github.com/true-sqn/fabric@v2.1.1+incompatible/internal/pkg/comm/config.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package comm
     8  
     9  import (
    10  	"crypto/tls"
    11  	"crypto/x509"
    12  	"time"
    13  
    14  	"github.com/hyperledger/fabric/common/flogging"
    15  	"github.com/hyperledger/fabric/common/metrics"
    16  	"google.golang.org/grpc"
    17  	"google.golang.org/grpc/keepalive"
    18  )
    19  
    20  // Configuration defaults
    21  var (
    22  	// Max send and receive bytes for grpc clients and servers
    23  	MaxRecvMsgSize = 100 * 1024 * 1024
    24  	MaxSendMsgSize = 100 * 1024 * 1024
    25  	// Default peer keepalive options
    26  	DefaultKeepaliveOptions = KeepaliveOptions{
    27  		ClientInterval:    time.Duration(1) * time.Minute,  // 1 min
    28  		ClientTimeout:     time.Duration(20) * time.Second, // 20 sec - gRPC default
    29  		ServerInterval:    time.Duration(2) * time.Hour,    // 2 hours - gRPC default
    30  		ServerTimeout:     time.Duration(20) * time.Second, // 20 sec - gRPC default
    31  		ServerMinInterval: time.Duration(1) * time.Minute,  // match ClientInterval
    32  	}
    33  	// strong TLS cipher suites
    34  	DefaultTLSCipherSuites = []uint16{
    35  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    36  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    37  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    38  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    39  		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
    40  		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    41  	}
    42  	// default connection timeout
    43  	DefaultConnectionTimeout = 5 * time.Second
    44  )
    45  
    46  // ServerConfig defines the parameters for configuring a GRPCServer instance
    47  type ServerConfig struct {
    48  	// ConnectionTimeout specifies the timeout for connection establishment
    49  	// for all new connections
    50  	ConnectionTimeout time.Duration
    51  	// SecOpts defines the security parameters
    52  	SecOpts SecureOptions
    53  	// KaOpts defines the keepalive parameters
    54  	KaOpts KeepaliveOptions
    55  	// StreamInterceptors specifies a list of interceptors to apply to
    56  	// streaming RPCs.  They are executed in order.
    57  	StreamInterceptors []grpc.StreamServerInterceptor
    58  	// UnaryInterceptors specifies a list of interceptors to apply to unary
    59  	// RPCs.  They are executed in order.
    60  	UnaryInterceptors []grpc.UnaryServerInterceptor
    61  	// Logger specifies the logger the server will use
    62  	Logger *flogging.FabricLogger
    63  	// HealthCheckEnabled enables the gRPC Health Checking Protocol for the server
    64  	HealthCheckEnabled bool
    65  	// ServerStatsHandler should be set if metrics on connections are to be reported.
    66  	ServerStatsHandler *ServerStatsHandler
    67  }
    68  
    69  // ClientConfig defines the parameters for configuring a GRPCClient instance
    70  type ClientConfig struct {
    71  	// SecOpts defines the security parameters
    72  	SecOpts SecureOptions
    73  	// KaOpts defines the keepalive parameters
    74  	KaOpts KeepaliveOptions
    75  	// Timeout specifies how long the client will block when attempting to
    76  	// establish a connection
    77  	Timeout time.Duration
    78  	// AsyncConnect makes connection creation non blocking
    79  	AsyncConnect bool
    80  }
    81  
    82  // Clone clones this ClientConfig
    83  func (cc ClientConfig) Clone() ClientConfig {
    84  	shallowClone := cc
    85  	return shallowClone
    86  }
    87  
    88  // SecureOptions defines the security parameters (e.g. TLS) for a
    89  // GRPCServer or GRPCClient instance
    90  type SecureOptions struct {
    91  	// VerifyCertificate, if not nil, is called after normal
    92  	// certificate verification by either a TLS client or server.
    93  	// If it returns a non-nil error, the handshake is aborted and that error results.
    94  	VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
    95  	// PEM-encoded X509 public key to be used for TLS communication
    96  	Certificate []byte
    97  	// PEM-encoded private key to be used for TLS communication
    98  	Key []byte
    99  	// Set of PEM-encoded X509 certificate authorities used by clients to
   100  	// verify server certificates
   101  	ServerRootCAs [][]byte
   102  	// Set of PEM-encoded X509 certificate authorities used by servers to
   103  	// verify client certificates
   104  	ClientRootCAs [][]byte
   105  	// Whether or not to use TLS for communication
   106  	UseTLS bool
   107  	// Whether or not TLS client must present certificates for authentication
   108  	RequireClientCert bool
   109  	// CipherSuites is a list of supported cipher suites for TLS
   110  	CipherSuites []uint16
   111  	// TimeShift makes TLS handshakes time sampling shift to the past by a given duration
   112  	TimeShift time.Duration
   113  }
   114  
   115  // KeepaliveOptions is used to set the gRPC keepalive settings for both
   116  // clients and servers
   117  type KeepaliveOptions struct {
   118  	// ClientInterval is the duration after which if the client does not see
   119  	// any activity from the server it pings the server to see if it is alive
   120  	ClientInterval time.Duration
   121  	// ClientTimeout is the duration the client waits for a response
   122  	// from the server after sending a ping before closing the connection
   123  	ClientTimeout time.Duration
   124  	// ServerInterval is the duration after which if the server does not see
   125  	// any activity from the client it pings the client to see if it is alive
   126  	ServerInterval time.Duration
   127  	// ServerTimeout is the duration the server waits for a response
   128  	// from the client after sending a ping before closing the connection
   129  	ServerTimeout time.Duration
   130  	// ServerMinInterval is the minimum permitted time between client pings.
   131  	// If clients send pings more frequently, the server will disconnect them
   132  	ServerMinInterval time.Duration
   133  }
   134  
   135  type Metrics struct {
   136  	// OpenConnCounter keeps track of number of open connections
   137  	OpenConnCounter metrics.Counter
   138  	// ClosedConnCounter keeps track of number connections closed
   139  	ClosedConnCounter metrics.Counter
   140  }
   141  
   142  // ServerKeepaliveOptions returns gRPC keepalive options for server.
   143  func ServerKeepaliveOptions(ka KeepaliveOptions) []grpc.ServerOption {
   144  	var serverOpts []grpc.ServerOption
   145  	kap := keepalive.ServerParameters{
   146  		Time:    ka.ServerInterval,
   147  		Timeout: ka.ServerTimeout,
   148  	}
   149  	serverOpts = append(serverOpts, grpc.KeepaliveParams(kap))
   150  	kep := keepalive.EnforcementPolicy{
   151  		MinTime: ka.ServerMinInterval,
   152  		// allow keepalive w/o rpc
   153  		PermitWithoutStream: true,
   154  	}
   155  	serverOpts = append(serverOpts, grpc.KeepaliveEnforcementPolicy(kep))
   156  	return serverOpts
   157  }
   158  
   159  // ClientKeepaliveOptions returns gRPC keepalive options for clients.
   160  func ClientKeepaliveOptions(ka KeepaliveOptions) []grpc.DialOption {
   161  	var dialOpts []grpc.DialOption
   162  	kap := keepalive.ClientParameters{
   163  		Time:                ka.ClientInterval,
   164  		Timeout:             ka.ClientTimeout,
   165  		PermitWithoutStream: true,
   166  	}
   167  	dialOpts = append(dialOpts, grpc.WithKeepaliveParams(kap))
   168  	return dialOpts
   169  }