Add insecure-skip-verify

temporalio · Oct 16, 2024 · 1470cd2 · 1470cd2
1 parent c944c4e
commit 1470cd2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -31,7 +31,6 @@ subprojects {
         javaSDKVersion = '1.26.0'
         camelVersion = '3.22.1'
         jarVersion = '1.0.0'
-        nexusVersion = '0.1.0-alpha1'
     }
 
     repositories {

diff --git a/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java b/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java
@@ -20,6 +20,7 @@
 package io.temporal.samples.nexus.options;
 
 import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
+import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.temporal.client.WorkflowClient;
 import io.temporal.client.WorkflowClientOptions;
 import io.temporal.serviceclient.WorkflowServiceStubs;
@@ -64,7 +65,7 @@ public static WorkflowClient getWorkflowClient(String[] args) {
     Option insercureSkipVerifyOption =
         new Option(
             "insecure-skip-verify",
-            true,
+            false,
             "Skip verification of the server's certificate and host name");
     insercureSkipVerifyOption.setRequired(false);
     options.addOption(insercureSkipVerifyOption);
@@ -88,17 +89,24 @@ public static WorkflowClient getWorkflowClient(String[] args) {
     String clientCert = cmd.getOptionValue("client-cert", "");
     String clientKey = cmd.getOptionValue("client-key", "");
     String serverName = cmd.getOptionValue("server-name", "");
+    boolean insecureSkipVerify = cmd.hasOption("insecure-skip-verify");
 
     WorkflowServiceStubsOptions.Builder serviceStubOptionsBuilder =
         WorkflowServiceStubsOptions.newBuilder().setTarget(targetHost);
-    if (!clientCert.isEmpty()) {
+    if (!clientCert.isEmpty() || !clientKey.isEmpty()) {
+      if (clientCert.isEmpty() || clientKey.isEmpty()) {
+        throw new IllegalArgumentException("Both client-cert and client-key must be provided");
+      }
       try {
         SslContextBuilder sslContext =
             SslContextBuilder.forClient()
                 .keyManager(new FileInputStream(clientCert), new FileInputStream(clientKey));
         if (serverRootCaCert != null && !serverRootCaCert.isEmpty()) {
           sslContext.trustManager(new FileInputStream(serverRootCaCert));
         }
+        if (insecureSkipVerify) {
+          sslContext.trustManager(InsecureTrustManagerFactory.INSTANCE);
+        }
         serviceStubOptionsBuilder.setSslContext(sslContext.build());
       } catch (SSLException e) {
         throw new RuntimeException(e);

diff --git a/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java b/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java
@@ -80,8 +80,8 @@ public void testHelloWorkflow() {
   public void testEchoWorkflow() {
     // If Workflows are registered later than the endpoint can be set manually
     // either by setting the endpoint in the NexusServiceOptions in the Workflow implementation or
-    // by setting the
-    // NexusServiceOptions on the WorkflowImplementationOptions when registering the Workflow.
+    // by setting the NexusServiceOptions on the WorkflowImplementationOptions when registering the
+    // Workflow.
     testWorkflowRule
         .getWorker()
         .registerWorkflowImplementationTypes(