Groostav · May 8, 2019 18:37
diff --git a/client.kt b/client.kt
    private val service: OptimizerGrpc.OptimizerStub = run {
        Security.insertProviderAt(Conscrypt.newProvider(), 1)

        HttpsURLConnection.setDefaultHostnameVerifier { hostname, sslSession ->
            //TODO: we should verify that we're in a localhost mode
            hostname == "127.0.0.1"
        }

        val sslContext = GrpcSslContexts.forClient()
                .trustManager(File("C:/Users/Geoff/Code/volition/sslcerts/ca.crt"))
                .build()

        val channel = NettyChannelBuilder
                .forAddress("127.0.0.1", 5550)
                .sslContext(sslContext)
                .build()

        OptimizerGrpc.newStub(channel)
    }
diff --git a/Generate-SelfCert.ps1 b/Generate-SelfCert.ps1

 Param(
    $OutputCerts = "./sslcerts",
    $ServerCN = "127.0.0.1",
    $ClientCN = "127.0.0.1"
 )

 Get-Command "openssl" -ErrorAction Stop
 # you can get this from choco with
 # choco install openssl-light

 # openSSL uses std-err like many unix apps as an INFO channel, 
 # so tell powershell to interpret that output as such. 
 $ErrorActionPreference = "SilentlyContinue" 

 mkdir -p $OutputCerts
 pushd $OutputCerts

 echo "Generate CA key:"
 openssl genrsa -out ca.key 4096

 echo "Generate CA certificate:"
 # Generates ca.crt which is the trustCertCollectionFile
 openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=$ServerCN"

 echo "Generate server key:"
 openssl genrsa -out server.key 4096

 echo "Generate server signing request:"
 openssl req -new -key server.key -out server.csr -subj "/CN=$ServerCN"

 echo "Self-signed server certificate:"
 # Generates server.crt which is the certChainFile for the server
 openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

 echo "Generate client key"
 openssl genrsa -out client.key 4096

 echo "Generate client signing request:"
 openssl req -new -key client.key -out client.csr -subj "/CN=$ServerCN"

 echo "Self-signed client certificate:"
 # Generates client.crt which is the clientCertChainFile for the client (need for mutual TLS only)
 openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

 echo "Converting the private keys to X.509:"
 # Generates client.pem which is the clientPrivateKeyFile for the Client (needed for mutual TLS only)
 openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem

 # Generates server.pem which is the privateKeyFile for the Server
 openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem

 popd
diff --git a/server.kt b/server.kt
    fun setupService() {
        Security.insertProviderAt(Conscrypt.newProvider(), 1)
      
        val caPathRoot = "C:\\Users\\Geoff\\Code\\volition\\sslcerts"

        val server = ServerBuilder
                .forPort(5550)
                .useTransportSecurity(File("$caPathRoot/server.crt"), File("$caPathRoot/server.pem"))
                .addService(ServerInterceptors.intercept(endpoint, LoggingInterceptor(System.out)))
                .build()

        server.start()
    }
	private val service: OptimizerGrpc.OptimizerStub = run {
	Security.insertProviderAt(Conscrypt.newProvider(), 1)

	HttpsURLConnection.setDefaultHostnameVerifier { hostname, sslSession ->
	//TODO: we should verify that we're in a localhost mode
	hostname == "127.0.0.1"
	}

	val sslContext = GrpcSslContexts.forClient()
	.trustManager(File("C:/Users/Geoff/Code/volition/sslcerts/ca.crt"))
	.build()

	val channel = NettyChannelBuilder
	.forAddress("127.0.0.1", 5550)
	.sslContext(sslContext)
	.build()

	OptimizerGrpc.newStub(channel)
	}

	Param(
	$OutputCerts = "./sslcerts",
	$ServerCN = "127.0.0.1",
	$ClientCN = "127.0.0.1"
	)

	Get-Command "openssl" -ErrorAction Stop
	# you can get this from choco with
	# choco install openssl-light

	# openSSL uses std-err like many unix apps as an INFO channel,
	# so tell powershell to interpret that output as such.
	$ErrorActionPreference = "SilentlyContinue"

	mkdir -p $OutputCerts
	pushd $OutputCerts

	echo "Generate CA key:"
	openssl genrsa -out ca.key 4096

	echo "Generate CA certificate:"
	# Generates ca.crt which is the trustCertCollectionFile
	openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=$ServerCN"

	echo "Generate server key:"
	openssl genrsa -out server.key 4096

	echo "Generate server signing request:"
	openssl req -new -key server.key -out server.csr -subj "/CN=$ServerCN"

	echo "Self-signed server certificate:"
	# Generates server.crt which is the certChainFile for the server
	openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

	echo "Generate client key"
	openssl genrsa -out client.key 4096

	echo "Generate client signing request:"
	openssl req -new -key client.key -out client.csr -subj "/CN=$ServerCN"

	echo "Self-signed client certificate:"
	# Generates client.crt which is the clientCertChainFile for the client (need for mutual TLS only)
	openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

	echo "Converting the private keys to X.509:"
	# Generates client.pem which is the clientPrivateKeyFile for the Client (needed for mutual TLS only)
	openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem

	# Generates server.pem which is the privateKeyFile for the Server
	openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem

	popd
	fun setupService() {
	Security.insertProviderAt(Conscrypt.newProvider(), 1)

	val caPathRoot = "C:\\Users\\Geoff\\Code\\volition\\sslcerts"

	val server = ServerBuilder
	.forPort(5550)
	.useTransportSecurity(File("$caPathRoot/server.crt"), File("$caPathRoot/server.pem"))
	.addService(ServerInterceptors.intercept(endpoint, LoggingInterceptor(System.out)))
	.build()

	server.start()
	}