application Layer + +Transport Security (ALTS). For more information about ALTS, see +[ALTS Whiltepaper](https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security) or [grpc.io tutorial](https://grpc.io/docs/languages/java/alts/). + +The application runs successfully in a GCP environment +out-of-the-box, and can be further configured to run in any environments +with a pre-deployed handshaker service. + + +### Build the example + +To build the example, + +1. **[Install gRPC Java library SNAPSHOT locally, including code generation plugin](../../COMPILING.md) (Only need this step for non-released versions, e.g. master HEAD).** + +2. Run in this directory: +``` +$ ../gradlew installDist +``` + +This creates the scripts `hello-world-alts-server`, `hello-world-alts-client`, +in the +`build/install/example-atls/bin/` directory that run the example. + +### Run the example in a GCP environment +ALTS handshake protocol negotiation requires a separate handshaker service. It is +available in the GCP environment, so we can run the application directly: + +```bash +# Run the server: +./build/install/example-alts/bin/hello-world-alts-server + +``` + +In another terminal run the client + +``` +./build/install/example-alts/bin/hello-world-alts-client +``` + +That's it! + +### Test the example in a non-GCP environment + +To run the example in a non-GCP environment, you should first deploy a +[handshaker service](https://github.com/grpc/grpc/blob/7e367da22a137e2e7caeae8342c239a91434ba50/src/proto/grpc/gcp/handshaker.proto#L224-L234) +and know its name. You have to configure both the [ALTS client](https://github.com/grpc/grpc-java/blob/master/alts/src/main/java/io/grpc/alts/AltsChannelBuilder.java#L63-L76) +and [ALTS server](https://github.com/grpc/grpc-java/blob/master/alts/src/main/java/io/grpc/alts/AltsServerCredentials.java#L55-L72) +to use the known handshaker server for testing. See [example](placeholder). From aa648436982788411b7fa131024b964d26020ac5 Mon Sep 17 00:00:00 2001 From: yifeizhuang Date: Mon, 1 Feb 2021 17:23:12 -0800 Subject: [PATCH 3/5] Revert "interop-testing: add fake altsHandshakerService for test" This reverts commit bf69d6750e6d99d1ca276864be82ec0ed90614e9. --- .../AltsHandshakerTestService.java | 144 ------------------ .../integration/TestServiceServer.java | 4 +- .../integration/AltsHandshakeTest.java | 96 ------------ 3 files changed, 2 insertions(+), 242 deletions(-) delete mode 100644 interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java delete mode 100644 interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java b/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java deleted file mode 100644 index 141e669e293..00000000000 --- a/interop-testing/src/main/java/io/grpc/testing/integration/AltsHandshakerTestService.java +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright 2021 The gRPC Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.grpc.testing.integration; - -import static com.google.common.base.Preconditions.checkState; -import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.CLIENT_START; -import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.NEXT; -import static io.grpc.alts.internal.HandshakerReq.ReqOneofCase.SERVER_START; - -import com.google.protobuf.ByteString; -import io.grpc.alts.internal.HandshakerReq; -import io.grpc.alts.internal.HandshakerResp; -import io.grpc.alts.internal.HandshakerResult; -import io.grpc.alts.internal.HandshakerServiceGrpc.HandshakerServiceImplBase; -import io.grpc.alts.internal.Identity; -import io.grpc.alts.internal.RpcProtocolVersions; -import io.grpc.alts.internal.RpcProtocolVersions.Version; -import io.grpc.stub.StreamObserver; -import java.util.Random; -import java.util.logging.Level; -import java.util.logging.Logger; - -public class AltsHandshakerTestService extends HandshakerServiceImplBase { - private static final Logger log = Logger.getLogger(AltsHandshakerTestService.class.getName()); - - private final ByteString secret = generateKey(); - private final ByteString fakeOutput = digest(); - private static final int FIXED_LENGTH_OUTPUT = 16; - private static final int KEY_LENGTH = 128; - private State expectState = State.CLIENT_INIT; - - @Override - public StreamObserver doHandshake( - final StreamObserver responseObserver) { - return new StreamObserver() { - @Override - public void onNext(HandshakerReq value) { - log.log(Level.INFO, "echo request received: " + value); - switch (expectState) { - case CLIENT_INIT: - checkState(CLIENT_START.equals(value.getReqOneofCase())); - HandshakerResp initClient = HandshakerResp.newBuilder() - .setOutFrames(fakeOutput) - .build(); - log.log(Level.INFO, "replying init response to client " + initClient); - responseObserver.onNext(initClient); - expectState = State.SERVER_INIT; - break; - case SERVER_INIT: - checkState(SERVER_START.equals(value.getReqOneofCase())); - HandshakerResp initServer = HandshakerResp.newBuilder() - .setBytesConsumed(FIXED_LENGTH_OUTPUT) - .setOutFrames(fakeOutput) - .build(); - log.log(Level.INFO, "replying init response to server" + initServer); - responseObserver.onNext(initServer); - expectState = State.CLIENT_FINISH; - break; - case CLIENT_FINISH: - checkState(NEXT.equals(value.getReqOneofCase())); - HandshakerResp resp = HandshakerResp.newBuilder() - .setResult(getResult()) - .setBytesConsumed(FIXED_LENGTH_OUTPUT) - .setOutFrames(fakeOutput) - .build(); - log.log(Level.INFO, "returning result " + resp); - responseObserver.onNext(resp); - expectState = State.SERVER_FINISH; - break; - case SERVER_FINISH: - resp = HandshakerResp.newBuilder() - .setResult(getResult()) - .setBytesConsumed(FIXED_LENGTH_OUTPUT) - .build(); - log.log(Level.INFO, "returning result " + resp); - responseObserver.onNext(resp); - break; - default: - throw new RuntimeException("unknown type"); - } - } - - @Override - public void onError(Throwable t) { - } - - @Override - public void onCompleted() { - } - }; - } - - private HandshakerResult getResult() { - return HandshakerResult.newBuilder().setApplicationProtocol("grpc") - .setRecordProtocol("ALTSRP_GCM_AES128_REKEY") - .setKeyData(secret) - .setMaxFrameSize(131072) - .setPeerIdentity(Identity.newBuilder() - .setServiceAccount("123456789-compute@developer.gserviceaccount.com") - .build()) - .setPeerRpcVersions(RpcProtocolVersions.newBuilder() - .setMaxRpcVersion(Version.newBuilder() - .setMajor(2).setMinor(1) - .build()) - .setMinRpcVersion(Version.newBuilder() - .setMajor(2).setMinor(1) - .build()) - .build()) - .build(); - } - - private ByteString generateKey() { - byte[] k = new byte[KEY_LENGTH]; - new Random().nextBytes(k); - return ByteString.copyFrom(k); - } - - private ByteString digest() { - byte[] r = new byte[FIXED_LENGTH_OUTPUT]; - new Random().nextBytes(r); - return ByteString.copyFrom(r); - } - - private enum State { - CLIENT_INIT, - SERVER_INIT, - CLIENT_FINISH, - SERVER_FINISH - } -} diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java index 3decc7b0eee..2a5c0ebe557 100644 --- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java +++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java @@ -92,8 +92,8 @@ void parseArgs(String[] args) { break; } String value = parts[1]; - if ("port".equals(value)) { - port = Integer.parseInt(key); + if ("port".equals(key)) { + port = Integer.parseInt(value); } else if ("use_tls".equals(key)) { useTls = Boolean.parseBoolean(value); } else if ("use_alts".equals(key)) { diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java deleted file mode 100644 index 861ca40ddd6..00000000000 --- a/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakeTest.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright 2021 The gRPC Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.grpc.testing.integration; - -import static io.grpc.testing.integration.AbstractInteropTest.EMPTY; -import static org.junit.Assert.assertEquals; - -import com.google.common.util.concurrent.MoreExecutors; -import io.grpc.ChannelCredentials; -import io.grpc.Grpc; -import io.grpc.InsecureServerCredentials; -import io.grpc.ManagedChannel; -import io.grpc.Server; -import io.grpc.ServerCredentials; -import io.grpc.ServerInterceptors; -import io.grpc.alts.AltsChannelCredentials; -import io.grpc.alts.AltsServerCredentials; -import java.util.concurrent.Executors; -import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.TimeUnit; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -@RunWith(JUnit4.class) -public class AltsHandshakeTest { - - private ScheduledExecutorService executor; - private Server testServer; - private Server handshakeServer; - - private final int handshakerServerPort = 8000; - private final int testServerPort = 8080; - private final String serverHost = "localhost"; - - private void startHandshakeServer() throws Exception { - handshakeServer = Grpc.newServerBuilderForPort(handshakerServerPort, - InsecureServerCredentials.create()) - .addService(ServerInterceptors.intercept(new AltsHandshakerTestService(), - TestServiceImpl.interceptors())) - .build() - .start(); - } - - private void startAltsServer() throws Exception { - executor = Executors.newSingleThreadScheduledExecutor(); - ServerCredentials serverCreds = AltsServerCredentials.newBuilder() - .enableUntrustedAltsForTesting() - .setHandshakerAddressForTesting(serverHost + ":" + handshakerServerPort).build(); - testServer = Grpc.newServerBuilderForPort(testServerPort, serverCreds) - .addService(ServerInterceptors.intercept( - new TestServiceImpl(executor), TestServiceImpl.interceptors())) - .build() - .start(); - } - - @Before - public void setup() throws Exception { - startHandshakeServer(); - startAltsServer(); - } - - @After - public void stop() { - testServer.shutdownNow(); - handshakeServer.shutdownNow(); - MoreExecutors.shutdownAndAwaitTermination(executor, 5, TimeUnit.SECONDS); - } - - @Test - public void testAlts() { - ChannelCredentials channelCredentials = AltsChannelCredentials.newBuilder() - .enableUntrustedAltsForTesting() - .setHandshakerAddressForTesting(serverHost + ":" + handshakerServerPort).build(); - ManagedChannel channel = - Grpc.newChannelBuilderForAddress(serverHost, testServerPort, channelCredentials).build(); - TestServiceGrpc.TestServiceBlockingStub blockingStub = TestServiceGrpc.newBlockingStub(channel); - assertEquals(EMPTY, blockingStub.emptyCall(EMPTY)); - } -} From c24e5eb9a095e046924302feb9bb7587b6d3e729 Mon Sep 17 00:00:00 2001 From: yifeizhuang Date: Wed, 10 Feb 2021 13:21:37 -0800 Subject: [PATCH 4/5] real example --- examples/example-alts/example-alts/README.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/examples/example-alts/example-alts/README.md b/examples/example-alts/example-alts/README.md index e53bda334f4..dd3578f1078 100644 --- a/examples/example-alts/example-alts/README.md +++ b/examples/example-alts/example-alts/README.md @@ -3,11 +3,21 @@ gRPC ALTS Example This example suite shows secure communication between a Hello World client and a Hello World server authenticated by Google's Application Layer - -Transport Security (ALTS). For more information about ALTS, see +Transport Security (ALTS). For more information about ALTS itself, see [ALTS Whiltepaper](https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security) or [grpc.io tutorial](https://grpc.io/docs/languages/java/alts/). -The application runs successfully in a GCP environment +In the gRPC-java context, for both the ALTS client and the ALTS server, a +`gRPC-client`-backed handshaker is installed in +their channel protocol negotiator. Once +a connection is established between the ALTS Client and the ALTS Server, the +protocol negotiators will trigger +the ALTS handshaking process, which fires multiple rounds of gRPC communication +between multiple parties, including the ALTS client, the ALTS server and +a pre-deployed handshaker +server. At the end, they will reach a shared secret to be used to encrypt the +following RPC calls. + +The example runs successfully in a GCP environment out-of-the-box, and can be further configured to run in any environments with a pre-deployed handshaker service. @@ -49,6 +59,6 @@ That's it! To run the example in a non-GCP environment, you should first deploy a [handshaker service](https://github.com/grpc/grpc/blob/7e367da22a137e2e7caeae8342c239a91434ba50/src/proto/grpc/gcp/handshaker.proto#L224-L234) -and know its name. You have to configure both the [ALTS client](https://github.com/grpc/grpc-java/blob/master/alts/src/main/java/io/grpc/alts/AltsChannelBuilder.java#L63-L76) +and know its name. You should configure both the [ALTS client](https://github.com/grpc/grpc-java/blob/master/alts/src/main/java/io/grpc/alts/AltsChannelBuilder.java#L63-L76) and [ALTS server](https://github.com/grpc/grpc-java/blob/master/alts/src/main/java/io/grpc/alts/AltsServerCredentials.java#L55-L72) -to use the known handshaker server for testing. See [example](placeholder). +to use the known handshaker server for testing. See [example](https://github.com/grpc/grpc-java/blob/master/interop-testing/src/test/java/io/grpc/testing/integration/AltsHandshakerTest.java#L45). From 0c27ff962344d07260724e4b1d94d47665ec0328 Mon Sep 17 00:00:00 2001 From: yifeizhuang Date: Wed, 10 Feb 2021 13:24:38 -0800 Subject: [PATCH 5/5] new line --- examples/example-alts/example-alts/README.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/examples/example-alts/example-alts/README.md b/examples/example-alts/example-alts/README.md index dd3578f1078..f15aa609235 100644 --- a/examples/example-alts/example-alts/README.md +++ b/examples/example-alts/example-alts/README.md @@ -7,13 +7,11 @@ Transport Security (ALTS). For more information about ALTS itself, see [ALTS Whiltepaper](https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security) or [grpc.io tutorial](https://grpc.io/docs/languages/java/alts/). In the gRPC-java context, for both the ALTS client and the ALTS server, a -`gRPC-client`-backed handshaker is installed in -their channel protocol negotiator. Once -a connection is established between the ALTS Client and the ALTS Server, the -protocol negotiators will trigger -the ALTS handshaking process, which fires multiple rounds of gRPC communication -between multiple parties, including the ALTS client, the ALTS server and -a pre-deployed handshaker +`gRPC-client`-backed handshaker is installed in their channel protocol +negotiator. Once a connection is established between the ALTS Client and the +ALTS Server, the protocol negotiators will trigger the ALTS handshaking process, +which fires multiple rounds of gRPC communication between multiple parties, +including the ALTS client, the ALTS server and a pre-deployed handshaker server. At the end, they will reach a shared secret to be used to encrypt the following RPC calls.