[pinpoint-apm#9882] Extract Grpc SSL Module

Author: emeroad

grpc/src/main/java/com/navercorp/pinpoint/grpc/client/ChannelFactoryBuilder.java

@@ -18,9 +18,9 @@
 
 import com.navercorp.pinpoint.grpc.client.config.ClientOption;
 import com.navercorp.pinpoint.grpc.client.config.SslOption;
-
 import io.grpc.ClientInterceptor;
 import io.grpc.NameResolverProvider;
+import io.netty.handler.ssl.SslContext;
 
 
 /**
@@ -39,8 +39,11 @@ public interface ChannelFactoryBuilder {
 
     void setClientOption(ClientOption clientOption);
 
+    @Deprecated
     void setSslOption(SslOption sslOption);
 
+    void setSslContext(SslContext sslContext);
+
     void setNameResolverProvider(NameResolverProvider nameResolverProvider);
 
     ChannelFactory build();

grpc/src/main/java/com/navercorp/pinpoint/grpc/client/DefaultChannelFactory.java

@@ -20,8 +20,6 @@
 import com.navercorp.pinpoint.grpc.ChannelTypeEnum;
 import com.navercorp.pinpoint.grpc.ExecutorUtils;
 import com.navercorp.pinpoint.grpc.client.config.ClientOption;
-import com.navercorp.pinpoint.grpc.security.SslClientConfig;
-import com.navercorp.pinpoint.grpc.security.SslContextFactory;
 import io.grpc.ClientInterceptor;
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
@@ -39,7 +37,6 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import javax.net.ssl.SSLException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
@@ -63,7 +60,8 @@ public class DefaultChannelFactory implements ChannelFactory {
     private final HeaderFactory headerFactory;
 
     private final ClientOption clientOption;
-    private final SslClientConfig sslClientConfig;
+//    private final SslClientConfig sslClientConfig;
+    private final SslContext sslContext;
 
     private final List<ClientInterceptor> clientInterceptorList;
     private final NameResolverProvider nameResolverProvider;
@@ -79,15 +77,15 @@ public class DefaultChannelFactory implements ChannelFactory {
                           HeaderFactory headerFactory,
                           NameResolverProvider nameResolverProvider,
                           ClientOption clientOption,
-                          SslClientConfig sslClientConfig,
-                          List<ClientInterceptor> clientInterceptorList) {
+                          List<ClientInterceptor> clientInterceptorList,
+                          SslContext sslContext) {
         this.factoryName = Objects.requireNonNull(factoryName, "factoryName");
         this.executorQueueSize = executorQueueSize;
         this.headerFactory = Objects.requireNonNull(headerFactory, "headerFactory");
         // @Nullable
         this.nameResolverProvider = nameResolverProvider;
         this.clientOption = Objects.requireNonNull(clientOption, "clientOption");
-        this.sslClientConfig = Objects.requireNonNull(sslClientConfig, "sslClientConfig");
+        this.sslContext = sslContext;
 
         Objects.requireNonNull(clientInterceptorList, "clientInterceptorList");
         this.clientInterceptorList = new ArrayList<>(clientInterceptorList);
@@ -151,13 +149,7 @@ public ManagedChannel build(String channelName, String host, int port) {
         }
         setupClientOption(channelBuilder);
 
-        if (sslClientConfig.isEnable()) {
-            SslContext sslContext = null;
-            try {
-                sslContext = SslContextFactory.create(sslClientConfig);
-            } catch (SSLException e) {
-                throw new SecurityException(e);
-            }
+        if (sslContext != null) {
             channelBuilder.sslContext(sslContext);
             channelBuilder.negotiationType(NegotiationType.TLS);
         }

grpc/src/main/java/com/navercorp/pinpoint/grpc/client/DefaultChannelFactoryBuilder.java

@@ -19,13 +19,11 @@
 import com.navercorp.pinpoint.common.util.Assert;
 import com.navercorp.pinpoint.grpc.client.config.ClientOption;
 import com.navercorp.pinpoint.grpc.client.config.SslOption;
-import com.navercorp.pinpoint.grpc.security.SslClientConfig;
-import com.navercorp.pinpoint.grpc.util.Resource;
-
 import io.grpc.ClientInterceptor;
 import io.grpc.NameResolverProvider;
-import org.apache.logging.log4j.Logger;
+import io.netty.handler.ssl.SslContext;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.LinkedList;
 import java.util.Objects;
@@ -43,7 +41,8 @@ public class DefaultChannelFactoryBuilder implements ChannelFactoryBuilder {
     private HeaderFactory headerFactory;
 
     private ClientOption clientOption;
-    private SslOption sslOption;
+
+    private SslContext sslContext;
 
     private final LinkedList<ClientInterceptor> clientInterceptorList = new LinkedList<>();
     private NameResolverProvider nameResolverProvider;
@@ -86,6 +85,11 @@ public void setSslOption(SslOption sslOption) {
         this.sslOption = sslOption;
     }
 
