updated to embed generated certificate/key files
This commit is contained in:
parent
634de1756a
commit
6ad7ffd1a6
14
Makefile
14
Makefile
@ -12,13 +12,17 @@ SRCS=\
|
||||
server-peer.go \
|
||||
server-ws.go
|
||||
|
||||
CMD_DATA=\
|
||||
cmd/tls.crt \
|
||||
cmd/tls.key
|
||||
|
||||
CMD_SRCS=\
|
||||
cmd/config.go \
|
||||
cmd/main.go
|
||||
cmd/main.go \
|
||||
|
||||
all: hodu
|
||||
|
||||
hodu: $(SRCS) $(CMD_SRCS)
|
||||
hodu: $(SRCS) $(CMD_DATA) $(CMD_SRCS)
|
||||
CGO_ENABLED=0 go build -x -o $@ $(CMD_SRCS)
|
||||
|
||||
clean:
|
||||
@ -35,4 +39,10 @@ hodu_grpc.pb.go: hodu.proto
|
||||
--go-grpc_out=. --go-grpc_opt=paths=source_relative \
|
||||
hodu.proto
|
||||
|
||||
cmd/tls.crt:
|
||||
openssl req -x509 -newkey rsa:4096 -keyout cmd/tls.key -out cmd/tls.crt -sha256 -days 36500 -nodes -subj "/CN=hodu"
|
||||
|
||||
cmd/tls.key:
|
||||
openssl req -x509 -newkey rsa:4096 -keyout cmd/tls.key -out cmd/tls.crt -sha256 -days 36500 -nodes -subj "/CN=hodu"
|
||||
|
||||
.PHONY: clean
|
||||
|
||||
@ -25,13 +25,14 @@ type ServerTLSConfig struct {
|
||||
}
|
||||
|
||||
type ClientTLSConfig struct {
|
||||
Enabled bool `yaml:"enabled"`
|
||||
CertFile string `yaml:"cert-file"`
|
||||
KeyFile string `yaml:"key-file"`
|
||||
CertText string `yaml:"cert-text"`
|
||||
KeyText string `yaml:"key-text"`
|
||||
ServerCACertFile string `yaml:"server-ca-cert-file"`
|
||||
ServerCACertText string `yaml:"server-ca-cert-text"`
|
||||
Enabled bool `yaml:"enabled"`
|
||||
CertFile string `yaml:"cert-file"`
|
||||
KeyFile string `yaml:"key-file"`
|
||||
CertText string `yaml:"cert-text"`
|
||||
KeyText string `yaml:"key-text"`
|
||||
ServerCACertFile string `yaml:"server-ca-cert-file"`
|
||||
ServerCACertText string `yaml:"server-ca-cert-text"`
|
||||
InsecureSkipVerify bool `yaml:"skip-verify"`
|
||||
}
|
||||
|
||||
type ServerConfig struct {
|
||||
|
||||
44
cmd/main.go
44
cmd/main.go
@ -3,6 +3,7 @@ package main
|
||||
import "context"
|
||||
import "crypto/tls"
|
||||
import "crypto/x509"
|
||||
import _ "embed"
|
||||
import "flag"
|
||||
import "fmt"
|
||||
import "hodu"
|
||||
@ -17,35 +18,13 @@ import "sync"
|
||||
import "syscall"
|
||||
import "time"
|
||||
|
||||
//go:embed tls.crt
|
||||
var hodu_tls_cert_text []byte
|
||||
//go:embed tls.key
|
||||
var hodul_tls_key_text []byte
|
||||
|
||||
// --------------------------------------------------------------------
|
||||
|
||||
const rootKey = `-----BEGIN EC PARAMETERS-----
|
||||
BggqhkjOPQMBBw==
|
||||
-----END EC PARAMETERS-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIHg+g2unjA5BkDtXSN9ShN7kbPlbCcqcYdDu+QeV8XWuoAoGCCqGSM49
|
||||
AwEHoUQDQgAEcZpodWh3SEs5Hh3rrEiu1LZOYSaNIWO34MgRxvqwz1FMpLxNlx0G
|
||||
cSqrxhPubawptX5MSr02ft32kfOlYbaF5Q==
|
||||
-----END EC PRIVATE KEY-----
|
||||
`
|
||||
|
||||
const rootCert = `-----BEGIN CERTIFICATE-----
|
||||
MIIB+TCCAZ+gAwIBAgIJAL05LKXo6PrrMAoGCCqGSM49BAMCMFkxCzAJBgNVBAYT
|
||||
AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
|
||||
aXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTEyMDgxNDAxMTNa
|
||||
Fw0yNTEyMDUxNDAxMTNaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
|
||||
YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMM
|
||||
CWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHGaaHVod0hLOR4d
|
||||
66xIrtS2TmEmjSFjt+DIEcb6sM9RTKS8TZcdBnEqq8YT7m2sKbV+TEq9Nn7d9pHz
|
||||
pWG2heWjUDBOMB0GA1UdDgQWBBR0fqrecDJ44D/fiYJiOeBzfoqEijAfBgNVHSME
|
||||
GDAWgBR0fqrecDJ44D/fiYJiOeBzfoqEijAMBgNVHRMEBTADAQH/MAoGCCqGSM49
|
||||
BAMCA0gAMEUCIEKzVMF3JqjQjuM2rX7Rx8hancI5KJhwfeKu1xbyR7XaAiEA2UT7
|
||||
1xOP035EcraRmWPe7tO0LpXgMxlh2VItpc2uc2w=
|
||||
-----END CERTIFICATE-----
|
||||
`
|
||||
// --------------------------------------------------------------------
|
||||
|
||||
type AppLogger struct {
|
||||
id string
|
||||
out io.Writer
|
||||
@ -176,7 +155,7 @@ func tls_string_to_client_auth_type(str string) tls.ClientAuthType {
|
||||
|
||||
// --------------------------------------------------------------------
|
||||
|
||||
func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
||||
func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
||||
var tlscfg *tls.Config
|
||||
|
||||
if cfg.Enabled {
|
||||
@ -190,7 +169,7 @@ func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
||||
cert, err = tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
|
||||
} else {
|
||||
// use the embedded certificate
|
||||
cert, err = tls.X509KeyPair([]byte(rootCert), []byte(rootKey))
|
||||
cert, err = tls.X509KeyPair(hodu_tls_cert_text, hodul_tls_key_text)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load key pair - %s", err)
|
||||
@ -230,7 +209,6 @@ func make_server_tls_config(cfg *ServerTLSConfig) (*tls.Config, error) {
|
||||
Certificates: []tls.Certificate{cert},
|
||||
ClientAuth: tls_string_to_client_auth_type(cfg.ClientAuthType),
|
||||
ClientCAs: cert_pool, // trusted CA certs for client certificate verification
|
||||
//ServerName: "hodu",
|
||||
}
|
||||
}
|
||||
|
||||
@ -243,7 +221,7 @@ func server_main(ctl_addrs []string, svcaddrs []string, cfg *ServerConfig) error
|
||||
var err error
|
||||
|
||||
if cfg != nil {
|
||||
tlscfg, err = make_server_tls_config(&cfg.TLS)
|
||||
tlscfg, err = make_tls_server_config(&cfg.TLS)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -276,7 +254,7 @@ func client_main(ctl_addrs []string, server_addr string, peer_addrs []string, cf
|
||||
var err error
|
||||
|
||||
if cfg != nil {
|
||||
tlscfg, err = make_server_tls_config(&cfg.TLS)
|
||||
tlscfg, err = make_tls_server_config(&cfg.TLS)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -405,8 +383,8 @@ func main() {
|
||||
os.Exit(0)
|
||||
|
||||
wrong_usage:
|
||||
fmt.Fprintf(os.Stderr, "USAGE: %s server --rpc-on=addr:port --ctl-on=addr:port \n", os.Args[0])
|
||||
fmt.Fprintf(os.Stderr, " %s client --rpc-server=addr:port --ctl-on=addr:port [peer-addr:peer-port ...]\n", os.Args[0])
|
||||
fmt.Fprintf(os.Stderr, "USAGE: %s server --rpc-on=addr:port --ctl-on=addr:port\n", os.Args[0])
|
||||
fmt.Fprintf(os.Stderr, " %s client --rpc-server=addr:port --ctl-on=addr:port [peer-addr:peer-port ...]\n", os.Args[0])
|
||||
os.Exit(1)
|
||||
|
||||
oops:
|
||||
|
||||
29
cmd/tls.crt
Normal file
29
cmd/tls.crt
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFATCCAumgAwIBAgIUYf8nD4uZJgKt00E1vhq2Kmbc3S8wDQYJKoZIhvcNAQEL
|
||||
BQAwDzENMAsGA1UEAwwEaG9kdTAgFw0yNDEyMDcwMzQwMzFaGA8yMTI0MTExMzAz
|
||||
NDAzMVowDzENMAsGA1UEAwwEaG9kdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
|
||||
AgoCggIBAI8fLL9mkZH38Hu0zftteEKbDU7fsWLhUBg+vvPthIkEFowpWWrp6Pf7
|
||||
l2fu6jfAh8NzxFCafhrCMNqtN6dvCJQ8chB4E9fT2hWtbkZE+YnbQo7zundXelza
|
||||
CxnTE9f1r+LJ9CfymuA+2hz5RG+gU+k+JT2d0GpwSiCuUt2NnfGUOWfFdNTAxsbX
|
||||
pffCdjeyjlbrjkZKpNpWudmE0XcAJH/CGq0Y3SCjuU4tDKJ6aJ0ozLbUxP8UTOgr
|
||||
jl8W6vtIbpc/Epk8K2ylugZdjLHcTH0DjcWPO8IsGSxVjgppsMYoBO0iM4KkNpD7
|
||||
PaJkofyeUkqkJ7vHQ/1MBx2yMGkfVdnwCCT6HZOohIdNk7Y2Azl8o9+Q2tBT/sGh
|
||||
UhCCtm3uFNiGjj6CoGsbmsu2SVS3AIJtkgDFcuFNIOiqxk322GY8kwZVLYMm0t77
|
||||
z3utOKm3zIedqh4yDtfYlIUmTASzXTXEmzQYOCvZyCYFtcqR3Q5uCu5e9grimkkl
|
||||
4WkaWOxdsHrACpmEJbpd+4l/mwg+WYPpWA81OnWfmO0qTRew6OGF5iaYtdF+5sPW
|
||||
lUvL5Y1k/TRMUd1cbsOhe0Hnb2QJYlNxxn3aI2jflhc8kVnSd3BfFn8qSzEooj7C
|
||||
zLiZS+Wmzxo5f1Wlb9KIyljODpeIp7o7f4IsySW7uq0hncxcDe8lAgMBAAGjUzBR
|
||||
MB0GA1UdDgQWBBTsf09ZVNMHbhXGpxWD/lcAIUmlRDAfBgNVHSMEGDAWgBTsf09Z
|
||||
VNMHbhXGpxWD/lcAIUmlRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
|
||||
A4ICAQAok06886mPX617Eg5SQw8JlZujt3FXxWWTeBuZJkOraZ2sirsocYh0ep28
|
||||
3FDYWFHJjHmHaGnfjmbDuQaZ8+dbGxr9vwCott7yw71q0FqZTjmAqdvmyLPeaYfA
|
||||
r2vdyNTWe9zI/7c0k8KnyNhsqXoDbmuQ65vUnXHe0r1u1WSlFj40rcpzSYwQ5F4S
|
||||
iZ3JymJkTTyxyeNjngTmBaxEhe7cP5S7bsmL5lsDLQgXVaJAJaQqIbrt8H9Snp1a
|
||||
9GG0+NgAevFonazwTJXj+QyYyWYD0uGHSR9gQtUL8okZhf+WtW1yIN9pWs8clVJc
|
||||
fmDklOfvpDmOQuYG10fUHH1NoyciPnQMWQWXI9Zvy3pd4qg/9DYKY54I8Y2J80Vn
|
||||
G/JqXjLCGp7IdB3lrLRe3XAca1SBbgCh3FhqD/W8Qb8aJLx2E6eDwZmW0ophpxXQ
|
||||
6zIsK+60Aruk8pHnsqc+n4rXGXprboMk5aF5tjhnLncF/D6/qvxEJN85RHCZfvOs
|
||||
hoWNe9jjPEvCUPB23kDBPLxxPEzJm3y4pvwmvImvV2+N6akRqGa3LbupJEqtVBKd
|
||||
/6IpFjzTQTPiq024jtZTVbx3vqdupWNcZcTkcdb4GfhgtNu3RYssqheknRIsjisF
|
||||
1TlVrONqaIsFe9V5UW3fqa/4h6S6pO99pcNSzJn3VSRkJhZoaw==
|
||||
-----END CERTIFICATE-----
|
||||
52
cmd/tls.key
Normal file
52
cmd/tls.key
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCPHyy/ZpGR9/B7
|
||||
tM37bXhCmw1O37Fi4VAYPr7z7YSJBBaMKVlq6ej3+5dn7uo3wIfDc8RQmn4awjDa
|
||||
rTenbwiUPHIQeBPX09oVrW5GRPmJ20KO87p3V3pc2gsZ0xPX9a/iyfQn8prgPtoc
|
||||
+URvoFPpPiU9ndBqcEogrlLdjZ3xlDlnxXTUwMbG16X3wnY3so5W645GSqTaVrnZ
|
||||
hNF3ACR/whqtGN0go7lOLQyiemidKMy21MT/FEzoK45fFur7SG6XPxKZPCtspboG
|
||||
XYyx3Ex9A43FjzvCLBksVY4KabDGKATtIjOCpDaQ+z2iZKH8nlJKpCe7x0P9TAcd
|
||||
sjBpH1XZ8Agk+h2TqISHTZO2NgM5fKPfkNrQU/7BoVIQgrZt7hTYho4+gqBrG5rL
|
||||
tklUtwCCbZIAxXLhTSDoqsZN9thmPJMGVS2DJtLe+897rTipt8yHnaoeMg7X2JSF
|
||||
JkwEs101xJs0GDgr2cgmBbXKkd0ObgruXvYK4ppJJeFpGljsXbB6wAqZhCW6XfuJ
|
||||
f5sIPlmD6VgPNTp1n5jtKk0XsOjhheYmmLXRfubD1pVLy+WNZP00TFHdXG7DoXtB
|
||||
529kCWJTccZ92iNo35YXPJFZ0ndwXxZ/KksxKKI+wsy4mUvlps8aOX9VpW/SiMpY
|
||||
zg6XiKe6O3+CLMklu7qtIZ3MXA3vJQIDAQABAoICABHsNn9Vid88rFnhf3X/9HJq
|
||||
1lTNQHqAerY+jU0grls2LtioiPERj8IWOJSkX6JRsu6v/aKWZjpVnSaVUIXgKrPd
|
||||
ie80ClAZ0JKsYEXed11jHsemD/DH/KPKDl/ShgaiVr9QyQmDoQ9573h3YrGT404v
|
||||
IRzBOYtKuo2zJt9lz6SkCjhLiuDlrz7RXJBVQtagvqB16SA2UsSg3a82qcB8PRXe
|
||||
qdaJaY+f0SHQFGf4akdcB57RsEW9NhBQ/Ag+Z3jGTksUc/DKjymQ62XGq0rOqqlx
|
||||
G3zk/ffH6/MYV6xIJgH6mvtTMB4pEEhBnitK7NokvWtpeSxTvNjof2+hk9xmNyre
|
||||
qSgipEgjTtyScKGjLyDP0UwuFAO1CDrHKvSqXEA3lWLUCjE/+K3DxwnUhl1nDNSn
|
||||
Hn2PBwkBimyAVQc5YoGecNTam0VjDVlmp621zxmFyT56c5VxVHC4UF2V2XxzivlV
|
||||
PewfTTDZJm5/B3v/mH6WPc9qPYDHiEo2T9Nb2a/toEJIAlEiz+9g/wyw9EiP4Pjp
|
||||
az91bwMvvlmMu8zpFbe3GU1fkjJ6HXbwwTAj4SAWlNQHQKL5WYeD9pGw+hPTaaO/
|
||||
JFEt2idDUw3wi1pClUZ8zZeNjsk1RiGErFNMPEeekeGNp9A5YfuBHKbDljDBGKBP
|
||||
y+IxT7Tn15LqKg9HNIlhAoIBAQDCDiBTvNf+chYXrbQxAkgCgKRVrHPxYKg0SxdD
|
||||
KJy2LRVilTo31c9FTk2RFLSoA+YKqIk34Z4DCH8Ilc/BUjvgMba2alugPYHhUTzf
|
||||
SvBHkWVoG6/PJkiqty/AGQE6ODAYEgM2rSj/XtYx6mAInbtU/fInys52WYfVHT1O
|
||||
mx4H7vTWQ3dkMGtcKxyU5JZAZY91O3dW2rR7lDmsbCr/ar4EHHh0Im+cdlgc/DBQ
|
||||
9l4wG8RMMcRz7DTq+yRa/IrLUjW/kSapdRYFQ1ZON0W+ogdgOnnCNC0xCyYlB1L3
|
||||
E5BPS0VYkBbYbGJIolV1NUB5gz/UNpixlbWL4TolcHhJ1LZNAoIBAQC8ztqDvaHh
|
||||
cH4Vc5cIoR5tgEeiXHCA0HNXsxnluJiLy50KbNOwQ505/1VzxjxiY6Z2lxi93d8c
|
||||
cl8hEMifVriSJIHDwNCstZpdvhX1LNkyQgzaANmZV/qNf9IKDaKWU/CspxfzcB5C
|
||||
1h+msLbU1/IYogEceGgXf+2/ICNSTlxYrqd/4/txDrmQaidbSeDAvGAue/QlqpEc
|
||||
e/FAQwGQoIT9j4WglLDi6KrqOUk88h4XP/7MivUBctcomfQzdmkmr1nHyraamgNz
|
||||
uE823b/ry+TkJ+b9Jm6dHsqr4Alg+kuVSt6YFnVh3AOiUME97lJ+/QGkgqaBCYIb
|
||||
D1upNG00Urg5AoIBADt2fK1sJnuPlfl3fsmtu0cZCEJAb969EY3EnMI1hZ/FPNJS
|
||||
i95kI/lGvzn/sEPzvd/yOOnotrSTO+nzjg/dFP/j++r1uFHnxw62CAMcQXiMsxgt
|
||||
s7e0MXwuWfFxOBEQ+pvFmTp94RwvgU8WVIsPWkH29ub+nDljwd2p8glOOuuPa3Lk
|
||||
hYcr1xoNE9sEGI5vEICJ0k3JApkDmJCfLKXLnaJA3yAnFTBKi0GGfX+xnrb7KzF1
|
||||
5o7nCGggwMkorZcT/+hNoB05BaBjO+UHxtVdbQktofXCaz6l/fBGyENxuTyzAfLb
|
||||
ZES5IXzEUY9y2+jgMQTkHfH8v/6260xhpFprVdkCggEALzlt3lWoD8MbRjJLLJVg
|
||||
DvNu92U3noCE2QKrD5JEVXLwLJNbv1KqGL+MmBCVOebC1Bam0ZaVH4Bb2uFfzLrc
|
||||
H3GSI2wuxYQGwDuzMketa6ypmj1sL7aZrJqz5l/Sstb787M3gmQgrYbxE7hPgp0g
|
||||
qJicvoo/PuF4jb10GDoRTv0gWBSl53lPYJeskGDCHnL/e6D1SBaJhR5bET+xPINp
|
||||
wCINwkRumdKoLT123A+TBy2yhWacMWiP+E/JjLWpR0vEoPxLABBVnLQU3BxKzKeK
|
||||
8KYqWFcsg5AYETVQIzl3fjfjxRaY9YkaP5cDPoJFkA2oQ4WKL+w45pvIyWGbjuLB
|
||||
wQKCAQAXxB4nKdcN8eQZx5tSus97yf7yPm0HSEEzNy6rnbqtS3uX3/KEYFACBoTP
|
||||
C5kpuNYEXHp8LgWhnnT/gtSLLQHSiTULKKKc7tm15zYMSRcWH7qHDTgzUE3FxfQu
|
||||
JUXssKeN0JDbm6HoEma53uFYw5XSRB3Odg1mszoyO0fD4xBqo6jay8d/8oi4SfLf
|
||||
mxV1kMKzW2tr0iyQIt3O/gehsMwtiK3u923CMrtmvDSJpUxHZh5QWte8FcHPeo6g
|
||||
cuK6DBook4bA4tMyXnH5LszXL5pwbeTGddiCoc8EbI1WJKBByHizTWYAVl0znXg7
|
||||
cE9VuuHZqcE0fWokNG7bO3t6lqPg
|
||||
-----END PRIVATE KEY-----
|
||||
Loading…
x
Reference in New Issue
Block a user