diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 91e378384b88a26ecee5da1e27438f32af06dce6..d18705f005db8c59b4c8319d528d63bc1239ac3e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ Unit tests:
- "coverage.html"
script:
- "ln -s $(pwd) $GOPATH/src/dfss"
- - "go get gopkg.in/mgo.v2"
+ - "./build/deps.sh"
- "go test -coverprofile auth.part -v ./auth"
- "go test -coverprofile mgdb.part -v ./mgdb"
- "go test -coverprofile mails.part -v ./mails"
@@ -28,7 +28,7 @@ ARM tests:
tags:
- arm
script:
- - "go get gopkg.in/mgo.v2"
+ - "./build/deps.sh"
- "go test -cover -short -v ./auth"
- "go test -cover -short -v ./mgdb"
@@ -41,7 +41,7 @@ Code lint:
script:
- "ln -s $(pwd) $GOPATH/src/dfss"
- "go get github.com/alecthomas/gometalinter"
- - "go get gopkg.in/mgo.v2"
+ - "./build/deps.sh"
- "go install ./..."
- "gometalinter --install"
- "gometalinter -t --deadline=100s -j1 ./..."
diff --git a/build/deps.sh b/build/deps.sh
new file mode 100755
index 0000000000000000000000000000000000000000..569ce57d4b18f6d07d9f4e9af238d516504445ff
--- /dev/null
+++ b/build/deps.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# mongo
+go get gopkg.in/mgo.v2
+
+# grpc
+go get google.golang.org/grpc
diff --git a/net/client.go b/net/client.go
new file mode 100644
index 0000000000000000000000000000000000000000..ebbce6237acb9cf5318f1eb99c9aa7e726551dec
--- /dev/null
+++ b/net/client.go
@@ -0,0 +1,39 @@
+package net
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "log"
+
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/credentials"
+ "google.golang.org/grpc/grpclog"
+)
+
+// Connect to a peer.
+//
+// Given parameters cert/key/ca are PEM-encoded array of bytes.
+// Closing must be defered after call.
+func Connect(addrPort string, cert, key, ca []byte) *grpc.ClientConn {
+ // load peer cert/key, ca as PEM buffers
+ peerCert, err := tls.X509KeyPair(cert, key)
+ if err != nil {
+ log.Fatalf("Load peer cert/key error: %v", err)
+ }
+ caCertPool := x509.NewCertPool()
+ caCertPool.AppendCertsFromPEM(ca)
+
+ // configure transport authentificator
+ ta := credentials.NewTLS(&tls.Config{
+ Certificates: []tls.Certificate{peerCert},
+ RootCAs: caCertPool,
+ })
+
+ // let's do the dialing !
+ con, err := grpc.Dial(addrPort, grpc.WithTransportCredentials(ta))
+ if err != nil {
+ grpclog.Fatalf("Fail to dial: %v", err)
+ }
+
+ return con
+}
diff --git a/net/server.go b/net/server.go
new file mode 100644
index 0000000000000000000000000000000000000000..dca1611f393e1a50fb7ab7272d790440da7cb5a1
--- /dev/null
+++ b/net/server.go
@@ -0,0 +1,57 @@
+package net
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "log"
+ "net"
+
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/credentials"
+ "google.golang.org/grpc/grpclog"
+)
+
+// NewServer creates a new grpc server with given tls credentials.
+//
+// cert/key/ca are PEM-encoded array of bytes.
+//
+// The returned grpcServer must be used in association with server{} to
+// register APIs before calling Listen().
+func NewServer(cert, key, ca []byte) *grpc.Server {
+ // configure gRPC
+ var opts []grpc.ServerOption
+
+ serverCert, err := tls.X509KeyPair(cert, key)
+ if err != nil {
+ log.Fatalf("Load peer cert/key error: %v", err)
+ }
+ caCertPool := x509.NewCertPool()
+ caCertPool.AppendCertsFromPEM(ca)
+
+ // configure transport authentificator
+ ta := credentials.NewTLS(&tls.Config{
+ Certificates: []tls.Certificate{serverCert},
+ RootCAs: caCertPool,
+ ClientCAs: caCertPool,
+ ClientAuth: tls.RequireAndVerifyClientCert,
+ })
+
+ opts = []grpc.ServerOption{grpc.Creds(ta)}
+ return grpc.NewServer(opts...)
+}
+
+// Listen with specified server on addr:port.
+//
+// addrPort is formated as 127.0.0.1:8001.
+func Listen(addrPort string, grpcServer *grpc.Server) {
+ // open tcp socket
+ lis, err := net.Listen("tcp", addrPort)
+ if err != nil {
+ grpclog.Fatalf("Failed to open tcp socket: %v", err)
+ }
+
+ err = grpcServer.Serve(lis)
+ if err != nil {
+ grpclog.Fatalf("Failed to bind gRPC server: %v", err)
+ }
+}