+    @Override
+    public void setSslContext(SslContext sslContext) {
+        this.sslContext = sslContext;
+    }
+
     @Override
     public void setNameResolverProvider(NameResolverProvider nameResolverProvider) {
         this.nameResolverProvider = Objects.requireNonNull(nameResolverProvider, "nameResolverProvider");
@@ -97,15 +101,8 @@ public ChannelFactory build() {
         Objects.requireNonNull(headerFactory, "headerFactory");
         Objects.requireNonNull(clientOption, "clientOption");
 
-        SslClientConfig sslClientConfig = SslClientConfig.DISABLED_CONFIG;
-        if (sslOption != null && sslOption.isEnable()) {
-            String providerType = sslOption.getProviderType();
-            Resource trustCertResource = sslOption.getTrustCertResource();
-            sslClientConfig = new SslClientConfig(true, providerType, trustCertResource);
-        }
-
         return new DefaultChannelFactory(factoryName, executorQueueSize,
                 headerFactory, nameResolverProvider,
-                clientOption, sslClientConfig, clientInterceptorList);
+                clientOption, clientInterceptorList, sslContext);
     }
 }

profiler/src/main/java/com/navercorp/pinpoint/profiler/context/provider/grpc/AgentGrpcDataSenderProvider.java

@@ -25,7 +25,6 @@
 import com.navercorp.pinpoint.grpc.client.HeaderFactory;
 import com.navercorp.pinpoint.grpc.client.UnaryCallDeadlineInterceptor;
 import com.navercorp.pinpoint.grpc.client.config.ClientOption;
-import com.navercorp.pinpoint.grpc.client.config.SslOption;
 import com.navercorp.pinpoint.profiler.context.active.ActiveTraceRepository;
 import com.navercorp.pinpoint.profiler.context.grpc.config.GrpcTransportConfig;
 import com.navercorp.pinpoint.profiler.context.module.AgentDataSender;
@@ -43,8 +42,9 @@
 import com.navercorp.pinpoint.profiler.sender.grpc.ReconnectExecutor;
 import io.grpc.ClientInterceptor;
 import io.grpc.NameResolverProvider;
-import org.apache.logging.log4j.Logger;
+import io.netty.handler.ssl.SslContext;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.List;
 import java.util.Objects;
@@ -69,6 +69,7 @@ public class AgentGrpcDataSenderProvider implements Provider<EnhancedDataSender<
     private final ActiveTraceRepository activeTraceRepository;
 
     private List<ClientInterceptor> clientInterceptorList;
+    private final Provider<SslContext> sslContextProvider;
 
     @Inject
     public AgentGrpcDataSenderProvider(GrpcTransportConfig grpcTransportConfig,
@@ -77,7 +78,8 @@ public AgentGrpcDataSenderProvider(GrpcTransportConfig grpcTransportConfig,
                                        Provider<ReconnectExecutor> reconnectExecutor,
                                        ScheduledExecutorService retransmissionExecutor,
                                        NameResolverProvider nameResolverProvider,
-                                       ActiveTraceRepository activeTraceRepository) {
+                                       ActiveTraceRepository activeTraceRepository,
+                                       Provider<SslContext> sslContextProvider) {
         this.grpcTransportConfig = Objects.requireNonNull(grpcTransportConfig, "grpcTransportConfig");
         this.messageConverter = Objects.requireNonNull(messageConverter, "messageConverter");
         this.headerFactory = Objects.requireNonNull(headerFactory, "headerFactory");
@@ -88,6 +90,8 @@ public AgentGrpcDataSenderProvider(GrpcTransportConfig grpcTransportConfig,
 
         this.nameResolverProvider = Objects.requireNonNull(nameResolverProvider, "nameResolverProvider");
         this.activeTraceRepository = Objects.requireNonNull(activeTraceRepository, "activeTraceRepository");
+
+        this.sslContextProvider = Objects.requireNonNull(sslContextProvider, "sslContextProvider");
     }
 
