src/main/java/com/google/devtools/build/lib/remote/ChannelOptions.java - bazel - Git at Google

 // Copyright 2017 The Bazel Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //    http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.devtools.build.lib.remote;

 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.devtools.build.lib.authandtls.AuthAndTLSOptions;
 import com.google.devtools.build.lib.concurrent.ThreadSafety.ThreadSafe;
 import com.google.devtools.common.options.Options;
 import io.grpc.CallCredentials;
 import io.grpc.auth.MoreCallCredentials;
 import io.grpc.netty.GrpcSslContexts;
 import io.netty.handler.ssl.SslContext;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLException;

 /** Instantiate all authentication helpers from build options. */
 @ThreadSafe
 public final class ChannelOptions {
   private final boolean tlsEnabled;
   private final SslContext sslContext;
   private final String tlsAuthorityOverride;
   private final CallCredentials credentials;
   public static final ChannelOptions DEFAULT = create(Options.getDefaults(AuthAndTLSOptions.class));

   private ChannelOptions(
       boolean tlsEnabled,
       SslContext sslContext,
       String tlsAuthorityOverride,
       CallCredentials credentials) {
     this.tlsEnabled = tlsEnabled;
     this.sslContext = sslContext;
     this.tlsAuthorityOverride = tlsAuthorityOverride;
     this.credentials = credentials;
   }

   public boolean tlsEnabled() {
     return tlsEnabled;
   }

   public CallCredentials getCallCredentials() {
     return credentials;
   }

   public String getTlsAuthorityOverride() {
     return tlsAuthorityOverride;
   }

   public SslContext getSslContext() {
     return sslContext;
   }

   public static ChannelOptions create(AuthAndTLSOptions options) {
     try {
       return create(
           options,
           options.authCredentials != null
               ? new FileInputStream(options.authCredentials)
               : null);
     } catch (IOException e) {
       throw new IllegalArgumentException(
           "Failed initializing auth credentials for remote cache/execution " + e);
     }
   }

   @VisibleForTesting
   public static ChannelOptions create(
       AuthAndTLSOptions options,
       @Nullable InputStream credentialsInputStream) {
     boolean tlsEnabled = options.tlsEnabled;
     SslContext sslContext = null;
     String tlsAuthorityOverride = options.tlsAuthorityOverride;
     CallCredentials credentials = null;
     if (options.tlsEnabled && options.tlsCertificate != null) {
       try {
         sslContext =
             GrpcSslContexts.forClient().trustManager(new File(options.tlsCertificate)).build();
       } catch (SSLException e) {
         throw new IllegalArgumentException(
             "SSL error initializing cert " + options.tlsCertificate + " : " + e);
       }
     }
     if (options.authEnabled) {
       try {
         GoogleCredentials creds =
             credentialsInputStream == null
                 ? GoogleCredentials.getApplicationDefault()
                 : GoogleCredentials.fromStream(credentialsInputStream);
         if (options.authScope != null) {
           creds = creds.createScoped(ImmutableList.of(options.authScope));
         }
         credentials = MoreCallCredentials.from(creds);
       } catch (IOException e) {
         throw new IllegalArgumentException(
             "Failed initializing auth credentials for remote cache/execution " + e);
       }
     }
     return new ChannelOptions(
         tlsEnabled, sslContext, tlsAuthorityOverride, credentials);
   }
 }
	// Copyright 2017 The Bazel Authors. All rights reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.devtools.build.lib.remote;

	import com.google.auth.oauth2.GoogleCredentials;
	import com.google.common.annotations.VisibleForTesting;
	import com.google.common.collect.ImmutableList;
	import com.google.devtools.build.lib.authandtls.AuthAndTLSOptions;
	import com.google.devtools.build.lib.concurrent.ThreadSafety.ThreadSafe;
	import com.google.devtools.common.options.Options;
	import io.grpc.CallCredentials;
	import io.grpc.auth.MoreCallCredentials;
	import io.grpc.netty.GrpcSslContexts;
	import io.netty.handler.ssl.SslContext;
	import java.io.File;
	import java.io.FileInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import javax.annotation.Nullable;
	import javax.net.ssl.SSLException;

	/** Instantiate all authentication helpers from build options. */
	@ThreadSafe
	public final class ChannelOptions {
	private final boolean tlsEnabled;
	private final SslContext sslContext;
	private final String tlsAuthorityOverride;
	private final CallCredentials credentials;
	public static final ChannelOptions DEFAULT = create(Options.getDefaults(AuthAndTLSOptions.class));

	private ChannelOptions(
	boolean tlsEnabled,
	SslContext sslContext,
	String tlsAuthorityOverride,
	CallCredentials credentials) {
	this.tlsEnabled = tlsEnabled;
	this.sslContext = sslContext;
	this.tlsAuthorityOverride = tlsAuthorityOverride;
	this.credentials = credentials;
	}

	public boolean tlsEnabled() {
	return tlsEnabled;
	}

	public CallCredentials getCallCredentials() {
	return credentials;
	}

	public String getTlsAuthorityOverride() {
	return tlsAuthorityOverride;
	}

	public SslContext getSslContext() {
	return sslContext;
	}

	public static ChannelOptions create(AuthAndTLSOptions options) {
	try {
	return create(
	options,
	options.authCredentials != null
	? new FileInputStream(options.authCredentials)
	: null);
	} catch (IOException e) {
	throw new IllegalArgumentException(
	"Failed initializing auth credentials for remote cache/execution " + e);
	}
	}

	@VisibleForTesting
	public static ChannelOptions create(
	AuthAndTLSOptions options,
	@Nullable InputStream credentialsInputStream) {
	boolean tlsEnabled = options.tlsEnabled;
	SslContext sslContext = null;
	String tlsAuthorityOverride = options.tlsAuthorityOverride;
	CallCredentials credentials = null;
	if (options.tlsEnabled && options.tlsCertificate != null) {
	try {
	sslContext =
	GrpcSslContexts.forClient().trustManager(new File(options.tlsCertificate)).build();
	} catch (SSLException e) {
	throw new IllegalArgumentException(
	"SSL error initializing cert " + options.tlsCertificate + " : " + e);
	}
	}
	if (options.authEnabled) {
	try {
	GoogleCredentials creds =
	credentialsInputStream == null
	? GoogleCredentials.getApplicationDefault()
	: GoogleCredentials.fromStream(credentialsInputStream);
	if (options.authScope != null) {
	creds = creds.createScoped(ImmutableList.of(options.authScope));
	}
	credentials = MoreCallCredentials.from(creds);
	} catch (IOException e) {
	throw new IllegalArgumentException(
	"Failed initializing auth credentials for remote cache/execution " + e);
	}
	}
	return new ChannelOptions(
	tlsEnabled, sslContext, tlsAuthorityOverride, credentials);
	}
	}