forked from hswaw/hscloud
Move grpc TLS setup into hspki
parent
f9d85cf585
commit
5cb204b15e
27
grpc.go
27
grpc.go
|
@ -2,10 +2,7 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
@ -14,7 +11,6 @@ import (
|
||||||
"github.com/q3k/statusz"
|
"github.com/q3k/statusz"
|
||||||
"golang.org/x/net/trace"
|
"golang.org/x/net/trace"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
"google.golang.org/grpc/credentials"
|
|
||||||
"google.golang.org/grpc/reflection"
|
"google.golang.org/grpc/reflection"
|
||||||
|
|
||||||
pb "code.hackerspace.pl/q3k/arista-proxy/proto"
|
pb "code.hackerspace.pl/q3k/arista-proxy/proto"
|
||||||
|
@ -60,33 +56,12 @@ func (s *server) trace(ctx context.Context, f string, args ...interface{}) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *server) setupGRPC(options ...grpc.ServerOption) error {
|
func (s *server) setupGRPC(options ...grpc.ServerOption) error {
|
||||||
serverCert, err := tls.LoadX509KeyPair(s.opts.tlsCertificatePath, s.opts.tlsKeyPath)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("while loading keypair: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
certPool := x509.NewCertPool()
|
|
||||||
ca, err := ioutil.ReadFile(s.opts.tlsCAPath)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("while loading ca certificate: %v", err)
|
|
||||||
}
|
|
||||||
if ok := certPool.AppendCertsFromPEM(ca); !ok {
|
|
||||||
return fmt.Errorf("while appending ca certificate to pool: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
lis, err := net.Listen("tcp", s.opts.listenAddress)
|
lis, err := net.Listen("tcp", s.opts.listenAddress)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("while listening on main port: %v", err)
|
return fmt.Errorf("while listening on main port: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
creds := credentials.NewTLS(&tls.Config{
|
|
||||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
||||||
Certificates: []tls.Certificate{serverCert},
|
|
||||||
ClientCAs: certPool,
|
|
||||||
})
|
|
||||||
|
|
||||||
s.grpc.listen = lis
|
s.grpc.listen = lis
|
||||||
options = append([]grpc.ServerOption{grpc.Creds(creds)}, options...)
|
|
||||||
s.grpc.server = grpc.NewServer(options...)
|
s.grpc.server = grpc.NewServer(options...)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -110,7 +85,7 @@ func (s *server) setupDebugHTTP(mux http.Handler) error {
|
||||||
func (s *server) serveForever() {
|
func (s *server) serveForever() {
|
||||||
grpc.EnableTracing = true
|
grpc.EnableTracing = true
|
||||||
|
|
||||||
if err := s.setupGRPC(hspki.WithServerHSPKI()); err != nil {
|
if err := s.setupGRPC(hspki.WithServerHSPKI()...); err != nil {
|
||||||
glog.Exitf("Could not setup GRPC server: %v", err)
|
glog.Exitf("Could not setup GRPC server: %v", err)
|
||||||
}
|
}
|
||||||
pb.RegisterAristaProxyServer(s.grpc.server, s)
|
pb.RegisterAristaProxyServer(s.grpc.server, s)
|
||||||
|
|
Loading…
Reference in New Issue