Commit 744c33b7 authored by Loïck Bonniot's avatar Loïck Bonniot

[Platform] Add the ability to start GRPC server

- Updated net library to take pointers and not array of bytes
- Updated dfssp/authority to give public access in PID
- Updated main for better var management
parent 26d4a441
Pipeline #193 passed with stage
......@@ -20,8 +20,8 @@ const (
// PlatformID contains platform private key and root certificate
type PlatformID struct {
pkey *rsa.PrivateKey
rootCA *x509.Certificate
Pkey *rsa.PrivateKey
RootCA *x509.Certificate
}
// GetHomeDir determines the home directory of the current user.
......@@ -127,8 +127,9 @@ func Start(path string) (*PlatformID, error) {
}
res := &PlatformID{
pkey: key,
rootCA: cert}
Pkey: key,
RootCA: cert,
}
return res, nil
}
......@@ -107,7 +107,7 @@ func TestStart(t *testing.T) {
if err != nil {
t.Fatal(err)
}
if pid == nil || pid.pkey == nil || pid.rootCA == nil {
if pid == nil || pid.Pkey == nil || pid.RootCA == nil {
t.Fatal("Data was not recovered from saved files")
}
......
......@@ -2,28 +2,29 @@ package main
import (
"dfss"
"dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/mgdb"
"dfss/net"
"flag"
"fmt"
"os"
"runtime"
)
var (
verbose bool
// Private key and certificate
path, country, org, unit, cn string
keySize, validity int
pid *authority.PlatformID
// MongoDB connection
dbURI string
dbManager *mgdb.MongoManager
verbose bool
path, country, org, unit, cn, port, address, dbURI string
keySize, validity int
)
func init() {
flag.BoolVar(&verbose, "v", false, "Print verbose messages")
flag.StringVar(&port, "p", "9000", "Default port listening")
flag.StringVar(&address, "a", "0.0.0.0", "Default address to bind for listening")
flag.StringVar(&path, "path", authority.GetHomeDir(), "Path for the platform's private key and root certificate")
flag.StringVar(&country, "country", "France", "Country for the root certificate")
flag.StringVar(&org, "org", "DFSS", "Organization for the root certificate")
......@@ -45,7 +46,7 @@ func init() {
fmt.Println("\nThe commands are:")
fmt.Println(" init [cn, country, keySize, org, path, unit, validity]")
fmt.Println(" create and save the platform's private key and root certificate")
fmt.Println(" start [path, db]")
fmt.Println(" start [path, db, a, p]")
fmt.Println(" start the platform after loading its private key and root certificate")
fmt.Println(" help print this help")
fmt.Println(" version print dfss client version")
......@@ -67,28 +68,36 @@ func main() {
case "init":
err := authority.Initialize(keySize, validity, country, org, unit, cn, path)
if err != nil {
fmt.Println("An error occured during the initialization operation")
fmt.Println(err)
panic(err)
fmt.Println("An error occured during the initialization operation:", err)
os.Exit(1)
}
case "start":
pid, err := authority.Start(path)
if err != nil {
fmt.Println("An error occured during the private key and root certificate retrieval")
fmt.Println(err)
panic(err)
fmt.Println("An error occured during the private key and root certificate retrieval:", err)
os.Exit(1)
}
// TODO: use pid
_ = pid
dbManager, err := mgdb.NewManager(dbURI)
if err != nil {
fmt.Println("An error occured during the connection to Mongo DB")
fmt.Println("An error occured during the connection to MongoDB:", err)
os.Exit(1)
}
server := net.NewServer(pid.RootCA, pid.Pkey, pid.RootCA)
api.RegisterPlatformServer(server, &platformServer{
Pid: pid,
DB: dbManager,
Verbose: verbose,
})
fmt.Println("Listening on " + address + ":" + port)
err = net.Listen(address+":"+port, server)
if err != nil {
fmt.Println(err)
panic(err)
}
// TODO: use dbManager
_ = dbManager
default:
flag.Usage()
}
......
package main
import (
api "dfss/dfssp/api"
"dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/mgdb"
"golang.org/x/net/context"
)
type server struct{}
type platformServer struct {
Pid *authority.PlatformID
DB *mgdb.MongoManager
Verbose bool
}
// Register handler
//
// Handle incoming RegisterRequest messages
func (s *server) Register(ctx context.Context, in *api.RegisterRequest) (*api.ErrorCode, error) {
func (s *platformServer) Register(ctx context.Context, in *api.RegisterRequest) (*api.ErrorCode, error) {
// TODO
_ = new(server)
_ = new(platformServer)
return nil, nil
}
// Auth handler
//
// Handle incoming AuthRequest messages
func (s *server) Auth(ctx context.Context, in *api.AuthRequest) (*api.RegisteredUser, error) {
func (s *platformServer) Auth(ctx context.Context, in *api.AuthRequest) (*api.RegisteredUser, error) {
// TODO
return nil, nil
}
......@@ -27,7 +33,7 @@ func (s *server) Auth(ctx context.Context, in *api.AuthRequest) (*api.Registered
// Unregister handler
//
// Handle incoming UnregisterRequest messages
func (s *server) Unegister(ctx context.Context, in *api.Empty) (*api.ErrorCode, error) {
func (s *platformServer) Unregister(ctx context.Context, in *api.Empty) (*api.ErrorCode, error) {
// TODO
return nil, nil
}
......@@ -35,7 +41,7 @@ func (s *server) Unegister(ctx context.Context, in *api.Empty) (*api.ErrorCode,
// PostContract handler
//
// Handle incoming PostContractRequest messages
func (s *server) PostContract(ctx context.Context, in *api.PostContractRequest) (*api.ErrorCode, error) {
func (s *platformServer) PostContract(ctx context.Context, in *api.PostContractRequest) (*api.ErrorCode, error) {
// TODO
return nil, nil
}
......@@ -43,7 +49,7 @@ func (s *server) PostContract(ctx context.Context, in *api.PostContractRequest)
// JoinSignature handler
//
// Handle incoming JoinSignatureRequest messages
func (s *server) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest) (*api.ErrorCode, error) {
func (s *platformServer) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest) (*api.ErrorCode, error) {
// TODO
return nil, nil
}
......@@ -51,7 +57,7 @@ func (s *server) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest
// ReadySign handler
//
// Handle incoming ReadySignRequest messages
func (s *server) ReadySign(ctx context.Context, in *api.ReadySignRequest) (*api.ErrorCode, error) {
func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest) (*api.ErrorCode, error) {
// TODO
return nil, nil
}
package net
import (
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"errors"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
......@@ -13,24 +13,20 @@ import (
//
// Given parameters cert/key/ca are PEM-encoded array of bytes.
// Closing must be defered after call.
func Connect(addrPort string, cert, key, ca []byte) (*grpc.ClientConn, error) {
func Connect(addrPort string, cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) (*grpc.ClientConn, error) {
var certificates = make([]tls.Certificate, 1)
if len(key) > 0 && len(cert) > 0 {
// load peer cert/key, ca as PEM buffers
peerCert, err := tls.X509KeyPair(cert, key)
if err != nil {
return nil, err
if key != nil && cert != nil {
peerCert := tls.Certificate{
Certificate: [][]byte{cert.Raw},
PrivateKey: key,
}
certificates = append(certificates, peerCert)
}
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(ca)
if !ok {
return nil, errors.New("Bad format for CA")
}
caCertPool.AddCert(ca)
// configure transport authentificator
ta := credentials.NewTLS(&tls.Config{
......
......@@ -6,6 +6,7 @@ import (
"testing"
"time"
"dfss/auth"
pb "dfss/net/fixtures"
"golang.org/x/net/context"
)
......@@ -73,7 +74,11 @@ func (s *testServer) Auth(ctx context.Context, in *pb.Empty) (*pb.IsAuth, error)
}
func startTestServer(c chan bool) {
server := NewServer([]byte(caFixture), []byte(serverKeyFixture), []byte(caFixture))
ca, _ := auth.PEMToCertificate([]byte(caFixture))
key, _ := auth.PEMToPrivateKey([]byte(serverKeyFixture))
server := NewServer(ca, key, ca)
pb.RegisterTestServer(server, &testServer{})
go func() {
_ = Listen("localhost:9000", server)
......@@ -106,7 +111,11 @@ func TestServerClientAuth(t *testing.T) {
go startTestServer(c)
time.Sleep(2 * time.Second)
conn, err := Connect("localhost:9000", []byte(clientCertFixture), []byte(clientKeyFixture), []byte(caFixture))
ca, _ := auth.PEMToCertificate([]byte(caFixture))
cert, _ := auth.PEMToCertificate([]byte(clientCertFixture))
key, _ := auth.PEMToPrivateKey([]byte(clientKeyFixture))
conn, err := Connect("localhost:9000", cert, key, ca)
if err != nil {
t.Fatal("Unable to connect:", err)
......@@ -127,7 +136,8 @@ func TestServerClientNonAuth(t *testing.T) {
go startTestServer(c)
time.Sleep(2 * time.Second)
conn, err := Connect("localhost:9000", []byte{}, []byte{}, []byte(caFixture))
ca, _ := auth.PEMToCertificate([]byte(caFixture))
conn, err := Connect("localhost:9000", nil, nil, ca)
if err != nil {
t.Fatal("Unable to connect:", err)
......@@ -163,8 +173,14 @@ func sharedServerClientTest(t *testing.T, client pb.TestClient, expectedAuth boo
func Example() {
// Load certs and private keys
ca, _ := auth.PEMToCertificate([]byte(caFixture))
cert, _ := auth.PEMToCertificate([]byte(clientCertFixture))
ckey, _ := auth.PEMToPrivateKey([]byte(clientKeyFixture))
skey, _ := auth.PEMToPrivateKey([]byte(serverKeyFixture))
// Init server
server := NewServer([]byte(caFixture), []byte(serverKeyFixture), []byte(caFixture))
server := NewServer(ca, skey, ca)
pb.RegisterTestServer(server, &testServer{})
go func() {
_ = Listen("localhost:9000", server)
......@@ -175,7 +191,7 @@ func Example() {
// Start a client
// The second and third arguments can be empty for non-auth connection
conn, err := Connect("localhost:9000", []byte(clientCertFixture), []byte(clientKeyFixture), []byte(caFixture))
conn, err := Connect("localhost:9000", cert, ckey, ca)
if err != nil {
panic("Unable to connect")
}
......
package net
import (
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"log"
"net"
"golang.org/x/net/context"
......@@ -18,16 +18,17 @@ import (
//
// The returned grpcServer must be used in association with server{} to
// register APIs before calling Listen().
func NewServer(cert, key, ca []byte) *grpc.Server {
func NewServer(cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) *grpc.Server {
// configure gRPC
var opts []grpc.ServerOption
serverCert, err := tls.X509KeyPair(cert, key)
if err != nil {
log.Fatalf("Load peer cert/key error: %v", err)
serverCert := tls.Certificate{
Certificate: [][]byte{cert.Raw},
PrivateKey: key,
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(ca)
caCertPool.AddCert(ca)
// configure transport authentificator
ta := credentials.NewTLS(&tls.Config{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment