updated to embed generated certificate/key files
This commit is contained in:
parent
634de1756a
commit
6ad7ffd1a6
14
Makefile
14
Makefile
@ -12,13 +12,17 @@ SRCS=\
|
|||||||
server-peer.go \
|
server-peer.go \
|
||||||
server-ws.go
|
server-ws.go
|
||||||
|
|
||||||
|
CMD_DATA=\
|
||||||
|
cmd/tls.crt \
|
||||||
|
cmd/tls.key
|
||||||
|
|
||||||
CMD_SRCS=\
|
CMD_SRCS=\
|
||||||
cmd/config.go \
|
cmd/config.go \
|
||||||
cmd/main.go
|
cmd/main.go \
|
||||||
|
|
||||||
all: hodu
|
all: hodu
|
||||||
|
|
||||||
hodu: $(SRCS) $(CMD_SRCS)
|
hodu: $(SRCS) $(CMD_DATA) $(CMD_SRCS)
|
||||||
CGO_ENABLED=0 go build -x -o $@ $(CMD_SRCS)
|
CGO_ENABLED=0 go build -x -o $@ $(CMD_SRCS)
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
@ -35,4 +39,10 @@ hodu_grpc.pb.go: hodu.proto
|
|||||||
--go-grpc_out=. --go-grpc_opt=paths=source_relative \
|
--go-grpc_out=. --go-grpc_opt=paths=source_relative \
|
||||||
hodu.proto
|
hodu.proto
|
||||||
|
|
||||||
|
cmd/tls.crt:
|
||||||
|
openssl req -x509 -newkey rsa:4096 -keyout cmd/tls.key -out cmd/tls.crt -sha256 -days 36500 -nodes -subj "/CN=hodu"
|
||||||
|
|
||||||
|
cmd/tls.key:
|
||||||
|
openssl req -x509 -newkey rsa:4096 -keyout cmd/tls.key -out cmd/tls.crt -sha256 -days 36500 -nodes -subj "/CN=hodu"
|
||||||
|
|
||||||
.PHONY: clean
|
.PHONY: clean
|
||||||
|
|||||||
@ -32,6 +32,7 @@ type ClientTLSConfig struct {
|
|||||||
KeyText string `yaml:"key-text"`
|
KeyText string `yaml:"key-text"`
|
||||||
ServerCACertFile string `yaml:"server-ca-cert-file"`
|
ServerCACertFile string `yaml:"server-ca-cert-file"`
|
||||||
ServerCACertText string `yaml:"server-ca-cert-text"`
|
ServerCACertText string `yaml:"server-ca-cert-text"`
|
||||||
|
InsecureSkipVerify bool `yaml:"skip-verify"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type ServerConfig struct {
|
type ServerConfig struct {
|
||||||
|
|||||||
42
cmd/main.go
42
cmd/main.go
@ -3,6 +3,7 @@ package main
|
|||||||
import "context"
|
import "context"
|
||||||
import "crypto/tls"
|
import "crypto/tls"
|
||||||
import "crypto/x509"
|
import "crypto/x509"
|
||||||
|
import _ "embed"
|
||||||
import "flag"
|
import "flag"
|
||||||
import "fmt"
|
import "fmt"
|
||||||
import "hodu"
|
import "hodu"
|
||||||
@ -17,35 +18,13 @@ import "sync"
|
|||||||
import "syscall"
|
import "syscall"
|
||||||
import "time"
|
import "time"
|
||||||
|
|
||||||
|
//go:embed tls.crt
|
||||||
|
var hodu_tls_cert_text []byte
|
||||||
|
//go:embed tls.key
|
||||||
|
var hodul_tls_key_text []byte
|
||||||
|
|
||||||
// --------------------------------------------------------------------
|
// --------------------------------------------------------------------
|
||||||
|
|
||||||
const rootKey = `-----BEGIN EC PARAMETERS-----
|
|
||||||
BggqhkjOPQMBBw==
|
|
||||||
-----END EC PARAMETERS-----
|
|
||||||
-----BEGIN EC PRIVATE KEY-----
|
|
||||||
MHcCAQEEIHg+g2unjA5BkDtXSN9ShN7kbPlbCcqcYdDu+QeV8XWuoAoGCCqGSM49
|
|
||||||
AwEHoUQDQgAEcZpodWh3SEs5Hh3rrEiu1LZOYSaNIWO34MgRxvqwz1FMpLxNlx0G
|
|
||||||
cSqrxhPubawptX5MSr02ft32kfOlYbaF5Q==
|
|
||||||
-----END EC PRIVATE KEY-----
|
|
||||||
`
|
|
||||||
|
|
||||||
const rootCert = `-----BEGIN CERTIFICATE-----
|
|
||||||
MIIB+TCCAZ+gAwIBAgIJAL05LKXo6PrrMAoGCCqGSM49BAMCMFkxCzAJBgNVBAYT
|
|
||||||
AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
|
|
||||||
aXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTEyMDgxNDAxMTNa
|
|
||||||
Fw0yNTEyMDUxNDAxMTNaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
|
|
||||||
YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMM
|
|
||||||
CWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHGaaHVod0hLOR4d
|
|
||||||
66xIrtS2TmEmjSFjt+DIEcb6sM9RTKS8TZcdBnEqq8YT7m2sKbV+TEq9Nn7d9pHz
|
|
||||||
pWG2heWjUDBOMB0GA1UdDgQWBBR0fqrecDJ44D/fiYJiOeBzfoqEijAfBgNVHSME
|
|
||||||
GDAWgBR0fqrecDJ44D/fiYJiOeBzfoqEijAMBgNVHRMEBTADAQH/MAoGCCqGSM49
|
|
||||||
BAMCA0gAMEUCIEKzVMF3JqjQjuM2rX7Rx8hancI5KJhwfeKu1xbyR7XaAiEA2UT7
|
|
||||||
1xOP035EcraRmWPe7tO0LpXgMxlh2VItpc2uc2w=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
`
|
|
||||||
// --------------------------------------------------------------------
|
|
||||||
|
|
||||||
type AppLogger struct {
|
type AppLogger struct {
|
||||||
id string
|
id string
|
||||||
out io.Writer
|
out io.Writer
|
||||||
@ -176,7 +155,7 @@ func tls_string_to_client_auth_type(str string) tls.ClientAuthType {
|
|||||||
|
|
||||||
// --------------------------------------------------------------------
|
// --------------------------------------------------------------------
|
||||||
|
|
||||||
func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
||||||
var tlscfg *tls.Config
|
var tlscfg *tls.Config
|
||||||
|
|
||||||
if cfg.Enabled {
|
if cfg.Enabled {
|
||||||
@ -190,7 +169,7 @@ func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
|||||||
cert, err = tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
|
cert, err = tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
|
||||||
} else {
|
} else {
|
||||||
// use the embedded certificate
|
// use the embedded certificate
|
||||||
cert, err = tls.X509KeyPair([]byte(rootCert), []byte(rootKey))
|
cert, err = tls.X509KeyPair(hodu_tls_cert_text, hodul_tls_key_text)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to load key pair - %s", err)
|
return nil, fmt.Errorf("failed to load key pair - %s", err)
|
||||||
@ -230,7 +209,6 @@ func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
|||||||
Certificates: []tls.Certificate{cert},
|
Certificates: []tls.Certificate{cert},
|
||||||
ClientAuth: tls_string_to_client_auth_type(cfg.ClientAuthType),
|
ClientAuth: tls_string_to_client_auth_type(cfg.ClientAuthType),
|
||||||
ClientCAs: cert_pool, // trusted CA certs for client certificate verification
|
ClientCAs: cert_pool, // trusted CA certs for client certificate verification
|
||||||
//ServerName: "hodu",
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -243,7 +221,7 @@ func server_main(ctl_addrs []string, svcaddrs []string, cfg *ServerConfig) error
|
|||||||
var err error
|
var err error
|
||||||
|
|
||||||
if cfg != nil {
|
if cfg != nil {
|
||||||
tlscfg, err = make_server_tls_config(&cfg.TLS)
|
tlscfg, err = make_tls_server_config(&cfg.TLS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -276,7 +254,7 @@ func client_main(ctl_addrs []string, server_addr string, peer_addrs []string, cf
|
|||||||
var err error
|
var err error
|
||||||
|
|
||||||
if cfg != nil {
|
if cfg != nil {
|
||||||
tlscfg, err = make_server_tls_config(&cfg.TLS)
|
tlscfg, err = make_tls_server_config(&cfg.TLS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -405,7 +383,7 @@ func main() {
|
|||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
|
|
||||||
wrong_usage:
|
wrong_usage:
|
||||||
fmt.Fprintf(os.Stderr, "USAGE: %s server --rpc-on=addr:port --ctl-on=addr:port \n", os.Args[0])
|
fmt.Fprintf(os.Stderr, "USAGE: %s server --rpc-on=addr:port --ctl-on=addr:port\n", os.Args[0])
|
||||||
fmt.Fprintf(os.Stderr, " %s client --rpc-server=addr:port --ctl-on=addr:port [peer-addr:peer-port ...]\n", os.Args[0])
|
fmt.Fprintf(os.Stderr, " %s client --rpc-server=addr:port --ctl-on=addr:port [peer-addr:peer-port ...]\n", os.Args[0])
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
|
|
||||||
|
|||||||
29
cmd/tls.crt
Normal file
29
cmd/tls.crt
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFATCCAumgAwIBAgIUYf8nD4uZJgKt00E1vhq2Kmbc3S8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwDzENMAsGA1UEAwwEaG9kdTAgFw0yNDEyMDcwMzQwMzFaGA8yMTI0MTExMzAz
|
||||||
|
NDAzMVowDzENMAsGA1UEAwwEaG9kdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
|
||||||
|
AgoCggIBAI8fLL9mkZH38Hu0zftteEKbDU7fsWLhUBg+vvPthIkEFowpWWrp6Pf7
|
||||||
|
l2fu6jfAh8NzxFCafhrCMNqtN6dvCJQ8chB4E9fT2hWtbkZE+YnbQo7zundXelza
|
||||||
|
CxnTE9f1r+LJ9CfymuA+2hz5RG+gU+k+JT2d0GpwSiCuUt2NnfGUOWfFdNTAxsbX
|
||||||
|
pffCdjeyjlbrjkZKpNpWudmE0XcAJH/CGq0Y3SCjuU4tDKJ6aJ0ozLbUxP8UTOgr
|
||||||
|
jl8W6vtIbpc/Epk8K2ylugZdjLHcTH0DjcWPO8IsGSxVjgppsMYoBO0iM4KkNpD7
|
||||||
|
PaJkofyeUkqkJ7vHQ/1MBx2yMGkfVdnwCCT6HZOohIdNk7Y2Azl8o9+Q2tBT/sGh
|
||||||
|
UhCCtm3uFNiGjj6CoGsbmsu2SVS3AIJtkgDFcuFNIOiqxk322GY8kwZVLYMm0t77
|
||||||
|
z3utOKm3zIedqh4yDtfYlIUmTASzXTXEmzQYOCvZyCYFtcqR3Q5uCu5e9grimkkl
|
||||||
|
4WkaWOxdsHrACpmEJbpd+4l/mwg+WYPpWA81OnWfmO0qTRew6OGF5iaYtdF+5sPW
|
||||||
|
lUvL5Y1k/TRMUd1cbsOhe0Hnb2QJYlNxxn3aI2jflhc8kVnSd3BfFn8qSzEooj7C
|
||||||
|
zLiZS+Wmzxo5f1Wlb9KIyljODpeIp7o7f4IsySW7uq0hncxcDe8lAgMBAAGjUzBR
|
||||||
|
MB0GA1UdDgQWBBTsf09ZVNMHbhXGpxWD/lcAIUmlRDAfBgNVHSMEGDAWgBTsf09Z
|
||||||
|
VNMHbhXGpxWD/lcAIUmlRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4ICAQAok06886mPX617Eg5SQw8JlZujt3FXxWWTeBuZJkOraZ2sirsocYh0ep28
|
||||||
|
3FDYWFHJjHmHaGnfjmbDuQaZ8+dbGxr9vwCott7yw71q0FqZTjmAqdvmyLPeaYfA
|
||||||
|
r2vdyNTWe9zI/7c0k8KnyNhsqXoDbmuQ65vUnXHe0r1u1WSlFj40rcpzSYwQ5F4S
|
||||||
|
iZ3JymJkTTyxyeNjngTmBaxEhe7cP5S7bsmL5lsDLQgXVaJAJaQqIbrt8H9Snp1a
|
||||||
|
9GG0+NgAevFonazwTJXj+QyYyWYD0uGHSR9gQtUL8okZhf+WtW1yIN9pWs8clVJc
|
||||||
|
fmDklOfvpDmOQuYG10fUHH1NoyciPnQMWQWXI9Zvy3pd4qg/9DYKY54I8Y2J80Vn
|
||||||
|
G/JqXjLCGp7IdB3lrLRe3XAca1SBbgCh3FhqD/W8Qb8aJLx2E6eDwZmW0ophpxXQ
|
||||||
|
6zIsK+60Aruk8pHnsqc+n4rXGXprboMk5aF5tjhnLncF/D6/qvxEJN85RHCZfvOs
|
||||||
|
hoWNe9jjPEvCUPB23kDBPLxxPEzJm3y4pvwmvImvV2+N6akRqGa3LbupJEqtVBKd
|
||||||
|
/6IpFjzTQTPiq024jtZTVbx3vqdupWNcZcTkcdb4GfhgtNu3RYssqheknRIsjisF
|
||||||
|
1TlVrONqaIsFe9V5UW3fqa/4h6S6pO99pcNSzJn3VSRkJhZoaw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
52
cmd/tls.key
Normal file
52
cmd/tls.key
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCPHyy/ZpGR9/B7
|
||||||
|
tM37bXhCmw1O37Fi4VAYPr7z7YSJBBaMKVlq6ej3+5dn7uo3wIfDc8RQmn4awjDa
|
||||||
|
rTenbwiUPHIQeBPX09oVrW5GRPmJ20KO87p3V3pc2gsZ0xPX9a/iyfQn8prgPtoc
|
||||||
|
+URvoFPpPiU9ndBqcEogrlLdjZ3xlDlnxXTUwMbG16X3wnY3so5W645GSqTaVrnZ
|
||||||
|
hNF3ACR/whqtGN0go7lOLQyiemidKMy21MT/FEzoK45fFur7SG6XPxKZPCtspboG
|
||||||
|
XYyx3Ex9A43FjzvCLBksVY4KabDGKATtIjOCpDaQ+z2iZKH8nlJKpCe7x0P9TAcd
|
||||||
|
sjBpH1XZ8Agk+h2TqISHTZO2NgM5fKPfkNrQU/7BoVIQgrZt7hTYho4+gqBrG5rL
|
||||||
|
tklUtwCCbZIAxXLhTSDoqsZN9thmPJMGVS2DJtLe+897rTipt8yHnaoeMg7X2JSF
|
||||||
|
JkwEs101xJs0GDgr2cgmBbXKkd0ObgruXvYK4ppJJeFpGljsXbB6wAqZhCW6XfuJ
|
||||||
|
f5sIPlmD6VgPNTp1n5jtKk0XsOjhheYmmLXRfubD1pVLy+WNZP00TFHdXG7DoXtB
|
||||||
|
529kCWJTccZ92iNo35YXPJFZ0ndwXxZ/KksxKKI+wsy4mUvlps8aOX9VpW/SiMpY
|
||||||
|
zg6XiKe6O3+CLMklu7qtIZ3MXA3vJQIDAQABAoICABHsNn9Vid88rFnhf3X/9HJq
|
||||||
|
1lTNQHqAerY+jU0grls2LtioiPERj8IWOJSkX6JRsu6v/aKWZjpVnSaVUIXgKrPd
|
||||||
|
ie80ClAZ0JKsYEXed11jHsemD/DH/KPKDl/ShgaiVr9QyQmDoQ9573h3YrGT404v
|
||||||
|
IRzBOYtKuo2zJt9lz6SkCjhLiuDlrz7RXJBVQtagvqB16SA2UsSg3a82qcB8PRXe
|
||||||
|
qdaJaY+f0SHQFGf4akdcB57RsEW9NhBQ/Ag+Z3jGTksUc/DKjymQ62XGq0rOqqlx
|
||||||
|
G3zk/ffH6/MYV6xIJgH6mvtTMB4pEEhBnitK7NokvWtpeSxTvNjof2+hk9xmNyre
|
||||||
|
qSgipEgjTtyScKGjLyDP0UwuFAO1CDrHKvSqXEA3lWLUCjE/+K3DxwnUhl1nDNSn
|
||||||
|
Hn2PBwkBimyAVQc5YoGecNTam0VjDVlmp621zxmFyT56c5VxVHC4UF2V2XxzivlV
|
||||||
|
PewfTTDZJm5/B3v/mH6WPc9qPYDHiEo2T9Nb2a/toEJIAlEiz+9g/wyw9EiP4Pjp
|
||||||
|
az91bwMvvlmMu8zpFbe3GU1fkjJ6HXbwwTAj4SAWlNQHQKL5WYeD9pGw+hPTaaO/
|
||||||
|
JFEt2idDUw3wi1pClUZ8zZeNjsk1RiGErFNMPEeekeGNp9A5YfuBHKbDljDBGKBP
|
||||||
|
y+IxT7Tn15LqKg9HNIlhAoIBAQDCDiBTvNf+chYXrbQxAkgCgKRVrHPxYKg0SxdD
|
||||||
|
KJy2LRVilTo31c9FTk2RFLSoA+YKqIk34Z4DCH8Ilc/BUjvgMba2alugPYHhUTzf
|
||||||
|
SvBHkWVoG6/PJkiqty/AGQE6ODAYEgM2rSj/XtYx6mAInbtU/fInys52WYfVHT1O
|
||||||
|
mx4H7vTWQ3dkMGtcKxyU5JZAZY91O3dW2rR7lDmsbCr/ar4EHHh0Im+cdlgc/DBQ
|
||||||
|
9l4wG8RMMcRz7DTq+yRa/IrLUjW/kSapdRYFQ1ZON0W+ogdgOnnCNC0xCyYlB1L3
|
||||||
|
E5BPS0VYkBbYbGJIolV1NUB5gz/UNpixlbWL4TolcHhJ1LZNAoIBAQC8ztqDvaHh
|
||||||
|
cH4Vc5cIoR5tgEeiXHCA0HNXsxnluJiLy50KbNOwQ505/1VzxjxiY6Z2lxi93d8c
|
||||||
|
cl8hEMifVriSJIHDwNCstZpdvhX1LNkyQgzaANmZV/qNf9IKDaKWU/CspxfzcB5C
|
||||||
|
1h+msLbU1/IYogEceGgXf+2/ICNSTlxYrqd/4/txDrmQaidbSeDAvGAue/QlqpEc
|
||||||
|
e/FAQwGQoIT9j4WglLDi6KrqOUk88h4XP/7MivUBctcomfQzdmkmr1nHyraamgNz
|
||||||
|
uE823b/ry+TkJ+b9Jm6dHsqr4Alg+kuVSt6YFnVh3AOiUME97lJ+/QGkgqaBCYIb
|
||||||
|
D1upNG00Urg5AoIBADt2fK1sJnuPlfl3fsmtu0cZCEJAb969EY3EnMI1hZ/FPNJS
|
||||||
|
i95kI/lGvzn/sEPzvd/yOOnotrSTO+nzjg/dFP/j++r1uFHnxw62CAMcQXiMsxgt
|
||||||
|
s7e0MXwuWfFxOBEQ+pvFmTp94RwvgU8WVIsPWkH29ub+nDljwd2p8glOOuuPa3Lk
|
||||||
|
hYcr1xoNE9sEGI5vEICJ0k3JApkDmJCfLKXLnaJA3yAnFTBKi0GGfX+xnrb7KzF1
|
||||||
|
5o7nCGggwMkorZcT/+hNoB05BaBjO+UHxtVdbQktofXCaz6l/fBGyENxuTyzAfLb
|
||||||
|
ZES5IXzEUY9y2+jgMQTkHfH8v/6260xhpFprVdkCggEALzlt3lWoD8MbRjJLLJVg
|
||||||
|
DvNu92U3noCE2QKrD5JEVXLwLJNbv1KqGL+MmBCVOebC1Bam0ZaVH4Bb2uFfzLrc
|
||||||
|
H3GSI2wuxYQGwDuzMketa6ypmj1sL7aZrJqz5l/Sstb787M3gmQgrYbxE7hPgp0g
|
||||||
|
qJicvoo/PuF4jb10GDoRTv0gWBSl53lPYJeskGDCHnL/e6D1SBaJhR5bET+xPINp
|
||||||
|
wCINwkRumdKoLT123A+TBy2yhWacMWiP+E/JjLWpR0vEoPxLABBVnLQU3BxKzKeK
|
||||||
|
8KYqWFcsg5AYETVQIzl3fjfjxRaY9YkaP5cDPoJFkA2oQ4WKL+w45pvIyWGbjuLB
|
||||||
|
wQKCAQAXxB4nKdcN8eQZx5tSus97yf7yPm0HSEEzNy6rnbqtS3uX3/KEYFACBoTP
|
||||||
|
C5kpuNYEXHp8LgWhnnT/gtSLLQHSiTULKKKc7tm15zYMSRcWH7qHDTgzUE3FxfQu
|
||||||
|
JUXssKeN0JDbm6HoEma53uFYw5XSRB3Odg1mszoyO0fD4xBqo6jay8d/8oi4SfLf
|
||||||
|
mxV1kMKzW2tr0iyQIt3O/gehsMwtiK3u923CMrtmvDSJpUxHZh5QWte8FcHPeo6g
|
||||||
|
cuK6DBook4bA4tMyXnH5LszXL5pwbeTGddiCoc8EbI1WJKBByHizTWYAVl0znXg7
|
||||||
|
cE9VuuHZqcE0fWokNG7bO3t6lqPg
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
Loading…
x
Reference in New Issue
Block a user