Add clientside code for gRPC

2018-10-06 18:17:56 +01:00 · 2018-10-06 18:17:56 +01:00 · 624295da66
parent 52478b5627
commit 624295da66
1 changed files with 22 additions and 0 deletions
--- a/grpc.go
+++ b/grpc.go
@ -192,3 +192,25 @@ func WithServerHSPKI() []grpc.ServerOption {

 	return []grpc.ServerOption{creds, interceptor}
 }
+
+func WithClientHSPKI() grpc.DialOption {
+	certPool := x509.NewCertPool()
+	ca, err := ioutil.ReadFile(flagCAPath)
+	if err != nil {
+		glog.Exitf("WithClientHSPKI: cannot load CA certificate: %v", err)
+	}
+	if ok := certPool.AppendCertsFromPEM(ca); !ok {
+		glog.Exitf("WithClientHSPKI: cannot use CA certificate: %v", err)
+	}
+
+	clientCert, err := tls.LoadX509KeyPair(flagCertificatePath, flagKeyPath)
+	if err != nil {
+		glog.Exitf("WithClientHSPKI: cannot load service certificate/key: %v", err)
+	}
+
+	creds := credentials.NewTLS(&tls.Config{
+		Certificates: []tls.Certificate{clientCert},
+		RootCAs:      certPool,
+	})
+	return grpc.WithTransportCredentials(creds)
+}