From 5cb204b15e447e7fe410cf962f8c8a1ee1d9b6ed Mon Sep 17 00:00:00 2001
From: Sergiusz Bazanski <q3k@q3k.org>
Date: Tue, 28 Aug 2018 15:08:00 +0100
Subject: [PATCH] Move grpc TLS setup into hspki

---
 grpc.go | 27 +--------------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/grpc.go b/grpc.go
index 9569ee54..01d56349 100644
--- a/grpc.go
+++ b/grpc.go
@@ -2,10 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
-	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 
@@ -14,7 +11,6 @@ import (
 	"github.com/q3k/statusz"
 	"golang.org/x/net/trace"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/reflection"
 
 	pb "code.hackerspace.pl/q3k/arista-proxy/proto"
@@ -60,33 +56,12 @@ func (s *server) trace(ctx context.Context, f string, args ...interface{}) {
 }
 
 func (s *server) setupGRPC(options ...grpc.ServerOption) error {
-	serverCert, err := tls.LoadX509KeyPair(s.opts.tlsCertificatePath, s.opts.tlsKeyPath)
-	if err != nil {
-		return fmt.Errorf("while loading keypair: %v", err)
-	}
-
-	certPool := x509.NewCertPool()
-	ca, err := ioutil.ReadFile(s.opts.tlsCAPath)
-	if err != nil {
-		return fmt.Errorf("while loading ca certificate: %v", err)
-	}
-	if ok := certPool.AppendCertsFromPEM(ca); !ok {
-		return fmt.Errorf("while appending ca certificate to pool: %v", err)
-	}
-
 	lis, err := net.Listen("tcp", s.opts.listenAddress)
 	if err != nil {
 		return fmt.Errorf("while listening on main port: %v", err)
 	}
 
-	creds := credentials.NewTLS(&tls.Config{
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-		Certificates: []tls.Certificate{serverCert},
-		ClientCAs:    certPool,
-	})
-
 	s.grpc.listen = lis
-	options = append([]grpc.ServerOption{grpc.Creds(creds)}, options...)
 	s.grpc.server = grpc.NewServer(options...)
 
 	return nil
@@ -110,7 +85,7 @@ func (s *server) setupDebugHTTP(mux http.Handler) error {
 func (s *server) serveForever() {
 	grpc.EnableTracing = true
 
-	if err := s.setupGRPC(hspki.WithServerHSPKI()); err != nil {
+	if err := s.setupGRPC(hspki.WithServerHSPKI()...); err != nil {
 		glog.Exitf("Could not setup GRPC server: %v", err)
 	}
 	pb.RegisterAristaProxyServer(s.grpc.server, s)