     @Inject(optional = true)
@@ -141,8 +145,8 @@ ChannelFactoryBuilder newChannelFactoryBuilder(boolean sslEnable) {
         channelFactoryBuilder.setClientOption(clientOption);
 
         if (sslEnable) {
-            SslOption sslOption = grpcTransportConfig.getSslOption();
-            channelFactoryBuilder.setSslOption(sslOption);
+            SslContext sslContext = sslContextProvider.get();
+            channelFactoryBuilder.setSslContext(sslContext);
         }
 
         return channelFactoryBuilder;

profiler/src/main/java/com/navercorp/pinpoint/profiler/context/provider/grpc/SSLContextProvider.java

@@ -0,0 +1,43 @@
+package com.navercorp.pinpoint.profiler.context.provider.grpc;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.navercorp.pinpoint.exception.PinpointException;
+import com.navercorp.pinpoint.grpc.client.config.SslOption;
+import com.navercorp.pinpoint.grpc.security.SslClientConfig;
+import com.navercorp.pinpoint.grpc.security.SslContextFactory;
+import com.navercorp.pinpoint.grpc.util.Resource;
+import com.navercorp.pinpoint.profiler.context.grpc.config.GrpcTransportConfig;
+import io.netty.handler.ssl.SslContext;
+
+import javax.net.ssl.SSLException;
+import java.util.Objects;
+
+/**
+ * @author Woonduk Kang(emeroad)
+ */
+public class SSLContextProvider implements Provider<SslContext> {
+
+    private final GrpcTransportConfig grpcTransportConfig;
+
+    @Inject
+    public SSLContextProvider(GrpcTransportConfig grpcTransportConfig) {
+        this.grpcTransportConfig = Objects.requireNonNull(grpcTransportConfig, "grpcTransportConfig");
+    }
+
+    @Override
+    public SslContext get() {
+        try {
+            SslOption sslOption = grpcTransportConfig.getSslOption();
+
+            String providerType = sslOption.getProviderType();
+            Resource trustCertResource = sslOption.getTrustCertResource();
+
+            SslClientConfig sslClientConfig = new SslClientConfig(true, providerType, trustCertResource);
+
+            return SslContextFactory.create(sslClientConfig);
+        } catch (SSLException e) {
+            throw new PinpointException(e);
+        }
+    }
+}

profiler/src/main/java/com/navercorp/pinpoint/profiler/context/provider/grpc/SpanGrpcDataSenderProvider.java

@@ -43,6 +43,7 @@
 import com.navercorp.pinpoint.profiler.sender.grpc.metric.DefaultChannelzReporter;
 import io.grpc.ClientInterceptor;
 import io.grpc.NameResolverProvider;
+import io.netty.handler.ssl.SslContext;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -64,6 +65,7 @@ public class SpanGrpcDataSenderProvider implements Provider<DataSender<SpanType>
     private final ChannelzScheduledReporter reporter;
 
     private List<ClientInterceptor> clientInterceptorList;
+    private final Provider<SslContext> sslContextProvider;
 
     public static final String SPAN_CHANNELZ = "com.navercorp.pinpoint.metric.SpanChannel";
 
@@ -72,7 +74,9 @@ public SpanGrpcDataSenderProvider(GrpcTransportConfig grpcTransportConfig,
                                       @SpanDataSender MessageConverter<SpanType, GeneratedMessageV3> messageConverter,
                                       HeaderFactory headerFactory,
                                       Provider<ReconnectExecutor> reconnectExecutor,
-                                      NameResolverProvider nameResolverProvider, ChannelzScheduledReporter reporter) {
+                                      NameResolverProvider nameResolverProvider,
+                                      ChannelzScheduledReporter reporter,
+                                      Provider<SslContext> sslContextProvider) {
         this.grpcTransportConfig = Objects.requireNonNull(grpcTransportConfig, "grpcTransportConfig");
         this.messageConverter = Objects.requireNonNull(messageConverter, "messageConverter");
         this.headerFactory = Objects.requireNonNull(headerFactory, "headerFactory");
@@ -81,6 +85,7 @@ public SpanGrpcDataSenderProvider(GrpcTransportConfig grpcTransportConfig,
 
         this.nameResolverProvider = Objects.requireNonNull(nameResolverProvider, "nameResolverProvider");
         this.reporter = Objects.requireNonNull(reporter, "reporter");
+        this.sslContextProvider = Objects.requireNonNull(sslContextProvider, "sslContextProvider");
     }
 
     @Inject(optional = true)
@@ -145,6 +150,9 @@ private ChannelFactoryBuilder newChannelFactoryBuilder(boolean sslEnable) {
         if (sslEnable) {
             SslOption sslOption = grpcTransportConfig.getSslOption();
             channelFactoryBuilder.setSslOption(sslOption);
+
+            SslContext sslContext = sslContextProvider.get();
+            channelFactoryBuilder.setSslContext(sslContext);
         }
 
         return channelFactoryBuilder;