From 624295da664fea57a1e3bd8cee639ae04f4c0ccf Mon Sep 17 00:00:00 2001
From: Serge Bazanski <serge@bazanski.pl>
Date: Sat, 6 Oct 2018 18:17:56 +0100
Subject: [PATCH] Add clientside code for gRPC

---
 grpc.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/grpc.go b/grpc.go
index 3cace959..af5a6ace 100644
--- a/grpc.go
+++ b/grpc.go
@@ -192,3 +192,25 @@ func WithServerHSPKI() []grpc.ServerOption {
 
 	return []grpc.ServerOption{creds, interceptor}
 }
+
+func WithClientHSPKI() grpc.DialOption {
+	certPool := x509.NewCertPool()
+	ca, err := ioutil.ReadFile(flagCAPath)
+	if err != nil {
+		glog.Exitf("WithClientHSPKI: cannot load CA certificate: %v", err)
+	}
+	if ok := certPool.AppendCertsFromPEM(ca); !ok {
+		glog.Exitf("WithClientHSPKI: cannot use CA certificate: %v", err)
+	}
+
+	clientCert, err := tls.LoadX509KeyPair(flagCertificatePath, flagKeyPath)
+	if err != nil {
+		glog.Exitf("WithClientHSPKI: cannot load service certificate/key: %v", err)
+	}
+
+	creds := credentials.NewTLS(&tls.Config{
+		Certificates: []tls.Certificate{clientCert},
+		RootCAs:      certPool,
+	})
+	return grpc.WithTransportCredentials(creds)
+}