You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2019/12/07 06:20:07 UTC
[dubbo] branch master updated: Ssl enhancement (#5438)
This is an automated email from the ASF dual-hosted git repository.
liujun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/master by this push:
new 97e20f5 Ssl enhancement (#5438)
97e20f5 is described below
commit 97e20f50c3d4cf537d28d6a711c4d006a8f2eda5
Author: ken.lj <ke...@gmail.com>
AuthorDate: Sat Dec 7 14:19:55 2019 +0800
Ssl enhancement (#5438)
* ssl enhancement, enable ssl config.
* fix provider override config reexport.
---
.../dubbo/common/constants/CommonConstants.java | 2 +
.../org/apache/dubbo/config/ProtocolConfig.java | 2 +
.../java/org/apache/dubbo/config/SslConfig.java | 89 ++++++++++++++++++++++
.../apache/dubbo/config/spring/ReferenceBean.java | 2 +
.../annotation/DubboConfigConfiguration.java | 4 +-
.../spring/schema/DubboNamespaceHandler.java | 2 +
.../src/main/resources/META-INF/compat/dubbo.xsd | 59 ++++++++++++++
.../src/main/resources/META-INF/dubbo.xsd | 59 ++++++++++++++
.../registry/integration/RegistryProtocol.java | 39 +++++-----
.../java/org/apache/dubbo/remoting/Constants.java | 12 ---
.../remoting/transport/netty4/NettyClient.java | 2 +-
.../remoting/transport/netty4/NettyServer.java | 2 +-
.../remoting/transport/netty4/SslContexts.java | 51 ++++++-------
.../dubbo/rpc/protocol/grpc/GrpcOptionsUtils.java | 50 ++++++------
14 files changed, 288 insertions(+), 87 deletions(-)
diff --git a/dubbo-common/src/main/java/org/apache/dubbo/common/constants/CommonConstants.java b/dubbo-common/src/main/java/org/apache/dubbo/common/constants/CommonConstants.java
index 1709994..1dd81ed 100644
--- a/dubbo-common/src/main/java/org/apache/dubbo/common/constants/CommonConstants.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/common/constants/CommonConstants.java
@@ -292,4 +292,6 @@ public interface CommonConstants {
String INTERFACES = "interfaces";
+ String SSL_ENABLED_KEY = "ssl-enabled";
+
}
diff --git a/dubbo-common/src/main/java/org/apache/dubbo/config/ProtocolConfig.java b/dubbo-common/src/main/java/org/apache/dubbo/config/ProtocolConfig.java
index 205b9f6..a9373e3 100644
--- a/dubbo-common/src/main/java/org/apache/dubbo/config/ProtocolConfig.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/config/ProtocolConfig.java
@@ -22,6 +22,7 @@ import org.apache.dubbo.config.support.Parameter;
import java.util.Map;
import static org.apache.dubbo.common.constants.CommonConstants.DUBBO_VERSION_KEY;
+import static org.apache.dubbo.common.constants.CommonConstants.SSL_ENABLED_KEY;
import static org.apache.dubbo.config.Constants.PROTOCOLS_SUFFIX;
/**
@@ -476,6 +477,7 @@ public class ProtocolConfig extends AbstractConfig {
this.isDefault = isDefault;
}
+ @Parameter(key = SSL_ENABLED_KEY)
public Boolean getSslEnabled() {
return sslEnabled;
}
diff --git a/dubbo-common/src/main/java/org/apache/dubbo/config/SslConfig.java b/dubbo-common/src/main/java/org/apache/dubbo/config/SslConfig.java
index 16232d4..3be7d3e 100644
--- a/dubbo-common/src/main/java/org/apache/dubbo/config/SslConfig.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/config/SslConfig.java
@@ -18,10 +18,17 @@ package org.apache.dubbo.config;
import org.apache.dubbo.common.logger.Logger;
import org.apache.dubbo.common.logger.LoggerFactory;
+import org.apache.dubbo.config.support.Parameter;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.util.concurrent.atomic.AtomicBoolean;
public class SslConfig extends AbstractConfig {
private static final Logger logger = LoggerFactory.getLogger(SslConfig.class);
+ private AtomicBoolean inited = new AtomicBoolean(false);
private String serverKeyCertChainPath;
private String serverPrivateKeyPath;
@@ -33,6 +40,15 @@ public class SslConfig extends AbstractConfig {
private String clientKeyPassword;
private String clientTrustCertCollectionPath;
+ private InputStream serverKeyCertChainPathStream;
+ private InputStream serverPrivateKeyPathStream;
+ private InputStream serverTrustCertCollectionPathStream;
+
+ private InputStream clientKeyCertChainPathStream;
+ private InputStream clientPrivateKeyPathStream;
+ private InputStream clientTrustCertCollectionPathStream;
+
+ @Parameter(key = "server-key-cert-chain-path")
public String getServerKeyCertChainPath() {
return serverKeyCertChainPath;
}
@@ -41,6 +57,7 @@ public class SslConfig extends AbstractConfig {
this.serverKeyCertChainPath = serverKeyCertChainPath;
}
+ @Parameter(key = "server-private-key-path")
public String getServerPrivateKeyPath() {
return serverPrivateKeyPath;
}
@@ -49,6 +66,7 @@ public class SslConfig extends AbstractConfig {
this.serverPrivateKeyPath = serverPrivateKeyPath;
}
+ @Parameter(key = "server-key-password")
public String getServerKeyPassword() {
return serverKeyPassword;
}
@@ -57,6 +75,7 @@ public class SslConfig extends AbstractConfig {
this.serverKeyPassword = serverKeyPassword;
}
+ @Parameter(key = "server-trust-cert-collection-path")
public String getServerTrustCertCollectionPath() {
return serverTrustCertCollectionPath;
}
@@ -65,6 +84,7 @@ public class SslConfig extends AbstractConfig {
this.serverTrustCertCollectionPath = serverTrustCertCollectionPath;
}
+ @Parameter(key = "client-key-cert-chain-path")
public String getClientKeyCertChainPath() {
return clientKeyCertChainPath;
}
@@ -73,6 +93,7 @@ public class SslConfig extends AbstractConfig {
this.clientKeyCertChainPath = clientKeyCertChainPath;
}
+ @Parameter(key = "client-private-key-path")
public String getClientPrivateKeyPath() {
return clientPrivateKeyPath;
}
@@ -81,6 +102,7 @@ public class SslConfig extends AbstractConfig {
this.clientPrivateKeyPath = clientPrivateKeyPath;
}
+ @Parameter(key = "client-key-password")
public String getClientKeyPassword() {
return clientKeyPassword;
}
@@ -89,6 +111,7 @@ public class SslConfig extends AbstractConfig {
this.clientKeyPassword = clientKeyPassword;
}
+ @Parameter(key = "client-trust-cert-collection-path")
public String getClientTrustCertCollectionPath() {
return clientTrustCertCollectionPath;
}
@@ -96,4 +119,70 @@ public class SslConfig extends AbstractConfig {
public void setClientTrustCertCollectionPath(String clientTrustCertCollectionPath) {
this.clientTrustCertCollectionPath = clientTrustCertCollectionPath;
}
+
+ public InputStream getServerKeyCertChainPathStream() throws FileNotFoundException {
+ if (serverKeyCertChainPath != null) {
+ serverKeyCertChainPathStream = new FileInputStream(serverKeyCertChainPath);
+ }
+ return serverKeyCertChainPathStream;
+ }
+
+ public void setServerKeyCertChainPathStream(InputStream serverKeyCertChainPathStream) {
+ this.serverKeyCertChainPathStream = serverKeyCertChainPathStream;
+ }
+
+ public InputStream getServerPrivateKeyPathStream() throws FileNotFoundException {
+ if (serverPrivateKeyPath != null) {
+ serverPrivateKeyPathStream = new FileInputStream(serverPrivateKeyPath);
+ }
+ return serverPrivateKeyPathStream;
+ }
+
+ public void setServerPrivateKeyPathStream(InputStream serverPrivateKeyPathStream) {
+ this.serverPrivateKeyPathStream = serverPrivateKeyPathStream;
+ }
+
+ public InputStream getServerTrustCertCollectionPathStream() throws FileNotFoundException {
+ if (serverTrustCertCollectionPath != null) {
+ serverTrustCertCollectionPathStream = new FileInputStream(serverTrustCertCollectionPath);
+ }
+ return serverTrustCertCollectionPathStream;
+ }
+
+ public void setServerTrustCertCollectionPathStream(InputStream serverTrustCertCollectionPathStream) {
+ this.serverTrustCertCollectionPathStream = serverTrustCertCollectionPathStream;
+ }
+
+ public InputStream getClientKeyCertChainPathStream() throws FileNotFoundException {
+ if (clientKeyCertChainPath != null) {
+ clientKeyCertChainPathStream = new FileInputStream(clientKeyCertChainPath);
+ }
+ return clientKeyCertChainPathStream;
+ }
+
+ public void setClientKeyCertChainPathStream(InputStream clientKeyCertChainPathStream) {
+ this.clientKeyCertChainPathStream = clientKeyCertChainPathStream;
+ }
+
+ public InputStream getClientPrivateKeyPathStream() throws FileNotFoundException {
+ if (clientPrivateKeyPath != null) {
+ clientPrivateKeyPathStream = new FileInputStream(clientPrivateKeyPath);
+ }
+ return clientPrivateKeyPathStream;
+ }
+
+ public void setClientPrivateKeyPathStream(InputStream clientPrivateKeyPathStream) {
+ this.clientPrivateKeyPathStream = clientPrivateKeyPathStream;
+ }
+
+ public InputStream getClientTrustCertCollectionPathStream() throws FileNotFoundException {
+ if (clientTrustCertCollectionPath != null) {
+ clientTrustCertCollectionPathStream = new FileInputStream(clientTrustCertCollectionPath);
+ }
+ return clientTrustCertCollectionPathStream;
+ }
+
+ public void setClientTrustCertCollectionPathStream(InputStream clientTrustCertCollectionPathStream) {
+ this.clientTrustCertCollectionPathStream = clientTrustCertCollectionPathStream;
+ }
}
diff --git a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/ReferenceBean.java b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/ReferenceBean.java
index 69b1479..be9cd71 100644
--- a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/ReferenceBean.java
+++ b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/ReferenceBean.java
@@ -26,6 +26,7 @@ import org.apache.dubbo.config.ProtocolConfig;
import org.apache.dubbo.config.ProviderConfig;
import org.apache.dubbo.config.ReferenceConfig;
import org.apache.dubbo.config.RegistryConfig;
+import org.apache.dubbo.config.SslConfig;
import org.apache.dubbo.config.annotation.Reference;
import org.apache.dubbo.config.spring.extension.SpringExtensionFactory;
import org.apache.dubbo.config.support.Parameter;
@@ -92,6 +93,7 @@ public class ReferenceBean<T> extends ReferenceConfig<T> implements FactoryBean,
beansOfTypeIncludingAncestors(applicationContext, ConfigCenterBean.class);
beansOfTypeIncludingAncestors(applicationContext, MetadataReportConfig.class);
beansOfTypeIncludingAncestors(applicationContext, MetricsConfig.class);
+ beansOfTypeIncludingAncestors(applicationContext, SslConfig.class);
}
@Override
diff --git a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/context/annotation/DubboConfigConfiguration.java b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/context/annotation/DubboConfigConfiguration.java
index 414b827..c4f2ed8 100644
--- a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/context/annotation/DubboConfigConfiguration.java
+++ b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/context/annotation/DubboConfigConfiguration.java
@@ -26,6 +26,7 @@ import org.apache.dubbo.config.MonitorConfig;
import org.apache.dubbo.config.ProtocolConfig;
import org.apache.dubbo.config.ProviderConfig;
import org.apache.dubbo.config.RegistryConfig;
+import org.apache.dubbo.config.SslConfig;
import org.apache.dubbo.config.spring.ConfigCenterBean;
import com.alibaba.spring.beans.factory.annotation.EnableConfigurationBeanBinding;
@@ -64,7 +65,8 @@ public class DubboConfigConfiguration {
@EnableConfigurationBeanBinding(prefix = "dubbo.consumer", type = ConsumerConfig.class),
@EnableConfigurationBeanBinding(prefix = "dubbo.config-center", type = ConfigCenterBean.class),
@EnableConfigurationBeanBinding(prefix = "dubbo.metadata-report", type = MetadataReportConfig.class),
- @EnableConfigurationBeanBinding(prefix = "dubbo.metrics", type = MetricsConfig.class)
+ @EnableConfigurationBeanBinding(prefix = "dubbo.metrics", type = MetricsConfig.class),
+ @EnableConfigurationBeanBinding(prefix = "dubbo.ssl", type = SslConfig.class)
})
public static class Single {
diff --git a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/schema/DubboNamespaceHandler.java b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/schema/DubboNamespaceHandler.java
index 3013eaf..82a4bd7 100644
--- a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/schema/DubboNamespaceHandler.java
+++ b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/schema/DubboNamespaceHandler.java
@@ -26,6 +26,7 @@ import org.apache.dubbo.config.MonitorConfig;
import org.apache.dubbo.config.ProtocolConfig;
import org.apache.dubbo.config.ProviderConfig;
import org.apache.dubbo.config.RegistryConfig;
+import org.apache.dubbo.config.SslConfig;
import org.apache.dubbo.config.spring.ConfigCenterBean;
import org.apache.dubbo.config.spring.ReferenceBean;
import org.apache.dubbo.config.spring.ServiceBean;
@@ -62,6 +63,7 @@ public class DubboNamespaceHandler extends NamespaceHandlerSupport implements Co
registerBeanDefinitionParser("metadata-report", new DubboBeanDefinitionParser(MetadataReportConfig.class, true));
registerBeanDefinitionParser("monitor", new DubboBeanDefinitionParser(MonitorConfig.class, true));
registerBeanDefinitionParser("metrics", new DubboBeanDefinitionParser(MetricsConfig.class, true));
+ registerBeanDefinitionParser("ssl", new DubboBeanDefinitionParser(SslConfig.class, true));
registerBeanDefinitionParser("provider", new DubboBeanDefinitionParser(ProviderConfig.class, true));
registerBeanDefinitionParser("consumer", new DubboBeanDefinitionParser(ConsumerConfig.class, true));
registerBeanDefinitionParser("protocol", new DubboBeanDefinitionParser(ProtocolConfig.class, true));
diff --git a/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/compat/dubbo.xsd b/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/compat/dubbo.xsd
index 5d72925..fcc665b 100644
--- a/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/compat/dubbo.xsd
+++ b/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/compat/dubbo.xsd
@@ -1376,6 +1376,65 @@
</xsd:complexContent>
</xsd:complexType>
+ <xsd:complexType name="sslType">
+ <xsd:attribute name="id" type="xsd:ID">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The unique identifier for a bean. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-key-cert-chain-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-private-key-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-key-password" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-trust-cert-collection-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The trusted server cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-key-cert-chain-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-private-key-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-key-password" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client key pwd. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-trust-cert-collection-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The trusted client cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+
+ <xsd:element name="ssl" type="sslType">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The ssl config ]]></xsd:documentation>
+ <xsd:appinfo>
+ <tool:annotation>
+ <tool:exports type="org.apache.dubbo.config.SslConfig"/>
+ </tool:annotation>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+
<xsd:element name="application" type="applicationType">
<xsd:annotation>
<xsd:documentation><![CDATA[ The application config ]]></xsd:documentation>
diff --git a/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/dubbo.xsd b/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/dubbo.xsd
index 9576f38..73ef76d 100644
--- a/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/dubbo.xsd
+++ b/dubbo-config/dubbo-config-spring/src/main/resources/META-INF/dubbo.xsd
@@ -1376,6 +1376,65 @@
</xsd:complexContent>
</xsd:complexType>
+ <xsd:complexType name="sslType">
+ <xsd:attribute name="id" type="xsd:ID">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The unique identifier for a bean. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-key-cert-chain-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-private-key-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-key-password" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The server key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="server-trust-cert-collection-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The trusted server cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-key-cert-chain-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-private-key-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client key. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-key-password" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The client key pwd. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="client-trust-cert-collection-path" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The trusted client cert. ]]></xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+
+ <xsd:element name="ssl" type="sslType">
+ <xsd:annotation>
+ <xsd:documentation><![CDATA[ The ssl config ]]></xsd:documentation>
+ <xsd:appinfo>
+ <tool:annotation>
+ <tool:exports type="org.apache.dubbo.config.SslConfig"/>
+ </tool:annotation>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+
<xsd:complexType name="annotationType">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
diff --git a/dubbo-registry/dubbo-registry-api/src/main/java/org/apache/dubbo/registry/integration/RegistryProtocol.java b/dubbo-registry/dubbo-registry-api/src/main/java/org/apache/dubbo/registry/integration/RegistryProtocol.java
index fb3d0e9..711baa0 100644
--- a/dubbo-registry/dubbo-registry-api/src/main/java/org/apache/dubbo/registry/integration/RegistryProtocol.java
+++ b/dubbo-registry/dubbo-registry-api/src/main/java/org/apache/dubbo/registry/integration/RegistryProtocol.java
@@ -48,7 +48,6 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
@@ -204,7 +203,7 @@ public class RegistryProtocol implements Protocol {
// url to registry
final Registry registry = getRegistry(originInvoker);
final URL registeredProviderUrl = getUrlToRegistry(providerUrl, registryUrl);
- //to judge if we need to delay publish
+ // decide if we need to delay publish
boolean register = providerUrl.getParameter(REGISTER_KEY, true);
if (register) {
register(registryUrl, registeredProviderUrl);
@@ -243,34 +242,30 @@ public class RegistryProtocol implements Protocol {
URL registryUrl = getRegistryUrl(originInvoker);
final URL newProviderUrl = getUrlToRegistry(newInvokerUrl, registryUrl);
- getRegisteredUrl(registryUrl, newProviderUrl)
- .ifPresent(oldProviderUrl -> {
- if (!newProviderUrl.equals(oldProviderUrl)) {
- Registry registry = getRegistry(originInvoker);
- registry.unregister(oldProviderUrl);
- registry.register(newProviderUrl);
- exporter.setRegisterUrl(newProviderUrl);
- }
- });
+ ProviderModel.RegisterStatedURL statedUrl = getStatedUrl(registryUrl, newProviderUrl);
+
+ if (!newProviderUrl.equals(statedUrl.getProviderUrl())) {
+ if (statedUrl.isRegistered()) {
+ Registry registry = getRegistry(originInvoker);
+ logger.info("Try to unregister old url: " + statedUrl.getProviderUrl());
+ registry.unregister(statedUrl.getProviderUrl());
+ logger.info("Try to register new url: " + newProviderUrl);
+ registry.register(newProviderUrl);
+ }
+ statedUrl.setProviderUrl(newProviderUrl);
+ exporter.setRegisterUrl(newProviderUrl);
+ }
}
- private Optional<URL> getRegisteredUrl(URL registryUrl, URL providerUrl) {
+ private ProviderModel.RegisterStatedURL getStatedUrl(URL registryUrl, URL providerUrl) {
ProviderModel providerModel = ApplicationModel.getServiceRepository()
.lookupExportedService(providerUrl.getServiceKey());
List<ProviderModel.RegisterStatedURL> statedUrls = providerModel.getStatedUrl();
- Optional<ProviderModel.RegisterStatedURL> statedUrlOptional = statedUrls.stream()
+ return statedUrls.stream()
.filter(u -> u.getRegistryUrl().equals(registryUrl)
&& u.getProviderUrl().getProtocol().equals(providerUrl.getProtocol()))
- .findFirst();
-
- if (statedUrlOptional.isPresent()) {
- ProviderModel.RegisterStatedURL statedURL = statedUrlOptional.get();
- if (statedURL.isRegistered()) {
- return Optional.of(statedURL.getProviderUrl());
- }
- }
- return Optional.empty();
+ .findFirst().orElseThrow(() -> new IllegalStateException("There should have at least one registered url."));
}
/**
diff --git a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/Constants.java b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/Constants.java
index 3aeb7c9..b974769 100644
--- a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/Constants.java
+++ b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/Constants.java
@@ -135,16 +135,4 @@ public interface Constants {
String CONNECTIONS_KEY = "connections";
int DEFAULT_BACKLOG = 1024;
-
- String SSL_ENABLED_KEY = "ssl-enabled";
-
- String SSL_SERVER_CERT_PATH_KEY = "ssl.server.cert.path";
- String SSL_SERVER_KEY_PATH_KEY = "ssl.server.key.path";
- String SSL_SERVER_TRUST_CERT_PATH_KEY = "ssl.server.trust.cert.path";
- String SSL_SERVER_KEY_PASSWORD_KEY = "ssl.server.key.password";
-
- String SSL_CLIENT_CERT_PATH_KEY = "ssl.client.cert.path";
- String SSL_CLIENT_KEY_PATH_KEY = "ssl.client.key.path";
- String SSL_CLIENT_TRUST_CERT_PATH_KEY = "ssl.client.trust.cert.path";
- String SSL_CLIENT_KEY_PASSWORD_KEY = "ssl.client.key.password";
}
\ No newline at end of file
diff --git a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyClient.java b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyClient.java
index cb83072..f50460f 100644
--- a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyClient.java
+++ b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyClient.java
@@ -43,7 +43,7 @@ import io.netty.util.concurrent.DefaultThreadFactory;
import java.net.InetSocketAddress;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static org.apache.dubbo.remoting.Constants.SSL_ENABLED_KEY;
+import static org.apache.dubbo.common.constants.CommonConstants.SSL_ENABLED_KEY;
/**
* NettyClient.
diff --git a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyServer.java b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyServer.java
index 8f19e4e..b99d583 100644
--- a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyServer.java
+++ b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyServer.java
@@ -49,7 +49,7 @@ import java.util.Map;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.apache.dubbo.common.constants.CommonConstants.IO_THREADS_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_ENABLED_KEY;
+import static org.apache.dubbo.common.constants.CommonConstants.SSL_ENABLED_KEY;
/**
* NettyServer.
diff --git a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/SslContexts.java b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/SslContexts.java
index 09548d7..94feda6 100644
--- a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/SslContexts.java
+++ b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/SslContexts.java
@@ -19,6 +19,9 @@ package org.apache.dubbo.remoting.transport.netty4;
import org.apache.dubbo.common.URL;
import org.apache.dubbo.common.logger.Logger;
import org.apache.dubbo.common.logger.LoggerFactory;
+import org.apache.dubbo.config.SslConfig;
+import org.apache.dubbo.config.context.ConfigManager;
+import org.apache.dubbo.rpc.model.ApplicationModel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
@@ -27,38 +30,31 @@ import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import javax.net.ssl.SSLException;
-import java.io.File;
+import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_KEY_PASSWORD_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_KEY_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_TRUST_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_KEY_PASSWORD_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_KEY_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_TRUST_CERT_PATH_KEY;
-
public class SslContexts {
private static final Logger logger = LoggerFactory.getLogger(SslContexts.class);
public static SslContext buildServerSslContext(URL url) {
+ ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
+ SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
+
SslContextBuilder sslClientContextBuilder = null;
try {
- String password = url.getParameter(SSL_SERVER_KEY_PASSWORD_KEY);
+ String password = sslConfig.getServerKeyPassword();
if (password != null) {
- sslClientContextBuilder = SslContextBuilder.forServer(new File(url.getParameter(SSL_SERVER_CERT_PATH_KEY)),
- new File(url.getParameter(SSL_SERVER_KEY_PATH_KEY)));
+ sslClientContextBuilder = SslContextBuilder.forServer(sslConfig.getServerKeyCertChainPathStream(),
+ sslConfig.getServerPrivateKeyPathStream(), password);
} else {
- sslClientContextBuilder = SslContextBuilder.forServer(new File(url.getParameter(SSL_SERVER_CERT_PATH_KEY)),
- new File(url.getParameter(SSL_SERVER_KEY_PATH_KEY)), password);
+ sslClientContextBuilder = SslContextBuilder.forServer(sslConfig.getServerKeyCertChainPathStream(),
+ sslConfig.getServerPrivateKeyPathStream());
}
- String trustCertCollectionFilePath = url.getParameter(SSL_SERVER_TRUST_CERT_PATH_KEY);
- if (trustCertCollectionFilePath != null) {
- sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
+ if (sslConfig.getServerTrustCertCollectionPathStream() != null) {
+ sslClientContextBuilder.trustManager(sslConfig.getServerTrustCertCollectionPathStream());
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
} catch (Exception e) {
@@ -72,20 +68,23 @@ public class SslContexts {
}
public static SslContext buildClientSslContext(URL url) {
+ ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
+ SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
+
SslContextBuilder builder = SslContextBuilder.forClient();
- String trustCertCollectionFilePath = url.getParameter(SSL_CLIENT_TRUST_CERT_PATH_KEY);
try {
- if (trustCertCollectionFilePath != null) {
- builder.trustManager(new File(trustCertCollectionFilePath));
+ if (sslConfig.getClientTrustCertCollectionPathStream() != null) {
+ builder.trustManager(sslConfig.getClientTrustCertCollectionPathStream());
}
- String clientCertChainFilePath = url.getParameter(SSL_CLIENT_CERT_PATH_KEY);
- String clientPrivateKeyFilePath = url.getParameter(SSL_CLIENT_KEY_PATH_KEY);
+
+ InputStream clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
+ InputStream clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
- String password = url.getParameter(SSL_CLIENT_KEY_PASSWORD_KEY);
+ String password = sslConfig.getClientKeyPassword();
if (password != null) {
- builder.keyManager(new File(clientCertChainFilePath), new File(clientPrivateKeyFilePath), password);
+ builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
} else {
- builder.keyManager(new File(clientCertChainFilePath), new File(clientPrivateKeyFilePath));
+ builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
}
}
} catch (Exception e) {
diff --git a/dubbo-rpc/dubbo-rpc-grpc/src/main/java/org/apache/dubbo/rpc/protocol/grpc/GrpcOptionsUtils.java b/dubbo-rpc/dubbo-rpc-grpc/src/main/java/org/apache/dubbo/rpc/protocol/grpc/GrpcOptionsUtils.java
index cfc02d7..d1b1cda 100644
--- a/dubbo-rpc/dubbo-rpc-grpc/src/main/java/org/apache/dubbo/rpc/protocol/grpc/GrpcOptionsUtils.java
+++ b/dubbo-rpc/dubbo-rpc-grpc/src/main/java/org/apache/dubbo/rpc/protocol/grpc/GrpcOptionsUtils.java
@@ -20,6 +20,9 @@ import org.apache.dubbo.common.URL;
import org.apache.dubbo.common.extension.ExtensionLoader;
import org.apache.dubbo.common.threadpool.ThreadPool;
import org.apache.dubbo.common.utils.CollectionUtils;
+import org.apache.dubbo.config.SslConfig;
+import org.apache.dubbo.config.context.ConfigManager;
+import org.apache.dubbo.rpc.model.ApplicationModel;
import org.apache.dubbo.rpc.protocol.grpc.interceptors.ClientInterceptor;
import org.apache.dubbo.rpc.protocol.grpc.interceptors.GrpcConfigurator;
import org.apache.dubbo.rpc.protocol.grpc.interceptors.ServerInterceptor;
@@ -36,7 +39,7 @@ import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import javax.net.ssl.SSLException;
-import java.io.File;
+import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
@@ -44,16 +47,8 @@ import java.util.Set;
import static org.apache.dubbo.common.constants.CommonConstants.CONSUMER_SIDE;
import static org.apache.dubbo.common.constants.CommonConstants.PROVIDER_SIDE;
+import static org.apache.dubbo.common.constants.CommonConstants.SSL_ENABLED_KEY;
import static org.apache.dubbo.remoting.Constants.DISPATCHER_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_KEY_PASSWORD_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_KEY_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_CLIENT_TRUST_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_ENABLED_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_CERT_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_KEY_PASSWORD_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_KEY_PATH_KEY;
-import static org.apache.dubbo.remoting.Constants.SSL_SERVER_TRUST_CERT_PATH_KEY;
import static org.apache.dubbo.rpc.Constants.EXECUTES_KEY;
import static org.apache.dubbo.rpc.protocol.grpc.GrpcConstants.CLIENT_INTERCEPTORS;
import static org.apache.dubbo.rpc.protocol.grpc.GrpcConstants.EXECUTOR;
@@ -158,20 +153,23 @@ public class GrpcOptionsUtils {
}
private static SslContext buildServerSslContext(URL url) {
+ ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
+ SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
+
SslContextBuilder sslClientContextBuilder = null;
try {
- String password = url.getParameter(SSL_SERVER_KEY_PASSWORD_KEY);
+ String password = sslConfig.getServerKeyPassword();
if (password != null) {
- sslClientContextBuilder = GrpcSslContexts.forServer(new File(url.getParameter(SSL_SERVER_CERT_PATH_KEY)),
- new File(url.getParameter(SSL_SERVER_KEY_PATH_KEY)));
+ sslClientContextBuilder = GrpcSslContexts.forServer(sslConfig.getServerKeyCertChainPathStream(),
+ sslConfig.getServerPrivateKeyPathStream(), password);
} else {
- sslClientContextBuilder = GrpcSslContexts.forServer(new File(url.getParameter(SSL_SERVER_CERT_PATH_KEY)),
- new File(url.getParameter(SSL_SERVER_KEY_PATH_KEY)), password);
+ sslClientContextBuilder = GrpcSslContexts.forServer(sslConfig.getServerKeyCertChainPathStream(),
+ sslConfig.getServerPrivateKeyPathStream());
}
- String trustCertCollectionFilePath = url.getParameter(SSL_SERVER_TRUST_CERT_PATH_KEY);
+ InputStream trustCertCollectionFilePath = sslConfig.getServerTrustCertCollectionPathStream();
if (trustCertCollectionFilePath != null) {
- sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
+ sslClientContextBuilder.trustManager(trustCertCollectionFilePath);
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
} catch (Exception e) {
@@ -185,20 +183,24 @@ public class GrpcOptionsUtils {
}
private static SslContext buildClientSslContext(URL url) {
+ ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
+ SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
+
+
SslContextBuilder builder = GrpcSslContexts.forClient();
- String trustCertCollectionFilePath = url.getParameter(SSL_CLIENT_TRUST_CERT_PATH_KEY);
try {
+ InputStream trustCertCollectionFilePath = sslConfig.getClientTrustCertCollectionPathStream();
if (trustCertCollectionFilePath != null) {
- builder.trustManager(new File(trustCertCollectionFilePath));
+ builder.trustManager(trustCertCollectionFilePath);
}
- String clientCertChainFilePath = url.getParameter(SSL_CLIENT_CERT_PATH_KEY);
- String clientPrivateKeyFilePath = url.getParameter(SSL_CLIENT_KEY_PATH_KEY);
+ InputStream clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
+ InputStream clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
- String password = url.getParameter(SSL_CLIENT_KEY_PASSWORD_KEY);
+ String password = sslConfig.getClientKeyPassword();
if (password != null) {
- builder.keyManager(new File(clientCertChainFilePath), new File(clientPrivateKeyFilePath), password);
+ builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
} else {
- builder.keyManager(new File(clientCertChainFilePath), new File(clientPrivateKeyFilePath));
+ builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
}
}
} catch (Exception e) {