带TLS认证的Python GRPC调用

0.生成CA证书及server、client证书，参见https://github.com/grpc/grpc-java/tree/master/examples：

openssl genrsa -passout pass:111111 -des3 -out ca.key 4096 
openssl req -passin pass:111111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=localhost"
openssl genrsa -passout pass:111111 -des3 -out server.key 4096
openssl req -passin pass:111111 -new -key server.key -out server.csr -subj "/CN=localhost"
openssl x509 -req -passin pass:111111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -passin pass:111111 -in server.key -out server.key
openssl genrsa -passout pass:111111 -des3 -out client.key 4096
openssl req -passin pass:111111 -new -key client.key -out client.csr -subj "/CN=localhost"
openssl x509 -passin pass:111111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
openssl rsa -passin pass:111111 -in client.key -out client.key
openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem
openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem

1.编写proto文件及生成对应python源文件，参考https://www.cnblogs.com/areful/p/10372617.html，此处不再赘述。

2.编写server端代码：

# -*- coding: utf-8 -*-
# Author: areful
#
# pip install grpcio
# pip install protobuf
# pip install grpcio-tools
# ...

# Copyright 2015, Google Inc.
# All rights reserved.

"""The Python implementation of the GRPC helloworld.Greeter server."""

import time
from concurrent import futures

from gj.grpc.helloworld.helloworld_pb2 import *
from gj.grpc.helloworld.helloworld_pb2_grpc import *

_ONE_DAY_IN_SECONDS = 60 * 60 * 24


class Greeter(GreeterServicer):

    def SayHello(self, request, context):
        return HelloReply(message='Hello, %s!' % request.name)


def serve():
    server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
    add_GreeterServicer_to_server(Greeter(), server)

    with open('server.pem', 'rb') as f:
        private_key = f.read()
    with open('server.crt', 'rb') as f:
        certificate_chain = f.read()
    with open('ca.crt', 'rb') as f:
        root_certificates = f.read()
    server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),), root_certificates,True)
    server.add_secure_port('localhost:50051', server_credentials)
    server.start()
    try:
        while True:
            time.sleep(_ONE_DAY_IN_SECONDS)
    except KeyboardInterrupt:
        server.stop(0)


if __name__ == '__main__':
    serve()

　　

3.编写client端代码：

# -*- coding: utf-8 -*-
# Author: areful
#
# pip install grpcio
# pip install protobuf
# pip install grpcio-tools
#
# Copyright 2015, Google Inc.
# All rights reserved.
# ...

"""The Python implementation of the GRPC helloworld.Greeter client."""

from __future__ import print_function

from gj.grpc.helloworld.helloworld_pb2 import *
from gj.grpc.helloworld.helloworld_pb2_grpc import *


def run():
    with open('client.pem', 'rb') as f:
        private_key = f.read()
    with open('client.crt', 'rb') as f:
        certificate_chain = f.read()
    with open('ca.crt', 'rb') as f:
        root_certificates = f.read()
    creds = grpc.ssl_channel_credentials(root_certificates, private_key, certificate_chain)
    channel = grpc.secure_channel('localhost:50051', creds)
    stub = GreeterStub(channel)
    response = stub.SayHello(HelloRequest(name='world'))
    print("Greeter client received: " + response.message)


if __name__ == '__main__':
    run()

4.分别运行server、client代码，运行结果如下：