Question

我有一台使用自签名ssl证书的grpc-js服务器。

var credentials = grpc.ServerCredentials.createSsl(
    fs.readFileSync('./node/grpc/ssl/ca.crt'), 
    [{
        cert_chain: fs.readFileSync('./node/grpc/ssl/server.crt'),
        private_key: fs.readFileSync('./node/grpc/ssl/server.key')
    }], 
    true
);

然后我使用带有以下凭据设置的grpc-js客户端测试了此设置，并且可以正常工作。

var credentials = grpc.credentials.createSsl(
    fs.readFileSync('./node/grpc/ssl/ca.crt'),
    fs.readFileSync('./node/grpc/ssl/client.key'),
    fs.readFileSync('./node/grpc/ssl/client.crt')
);

我想使用OkHttpChannelBuilder在Android中复制它，但是它有点复杂。这就是我到目前为止所拥有的。

private val mChannel : ManagedChannel
init {
    /**
     * Server certificate to make it trusted.
     */
    val serverCrtFile = applicationContext.resources.openRawResource(R.raw.server)
    val serverCertificate: X509Certificate =
        CertificateFactory.getInstance("X.509").generateCertificate(serverCrtFile) as X509Certificate

    val caKeyStore: KeyStore = KeyStore.getInstance(KeyStore.getDefaultType()).apply {
        load(null, null)
        setCertificateEntry("server", serverCertificate)
    }

    val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).apply {
        init(caKeyStore)
    }

    val sslContext = SSLContext.getInstance("TLS").apply {
        init(null, trustManagerFactory.trustManagers, null)
    }

    mChannel = OkHttpChannelBuilder
        .forAddress(BuildConfig.GRPC_HOST_ADDRESS, BuildConfig.GRPC_HOST_PORT)
        .sslSocketFactory(sslContext.socketFactory)
        .keepAliveTime(10, TimeUnit.SECONDS)
        .useTransportSecurity()
        .keepAliveWithoutCalls(true)
        .build()
}

在实施ssl之前，所有工作都已完成（因此在渠道构建器上使用plaintext()）。

我现在得到的错误是io.grpc.StatusRuntimeException: UNAVAILABLE: End of stream or IOException。有人可以告诉我是否做错了什么，以及如何在js服务器和客户端之间建立成功的连接。

Answer 1

好像SSL握手在服务器端失败了，因此获取服务器端详细日志以查看出了什么问题将很有帮助。

一种可能是使用<section class="treatment-methods"> <div class="title_icons"> <h1 class="treatment-method__title">Neque porro quisquam est qui dolorem ipsum quia dolor sit amet</h1> <p class="treatment-method__title__complement">Neque porro quisquam est qui dolorem ipsum quia dolor sit amet</p> <div class="treatment-methods__icons"> <div class="treatment-method__icon__container"> <div class="treatment-method__icon__outer_circle"> <img src="https://www.svgrepo.com/show/80293/online.svg" alt="wellness" class="treatment-methods_icon"> <p class="treatment-methods__icon__text">Psicoterapy</p> </div> </div> <div class="treatment-method__icon__container"> <div class="treatment-method__icon__outer_circle"> <img src="https://www.svgrepo.com/show/80293/online.svg" alt="wellness" class="treatment-methods_icon"> <p class="treatment-methods__icon__text">Psicoterapy</p> </div> </div> <div class="treatment-method__icon__container"> <div class="treatment-method__icon__outer_circle"> <img src="https://www.svgrepo.com/show/80293/online.svg" alt="wellness" class="treatment-methods_icon"> <p class="treatment-methods__icon__text">Psicoterapy</p> </div> </div> <div class="treatment-method__icon__container"> <div class="treatment-method__icon__outer_circle"> <img src="https://www.svgrepo.com/show/80293/online.svg" alt="wellness" class="treatment-methods_icon"> <p class="treatment-methods__icon__text">Psicoterapy</p> </div> </div> </div> </div> </section>。您可以尝试使用KeyStore.getInstance吗？

"PKCS12"

具有自签名ssl证书的GRPC Okhttp android客户端通道

1 个答案: