Commit 914e6902 authored by Richer Maximilien's avatar Richer Maximilien

Merge branch '261_platform_start' into 'master'

[Platform] Add the ability to start GRPC server

- Updated net library to take pointers and not array of bytes
- Updated dfssp/authority to give public access in PID
- Updated main for better var management

See merge request !17
parents 26d4a441 744c33b7
Pipeline #203 passed with stage
...@@ -20,8 +20,8 @@ const ( ...@@ -20,8 +20,8 @@ const (
// PlatformID contains platform private key and root certificate // PlatformID contains platform private key and root certificate
type PlatformID struct { type PlatformID struct {
pkey *rsa.PrivateKey Pkey *rsa.PrivateKey
rootCA *x509.Certificate RootCA *x509.Certificate
} }
// GetHomeDir determines the home directory of the current user. // GetHomeDir determines the home directory of the current user.
...@@ -127,8 +127,9 @@ func Start(path string) (*PlatformID, error) { ...@@ -127,8 +127,9 @@ func Start(path string) (*PlatformID, error) {
} }
res := &PlatformID{ res := &PlatformID{
pkey: key, Pkey: key,
rootCA: cert} RootCA: cert,
}
return res, nil return res, nil
} }
...@@ -107,7 +107,7 @@ func TestStart(t *testing.T) { ...@@ -107,7 +107,7 @@ func TestStart(t *testing.T) {
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
if pid == nil || pid.pkey == nil || pid.rootCA == nil { if pid == nil || pid.Pkey == nil || pid.RootCA == nil {
t.Fatal("Data was not recovered from saved files") t.Fatal("Data was not recovered from saved files")
} }
......
...@@ -2,28 +2,29 @@ package main ...@@ -2,28 +2,29 @@ package main
import ( import (
"dfss" "dfss"
"dfss/dfssp/api"
"dfss/dfssp/authority" "dfss/dfssp/authority"
"dfss/mgdb" "dfss/mgdb"
"dfss/net"
"flag" "flag"
"fmt" "fmt"
"os"
"runtime" "runtime"
) )
var ( var (
verbose bool verbose bool
// Private key and certificate path, country, org, unit, cn, port, address, dbURI string
path, country, org, unit, cn string keySize, validity int
keySize, validity int
pid *authority.PlatformID
// MongoDB connection
dbURI string
dbManager *mgdb.MongoManager
) )
func init() { func init() {
flag.BoolVar(&verbose, "v", false, "Print verbose messages") flag.BoolVar(&verbose, "v", false, "Print verbose messages")
flag.StringVar(&port, "p", "9000", "Default port listening")
flag.StringVar(&address, "a", "0.0.0.0", "Default address to bind for listening")
flag.StringVar(&path, "path", authority.GetHomeDir(), "Path for the platform's private key and root certificate") flag.StringVar(&path, "path", authority.GetHomeDir(), "Path for the platform's private key and root certificate")
flag.StringVar(&country, "country", "France", "Country for the root certificate") flag.StringVar(&country, "country", "France", "Country for the root certificate")
flag.StringVar(&org, "org", "DFSS", "Organization for the root certificate") flag.StringVar(&org, "org", "DFSS", "Organization for the root certificate")
...@@ -45,7 +46,7 @@ func init() { ...@@ -45,7 +46,7 @@ func init() {
fmt.Println("\nThe commands are:") fmt.Println("\nThe commands are:")
fmt.Println(" init [cn, country, keySize, org, path, unit, validity]") fmt.Println(" init [cn, country, keySize, org, path, unit, validity]")
fmt.Println(" create and save the platform's private key and root certificate") fmt.Println(" create and save the platform's private key and root certificate")
fmt.Println(" start [path, db]") fmt.Println(" start [path, db, a, p]")
fmt.Println(" start the platform after loading its private key and root certificate") fmt.Println(" start the platform after loading its private key and root certificate")
fmt.Println(" help print this help") fmt.Println(" help print this help")
fmt.Println(" version print dfss client version") fmt.Println(" version print dfss client version")
...@@ -67,28 +68,36 @@ func main() { ...@@ -67,28 +68,36 @@ func main() {
case "init": case "init":
err := authority.Initialize(keySize, validity, country, org, unit, cn, path) err := authority.Initialize(keySize, validity, country, org, unit, cn, path)
if err != nil { if err != nil {
fmt.Println("An error occured during the initialization operation") fmt.Println("An error occured during the initialization operation:", err)
fmt.Println(err) os.Exit(1)
panic(err)
} }
case "start": case "start":
pid, err := authority.Start(path) pid, err := authority.Start(path)
if err != nil { if err != nil {
fmt.Println("An error occured during the private key and root certificate retrieval") fmt.Println("An error occured during the private key and root certificate retrieval:", err)
fmt.Println(err) os.Exit(1)
panic(err)
} }
// TODO: use pid
_ = pid
dbManager, err := mgdb.NewManager(dbURI) dbManager, err := mgdb.NewManager(dbURI)
if err != nil { if err != nil {
fmt.Println("An error occured during the connection to Mongo DB") fmt.Println("An error occured during the connection to MongoDB:", err)
os.Exit(1)
}
server := net.NewServer(pid.RootCA, pid.Pkey, pid.RootCA)
api.RegisterPlatformServer(server, &platformServer{
Pid: pid,
DB: dbManager,
Verbose: verbose,
})
fmt.Println("Listening on " + address + ":" + port)
err = net.Listen(address+":"+port, server)
if err != nil {
fmt.Println(err) fmt.Println(err)
panic(err)
} }
// TODO: use dbManager
_ = dbManager
default: default:
flag.Usage() flag.Usage()
} }
......
package main package main
import ( import (
api "dfss/dfssp/api" "dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/mgdb"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
type server struct{} type platformServer struct {
Pid *authority.PlatformID
DB *mgdb.MongoManager
Verbose bool
}
// Register handler // Register handler
// //
// Handle incoming RegisterRequest messages // Handle incoming RegisterRequest messages
func (s *server) Register(ctx context.Context, in *api.RegisterRequest) (*api.ErrorCode, error) { func (s *platformServer) Register(ctx context.Context, in *api.RegisterRequest) (*api.ErrorCode, error) {
// TODO // TODO
_ = new(server) _ = new(platformServer)
return nil, nil return nil, nil
} }
// Auth handler // Auth handler
// //
// Handle incoming AuthRequest messages // Handle incoming AuthRequest messages
func (s *server) Auth(ctx context.Context, in *api.AuthRequest) (*api.RegisteredUser, error) { func (s *platformServer) Auth(ctx context.Context, in *api.AuthRequest) (*api.RegisteredUser, error) {
// TODO // TODO
return nil, nil return nil, nil
} }
...@@ -27,7 +33,7 @@ func (s *server) Auth(ctx context.Context, in *api.AuthRequest) (*api.Registered ...@@ -27,7 +33,7 @@ func (s *server) Auth(ctx context.Context, in *api.AuthRequest) (*api.Registered
// Unregister handler // Unregister handler
// //
// Handle incoming UnregisterRequest messages // Handle incoming UnregisterRequest messages
func (s *server) Unegister(ctx context.Context, in *api.Empty) (*api.ErrorCode, error) { func (s *platformServer) Unregister(ctx context.Context, in *api.Empty) (*api.ErrorCode, error) {
// TODO // TODO
return nil, nil return nil, nil
} }
...@@ -35,7 +41,7 @@ func (s *server) Unegister(ctx context.Context, in *api.Empty) (*api.ErrorCode, ...@@ -35,7 +41,7 @@ func (s *server) Unegister(ctx context.Context, in *api.Empty) (*api.ErrorCode,
// PostContract handler // PostContract handler
// //
// Handle incoming PostContractRequest messages // Handle incoming PostContractRequest messages
func (s *server) PostContract(ctx context.Context, in *api.PostContractRequest) (*api.ErrorCode, error) { func (s *platformServer) PostContract(ctx context.Context, in *api.PostContractRequest) (*api.ErrorCode, error) {
// TODO // TODO
return nil, nil return nil, nil
} }
...@@ -43,7 +49,7 @@ func (s *server) PostContract(ctx context.Context, in *api.PostContractRequest) ...@@ -43,7 +49,7 @@ func (s *server) PostContract(ctx context.Context, in *api.PostContractRequest)
// JoinSignature handler // JoinSignature handler
// //
// Handle incoming JoinSignatureRequest messages // Handle incoming JoinSignatureRequest messages
func (s *server) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest) (*api.ErrorCode, error) { func (s *platformServer) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest) (*api.ErrorCode, error) {
// TODO // TODO
return nil, nil return nil, nil
} }
...@@ -51,7 +57,7 @@ func (s *server) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest ...@@ -51,7 +57,7 @@ func (s *server) JoinSignature(ctx context.Context, in *api.JoinSignatureRequest
// ReadySign handler // ReadySign handler
// //
// Handle incoming ReadySignRequest messages // Handle incoming ReadySignRequest messages
func (s *server) ReadySign(ctx context.Context, in *api.ReadySignRequest) (*api.ErrorCode, error) { func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest) (*api.ErrorCode, error) {
// TODO // TODO
return nil, nil return nil, nil
} }
package net package net
import ( import (
"crypto/rsa"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
...@@ -13,24 +13,20 @@ import ( ...@@ -13,24 +13,20 @@ import (
// //
// Given parameters cert/key/ca are PEM-encoded array of bytes. // Given parameters cert/key/ca are PEM-encoded array of bytes.
// Closing must be defered after call. // Closing must be defered after call.
func Connect(addrPort string, cert, key, ca []byte) (*grpc.ClientConn, error) { func Connect(addrPort string, cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) (*grpc.ClientConn, error) {
var certificates = make([]tls.Certificate, 1) var certificates = make([]tls.Certificate, 1)
if len(key) > 0 && len(cert) > 0 { if key != nil && cert != nil {
// load peer cert/key, ca as PEM buffers peerCert := tls.Certificate{
peerCert, err := tls.X509KeyPair(cert, key) Certificate: [][]byte{cert.Raw},
if err != nil { PrivateKey: key,
return nil, err
} }
certificates = append(certificates, peerCert) certificates = append(certificates, peerCert)
} }
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(ca) caCertPool.AddCert(ca)
if !ok {
return nil, errors.New("Bad format for CA")
}
// configure transport authentificator // configure transport authentificator
ta := credentials.NewTLS(&tls.Config{ ta := credentials.NewTLS(&tls.Config{
......
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"testing" "testing"
"time" "time"
"dfss/auth"
pb "dfss/net/fixtures" pb "dfss/net/fixtures"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
...@@ -73,7 +74,11 @@ func (s *testServer) Auth(ctx context.Context, in *pb.Empty) (*pb.IsAuth, error) ...@@ -73,7 +74,11 @@ func (s *testServer) Auth(ctx context.Context, in *pb.Empty) (*pb.IsAuth, error)
} }
func startTestServer(c chan bool) { func startTestServer(c chan bool) {
server := NewServer([]byte(caFixture), []byte(serverKeyFixture), []byte(caFixture))
ca, _ := auth.PEMToCertificate([]byte(caFixture))
key, _ := auth.PEMToPrivateKey([]byte(serverKeyFixture))
server := NewServer(ca, key, ca)
pb.RegisterTestServer(server, &testServer{}) pb.RegisterTestServer(server, &testServer{})
go func() { go func() {
_ = Listen("localhost:9000", server) _ = Listen("localhost:9000", server)
...@@ -106,7 +111,11 @@ func TestServerClientAuth(t *testing.T) { ...@@ -106,7 +111,11 @@ func TestServerClientAuth(t *testing.T) {
go startTestServer(c) go startTestServer(c)
time.Sleep(2 * time.Second) time.Sleep(2 * time.Second)
conn, err := Connect("localhost:9000", []byte(clientCertFixture), []byte(clientKeyFixture), []byte(caFixture)) ca, _ := auth.PEMToCertificate([]byte(caFixture))
cert, _ := auth.PEMToCertificate([]byte(clientCertFixture))
key, _ := auth.PEMToPrivateKey([]byte(clientKeyFixture))
conn, err := Connect("localhost:9000", cert, key, ca)
if err != nil { if err != nil {
t.Fatal("Unable to connect:", err) t.Fatal("Unable to connect:", err)
...@@ -127,7 +136,8 @@ func TestServerClientNonAuth(t *testing.T) { ...@@ -127,7 +136,8 @@ func TestServerClientNonAuth(t *testing.T) {
go startTestServer(c) go startTestServer(c)
time.Sleep(2 * time.Second) time.Sleep(2 * time.Second)
conn, err := Connect("localhost:9000", []byte{}, []byte{}, []byte(caFixture)) ca, _ := auth.PEMToCertificate([]byte(caFixture))
conn, err := Connect("localhost:9000", nil, nil, ca)
if err != nil { if err != nil {
t.Fatal("Unable to connect:", err) t.Fatal("Unable to connect:", err)
...@@ -163,8 +173,14 @@ func sharedServerClientTest(t *testing.T, client pb.TestClient, expectedAuth boo ...@@ -163,8 +173,14 @@ func sharedServerClientTest(t *testing.T, client pb.TestClient, expectedAuth boo
func Example() { func Example() {
// Load certs and private keys
ca, _ := auth.PEMToCertificate([]byte(caFixture))
cert, _ := auth.PEMToCertificate([]byte(clientCertFixture))
ckey, _ := auth.PEMToPrivateKey([]byte(clientKeyFixture))
skey, _ := auth.PEMToPrivateKey([]byte(serverKeyFixture))
// Init server // Init server
server := NewServer([]byte(caFixture), []byte(serverKeyFixture), []byte(caFixture)) server := NewServer(ca, skey, ca)
pb.RegisterTestServer(server, &testServer{}) pb.RegisterTestServer(server, &testServer{})
go func() { go func() {
_ = Listen("localhost:9000", server) _ = Listen("localhost:9000", server)
...@@ -175,7 +191,7 @@ func Example() { ...@@ -175,7 +191,7 @@ func Example() {
// Start a client // Start a client
// The second and third arguments can be empty for non-auth connection // The second and third arguments can be empty for non-auth connection
conn, err := Connect("localhost:9000", []byte(clientCertFixture), []byte(clientKeyFixture), []byte(caFixture)) conn, err := Connect("localhost:9000", cert, ckey, ca)
if err != nil { if err != nil {
panic("Unable to connect") panic("Unable to connect")
} }
......
package net package net
import ( import (
"crypto/rsa"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"log"
"net" "net"
"golang.org/x/net/context" "golang.org/x/net/context"
...@@ -18,16 +18,17 @@ import ( ...@@ -18,16 +18,17 @@ import (
// //
// The returned grpcServer must be used in association with server{} to // The returned grpcServer must be used in association with server{} to
// register APIs before calling Listen(). // register APIs before calling Listen().
func NewServer(cert, key, ca []byte) *grpc.Server { func NewServer(cert *x509.Certificate, key *rsa.PrivateKey, ca *x509.Certificate) *grpc.Server {
// configure gRPC // configure gRPC
var opts []grpc.ServerOption var opts []grpc.ServerOption
serverCert, err := tls.X509KeyPair(cert, key) serverCert := tls.Certificate{
if err != nil { Certificate: [][]byte{cert.Raw},
log.Fatalf("Load peer cert/key error: %v", err) PrivateKey: key,
} }
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(ca) caCertPool.AddCert(ca)
// configure transport authentificator // configure transport authentificator
ta := credentials.NewTLS(&tls.Config{ ta := credentials.NewTLS(&tls.Config{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment