Documentation
¶
Overview ¶
Package net wraps TLS and GRPC client/server to simplify connections.
Example ¶
// Load certs and private keys
ca, _ := auth.PEMToCertificate([]byte(caFixture))
cert, _ := auth.PEMToCertificate([]byte(clientCertFixture))
ckey, _ := auth.PEMToPrivateKey([]byte(clientKeyFixture))
skey, _ := auth.PEMToPrivateKey([]byte(serverKeyFixture))
// Init server
server := NewServer(ca, skey, ca)
pb.RegisterTestServer(server, &testServer{})
go func() {
_ = Listen("localhost:9000", server)
}()
// Let the server enough time to start property
time.Sleep(2 * time.Second)
// Start an authentified client
// The second and third arguments can be empty for non-auth connection
conn, err := Connect("localhost:9000", cert, ckey, ca, auth.GetCertificateHash(ca))
if err != nil {
panic("Unable to connect")
}
client := pb.NewTestClient(conn)
// During a ping, the server increments the Hop.Id field (test case only)
r, err := client.Ping(context.Background(), &pb.Hop{Id: 41})
if err != nil {
panic("Unable to ping")
}
fmt.Println((*r).Id)
// Start a non-authentified client
conn, err = Connect("localhost:9000", nil, nil, ca, nil)
if err != nil {
panic("Unable to connect")
}
client = pb.NewTestClient(conn)
// During a ping, the server increments the Hop.Id field (test case only)
r, err = client.Ping(context.Background(), &pb.Hop{Id: 42})
if err != nil {
panic("Unable to ping")
}
fmt.Println((*r).Id)
// Close client
_ = conn.Close()
// Stop server
server.Stop()
Output: 42 43
Index ¶
- Variables
- func Connect(addrPort string, cert *x509.Certificate, key *rsa.PrivateKey, ...) (*grpc.ClientConn, error)
- func ExternalInterfaceAddr() ([]string, error)
- func GetCN(ctx *context.Context) string
- func GetClientHash(ctx *context.Context) []byte
- func GetTLSState(ctx *context.Context) (tls.ConnectionState, net.Addr, bool)
- func Listen(addrPort string, grpcServer *grpc.Server) error
- func NewServer(cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) *grpc.Server
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultTimeout = 10 * time.Second
DefaultTimeout should be used when a non-critical timeout is used in the application.
Functions ¶
func Connect ¶
func Connect(addrPort string, cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate, serverCertHash []byte) (*grpc.ClientConn, error)
Connect to a peer.
Given parameters cert/key/ca are PEM-encoded array of bytes. Closing must be defered after call.
The cert and key parameters can be set as nil for an unauthentified connection. If they are not, they will be provided to the remote server for authentification.
serverCertHash will be matched against the remote server certificate. If nil, Connect will consider that the remote server is the root ca.
func ExternalInterfaceAddr ¶ added in v0.3.0
ExternalInterfaceAddr returns a list of the system's network interface addresses Returns only ipv4 address if there is a lo interface, it is put at the end
func GetCN ¶
GetCN returns the current common name of connected peer from grpc context. The returned string is empty if encountering a non-auth peer.
func GetClientHash ¶
GetClientHash returns the current certificate hash of connected peer from grpc context. The returned slice is nil if encoutering a non-auth peer.
func GetTLSState ¶
GetTLSState returns the current tls connection state from a grpc context. If you just need to check that the connected peer provides its certificate, use `GetCN`.
func NewServer ¶
func NewServer(cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) *grpc.Server
NewServer creates a new grpc server with given tls credentials.
cert/key/ca are PEM-encoded array of bytes.
The returned grpcServer must be used in association with server{} to register APIs before calling Listen().
Types ¶
This section is empty.
Source Files
Directories