I have seen examples on how to do this for the client side, but the ServerBuilder class seems to only take a certificate and key file when configuring for ssl. I don't see anyway to set the sslContext or channel. Only a useTransportSecurity(File certChain, File privateKey) method that requires the certChain and a private key. Can I extract those from the keystore programmatically? Currently I instantiate the server as follows:
server = ServerBuilder.forPort(port). useTransportSecurity(certFile, keyFile).addService(this).build().start();
Other pieces of the application are using jks trust/keystores and we would prefer not to store the keys in two locations.
The default ServerBuilder
is limited as you already have discovered. I would advice to use NettyServerBuilder
which is capable of handling different kinds of input such as KeyStore, KeyManager etc.
Add the following dependency to your project:
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManager).trustManager(trustManager);
SslContext sslContext = GrpcSslContexts.configure(sslContextBuilder).build();
Server server = NettyServerBuilder.forPort(8443)
.addService(new HelloServiceImpl())
The KeyManager/TrustManager can be built with the factory classes:
See also here for other configurations: DZone - Secure Your gRPC Services With SSL/TLS