From 8812916d8a082fdbe427db64e6aa6cb8e3720672 Mon Sep 17 00:00:00 2001 From: higan Date: Fri, 2 Sep 2022 13:52:58 +0800 Subject: [PATCH] :sparkles: Support pem format --- README.md | 21 ++++++++++++ .../mediator/netty/frontend/EchoService.kt | 34 +++++++++++++++---- 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 51fae75..f5a96ae 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,12 @@ You can download the Mediator Root Certificate by visit `http:// > To prevent abuse of the same root certificate, each Mediator installation generates a different root certificate. > You need reinstall the Mediator Root Certificate when you use different Mediator installation. +> Tips: +> Mediator provide multi format of Root Certificate, you can choose the format you like. +> - `/mediatorRoot.cer` - DER format +> - `/mediatorRoot.crt` - PEM format +> - `/mediatorRoot.pem` - PEM format + #### Install Mediator Root Certificate for JDK JDK will not trust the Mediator Root Certificate by default even you install it to system. @@ -114,6 +120,21 @@ You can find the JDK keystore file in `$JAVA_HOME/jre/lib/security/cacerts` or ` Then import the Mediator Root Certificate to JDK cacerts file by `keytool -import -keystore $JAVA_HOME/lib/security/cacerts -file mediatorRoot.cer` command. +#### Install Mediator Root Certificate for Android + +Download the Mediator Root Certificate in browser by visit `http://:8888/mediatorRoot.cer` on your +Android device. + +Check [this guide](https://support.google.com/pixelphone/answer/2844832?hl=en) to install it to your device. + +#### Install Mediator Root Certificate for iOS + +gRPC ObjectC client will not trust the Mediator Root Certificate by default even you install it to system. + +You need pass the PEM format certificate to the `[GRPCCallOptions setPEMRootCertificates: cert]` method. + +Download the PEM format certificate by `http://:8888/mediatorRoot.pem`. + ### Resolve messages Mediator support renders message as JSON tree if your server supports diff --git a/core/src/main/kotlin/io/kanro/mediator/netty/frontend/EchoService.kt b/core/src/main/kotlin/io/kanro/mediator/netty/frontend/EchoService.kt index 9569190..62100f8 100644 --- a/core/src/main/kotlin/io/kanro/mediator/netty/frontend/EchoService.kt +++ b/core/src/main/kotlin/io/kanro/mediator/netty/frontend/EchoService.kt @@ -7,17 +7,39 @@ import io.netty.handler.codec.http.HttpMethod import io.netty.handler.codec.http.HttpRequest import io.netty.handler.codec.http.HttpResponse import io.netty.handler.codec.http.HttpResponseStatus +import org.bouncycastle.openssl.jcajce.JcaPEMWriter +import java.io.StringWriter +import java.nio.charset.Charset object EchoService { fun buildEchoResponse(context: ChannelHandlerContext, request: HttpRequest): HttpResponse { - if (request.method() == HttpMethod.GET && request.uri() == "/mediatorRoot.cer") { + if (request.method() == HttpMethod.GET) { val support = context.channel().attr(GrpcProxySupport.KEY).get() val certificate = support.getCertificateAuthority() - return DefaultFullHttpResponse( - request.protocolVersion(), - HttpResponseStatus.OK, - context.alloc().buffer().writeBytes(certificate.encoded).retain() - ) + when (request.uri()) { + "/mediatorRoot.cer" -> { + return DefaultFullHttpResponse( + request.protocolVersion(), + HttpResponseStatus.OK, + context.alloc().buffer().writeBytes(certificate.encoded).retain() + ) + } + + "/mediatorRoot.pem", "/mediatorRoot.crt" -> { + val writer = StringWriter() + JcaPEMWriter(writer).apply { + writeObject(certificate) + flush() + close() + } + return DefaultFullHttpResponse( + request.protocolVersion(), + HttpResponseStatus.OK, + context.alloc().buffer().writeBytes(writer.toString().toByteArray(Charset.defaultCharset())) + .retain() + ) + } + } } val body = html {