From 1470cd24e64cd2ba7ebb9fad744e6c36079edf54 Mon Sep 17 00:00:00 2001 From: Quinn Klassen Date: Wed, 16 Oct 2024 09:11:34 -0700 Subject: [PATCH] Add insecure-skip-verify --- build.gradle | 1 - .../samples/nexus/options/ClientOptions.java | 12 ++++++++++-- .../samples/nexus/caller/CallerWorkflowTest.java | 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index 0f03ee0a..e9a3cae2 100644 --- a/build.gradle +++ b/build.gradle @@ -31,7 +31,6 @@ subprojects { javaSDKVersion = '1.26.0' camelVersion = '3.22.1' jarVersion = '1.0.0' - nexusVersion = '0.1.0-alpha1' } repositories { diff --git a/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java b/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java index 5b1629a1..49d0dde2 100644 --- a/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java +++ b/core/src/main/java/io/temporal/samples/nexus/options/ClientOptions.java @@ -20,6 +20,7 @@ package io.temporal.samples.nexus.options; import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder; +import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.temporal.client.WorkflowClient; import io.temporal.client.WorkflowClientOptions; import io.temporal.serviceclient.WorkflowServiceStubs; @@ -64,7 +65,7 @@ public static WorkflowClient getWorkflowClient(String[] args) { Option insercureSkipVerifyOption = new Option( "insecure-skip-verify", - true, + false, "Skip verification of the server's certificate and host name"); insercureSkipVerifyOption.setRequired(false); options.addOption(insercureSkipVerifyOption); @@ -88,10 +89,14 @@ public static WorkflowClient getWorkflowClient(String[] args) { String clientCert = cmd.getOptionValue("client-cert", ""); String clientKey = cmd.getOptionValue("client-key", ""); String serverName = cmd.getOptionValue("server-name", ""); + boolean insecureSkipVerify = cmd.hasOption("insecure-skip-verify"); WorkflowServiceStubsOptions.Builder serviceStubOptionsBuilder = WorkflowServiceStubsOptions.newBuilder().setTarget(targetHost); - if (!clientCert.isEmpty()) { + if (!clientCert.isEmpty() || !clientKey.isEmpty()) { + if (clientCert.isEmpty() || clientKey.isEmpty()) { + throw new IllegalArgumentException("Both client-cert and client-key must be provided"); + } try { SslContextBuilder sslContext = SslContextBuilder.forClient() @@ -99,6 +104,9 @@ public static WorkflowClient getWorkflowClient(String[] args) { if (serverRootCaCert != null && !serverRootCaCert.isEmpty()) { sslContext.trustManager(new FileInputStream(serverRootCaCert)); } + if (insecureSkipVerify) { + sslContext.trustManager(InsecureTrustManagerFactory.INSTANCE); + } serviceStubOptionsBuilder.setSslContext(sslContext.build()); } catch (SSLException e) { throw new RuntimeException(e); diff --git a/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java b/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java index 21fe2057..ba1bba46 100644 --- a/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java +++ b/core/src/test/java/io/temporal/samples/nexus/caller/CallerWorkflowTest.java @@ -80,8 +80,8 @@ public void testHelloWorkflow() { public void testEchoWorkflow() { // If Workflows are registered later than the endpoint can be set manually // either by setting the endpoint in the NexusServiceOptions in the Workflow implementation or - // by setting the - // NexusServiceOptions on the WorkflowImplementationOptions when registering the Workflow. + // by setting the NexusServiceOptions on the WorkflowImplementationOptions when registering the + // Workflow. testWorkflowRule .getWorker() .registerWorkflowImplementationTypes(