Port of ALPN fix for TLS

Signed-off-by: Matthew B White <whitemat@uk.ibm.com>

Author: mbwhite

examples/fabric-contract-example-gradle/fabric-contract-example-external/build.gradle renamed to examples/fabric-contract-example-external/build.gradle

@@ -10,6 +10,8 @@
 import io.grpc.Server;
 import io.grpc.netty.shaded.io.grpc.netty.NettyServerBuilder;
 import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
+import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
+import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolNames;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -23,7 +25,7 @@
  */
 public final class NettyGrpcServer implements GrpcServer {
 
-    private static Log logger = LogFactory.getLog(NettyGrpcServer.class);
+    private static final Log LOGGER = LogFactory.getLog(NettyGrpcServer.class);
 
     private final Server server;
     /**
@@ -53,30 +55,40 @@ public NettyGrpcServer(final ChaincodeBase chaincodeBase, final ChaincodeServerP
                 .maxInboundMessageSize(chaincodeServerProperties.getMaxInboundMessageSize());
 
         if (chaincodeServerProperties.isTlsEnabled()) {
+            SslContextBuilder sslContextBuilder;
             final File keyCertChainFile = Paths.get(chaincodeServerProperties.getKeyCertChainFile()).toFile();
             final File keyFile = Paths.get(chaincodeServerProperties.getKeyFile()).toFile();
 
             if (chaincodeServerProperties.getKeyPassword() == null || chaincodeServerProperties.getKeyPassword().isEmpty()) {
-                serverBuilder.sslContext(SslContextBuilder.forServer(keyCertChainFile, keyFile).build());
+                sslContextBuilder = SslContextBuilder.forServer(keyCertChainFile, keyFile);
             } else {
-                serverBuilder.sslContext(SslContextBuilder.forServer(keyCertChainFile, keyFile, chaincodeServerProperties.getKeyPassword()).build());
+                sslContextBuilder = SslContextBuilder.forServer(keyCertChainFile, keyFile, chaincodeServerProperties.getKeyPassword());
             }
+
+            ApplicationProtocolConfig apn = new ApplicationProtocolConfig(
+                    ApplicationProtocolConfig.Protocol.ALPN,
+                    ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
+                    ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
+                    ApplicationProtocolNames.HTTP_2);
+            sslContextBuilder.applicationProtocolConfig(apn);
+
+            serverBuilder.sslContext(sslContextBuilder.build());
         }
 
-        logger.info("<<<<<<<<<<<<<chaincodeServerProperties>>>>>>>>>>>>:\n");
-        logger.info("PortChaincodeServer:" + chaincodeServerProperties.getPortChaincodeServer());
-        logger.info("MaxInboundMetadataSize:" + chaincodeServerProperties.getMaxInboundMetadataSize());
-        logger.info("MaxInboundMessageSize:" + chaincodeServerProperties.getMaxInboundMessageSize());
-        logger.info("MaxConnectionAgeSeconds:" + chaincodeServerProperties.getMaxConnectionAgeSeconds());
-        logger.info("KeepAliveTimeoutSeconds:" + chaincodeServerProperties.getKeepAliveTimeoutSeconds());
-        logger.info("PermitKeepAliveTimeMinutes:" + chaincodeServerProperties.getPermitKeepAliveTimeMinutes());
-        logger.info("KeepAliveTimeMinutes:" + chaincodeServerProperties.getKeepAliveTimeMinutes());
-        logger.info("PermitKeepAliveWithoutCalls:" + chaincodeServerProperties.getPermitKeepAliveWithoutCalls());
-        logger.info("KeyPassword:" + chaincodeServerProperties.getKeyPassword());
-        logger.info("KeyCertChainFile:" + chaincodeServerProperties.getKeyCertChainFile());
-        logger.info("KeyFile:" + chaincodeServerProperties.getKeyFile());
-        logger.info("isTlsEnabled:" + chaincodeServerProperties.isTlsEnabled());
-        logger.info("\n");
+        LOGGER.info("<<<<<<<<<<<<<chaincodeServerProperties>>>>>>>>>>>>:\n");
+        LOGGER.info("PortChaincodeServer:" + chaincodeServerProperties.getPortChaincodeServer());
+        LOGGER.info("MaxInboundMetadataSize:" + chaincodeServerProperties.getMaxInboundMetadataSize());
+        LOGGER.info("MaxInboundMessageSize:" + chaincodeServerProperties.getMaxInboundMessageSize());
+        LOGGER.info("MaxConnectionAgeSeconds:" + chaincodeServerProperties.getMaxConnectionAgeSeconds());
+        LOGGER.info("KeepAliveTimeoutSeconds:" + chaincodeServerProperties.getKeepAliveTimeoutSeconds());
+        LOGGER.info("PermitKeepAliveTimeMinutes:" + chaincodeServerProperties.getPermitKeepAliveTimeMinutes());
+        LOGGER.info("KeepAliveTimeMinutes:" + chaincodeServerProperties.getKeepAliveTimeMinutes());
+        LOGGER.info("PermitKeepAliveWithoutCalls:" + chaincodeServerProperties.getPermitKeepAliveWithoutCalls());
+        LOGGER.info("KeyPassword:" + chaincodeServerProperties.getKeyPassword());
+        LOGGER.info("KeyCertChainFile:" + chaincodeServerProperties.getKeyCertChainFile());
+        LOGGER.info("KeyFile:" + chaincodeServerProperties.getKeyFile());
+        LOGGER.info("isTlsEnabled:" + chaincodeServerProperties.isTlsEnabled());
+        LOGGER.info("\n");
 
         this.server = serverBuilder.build();
     }
@@ -87,11 +99,11 @@ public NettyGrpcServer(final ChaincodeBase chaincodeBase, final ChaincodeServerP
      * @throws IOException
      */
     public void start() throws IOException {
-        logger.info("start grpc server");
+        LOGGER.info("start grpc server");
         Runtime.getRuntime()
                 .addShutdownHook(
                         new Thread(() -> {
-                            // Use stderr here since the logger may have been reset by its JVM shutdown hook.
+                            // Use stderr here since the LOGGER may have been reset by its JVM shutdown hook.
                             System.err.println("*** shutting down gRPC server since JVM is shutting down");
                             NettyGrpcServer.this.stop();
                             System.err.println("*** server shut down");
@@ -105,15 +117,15 @@ public void start() throws IOException {
      * @throws InterruptedException
      */
     public void blockUntilShutdown() throws InterruptedException {
-        logger.info("Waits for the server to become terminated.");
+        LOGGER.info("Waits for the server to become terminated.");
         server.awaitTermination();
     }
 
     /**
      * shutdown now grpc server.
      */
     public void stop() {
-        logger.info("shutdown now grpc server.");
+        LOGGER.info("shutdown now grpc server.");
         server.shutdownNow();
     }
 }

examples/fabric-contract-example-gradle/fabric-contract-example-external/src/main/java/org/example/Application.java renamed to examples/fabric-contract-example-external/src/main/java/org/example/Application.java

@@ -288,7 +288,12 @@ void startAndStopTlsPassword() {
         try {
             final ChaincodeBase chaincodeBase = new EmptyChaincode();
             chaincodeBase.processEnvironmentOptions();
-            ChaincodeServer chaincodeServer = new NettyChaincodeServer(chaincodeBase, new ChaincodeServerProperties());
+            final ChaincodeServerProperties chaincodeServerProperties = new ChaincodeServerProperties();
+            chaincodeServerProperties.setTlsEnabled(true);
+            chaincodeServerProperties.setKeyFile("src/test/resources/client.key.password-protected");
+            chaincodeServerProperties.setKeyCertChainFile("src/test/resources/client.crt");
+            chaincodeServerProperties.setKeyPassword("test");
+            ChaincodeServer chaincodeServer = new NettyChaincodeServer(chaincodeBase, chaincodeServerProperties);
             new Thread(() -> {
                 try {
                     chaincodeServer.start();
@@ -315,6 +320,9 @@ void startAndStopTlsWithoutPassword() {
             final ChaincodeBase chaincodeBase = new EmptyChaincode();
             chaincodeBase.processEnvironmentOptions();
             final ChaincodeServerProperties chaincodeServerProperties = new ChaincodeServerProperties();
+            chaincodeServerProperties.setTlsEnabled(true);
+            chaincodeServerProperties.setKeyFile("src/test/resources/client.key");
+            chaincodeServerProperties.setKeyCertChainFile("src/test/resources/client.crt");
             ChaincodeServer chaincodeServer = new NettyChaincodeServer(chaincodeBase, chaincodeServerProperties);
             new Thread(() -> {
                 try {

examples/fabric-contract-example-gradle/fabric-contract-example-external/src/main/java/org/example/MyAsset.java renamed to examples/fabric-contract-example-external/src/main/java/org/example/MyAsset.java

@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGxMBwGCiqGSIb3DQEMAQMwDgQIfzm0IqTm+rACAggABIGQDY1vpaSD+KDuVRyT
+Gi35536iOYUuVoz01ktV3YCDv03Pm5+8xZ1JXXW8lDM3JP/TcKbocRRk63y/R7O2
+dB9kcyV7/gYtYH0B3TMk1/x1WtfHL8JnYRFHQ/OuhYjJ6O04B4aY2waeYByzsIsI
+YhNVZq5fZ7/bjsy8b54o57WD4DDHH3uRysbv8I5TaDVyJMJq
+-----END ENCRYPTED PRIVATE KEY-----