comm

package
v0.0.0-...-b544036 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 16, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultMaxRecvMsgSize = 100 * 1024 * 1024
	DefaultMaxSendMsgSize = 100 * 1024 * 1024
)

Max send and receive bytes for grpc clients and servers

Variables

View Source
var (
	// Default peer keepalive options
	DefaultKeepaliveOptions = KeepaliveOptions{
		ClientInterval:    time.Duration(1) * time.Minute,
		ClientTimeout:     time.Duration(20) * time.Second,
		ServerInterval:    time.Duration(2) * time.Hour,
		ServerTimeout:     time.Duration(20) * time.Second,
		ServerMinInterval: time.Duration(1) * time.Minute,
	}
	// strong TLS cipher suites
	DefaultTLSCipherSuites = []uint16{
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	}
	// default connection timeout
	DefaultConnectionTimeout = 5 * time.Second
)
View Source
var (
	ErrClientHandshakeNotImplemented = errors.New("core/comm: client handshakes are not implemented with serverCreds")
	ErrServerHandshakeNotImplemented = errors.New("core/comm: server handshakes are not implemented with clientCreds")
	ErrOverrideHostnameNotSupported  = errors.New("core/comm: OverrideServerName is not supported")
)

Functions

func NewServerTransportCredentials

func NewServerTransportCredentials(
	serverConfig *TLSConfig,
	logger *flogging.FabricLogger) credentials.TransportCredentials

NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

Types

type ClientConfig

type ClientConfig struct {
	// SecOpts defines the security parameters
	SecOpts SecureOptions
	// KaOpts defines the keepalive parameters
	KaOpts KeepaliveOptions
	// DialTimeout controls how long the client can block when attempting to
	// establish a connection to a server
	DialTimeout time.Duration
	// AsyncConnect makes connection creation non blocking
	AsyncConnect bool
	// Maximum message size the client can receive
	MaxRecvMsgSize int
	// Maximum message size the client can send
	MaxSendMsgSize int
}

ClientConfig defines the parameters for configuring a GRPCClient instance

func (ClientConfig) Dial

func (cc ClientConfig) Dial(address string) (*grpc.ClientConn, error)

func (ClientConfig) DialOptions

func (cc ClientConfig) DialOptions() ([]grpc.DialOption, error)

Convert the ClientConfig to the approriate set of grpc.DialOptions.

type CredentialSupport

type CredentialSupport struct {
	// contains filtered or unexported fields
}

CredentialSupport type manages credentials used for gRPC client connections

func NewCredentialSupport

func NewCredentialSupport(rootCAs ...[]byte) *CredentialSupport

NewCredentialSupport creates a CredentialSupport instance.

func (*CredentialSupport) AppRootCAsByChain

func (cs *CredentialSupport) AppRootCAsByChain() map[string][][]byte

func (*CredentialSupport) BuildTrustedRootsForChain

func (cs *CredentialSupport) BuildTrustedRootsForChain(cm channelconfig.Resources)

BuildTrustedRootsForChain populates the appRootCAs and orderRootCAs maps by getting the root and intermediate certs for all msps associated with the MSPManager.

func (*CredentialSupport) GetClientCertificate

func (cs *CredentialSupport) GetClientCertificate() tls.Certificate

GetClientCertificate returns the client certificate of the CredentialSupport

func (*CredentialSupport) GetPeerCredentials

func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

GetPeerCredentials returns gRPC transport credentials for use by gRPC clients which communicate with remote peer endpoints.

func (*CredentialSupport) SetClientCertificate

func (cs *CredentialSupport) SetClientCertificate(cert tls.Certificate)

SetClientCertificate sets the tls.Certificate to use for gRPC client connections

type DynamicClientCredentials

type DynamicClientCredentials struct {
	TLSConfig *tls.Config
}

func (*DynamicClientCredentials) ClientHandshake

func (dtc *DynamicClientCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)

func (*DynamicClientCredentials) Clone

func (*DynamicClientCredentials) Info

func (*DynamicClientCredentials) OverrideServerName

func (dtc *DynamicClientCredentials) OverrideServerName(name string) error

func (*DynamicClientCredentials) ServerHandshake

func (dtc *DynamicClientCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)

type GRPCServer

type GRPCServer struct {
	// contains filtered or unexported fields
}

func NewGRPCServer

func NewGRPCServer(address string, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServer creates a new implementation of a GRPCServer given a listen address

func NewGRPCServerFromListener

func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

func (*GRPCServer) Address

func (gServer *GRPCServer) Address() string

Address returns the listen address for this GRPCServer instance

func (*GRPCServer) Listener

func (gServer *GRPCServer) Listener() net.Listener

Listener returns the net.Listener for the GRPCServer instance

func (*GRPCServer) MutualTLSRequired

func (gServer *GRPCServer) MutualTLSRequired() bool

MutualTLSRequired is a flag indicating whether or not client certificates are required for this GRPCServer instance

func (*GRPCServer) Server

func (gServer *GRPCServer) Server() *grpc.Server

Server returns the grpc.Server for the GRPCServer instance

func (*GRPCServer) ServerCertificate

func (gServer *GRPCServer) ServerCertificate() tls.Certificate

ServerCertificate returns the tls.Certificate used by the grpc.Server

func (*GRPCServer) SetClientRootCAs

func (gServer *GRPCServer) SetClientRootCAs(clientRoots [][]byte) error

SetClientRootCAs sets the list of authorities used to verify client certificates based on a list of PEM-encoded X509 certificate authorities

func (*GRPCServer) SetServerCertificate

func (gServer *GRPCServer) SetServerCertificate(cert tls.Certificate)

SetServerCertificate assigns the current TLS certificate to be the peer's server certificate

func (*GRPCServer) Start

func (gServer *GRPCServer) Start() error

Start starts the underlying grpc.Server

func (*GRPCServer) Stop

func (gServer *GRPCServer) Stop()

Stop stops the underlying grpc.Server

func (*GRPCServer) TLSEnabled

func (gServer *GRPCServer) TLSEnabled() bool

TLSEnabled is a flag indicating whether or not TLS is enabled for the GRPCServer instance

type KeepaliveOptions

type KeepaliveOptions struct {
	// ClientInterval is the duration after which if the client does not see
	// any activity from the server it pings the server to see if it is alive
	ClientInterval time.Duration
	// ClientTimeout is the duration the client waits for a response
	// from the server after sending a ping before closing the connection
	ClientTimeout time.Duration
	// ServerInterval is the duration after which if the server does not see
	// any activity from the client it pings the client to see if it is alive
	ServerInterval time.Duration
	// ServerTimeout is the duration the server waits for a response
	// from the client after sending a ping before closing the connection
	ServerTimeout time.Duration
	// ServerMinInterval is the minimum permitted time between client pings.
	// If clients send pings more frequently, the server will disconnect them
	ServerMinInterval time.Duration
}

KeepaliveOptions is used to set the gRPC keepalive settings for both clients and servers

func (KeepaliveOptions) ClientKeepaliveOptions

func (ka KeepaliveOptions) ClientKeepaliveOptions() []grpc.DialOption

ClientKeepaliveOptions returns gRPC keepalive dial options for clients.

func (KeepaliveOptions) ServerKeepaliveOptions

func (ka KeepaliveOptions) ServerKeepaliveOptions() []grpc.ServerOption

ServerKeepaliveOptions returns gRPC keepalive options for a server.

type Metrics

type Metrics struct {
	// OpenConnCounter keeps track of number of open connections
	OpenConnCounter metrics.Counter
	// ClosedConnCounter keeps track of number connections closed
	ClosedConnCounter metrics.Counter
}

type SecureOptions

type SecureOptions struct {
	// VerifyCertificate, if not nil, is called after normal
	// certificate verification by either a TLS client or server.
	// If it returns a non-nil error, the handshake is aborted and that error results.
	VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
	// PEM-encoded X509 public key to be used for TLS communication
	Certificate []byte
	// PEM-encoded private key to be used for TLS communication
	Key []byte
	// Set of PEM-encoded X509 certificate authorities used by clients to
	// verify server certificates
	ServerRootCAs [][]byte
	// Set of PEM-encoded X509 certificate authorities used by servers to
	// verify client certificates
	ClientRootCAs [][]byte
	// Whether or not to use TLS for communication
	UseTLS bool
	// Whether or not TLS client must present certificates for authentication
	RequireClientCert bool
	// CipherSuites is a list of supported cipher suites for TLS
	CipherSuites []uint16
	// TimeShift makes TLS handshakes time sampling shift to the past by a given duration
	TimeShift time.Duration
	// ServerNameOverride is used to verify the hostname on the returned certificates. It
	// is also included in the client's handshake to support virtual hosting
	// unless it is an IP address.
	ServerNameOverride string
}

SecureOptions defines the TLS security parameters for a GRPCServer or GRPCClient instance.

func (SecureOptions) ClientCertificate

func (so SecureOptions) ClientCertificate() (tls.Certificate, error)

ClientCertificate returns the client certificate that will be used for mutual TLS.

func (SecureOptions) TLSConfig

func (so SecureOptions) TLSConfig() (*tls.Config, error)

type ServerConfig

type ServerConfig struct {
	// ConnectionTimeout specifies the timeout for connection establishment
	// for all new connections
	ConnectionTimeout time.Duration
	// SecOpts defines the security parameters
	SecOpts SecureOptions
	// KaOpts defines the keepalive parameters
	KaOpts KeepaliveOptions
	// StreamInterceptors specifies a list of interceptors to apply to
	// streaming RPCs.  They are executed in order.
	StreamInterceptors []grpc.StreamServerInterceptor
	// UnaryInterceptors specifies a list of interceptors to apply to unary
	// RPCs.  They are executed in order.
	UnaryInterceptors []grpc.UnaryServerInterceptor
	// Logger specifies the logger the server will use
	Logger *flogging.FabricLogger
	// HealthCheckEnabled enables the gRPC Health Checking Protocol for the server
	HealthCheckEnabled bool
	// ServerStatsHandler should be set if metrics on connections are to be reported.
	ServerStatsHandler *ServerStatsHandler
	// Maximum message size the server can receive
	MaxRecvMsgSize int
	// Maximum message size the server can send
	MaxSendMsgSize int
}

ServerConfig defines the parameters for configuring a GRPCServer instance

type ServerStatsHandler

type ServerStatsHandler struct {
	OpenConnCounter   metrics.Counter
	ClosedConnCounter metrics.Counter
}

func NewServerStatsHandler

func NewServerStatsHandler(p metrics.Provider) *ServerStatsHandler

func (*ServerStatsHandler) HandleConn

func (h *ServerStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats)

func (*ServerStatsHandler) HandleRPC

func (h *ServerStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats)

func (*ServerStatsHandler) TagConn

func (*ServerStatsHandler) TagRPC

type TLSConfig

type TLSConfig struct {
	// contains filtered or unexported fields
}

func NewTLSConfig

func NewTLSConfig(config *tls.Config) *TLSConfig

func (*TLSConfig) AddClientRootCA

func (t *TLSConfig) AddClientRootCA(cert *x509.Certificate)

func (*TLSConfig) Config

func (t *TLSConfig) Config() tls.Config

func (*TLSConfig) SetClientCAs

func (t *TLSConfig) SetClientCAs(certPool *x509.CertPool)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL