Add TLS to gRPC server

commit: 8b7a39501b55318b6536ea6d5488a040f06f899a [log] [tgz]
author: Gabriel Cuba <gcuba@whitestack.com> Wed Nov 02 17:21:50 2022 -0500
committer: Gabriel Cuba <gcuba@whitestack.com> Sat Nov 05 00:39:35 2022 -0500
tree: 8a23ff36b651cba57b4a714630edfe4db5390b89
parent: 86ae604259e1e5513526df577e41156f923cba5c [diff] [blame]
diff --git a/osm_ee/util/util_grpc.py b/osm_ee/util/util_grpc.py
new file mode 100644
index 0000000..df904c1
--- /dev/null
+++ b/osm_ee/util/util_grpc.py

@@ -0,0 +1,26 @@
+import logging
+import ssl
+
+logger = logging.getLogger("osm_ee.util_grpc")
+
+SERVER_CERT = "/etc/ssl/grpc-tls/tls.crt"
+SERVER_KEY = "/etc/ssl/grpc-tls/tls.key"
+
+
+def create_secure_context() -> ssl.SSLContext:
+    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    # ctx.verify_mode = ssl.CERT_REQUIRED
+    try:
+        ctx.load_cert_chain(str(SERVER_CERT), str(SERVER_KEY))
+    except FileNotFoundError:
+        logger.warning("TLS Certificate not found, starting gRPC server in unsecure mode")
+        return None
+    # TODO: client TLS 
+    # ctx.load_verify_locations(str(trusted))
+    ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
+    ctx.set_alpn_protocols(['h2'])
+    try:
+        ctx.set_npn_protocols(['h2'])
+    except NotImplementedError:
+        pass
+    return ctx
\ No newline at end of file
commit	8b7a39501b55318b6536ea6d5488a040f06f899a	[log] [tgz]
author	Gabriel Cuba <gcuba@whitestack.com>	Wed Nov 02 17:21:50 2022 -0500
committer	Gabriel Cuba <gcuba@whitestack.com>	Sat Nov 05 00:39:35 2022 -0500
tree	8a23ff36b651cba57b4a714630edfe4db5390b89
parent	86ae604259e1e5513526df577e41156f923cba5c [diff] [blame]