* Auth cleanup with tests

* fix
This commit is contained in:
Microsoft Corporation 2023-04-05 13:58:59 -07:00 коммит произвёл GitHub
Родитель 5d1835104f
Коммит e19fa3e819
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
18 изменённых файлов: 3164 добавлений и 858 удалений

Просмотреть файл

@ -30,7 +30,7 @@ bootstrap:
test: unittest
unittest:
$(GOTEST) ./...
$(GOTEST) ./pkg/...
generate: bootstrap
(./gen.sh)

10
go.mod
Просмотреть файл

@ -3,19 +3,18 @@ module github.com/microsoft/moc
go 1.16
require (
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.5.3
github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95
github.com/jmespath/go-jmespath v0.3.0
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.7.0
google.golang.org/grpc v1.26.0
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
github.com/stretchr/testify v1.8.1
google.golang.org/grpc v1.54.0
gopkg.in/yaml.v3 v3.0.1
)
require (
github.com/golang/mock v1.6.0
github.com/kr/pretty v0.1.0 // indirect
golang.org/x/text v0.8.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
)
@ -25,5 +24,4 @@ replace (
github.com/golang/protobuf/protoc-gen-go => github.com/golang/protobuf/protoc-gen-go v1.3.2
golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c
golang.org/x/sys => golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24
google.golang.org/grpc => google.golang.org/grpc v1.26.0
)

928
go.sum

Разница между файлами не показана из-за своего большого размера Загрузить разницу

Просмотреть файл

@ -8,47 +8,26 @@ import (
context "context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"io/ioutil"
"net"
"os"
"path/filepath"
"strings"
"io/fs"
"github.com/microsoft/moc/pkg/certs"
"github.com/microsoft/moc/pkg/config"
"github.com/microsoft/moc/pkg/marshal"
wssdnet "github.com/microsoft/moc/pkg/net"
"github.com/microsoft/moc/rpc/common"
"google.golang.org/grpc/credentials"
)
const (
ClientTokenName = ".token"
ClientCertName = "wssd.pem"
ClientTokenPath = "WSSD_CLIENT_TOKEN"
WssdConfigPath = "WSSD_CONFIG_PATH"
AccessFileDirPath = "ACCESSFILE_DIR_PATH"
DefaultWSSDFolder = ".wssd"
AccessFileDefaultName = "cloudconfig"
ServerName = "ServerName"
)
// LoginType
type LoginType string
const (
// SelfSigned ...
SelfSigned LoginType = "Self-Signed"
// CASigned ...
CASigned LoginType = "CA-Signed"
ServerName = "ServerName"
)
type WssdConfig struct {
CloudCertificate string
ClientCertificate string
ClientKey string
ClientCertificateType LoginType
IdentityName string
ClientCertificateType LoginType //Depricated : Needs to cleaned up after removing references
}
type Authorizer interface {
@ -82,7 +61,167 @@ type LoginConfig struct {
CloudPort int32 `json:"cloudport,omitempty"`
CloudAuthPort int32 `json:"cloudauthport,omitempty"`
Location string `json:"location,omitempty"`
Type LoginType `json:"type,omitempty"`
Type LoginType `json:"type,omitempty"` //Depricated : Needs to cleaned up after removing references
}
// LoginType [Depricated : Needs to cleaned up after removing references]
type LoginType string
const (
// SelfSigned ...
SelfSigned LoginType = "Self-Signed"
// CASigned ...
CASigned LoginType = "CA-Signed"
)
func LoginTypeToAuthType(authType string) common.AuthenticationType {
switch authType {
case string(SelfSigned):
return common.AuthenticationType_SELFSIGNED
case string(CASigned):
return common.AuthenticationType_CASIGNED
}
return common.AuthenticationType_SELFSIGNED
}
func AuthTypeToLoginType(authType common.AuthenticationType) LoginType {
switch authType {
case common.AuthenticationType_SELFSIGNED:
return SelfSigned
case common.AuthenticationType_CASIGNED:
return CASigned
}
return SelfSigned
}
type JwtTokenProvider struct {
RawData string `json:"rawdata"`
}
func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
return map[string]string{
"authorization": c.RawData,
}, nil
}
func (c JwtTokenProvider) RequireTransportSecurity() bool {
return true
}
func NewTokenCredentialProvider(token string) JwtTokenProvider {
return JwtTokenProvider{token}
}
func NewEmptyTokenCredentialProvider() JwtTokenProvider {
return JwtTokenProvider{}
}
type TransportCredentialsProvider struct {
serverName string
certificate []tls.Certificate
rootCAPool *x509.CertPool
verifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
}
func NewEmptyTransportCredential() *TransportCredentialsProvider {
return &TransportCredentialsProvider{}
}
func NewTransportCredentialFromAuthBase64(serverName string, rootCACertsBase64 string) (*TransportCredentialsProvider, error) {
caCertPem, err := marshal.FromBase64(rootCACertsBase64)
if err != nil {
return nil, fmt.Errorf("could not marshal the server certificate")
}
return NewTransportCredentialFromAuthFromPem(serverName, caCertPem)
}
func NewTransportCredentialFromAuthFromPem(serverName string, caCertPem []byte) (*TransportCredentialsProvider, error) {
certPool := x509.NewCertPool()
// Append the client certificates from the CA
if ok := certPool.AppendCertsFromPEM(caCertPem); !ok {
return nil, fmt.Errorf("could not append the server certificate")
}
return &TransportCredentialsProvider{
serverName: serverName,
rootCAPool: certPool,
}, nil
}
func NewTransportCredentialFromBase64(serverName, clientCertificateBase64, clientKeyBase64 string, rootCACertsBase64 string) (*TransportCredentialsProvider, error) {
transportCreds, err := NewTransportCredentialFromAuthBase64(serverName, rootCACertsBase64)
if err != nil {
return nil, err
}
clientPem, err := marshal.FromBase64(clientCertificateBase64)
if err != nil {
return nil, err
}
keyPem, err := marshal.FromBase64(clientKeyBase64)
if err != nil {
return nil, err
}
if err = certCheck(clientPem); err != nil {
return nil, err
}
tlsCert, err := tls.X509KeyPair(clientPem, keyPem)
if err != nil {
return nil, err
}
transportCreds.certificate = []tls.Certificate{tlsCert}
return transportCreds, nil
}
func NewTransportCredentialFromTlsCerts(serverName string, tlsCerts []tls.Certificate, rootCACertsPem []byte) (*TransportCredentialsProvider, error) {
transportCreds, err := NewTransportCredentialFromAuthFromPem(serverName, rootCACertsPem)
if err != nil {
return nil, err
}
transportCreds.certificate = tlsCerts
return transportCreds, nil
}
func NewTransportCredentialFromAccessFileLocation(serverName, accessFileLocation string) (*TransportCredentialsProvider, error) {
accessFile := WssdConfig{}
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
if err != nil {
return nil, err
}
return NewTransportCredentialFromAccessFile(serverName, accessFile)
}
func NewTransportCredentialFromAccessFile(serverName string, accessFile WssdConfig) (*TransportCredentialsProvider, error) {
caCertPem, tlscerts, err := AccessFileToTls(accessFile)
if err != nil {
return nil, err
}
return NewTransportCredentialFromTlsCerts(serverName, []tls.Certificate{tlscerts}, caCertPem)
}
func (transportCredentials *TransportCredentialsProvider) GetTransportCredentials() credentials.TransportCredentials {
creds := &tls.Config{
ServerName: transportCredentials.serverName,
}
if len(transportCredentials.certificate) > 0 {
creds.Certificates = transportCredentials.certificate
}
if transportCredentials.rootCAPool != nil {
creds.RootCAs = transportCredentials.rootCAPool
}
if transportCredentials.verifyPeerCertificate != nil {
creds.VerifyPeerCertificate = transportCredentials.verifyPeerCertificate
}
return credentials.NewTLS(creds)
}
// BearerAuthorizer implements the bearer authorization
type BearerAuthorizer struct {
tokenProvider JwtTokenProvider
transportCredentials credentials.TransportCredentials
}
func (ba *BearerAuthorizer) WithRPCAuthorization() credentials.PerRPCCredentials {
@ -93,14 +232,11 @@ func (ba *BearerAuthorizer) WithTransportAuthorization() credentials.TransportCr
return ba.transportCredentials
}
type JwtTokenProvider struct {
RawData string `json:"rawdata"`
}
// BearerAuthorizer implements the bearer authorization
type BearerAuthorizer struct {
tokenProvider JwtTokenProvider
transportCredentials credentials.TransportCredentials
func NewEmptyBearerAuthorizer() *BearerAuthorizer {
return &BearerAuthorizer{
tokenProvider: NewEmptyTokenCredentialProvider(),
transportCredentials: NewEmptyBearerAuthorizer().transportCredentials,
}
}
// NewBearerAuthorizer crates a BearerAuthorizer using the given token provider
@ -117,11 +253,8 @@ type EnvironmentSettings struct {
}
func NewAuthorizerFromEnvironment(serverName string) (Authorizer, error) {
settings, err := GetSettingsFromEnvironment(serverName)
if err != nil {
return nil, err
}
err = RenewCertificates(settings.GetManagedIdentityConfig().ServerName, settings.GetManagedIdentityConfig().WssdConfigPath)
settings := GetSettingsFromEnvironment(serverName)
err := RenewCertificates(settings.GetManagedIdentityConfig().ServerName, settings.GetManagedIdentityConfig().WssdConfigPath)
if err != nil {
return nil, err
}
@ -142,31 +275,19 @@ func NewAuthorizerFromEnvironmentByName(serverName, subfolder, filename string)
func NewAuthorizerFromInput(tlsCert tls.Certificate, serverCertificate []byte, server string) (Authorizer, error) {
transportCreds := TransportCredentialsFromNode(tlsCert, serverCertificate, server)
return NewBearerAuthorizer(JwtTokenProvider{}, transportCreds), nil
return NewBearerAuthorizer(NewEmptyTokenCredentialProvider(), transportCreds), nil
}
func NewAuthorizerForAuth(tokenString string, certificate string, server string) (Authorizer, error) {
serverPem, err := marshal.FromBase64(certificate)
credentials, err := NewTransportCredentialFromAuthBase64(server, certificate)
if err != nil {
return NewBearerAuthorizer(JwtTokenProvider{}, credentials.NewTLS(nil)), fmt.Errorf("could not marshal the server certificate")
return NewEmptyBearerAuthorizer(), err
}
certPool := x509.NewCertPool()
// Append the client certificates from the CA
if ok := certPool.AppendCertsFromPEM(serverPem); !ok {
return NewBearerAuthorizer(JwtTokenProvider{}, credentials.NewTLS(nil)), fmt.Errorf("could not append the server certificate")
}
transportCreds := credentials.NewTLS(&tls.Config{
ServerName: server,
RootCAs: certPool,
})
return NewBearerAuthorizer(JwtTokenProvider{tokenString}, transportCreds), nil
return NewBearerAuthorizer(NewTokenCredentialProvider(tokenString), credentials.GetTransportCredentials()), nil
}
// GetSettingsFromEnvironment Read settings from WssdConfigLocation
func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings, err error) {
func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings) {
s = EnvironmentSettings{
Values: map[string]string{},
}
@ -185,7 +306,6 @@ func GetSettingsFromEnvironmentByName(serverName, subfolder, filename string) (s
}
s.Values[ClientTokenPath] = getClientTokenLocation()
s.Values[WssdConfigPath] = GetMocConfigLocationName(subfolder, filename)
s.Values[ServerName] = serverName
return
@ -205,47 +325,37 @@ func (settings EnvironmentSettings) GetManagedIdentityConfig() ManagedIdentityCo
func (mc ManagedIdentityConfig) Authorizer() (Authorizer, error) {
jwtCreds := TokenProviderFromFile(mc.ClientTokenPath)
jwtCreds, err := TokenProviderFromFile(mc.ClientTokenPath)
if err != nil {
return nil, err
}
transportCreds := TransportCredentialsFromFile(mc.WssdConfigPath, mc.ServerName)
return NewBearerAuthorizer(jwtCreds, transportCreds), nil
}
func TokenProviderFromFile(tokenLocation string) JwtTokenProvider {
data, err := ioutil.ReadFile(tokenLocation)
if err != nil {
// Call to open the token file most likely failed do to
// token not being set. This is expected when the an identity is not yet
// set. Log and continue
return JwtTokenProvider{}
func TokenProviderFromFile(tokenLocation string) (JwtTokenProvider, error) {
if tokenLocation == "" {
return NewEmptyTokenCredentialProvider(), nil
}
return JwtTokenProvider{string(data)}
loginconfig := LoginConfig{}
err := config.LoadYAMLFile(tokenLocation, &loginconfig)
if err != nil {
// if File does not exist we return no error. This to prevent any breaking changes
if errors.Is(err, fs.ErrNotExist) {
err = nil
}
return NewEmptyTokenCredentialProvider(), err
}
return NewTokenCredentialProvider(loginconfig.Token), nil
}
func TransportCredentialsFromFile(wssdConfigLocation string, server string) credentials.TransportCredentials {
clientCerts := []tls.Certificate{}
certPool := x509.NewCertPool()
serverPem, tlsCert, err := ReadAccessFileToTls(wssdConfigLocation)
if err == nil {
clientCerts = append(clientCerts, tlsCert)
// Append the client certificates from the CA
if ok := certPool.AppendCertsFromPEM(serverPem); !ok {
return credentials.NewTLS(&tls.Config{})
}
credentials, err := NewTransportCredentialFromAccessFileLocation(server, wssdConfigLocation)
if err != nil {
return NewEmptyTransportCredential().GetTransportCredentials()
}
verifyPeerCertificate := func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// This is the for extra verification
return nil
}
return credentials.NewTLS(&tls.Config{
ServerName: server,
Certificates: clientCerts,
RootCAs: certPool,
VerifyPeerCertificate: verifyPeerCertificate,
})
return credentials.GetTransportCredentials()
}
func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, error) {
@ -258,250 +368,12 @@ func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, er
}
func TransportCredentialsFromNode(tlsCert tls.Certificate, serverCertificate []byte, server string) credentials.TransportCredentials {
certPool := x509.NewCertPool()
// Append the client certificates from the CA
if ok := certPool.AppendCertsFromPEM(serverCertificate); !ok {
return credentials.NewTLS(&tls.Config{})
}
verifyPeerCertificate := func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// This is the for extra verification
return nil
}
return credentials.NewTLS(&tls.Config{
ServerName: server,
Certificates: []tls.Certificate{tlsCert},
RootCAs: certPool,
VerifyPeerCertificate: verifyPeerCertificate,
})
}
func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
return map[string]string{
"authorization": c.RawData,
}, nil
}
func (c JwtTokenProvider) RequireTransportSecurity() bool {
return true
}
func getClientTokenLocation() string {
clientTokenPath := os.Getenv(ClientTokenPath)
if clientTokenPath == "" {
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
// Create the default token path and set the
// env variable
defaultPath := filepath.Join(wd, DefaultWSSDFolder)
os.MkdirAll(defaultPath, os.ModePerm)
clientTokenPath = filepath.Join(defaultPath, ClientTokenName)
os.Setenv(ClientTokenPath, clientTokenPath)
}
return clientTokenPath
}
func getExecutableName() (string, error) {
execPath, err := os.Executable()
credential, err := NewTransportCredentialFromTlsCerts(server, []tls.Certificate{tlsCert}, serverCertificate)
if err != nil {
return "", err
return NewEmptyTransportCredential().GetTransportCredentials()
}
return strings.TrimSuffix(filepath.Base(execPath), filepath.Ext(execPath)), nil
}
return credential.GetTransportCredentials()
// GetWssdConfigLocation gets the path for access file from environment
func GetWssdConfigLocation() string {
accessFileDirPath := os.Getenv(AccessFileDirPath)
wssdConfigPath := os.Getenv(WssdConfigPath)
defaultPath := accessFileDirPath
if accessFileDirPath == "" && wssdConfigPath != "" {
return wssdConfigPath
}
if accessFileDirPath == "" && wssdConfigPath == "" {
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
// Create the default config path and set the
// env variable
defaultPath = filepath.Join(wd, DefaultWSSDFolder)
os.Setenv(AccessFileDirPath, defaultPath)
}
if execName, err := getExecutableName(); err == nil {
defaultPath = filepath.Join(defaultPath, execName)
}
os.MkdirAll(defaultPath, os.ModePerm)
accessFilePath := filepath.Join(defaultPath, AccessFileDefaultName)
return accessFilePath
}
// GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName
func GetMocConfigLocationName(subfolder, filename string) string {
wssdConfigPath := os.Getenv(WssdConfigPath)
file := AccessFileDefaultName
if filename != "" {
file = filename
}
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
if wssdConfigPath == "" || !strings.HasSuffix(wssdConfigPath, filepath.Join(wd, subfolder, file)) {
// Create the default config path and set the
// env variable
defaultPath := filepath.Join(wd, DefaultWSSDFolder, subfolder)
os.MkdirAll(defaultPath, os.ModePerm)
wssdConfigPath = filepath.Join(defaultPath, file)
os.Setenv(WssdConfigPath, wssdConfigPath)
}
return wssdConfigPath
}
func SaveToken(tokenStr string) error {
return ioutil.WriteFile(
getClientTokenLocation(),
[]byte(tokenStr),
0644)
}
// GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation
// If the file exists the values from the fie is returned
func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetWssdConfigLocation())
if err != nil {
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
if err != nil {
return "", WssdConfig{}, err
}
certBytesClient := certs.EncodeCertPEM(x509CertClient)
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
ClientKey: marshal.ToBase64(string(keyBytesClient)),
}
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return accessFile.ClientCertificate, accessFile, nil
}
func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetWssdConfigLocation())
cloudAgentIpAddress, err := wssdnet.GetIPAddress()
if err != nil {
return "", WssdConfig{}, err
}
localHostName, err := os.Hostname()
if err != nil {
return "", WssdConfig{}, err
}
cloudAgentIPAddress := wssdnet.StringToNetIPAddress(cloudAgentIpAddress)
ipAddresses := []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), cloudAgentIPAddress}
dnsNames := []string{"localhost", localHostName}
conf := &certs.Config{
CommonName: loginconfig.Name,
AltNames: certs.AltNames{
DNSNames: dnsNames,
IPs: ipAddresses,
},
}
x509Csr, keyClient, err := certs.GenerateCertificateRequest(conf, nil)
if err != nil {
return "", WssdConfig{}, err
}
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: "",
ClientKey: marshal.ToBase64(string(keyClient)),
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return string(x509Csr), accessFile, nil
}
// GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName
// If the file exists the values from the fie is returned
func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetMocConfigLocationName(subfolder, filename))
if err != nil {
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
if err != nil {
return "", WssdConfig{}, err
}
certBytesClient := certs.EncodeCertPEM(x509CertClient)
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
ClientKey: marshal.ToBase64(string(keyBytesClient)),
}
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return accessFile.ClientCertificate, accessFile, nil
}
// PrintAccessFile stores wssdConfig in WssdConfigLocation
@ -514,16 +386,6 @@ func PrintAccessFileByName(accessFile WssdConfig, subfolder, filename string) er
return marshal.ToJSONFile(accessFile, GetMocConfigLocationName(subfolder, filename))
}
func readAccessFile(accessFileLocation string) (WssdConfig, error) {
accessFile := WssdConfig{}
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
if err != nil {
return WssdConfig{}, err
}
return accessFile, nil
}
func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error) {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
@ -549,23 +411,3 @@ func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error) {
return serverPem, tlsCert, nil
}
func LoginTypeToAuthType(authType string) common.AuthenticationType {
switch authType {
case string(SelfSigned):
return common.AuthenticationType_SELFSIGNED
case string(CASigned):
return common.AuthenticationType_CASIGNED
}
return common.AuthenticationType_SELFSIGNED
}
func AuthTypeToLoginType(authType common.AuthenticationType) LoginType {
switch authType {
case common.AuthenticationType_SELFSIGNED:
return SelfSigned
case common.AuthenticationType_CASIGNED:
return CASigned
}
return SelfSigned
}

134
pkg/auth/auth_env.go Normal file
Просмотреть файл

@ -0,0 +1,134 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the Apache v2.0 license.
package auth
import (
"os"
"path/filepath"
"strings"
)
const (
ClientTokenName = ".token"
ClientCertName = "wssd.pem"
ClientTokenPath = "WSSD_CLIENT_TOKEN"
WssdConfigPath = "WSSD_CONFIG_PATH"
AccessFileDirPath = "ACCESSFILE_DIR_PATH"
DefaultWSSDFolder = ".wssd"
AccessFileDefaultName = "cloudconfig"
)
func getExecutableName() (string, error) {
execPath, err := os.Executable()
if err != nil {
return "", err
}
return strings.TrimSuffix(filepath.Base(execPath), filepath.Ext(execPath)), nil
}
// SetCertificateDirPath sets the directory path where the client certificate will be stored
// This is achieved by setting ACCESSFILE_DIR_PATH environment variable
// The path is appended with the executable name before the certificate is stored
func SetCertificateDirPath(certificateDirPath string) error {
return os.Setenv(AccessFileDirPath, certificateDirPath)
}
// SetCertificateFilePath sets the file path where the client certificate will be stored
// This is achieved by setting WSSD_CONFIG_PATH environment variable
func SetCertificateFilePath(certificateFilePath string) error {
return os.Setenv(WssdConfigPath, certificateFilePath)
}
// SetLoginTokenPath sets the path where the login yaml will be stored
// This is achieved by setting WSSD_CLIENT_TOKEN environment variable
// The path is appended with the executable name before the certificate is stored
func SetLoginTokenPath(loginConfigPath string) error {
return os.Setenv(ClientTokenPath, loginConfigPath)
}
// GetCertificateDirPath will return the directory path where the client certificate will be stored
func GetCertificateDirPath() string {
return os.Getenv(AccessFileDirPath)
}
// GetCertificateFilePath will return the file path where the client certificate will be stored
func GetCertificateFilePath() string {
return os.Getenv(WssdConfigPath)
}
// GetLoginTokenPath will return the file path where the login yaml will be stored
func GetLoginTokenPath() string {
return os.Getenv(ClientTokenPath)
}
// GetWssdConfigLocation gets the path for access file from environment
func GetWssdConfigLocation() string {
accessFileDirPath := os.Getenv(AccessFileDirPath)
wssdConfigPath := os.Getenv(WssdConfigPath)
defaultPath := accessFileDirPath
if accessFileDirPath == "" && wssdConfigPath != "" {
return wssdConfigPath
}
if accessFileDirPath == "" && wssdConfigPath == "" {
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
// Create the default config path and set the
// env variable
defaultPath = filepath.Join(wd, DefaultWSSDFolder)
os.Setenv(AccessFileDirPath, defaultPath)
}
if execName, err := getExecutableName(); err == nil {
defaultPath = filepath.Join(defaultPath, execName)
}
os.MkdirAll(defaultPath, os.ModePerm)
accessFilePath := filepath.Join(defaultPath, AccessFileDefaultName)
return accessFilePath
}
// GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName
func GetMocConfigLocationName(subfolder, filename string) string {
wssdConfigPath := os.Getenv(WssdConfigPath)
file := AccessFileDefaultName
if filename != "" {
file = filename
}
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
if wssdConfigPath == "" || !strings.HasSuffix(wssdConfigPath, filepath.Join(wd, subfolder, file)) {
// Create the default config path and set the
// env variable
defaultPath := filepath.Join(wd, DefaultWSSDFolder, subfolder)
os.MkdirAll(defaultPath, os.ModePerm)
wssdConfigPath = filepath.Join(defaultPath, file)
os.Setenv(WssdConfigPath, wssdConfigPath)
}
return wssdConfigPath
}
func getClientTokenLocation() string {
clientTokenPath := os.Getenv(ClientTokenPath)
if clientTokenPath == "" {
wd, err := os.UserHomeDir()
if err != nil {
panic(err)
}
// Create the default token path and set the
// env variable
defaultPath := filepath.Join(wd, DefaultWSSDFolder)
os.MkdirAll(defaultPath, os.ModePerm)
clientTokenPath = filepath.Join(defaultPath, ClientTokenName)
os.Setenv(ClientTokenPath, clientTokenPath)
}
return clientTokenPath
}

114
pkg/auth/auth_env_test.go Normal file
Просмотреть файл

@ -0,0 +1,114 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the Apache v2.0 license.
package auth
import (
"crypto/rand"
"crypto/rsa"
"os"
"path/filepath"
"testing"
)
var key *rsa.PrivateKey
func init() {
os.MkdirAll("/tmp/auth", os.ModePerm)
key, _ = rsa.GenerateKey(rand.Reader, 2048)
}
func Test_GetWssdConfigLocationWssdConfigPathSet(t *testing.T) {
os.Unsetenv(AccessFileDirPath)
os.Setenv(WssdConfigPath, "TestWssdConfigPath")
wssdConfigPath := os.Getenv(WssdConfigPath)
path := GetWssdConfigLocation()
expectedPath := wssdConfigPath
if path != expectedPath {
t.Errorf("Invalid path when ACCESSFILE_DIR_PATH is not set and WSSD_CONFIG_PATH is set! Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationEnvNotSet(t *testing.T) {
os.Unsetenv(WssdConfigPath)
os.Unsetenv(AccessFileDirPath)
path := GetWssdConfigLocation()
wd, err := os.UserHomeDir()
if err != nil {
t.Errorf("Failed to get user home directory path %v", err)
}
execName, err := getExecutableName()
if err != nil {
t.Errorf("Failed to get executable name %v", err)
}
expectedPath := filepath.Join(wd, ".wssd", execName, "cloudconfig")
if path != expectedPath {
t.Errorf("Invalid path when both ACCESSFILE_DIR_PATH and WSSD_CONFIG_PATH env variables are not set! Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationAccessFileDirPathSet(t *testing.T) {
os.Setenv(AccessFileDirPath, "TestAccessFileDirPath")
accessFileDirPath := os.Getenv(AccessFileDirPath)
path := GetWssdConfigLocation()
execName, err := getExecutableName()
if err != nil {
t.Errorf("Failed to get executable name %v", err)
}
expectedPath := filepath.Join(accessFileDirPath, execName, "cloudconfig")
if path != expectedPath {
t.Errorf("Invalid path when ACCESSFILE_DIR_PATH env variable is set! Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationName(t *testing.T) {
path := GetMocConfigLocationName("", "")
wd, err := os.UserHomeDir()
if err != nil {
t.Errorf("Failed getting home path %v", err)
}
expectedPath := filepath.Join(wd, ".wssd/cloudconfig")
if path != expectedPath {
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationNameWithSubfolder(t *testing.T) {
path := GetMocConfigLocationName("test", "")
wd, err := os.UserHomeDir()
if err != nil {
t.Errorf("Failed getting home path %v", err)
}
expectedPath := filepath.Join(wd, ".wssd/test/cloudconfig")
if path != expectedPath {
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationNameWithSubfolderName(t *testing.T) {
path := GetMocConfigLocationName("test", "cc")
wd, err := os.UserHomeDir()
if err != nil {
t.Errorf("Failed getting home path %v", err)
}
expectedPath := filepath.Join(wd, ".wssd/test/cc")
if path != expectedPath {
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
}
}
func Test_GetWssdConfigLocationNameWithName(t *testing.T) {
path := GetMocConfigLocationName("", "cc")
wd, err := os.UserHomeDir()
if err != nil {
t.Errorf("Failed getting home path %v", err)
}
expectedPath := filepath.Join(wd, ".wssd/cc")
if path != expectedPath {
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
}
}

Разница между файлами не показана из-за своего большого размера Загрузить разницу

Просмотреть файл

@ -162,11 +162,10 @@ func renewCertificate(server string, wssdConfig *WssdConfig) (retConfig *WssdCon
renewed = true
newWssdConfig := &WssdConfig{
CloudCertificate: wssdConfig.CloudCertificate,
ClientCertificate: marshal.ToBase64(response.Certificates[0].Certificate),
ClientKey: marshal.ToBase64(string(newKey)),
ClientCertificateType: wssdConfig.ClientCertificateType,
IdentityName: wssdConfig.IdentityName,
CloudCertificate: wssdConfig.CloudCertificate,
ClientCertificate: marshal.ToBase64(response.Certificates[0].Certificate),
ClientKey: marshal.ToBase64(string(newKey)),
IdentityName: wssdConfig.IdentityName,
}
return newWssdConfig, renewed, nil
}
@ -181,16 +180,14 @@ func RenewCertificates(server string, wssdConfigLocation string) error {
}
return err
}
if accessFile.ClientCertificateType == CASigned {
retAccessFile, renewed, err := renewCertificate(server, &accessFile)
if err != nil {
retAccessFile, renewed, err := renewCertificate(server, &accessFile)
if err != nil {
return err
}
if renewed {
if err = marshal.ToJSONFile(*retAccessFile, wssdConfigLocation); err != nil {
return err
}
if renewed {
if err = marshal.ToJSONFile(*retAccessFile, wssdConfigLocation); err != nil {
return err
}
}
}
return nil

223
pkg/auth/certrenew_test.go Normal file
Просмотреть файл

@ -0,0 +1,223 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the Apache v2.0 license.
package auth
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"os"
"testing"
"time"
"github.com/microsoft/moc/pkg/certs"
"github.com/microsoft/moc/pkg/errors"
)
func init() {
os.MkdirAll("/tmp/auth", os.ModePerm)
key, _ = rsa.GenerateKey(rand.Reader, 2048)
}
func Test_GetCertRenewRequired(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now,
NotAfter: now.Add(time.Second * 10),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
if renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:false Actual:true")
}
}
func Test_GetCertRenewRequiredExpired(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now.Add(-(time.Second * 10)),
NotAfter: now,
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
if !renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:true Actual:false")
}
}
func Test_GetCertRenewRequiredBeforeThreshold(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now.Add(-(time.Second * 6)),
NotAfter: now.Add(time.Second * 4),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
if renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:false Actual:true")
}
}
func Test_GetCertRenewRequiredAfterThreshold(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now.Add(-(time.Second * 8)),
NotAfter: now.Add(time.Second * 2),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
if !renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:true Actual:false")
}
}
func Test_GetCertRenewRequiredDelay(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now.Add(-(time.Second * 6)),
NotAfter: now.Add(time.Second * 4),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
if renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:false Actual:true")
}
time.Sleep(time.Second * 2)
if !renewRequired(x509Cert) {
t.Errorf("RenewRequired Expected:true Actual:false")
}
}
func Test_CertCheckNotExpired(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now,
NotAfter: now.Add(time.Second * 30),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
certPem := certs.EncodeCertPEM(x509Cert)
if err = certCheck(certPem); err != nil {
if errors.IsExpired(err) {
t.Errorf("certCheck return certificate expired %v: Expected Valid Certificate", err)
} else {
t.Errorf("certCheck Expected:nil Actual:%v", err)
}
}
}
func Test_CertCheckExpired(t *testing.T) {
now := time.Now().UTC()
tmpl := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
CommonName: "test",
},
NotBefore: now.Add(time.Second * -10),
NotAfter: now.Add(time.Second * -1),
}
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
t.Errorf("Failed creating certificate %v", err)
}
x509Cert, err := x509.ParseCertificate(b)
if err != nil {
t.Errorf("Failed parsing certificate %v", err)
}
certPem := certs.EncodeCertPEM(x509Cert)
if err = certCheck(certPem); err == nil || !errors.IsExpired(err) {
t.Errorf("certCheck Expected:Expired Actual:%v", err)
}
}
func Test_CertCheckEmpty(t *testing.T) {
if err := certCheck([]byte{}); err == nil || !errors.IsInvalidInput(err) {
t.Errorf("certCheck Expected:InvalidInput Actual:%v", err)
}
}

154
pkg/auth/utils.go Normal file
Просмотреть файл

@ -0,0 +1,154 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the Apache v2.0 license.
package auth
import (
"net"
"os"
"github.com/microsoft/moc/pkg/certs"
"github.com/microsoft/moc/pkg/marshal"
wssdnet "github.com/microsoft/moc/pkg/net"
)
func readAccessFile(accessFileLocation string) (WssdConfig, error) {
accessFile := WssdConfig{}
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
if err != nil {
return WssdConfig{}, err
}
return accessFile, nil
}
// GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation
// If the file exists the values from the fie is returned
func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetWssdConfigLocation())
if err != nil {
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
if err != nil {
return "", WssdConfig{}, err
}
certBytesClient := certs.EncodeCertPEM(x509CertClient)
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
ClientKey: marshal.ToBase64(string(keyBytesClient)),
}
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return accessFile.ClientCertificate, accessFile, nil
}
func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetWssdConfigLocation())
cloudAgentIpAddress, err := wssdnet.GetIPAddress()
if err != nil {
return "", WssdConfig{}, err
}
localHostName, err := os.Hostname()
if err != nil {
return "", WssdConfig{}, err
}
cloudAgentIPAddress := wssdnet.StringToNetIPAddress(cloudAgentIpAddress)
ipAddresses := []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), cloudAgentIPAddress}
dnsNames := []string{"localhost", localHostName}
conf := &certs.Config{
CommonName: loginconfig.Name,
AltNames: certs.AltNames{
DNSNames: dnsNames,
IPs: ipAddresses,
},
}
x509Csr, keyClient, err := certs.GenerateCertificateRequest(conf, nil)
if err != nil {
return "", WssdConfig{}, err
}
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: "",
ClientKey: marshal.ToBase64(string(keyClient)),
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return string(x509Csr), accessFile, nil
}
// GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName
// If the file exists the values from the fie is returned
func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error) {
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
if err != nil {
return "", WssdConfig{}, err
}
accessFile, err := readAccessFile(GetMocConfigLocationName(subfolder, filename))
if err != nil {
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
if err != nil {
return "", WssdConfig{}, err
}
certBytesClient := certs.EncodeCertPEM(x509CertClient)
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
accessFile = WssdConfig{
CloudCertificate: "",
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
ClientKey: marshal.ToBase64(string(keyBytesClient)),
}
}
if accessFile.CloudCertificate != "" {
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
if err != nil {
return "", WssdConfig{}, err
}
if string(certBytes) != string(serverPem) {
certBytes = append(certBytes, serverPem...)
}
}
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
return accessFile.ClientCertificate, accessFile, nil
}

Просмотреть файл

@ -4,14 +4,18 @@ package certs
import (
"bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"fmt"
"log"
"math"
"math/big"
"net"
"testing"
"time"
@ -19,8 +23,88 @@ import (
gomock "github.com/golang/mock/gomock"
mock "github.com/microsoft/moc/pkg/certs/mock"
"github.com/microsoft/moc/rpc/testagent"
"github.com/stretchr/testify/assert"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/status"
)
func IsTransportUnavailable(err error) bool {
if e, ok := status.FromError(err); ok && e.Code() == codes.Unavailable {
return true
}
return false
}
type TestTlsServer struct {
}
func (s *TestTlsServer) PingHello(ctx context.Context, in *testagent.Hello) (*testagent.Hello, error) {
return &testagent.Hello{Name: "Hello From the Server!" + in.Name}, nil
}
func startHelloServer(grpcServer *grpc.Server, address string) {
lis, err := net.Listen("tcp", address)
if err != nil {
log.Fatalf("failed to listen: %v", err)
}
tlsServer := TestTlsServer{}
testagent.RegisterHelloAgentServer(grpcServer, &tlsServer)
if err := grpcServer.Serve(lis); err != nil {
log.Fatalf("failed to serve: %s", err)
}
}
type CertAuthority struct {
ca *CertificateAuthority
}
func (auth *CertAuthority) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return auth.ca.VerifyClientCertificate(rawCerts)
}
func getTlsCreds(t *testing.T, tlsCert tls.Certificate, certAuth *CertAuthority) credentials.TransportCredentials {
return credentials.NewTLS(&tls.Config{
CipherSuites: []uint16{
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
ClientAuth: tls.RequestClientCert,
Certificates: []tls.Certificate{tlsCert},
VerifyPeerCertificate: certAuth.VerifyPeerCertificate,
})
}
func getGrpcServer(t *testing.T, creds credentials.TransportCredentials) *grpc.Server {
var opts []grpc.ServerOption
opts = append(opts, grpc.Creds(creds))
grpcServer := grpc.NewServer(opts...)
return grpcServer
}
func makeTlsCall(t *testing.T, address string, provider credentials.TransportCredentials) (*testagent.Hello, error) {
var conn *grpc.ClientConn
var err error
if provider != nil {
conn, err = grpc.Dial(address, grpc.WithTransportCredentials(provider))
} else {
conn, err = grpc.Dial(address, grpc.WithInsecure())
}
assert.NoErrorf(t, err, "Failed to dial", err)
defer conn.Close()
c := testagent.NewHelloAgentClient(conn)
return c.PingHello(context.Background(), &testagent.Hello{Name: "TLSServer"})
}
func createTestCertificate(before, after time.Time) (string, error) {
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
@ -61,26 +145,81 @@ func createTestCertificate(before, after time.Time) (string, error) {
return string(pemCert), nil
}
func Test_CACerts(t *testing.T) {
ca, key, err := GenerateClientCertificate("test CA")
if err != nil {
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
func NewTransportCredentialFromAuthFromPem(serverName string, tlsCert tls.Certificate, caCertPem []byte) (credentials.TransportCredentials, error) {
certPool := x509.NewCertPool()
// Append the client certificates from the CA
if ok := certPool.AppendCertsFromPEM(caCertPem); !ok {
return nil, fmt.Errorf("could not append the server certificate")
}
creds := &tls.Config{
ServerName: serverName,
RootCAs: certPool,
Certificates: []tls.Certificate{tlsCert},
}
return credentials.NewTLS(creds), nil
}
func Test_TLSServer(t *testing.T) {
server := "localhost"
port := "9000"
address := server + ":" + port
ca, key, err := GenerateClientCertificate("test CA")
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
if err != nil {
t.Errorf("Failed to load root key pair: %v", err)
return
}
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
caConfig := CAConfig{
RootSigner: &rootSigner,
}
caAuth, err := NewCertificateAuthority(&caConfig)
if err != nil {
t.Errorf("Error creation CA Auth: %s", err.Error())
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
certPem := EncodeCertPEM(ca)
keyPem := EncodePrivateKeyPEM(key)
tlsCert, err := tls.X509KeyPair(certPem, keyPem)
assert.NoErrorf(t, err, "Failed to get tls cert", err)
creds := getTlsCreds(t, tlsCert, &CertAuthority{caAuth})
grpcServer := getGrpcServer(t, creds)
go startHelloServer(grpcServer, address)
defer grpcServer.Stop()
time.Sleep((time.Second * 3))
conf := Config{
CommonName: "Test Cert",
Organization: []string{"microsoft"},
}
conf.AltNames.DNSNames = []string{"Test Cert"}
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
signConf := SignConfig{Offset: time.Second * 5}
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
tlsClientCert, err := tls.X509KeyPair(clientCertPem, keyClientPem)
assert.NoErrorf(t, err, "Failed to get tls cert", err)
provider, err := NewTransportCredentialFromAuthFromPem(server, tlsClientCert, EncodeCertPEM(ca))
assert.NoErrorf(t, err, "Failed to create TLS Credentials", err)
// Making the certificate invalid
time.Sleep((time.Second * 10))
_, err = makeTlsCall(t, address, provider)
assert.True(t, IsTransportUnavailable(err))
}
func Test_CACerts(t *testing.T) {
ca, key, err := GenerateClientCertificate("test CA")
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
caConfig := CAConfig{
RootSigner: &rootSigner,
}
caAuth, err := NewCertificateAuthority(&caConfig)
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
conf := Config{
CommonName: "Test Cert",
@ -88,24 +227,13 @@ func Test_CACerts(t *testing.T) {
}
conf.AltNames.DNSNames = []string{"Test Cert"}
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
if err != nil {
t.Errorf("Error creation in CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
if err != nil {
t.Errorf("Failed Decoding privatekey: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
clientCertPem, err := caAuth.SignRequest(csr, nil, nil)
if err != nil {
t.Errorf("Error signing CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
clientCert, err := DecodeCertPEM(clientCertPem)
if err != nil {
t.Errorf("Failed Decoding cert: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != (time.Hour * 24 * 365) {
t.Errorf("Invalid certificate expiry")
}
@ -143,24 +271,17 @@ func Test_CACerts(t *testing.T) {
func Test_CACertsVerify(t *testing.T) {
ca, key, err := GenerateClientCertificate("test CA")
if err != nil {
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
if err != nil {
t.Errorf("Failed to load root key pair: %v", err)
return
}
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
caConfig := CAConfig{
RootSigner: &rootSigner,
}
caAuth, err := NewCertificateAuthority(&caConfig)
if err != nil {
t.Errorf("Error creation CA Auth: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
conf := Config{
CommonName: "Test Cert",
@ -168,23 +289,16 @@ func Test_CACertsVerify(t *testing.T) {
}
conf.AltNames.DNSNames = []string{"Test Cert"}
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
if err != nil {
t.Errorf("Error creation in CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
if err != nil {
t.Errorf("Failed Decoding privatekey: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
signConf := SignConfig{Offset: time.Second * 5}
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
if err != nil {
t.Errorf("Error signing CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
clientCert, err := DecodeCertPEM(clientCertPem)
if err != nil {
t.Errorf("Failed Decoding cert: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != signConf.Offset {
t.Errorf("Invalid certificate expiry")
@ -206,39 +320,29 @@ func Test_CACertsVerify(t *testing.T) {
clientCerts := [][]byte{clientCert.Raw}
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
panic("failed to verify certificate: " + err.Error())
}
err = caAuth.VerifyClientCertificate(clientCerts)
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
time.Sleep(time.Second * 6)
if err = caAuth.VerifyClientCertificate(clientCerts); err == nil {
panic("failed to verify certificate after Expiry")
}
if _, err = tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient)); err != nil {
t.Errorf("Error Verifying key and cert: %s", err.Error())
}
err = caAuth.VerifyClientCertificate(clientCerts)
assert.Errorf(t, err, "failed to verify certificate after Expiry")
_, err = tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient))
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
}
func Test_CACertsRenewVerify(t *testing.T) {
ca, key, err := GenerateClientCertificate("test CA")
if err != nil {
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
if err != nil {
t.Errorf("Failed to load root key pair: %v", err)
return
}
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
caConfig := CAConfig{
RootSigner: &rootSigner,
}
caAuth, err := NewCertificateAuthority(&caConfig)
if err != nil {
t.Errorf("Error creation CA Auth: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
conf := Config{
CommonName: "Test Cert",
@ -246,22 +350,18 @@ func Test_CACertsRenewVerify(t *testing.T) {
}
conf.AltNames.DNSNames = []string{"Test Cert"}
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
if err != nil {
t.Errorf("Error creation in CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
if err != nil {
t.Errorf("Failed Decoding privatekey: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
signConf := SignConfig{Offset: time.Second * 5}
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
if err != nil {
t.Errorf("Error signing CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
clientCert, err := DecodeCertPEM(clientCertPem)
if err != nil {
t.Errorf("Failed Decoding cert: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
// Test certificate duration
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != signConf.Offset {
t.Errorf("Invalid certificate expiry")
@ -269,34 +369,25 @@ func Test_CACertsRenewVerify(t *testing.T) {
clientCerts := [][]byte{clientCert.Raw}
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
panic("failed to verify certificate: " + err.Error())
}
err = caAuth.VerifyClientCertificate(clientCerts)
assert.NoErrorf(t, err, "Failed to verify certificate: %v", err)
oldcert, err := tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient))
if err != nil {
t.Errorf("Error creating X509 keypair: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creating X509 keypair: %v", err)
// ================= Renew 1 ========================
csr1, keyClient1Pem, err := GenerateCertificateRenewRequest(&oldcert)
if err != nil {
t.Errorf("Error creating renew CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creating renew CSR: %v", err)
keyClient1, err := DecodePrivateKeyPEM(keyClient1Pem)
if err != nil {
t.Errorf("Failed Decoding privatekey: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
signConf = SignConfig{Offset: time.Second * 20}
certClient1Pem, err := caAuth.SignRequest(csr1, clientCert.Raw, &signConf)
if err != nil {
t.Errorf("Error signing CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
certClient1, err := DecodeCertPEM(certClient1Pem)
if err != nil {
t.Errorf("Failed Decoding cert: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
// Test certificate duration
if (certClient1.NotAfter.Sub(certClient1.NotBefore)) != (time.Second * 5) {
@ -330,34 +421,26 @@ func Test_CACertsRenewVerify(t *testing.T) {
}
clientCerts = [][]byte{certClient1.Raw}
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
t.Errorf("failed to verify certificate: " + err.Error())
}
if _, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1)); err != nil {
t.Errorf("Error Verifying key and cert: %s", err.Error())
}
err = caAuth.VerifyClientCertificate(clientCerts)
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
_, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1))
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
// ================= Renew 2 ========================
oldcert, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1))
if err != nil {
t.Errorf("Error creating X509 keypair: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creating X509 keypair: %v", err)
csr2, keyClient2Pem, err := GenerateCertificateRenewRequest(&oldcert)
if err != nil {
t.Errorf("Error creating renew CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error creating renew CSR: %v", err)
keyClient2, err := DecodePrivateKeyPEM(keyClient2Pem)
if err != nil {
t.Errorf("Failed Decoding privatekey: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
certClient2Pem, err := caAuth.SignRequest(csr2, certClient1.Raw, nil)
if err != nil {
t.Errorf("Error signing CSR: %s", err.Error())
}
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
certClient2, err := DecodeCertPEM(certClient2Pem)
if err != nil {
t.Errorf("Failed Decoding cert: %s", err.Error())
}
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
// Test certificate duration
if (certClient2.NotAfter.Sub(certClient2.NotBefore)) != (time.Second * 5) {
t.Errorf("Invalid certificate expiry")
@ -389,12 +472,10 @@ func Test_CACertsRenewVerify(t *testing.T) {
}
clientCerts = [][]byte{certClient2.Raw}
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
t.Errorf("failed to verify certificate: " + err.Error())
}
if _, err = tls.X509KeyPair(EncodeCertPEM(certClient2), EncodePrivateKeyPEM(keyClient2)); err != nil {
t.Errorf("Error Verifying key and cert: %s", err.Error())
}
err = caAuth.VerifyClientCertificate(clientCerts)
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
_, err = tls.X509KeyPair(EncodeCertPEM(certClient2), EncodePrivateKeyPEM(keyClient2))
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
}
func Test_CACertsRenewVerifySameKey(t *testing.T) {
@ -724,7 +805,7 @@ func Test_CalculateRenewTime(t *testing.T) {
if err != nil {
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
}
if duration.RenewBackoffDuration > time.Duration(time.Second*4) || duration.RenewBackoffDuration < time.Duration(time.Second*2) {
if duration.RenewBackoffDuration > time.Duration(time.Second*4) || duration.RenewBackoffDuration < time.Duration(time.Second*1) {
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*4), duration.RenewBackoffDuration)
}
if duration.RenewBackoffDuration < time.Duration(0) {
@ -751,7 +832,7 @@ func Test_CalculateRenewTime1(t *testing.T) {
if err != nil {
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
}
if duration.RenewBackoffDuration > time.Duration(time.Second*6) || duration.RenewBackoffDuration < time.Duration(time.Second*4) {
if duration.RenewBackoffDuration > time.Duration(time.Second*6) || duration.RenewBackoffDuration < time.Duration(time.Second*3) {
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*6), duration.RenewBackoffDuration)
}
if duration.RenewBackoffDuration < time.Duration(0) {
@ -778,7 +859,7 @@ func Test_CalculateRenewTime2(t *testing.T) {
if err != nil {
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
}
if duration.RenewBackoffDuration > time.Duration(time.Second*-10) || duration.RenewBackoffDuration < time.Duration(time.Second*-12) {
if duration.RenewBackoffDuration > time.Duration(time.Second*-10) || duration.RenewBackoffDuration < time.Duration(time.Second*-13) {
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*-10), duration.RenewBackoffDuration)
}
if duration.RenewBackoffDuration > time.Duration(0) {
@ -805,7 +886,7 @@ func Test_CalculateRenewTimeNegative(t *testing.T) {
if err != nil {
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
}
if duration.RenewBackoffDuration > time.Duration(time.Second*-13) || duration.RenewBackoffDuration < time.Duration(time.Second*-15) {
if duration.RenewBackoffDuration > time.Duration(time.Second*-13) || duration.RenewBackoffDuration < time.Duration(time.Second*-16) {
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*-13), duration.RenewBackoffDuration)
}
if duration.RenewBackoffDuration > time.Duration(0) {

Просмотреть файл

@ -53,7 +53,7 @@ message Identity {
string cloudFqdn = 15;
int32 cloudPort = 16;
int32 cloudAuthPort = 17;
AuthenticationType authType = 18;
AuthenticationType authType = 18 [deprecated = true];;
bool revoked = 19;
bool autoRotate = 20;
string loginFilePath = 21;

Просмотреть файл

@ -300,7 +300,7 @@ type Identity struct {
CloudFqdn string `protobuf:"bytes,15,opt,name=cloudFqdn,proto3" json:"cloudFqdn,omitempty"`
CloudPort int32 `protobuf:"varint,16,opt,name=cloudPort,proto3" json:"cloudPort,omitempty"`
CloudAuthPort int32 `protobuf:"varint,17,opt,name=cloudAuthPort,proto3" json:"cloudAuthPort,omitempty"`
AuthType common.AuthenticationType `protobuf:"varint,18,opt,name=authType,proto3,enum=moc.AuthenticationType" json:"authType,omitempty"`
AuthType common.AuthenticationType `protobuf:"varint,18,opt,name=authType,proto3,enum=moc.AuthenticationType" json:"authType,omitempty"` // Deprecated: Do not use.
Revoked bool `protobuf:"varint,19,opt,name=revoked,proto3" json:"revoked,omitempty"`
AutoRotate bool `protobuf:"varint,20,opt,name=autoRotate,proto3" json:"autoRotate,omitempty"`
LoginFilePath string `protobuf:"bytes,21,opt,name=loginFilePath,proto3" json:"loginFilePath,omitempty"`
@ -434,6 +434,7 @@ func (m *Identity) GetCloudAuthPort() int32 {
return 0
}
// Deprecated: Do not use.
func (m *Identity) GetAuthType() common.AuthenticationType {
if m != nil {
return m.AuthType
@ -482,61 +483,61 @@ func init() {
func init() { proto.RegisterFile("moc_cloudagent_identity.proto", fileDescriptor_df50a18f5e732c64) }
var fileDescriptor_df50a18f5e732c64 = []byte{
// 853 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x6e, 0xdb, 0x46,
0x10, 0x2e, 0x25, 0x5b, 0xb6, 0x46, 0xfe, 0xcb, 0xc6, 0x8d, 0xb7, 0x6a, 0x13, 0x28, 0xaa, 0x0f,
0xea, 0x85, 0x6a, 0xe5, 0x1c, 0x8a, 0xa2, 0x40, 0x60, 0xbb, 0x4e, 0xea, 0x4b, 0x1b, 0xac, 0x83,
0x1e, 0x0a, 0x14, 0x06, 0xbd, 0x5a, 0xd3, 0x0b, 0x93, 0xbb, 0xcc, 0xee, 0x32, 0xa9, 0xae, 0x3d,
0xe5, 0x1d, 0xda, 0x3e, 0x44, 0x0f, 0x7d, 0x8e, 0xbe, 0x42, 0x1f, 0xa5, 0xe0, 0x90, 0x14, 0x49,
0xff, 0x40, 0x36, 0x9a, 0x93, 0xc4, 0x6f, 0xbe, 0x99, 0xfd, 0x66, 0xf6, 0xdb, 0x81, 0xc7, 0xb1,
0xe6, 0xa7, 0x3c, 0xd2, 0xe9, 0x34, 0x08, 0x85, 0x72, 0xa7, 0x72, 0x2a, 0x94, 0x93, 0x6e, 0xe6,
0x27, 0x46, 0x3b, 0x4d, 0x76, 0x62, 0xcd, 0xfd, 0x2a, 0xec, 0x5b, 0xc1, 0x53, 0x23, 0xdd, 0xac,
0xff, 0x24, 0xd4, 0x3a, 0x8c, 0xc4, 0x18, 0x69, 0x67, 0xe9, 0xf9, 0xf8, 0x9d, 0x09, 0x92, 0x44,
0x18, 0x9b, 0x27, 0xf6, 0x07, 0x57, 0xea, 0x72, 0x61, 0x9c, 0x3c, 0x97, 0x3c, 0x70, 0xa2, 0x60,
0xec, 0x20, 0x43, 0xc7, 0xb1, 0x56, 0xc5, 0x4f, 0x11, 0xf8, 0xa4, 0x16, 0x28, 0xcf, 0xcb, 0x43,
0xc3, 0xf7, 0x1e, 0x6c, 0x1e, 0x17, 0x0a, 0x99, 0x78, 0x93, 0x0a, 0xeb, 0xc8, 0x73, 0xe8, 0x96,
0x90, 0xa5, 0xde, 0xa0, 0x3d, 0xea, 0x4d, 0x9e, 0xfa, 0xb7, 0xc8, 0xf6, 0xe7, 0xc9, 0x55, 0x0e,
0x79, 0x06, 0xeb, 0x3f, 0x26, 0xc2, 0x04, 0x4e, 0x6a, 0xf5, 0x7a, 0x96, 0x08, 0xda, 0x1a, 0x78,
0xa3, 0x8d, 0xc9, 0x06, 0x16, 0x99, 0x47, 0x58, 0x93, 0x34, 0xfc, 0xd3, 0x83, 0xad, 0x4a, 0x8a,
0x4d, 0xb4, 0xb2, 0xe2, 0xff, 0x6b, 0x99, 0x40, 0x87, 0x09, 0x9b, 0x46, 0x0e, 0x45, 0xf4, 0x26,
0x7d, 0x3f, 0x9f, 0xb3, 0x5f, 0xce, 0xd9, 0x3f, 0xd0, 0x3a, 0xfa, 0x29, 0x88, 0x52, 0xc1, 0x0a,
0x26, 0xd9, 0x86, 0xe5, 0x23, 0x63, 0xb4, 0xa1, 0xed, 0x81, 0x37, 0xea, 0xb2, 0xfc, 0x63, 0xf8,
0xbb, 0x07, 0xb4, 0xac, 0x5b, 0x35, 0x51, 0xcc, 0x6c, 0x1f, 0xa0, 0x88, 0x49, 0x71, 0x0f, 0xa1,
0xb5, 0x24, 0xf2, 0xed, 0xcd, 0x53, 0x7b, 0x84, 0x55, 0xae, 0x1f, 0x7c, 0x65, 0x7a, 0xff, 0x78,
0xd0, 0x2f, 0x49, 0x87, 0x95, 0x35, 0x4a, 0x7d, 0x43, 0x58, 0x2b, 0xa3, 0x3f, 0x04, 0xb1, 0xa0,
0x1e, 0x76, 0xd6, 0xc0, 0xc8, 0x77, 0xd0, 0x3e, 0x3c, 0x61, 0xb4, 0x85, 0xe2, 0x27, 0xb7, 0x8a,
0xaf, 0x55, 0x3f, 0x91, 0xa1, 0x92, 0x2a, 0x2c, 0x0e, 0x61, 0x59, 0x3a, 0x79, 0x79, 0xb5, 0x8d,
0x36, 0xb6, 0xf1, 0xb4, 0xd1, 0x46, 0xad, 0xc6, 0xad, 0x1d, 0xfd, 0xe5, 0xc1, 0xa7, 0x37, 0x76,
0x54, 0x58, 0xe3, 0x7b, 0x58, 0xab, 0xc1, 0xe5, 0xd0, 0x77, 0xef, 0xa2, 0x9b, 0x35, 0x32, 0x3f,
0xa0, 0x47, 0xfe, 0xe8, 0xc0, 0x6a, 0xa9, 0x99, 0x10, 0x58, 0x52, 0xd5, 0xac, 0xf1, 0x3f, 0xd9,
0x80, 0x96, 0x9c, 0xe2, 0x31, 0x5d, 0xd6, 0x92, 0x53, 0xb2, 0x0b, 0xeb, 0x46, 0x58, 0x9d, 0x1a,
0x2e, 0x5e, 0x1a, 0x9d, 0x26, 0x45, 0xb9, 0x26, 0x48, 0x06, 0xb0, 0x9a, 0x04, 0xd6, 0xbe, 0xd3,
0x66, 0x4a, 0x97, 0x32, 0xc2, 0xc1, 0xd2, 0xfb, 0xbf, 0xa9, 0xc7, 0xe6, 0x28, 0xe9, 0xc3, 0xb2,
0xd3, 0x97, 0x42, 0xd1, 0xe5, 0x5a, 0x38, 0x87, 0xc8, 0xe7, 0xd0, 0xb1, 0x2e, 0x70, 0xa9, 0xa5,
0x2b, 0xd8, 0x5e, 0x0f, 0x47, 0x74, 0x82, 0x10, 0x2b, 0x42, 0x99, 0x41, 0x22, 0xcd, 0x71, 0xfa,
0x68, 0x10, 0xc8, 0x0d, 0x52, 0xc7, 0xc8, 0x63, 0x58, 0x72, 0x41, 0x68, 0x69, 0x0f, 0xcb, 0x74,
0xb1, 0xcc, 0xeb, 0x20, 0xb4, 0x0c, 0x61, 0xf2, 0x0b, 0xac, 0xf1, 0xfa, 0x85, 0xac, 0xe1, 0x85,
0xec, 0x2d, 0x7c, 0x05, 0xf5, 0x9b, 0xb1, 0x47, 0xca, 0x99, 0x59, 0xa1, 0xbf, 0x51, 0x8e, 0xec,
0x42, 0x0f, 0xfb, 0x39, 0xfa, 0x35, 0x91, 0x66, 0x46, 0xd7, 0x07, 0xde, 0xa8, 0x7d, 0xd0, 0xa2,
0x1e, 0xab, 0xc3, 0x64, 0x0c, 0xc0, 0x23, 0x29, 0x94, 0x43, 0xef, 0x6d, 0xa0, 0xf7, 0x36, 0x51,
0xc2, 0xe1, 0x1c, 0x66, 0x35, 0x0a, 0xf9, 0x0c, 0xba, 0x28, 0xee, 0xc5, 0x9b, 0xa9, 0xa2, 0x9b,
0xd8, 0x75, 0x05, 0xcc, 0xa3, 0xaf, 0xb4, 0x71, 0x74, 0x6b, 0xe0, 0x8d, 0x96, 0x59, 0x05, 0x64,
0xb7, 0x87, 0x1f, 0xfb, 0xa9, 0xbb, 0x40, 0xc6, 0x03, 0x64, 0x34, 0x41, 0xb2, 0x07, 0xab, 0x41,
0xea, 0x2e, 0x50, 0x10, 0x41, 0x41, 0x3b, 0x28, 0x28, 0x23, 0x64, 0x13, 0xe0, 0x73, 0xcf, 0xb3,
0x39, 0x91, 0x50, 0x58, 0x31, 0xe2, 0xad, 0xbe, 0x14, 0x53, 0xfa, 0x70, 0xe0, 0x8d, 0x56, 0x59,
0xf9, 0x49, 0x9e, 0x00, 0x04, 0xa9, 0xd3, 0x4c, 0xbb, 0xc0, 0x09, 0xba, 0x8d, 0xc1, 0x1a, 0x92,
0x89, 0x8a, 0x74, 0x28, 0xd5, 0x0b, 0x19, 0x89, 0x57, 0x81, 0xbb, 0xa0, 0x1f, 0xe7, 0x96, 0x6a,
0x80, 0x64, 0x02, 0xdb, 0xb5, 0xb1, 0x1d, 0xab, 0x13, 0xc1, 0xb5, 0x9a, 0x5a, 0xfa, 0x28, 0x1b,
0x2b, 0xbb, 0x31, 0xd6, 0x7f, 0x0e, 0x0f, 0xae, 0x5d, 0x15, 0xd9, 0x82, 0xf6, 0xa5, 0x98, 0x15,
0x26, 0xcf, 0xfe, 0x66, 0x4f, 0xe3, 0x6d, 0xf6, 0x56, 0x0a, 0x9b, 0xe7, 0x1f, 0xdf, 0xb4, 0xbe,
0xf6, 0x26, 0xff, 0xb6, 0x60, 0xbd, 0xbc, 0xf5, 0xfd, 0xcc, 0x0c, 0xe4, 0x14, 0x3a, 0xc7, 0x2a,
0xeb, 0x8b, 0x8c, 0x16, 0x6f, 0xcb, 0x7c, 0xcd, 0xf4, 0xbf, 0xb8, 0x03, 0x33, 0xdf, 0x11, 0xc3,
0x8f, 0x88, 0x84, 0x95, 0x7c, 0xad, 0x08, 0xf2, 0xd5, 0xc2, 0xbc, 0xab, 0x6b, 0xfd, 0x7e, 0x47,
0xfd, 0xe6, 0xc1, 0xc3, 0xe2, 0xac, 0xc6, 0x7a, 0x59, 0xfc, 0x02, 0xae, 0x2f, 0xec, 0xfe, 0xb3,
0xfb, 0x25, 0x95, 0x22, 0x0e, 0x26, 0x3f, 0x7f, 0x19, 0x4a, 0x77, 0x91, 0x9e, 0xf9, 0x5c, 0xc7,
0xe3, 0x58, 0x72, 0xa3, 0xad, 0x3e, 0x77, 0xe3, 0x58, 0xf3, 0xb1, 0x49, 0xf8, 0xb8, 0xaa, 0x38,
0x2e, 0x2b, 0x9e, 0x75, 0x70, 0xcf, 0xed, 0xfd, 0x17, 0x00, 0x00, 0xff, 0xff, 0x3a, 0x5d, 0xe4,
0xfa, 0xbb, 0x08, 0x00, 0x00,
// 856 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xdd, 0x6e, 0x1b, 0x45,
0x14, 0x66, 0xec, 0xc4, 0x89, 0x8f, 0xf3, 0xd7, 0x69, 0x68, 0x06, 0x43, 0x2b, 0xd7, 0xe4, 0xc2,
0xdc, 0xac, 0xc1, 0xad, 0x04, 0x42, 0x48, 0x55, 0x12, 0xd2, 0x92, 0x1b, 0xa8, 0x26, 0x15, 0x17,
0x48, 0x28, 0xda, 0x8c, 0x27, 0x9b, 0x51, 0xd6, 0x33, 0xdb, 0x99, 0xd9, 0x16, 0xdf, 0x72, 0xd5,
0x77, 0x40, 0x48, 0xbc, 0x02, 0x17, 0x3c, 0x07, 0xaf, 0xc0, 0xa3, 0xa0, 0x3d, 0xbb, 0xeb, 0xdd,
0xcd, 0x8f, 0xd2, 0x08, 0xae, 0xec, 0xfd, 0xce, 0x77, 0xce, 0x7c, 0xe7, 0xcc, 0x37, 0x07, 0x1e,
0xce, 0x8c, 0x38, 0x11, 0xb1, 0x49, 0xa7, 0x61, 0x24, 0xb5, 0x3f, 0x51, 0x53, 0xa9, 0xbd, 0xf2,
0xf3, 0x20, 0xb1, 0xc6, 0x1b, 0xba, 0x33, 0x33, 0x22, 0xa8, 0xc2, 0x81, 0x93, 0x22, 0xb5, 0xca,
0xcf, 0xfb, 0x8f, 0x22, 0x63, 0xa2, 0x58, 0x8e, 0x91, 0x76, 0x9a, 0x9e, 0x8d, 0xdf, 0xda, 0x30,
0x49, 0xa4, 0x75, 0x79, 0x62, 0x7f, 0x70, 0xa9, 0xae, 0x90, 0xd6, 0xab, 0x33, 0x25, 0x42, 0x2f,
0x0b, 0xc6, 0x0e, 0x32, 0xcc, 0x6c, 0x66, 0x74, 0xf1, 0x53, 0x04, 0x3e, 0xaa, 0x05, 0xca, 0xf3,
0xf2, 0xd0, 0xf0, 0x1d, 0x81, 0xcd, 0xa3, 0x42, 0x21, 0x97, 0xaf, 0x53, 0xe9, 0x3c, 0x7d, 0x06,
0xdd, 0x12, 0x72, 0x8c, 0x0c, 0xda, 0xa3, 0xde, 0xe4, 0x71, 0x70, 0x83, 0xec, 0x60, 0x91, 0x5c,
0xe5, 0xd0, 0xa7, 0xb0, 0xfe, 0x43, 0x22, 0x6d, 0xe8, 0x95, 0xd1, 0xaf, 0xe6, 0x89, 0x64, 0xad,
0x01, 0x19, 0x6d, 0x4c, 0x36, 0xb0, 0xc8, 0x22, 0xc2, 0x9b, 0xa4, 0xe1, 0xef, 0x04, 0xb6, 0x2a,
0x29, 0x2e, 0x31, 0xda, 0xc9, 0xff, 0xae, 0x65, 0x02, 0x1d, 0x2e, 0x5d, 0x1a, 0x7b, 0x14, 0xd1,
0x9b, 0xf4, 0x83, 0x7c, 0xce, 0x41, 0x39, 0xe7, 0x60, 0xdf, 0x98, 0xf8, 0xc7, 0x30, 0x4e, 0x25,
0x2f, 0x98, 0x74, 0x1b, 0x96, 0x0f, 0xad, 0x35, 0x96, 0xb5, 0x07, 0x64, 0xd4, 0xe5, 0xf9, 0xc7,
0xf0, 0x37, 0x02, 0xac, 0xac, 0x5b, 0x35, 0x51, 0xcc, 0x6c, 0x0f, 0xa0, 0x88, 0x29, 0x79, 0x07,
0xa1, 0xb5, 0x24, 0xfa, 0xcd, 0xf5, 0x53, 0x7b, 0x80, 0x55, 0xae, 0x1e, 0x7c, 0x69, 0x7a, 0x7f,
0x13, 0xe8, 0x97, 0xa4, 0x83, 0xca, 0x1a, 0xa5, 0xbe, 0x21, 0xac, 0x95, 0xd1, 0xef, 0xc3, 0x99,
0x64, 0x04, 0x3b, 0x6b, 0x60, 0xf4, 0x5b, 0x68, 0x1f, 0x1c, 0x73, 0xd6, 0x42, 0xf1, 0x93, 0x1b,
0xc5, 0xd7, 0xaa, 0x1f, 0xab, 0x48, 0x2b, 0x1d, 0x15, 0x87, 0xf0, 0x2c, 0x9d, 0xbe, 0xb8, 0xdc,
0x46, 0x1b, 0xdb, 0x78, 0xdc, 0x68, 0xa3, 0x56, 0xe3, 0xc6, 0x8e, 0xfe, 0x24, 0xf0, 0xf1, 0xb5,
0x1d, 0x15, 0xd6, 0xf8, 0x0e, 0xd6, 0x6a, 0x70, 0x39, 0xf4, 0xdd, 0xf7, 0xd1, 0xcd, 0x1b, 0x99,
0xff, 0xa3, 0x47, 0xfe, 0xe8, 0xc0, 0x6a, 0xa9, 0x99, 0x52, 0x58, 0xd2, 0xd5, 0xac, 0xf1, 0x3f,
0xdd, 0x80, 0x96, 0x9a, 0xe2, 0x31, 0x5d, 0xde, 0x52, 0x53, 0xba, 0x0b, 0xeb, 0x56, 0x3a, 0x93,
0x5a, 0x21, 0x5f, 0x58, 0x93, 0x26, 0x45, 0xb9, 0x26, 0x48, 0x07, 0xb0, 0x9a, 0x84, 0xce, 0xbd,
0x35, 0x76, 0xca, 0x96, 0x32, 0xc2, 0xfe, 0xd2, 0xbb, 0xbf, 0x18, 0xe1, 0x0b, 0x94, 0xf6, 0x61,
0xd9, 0x9b, 0x0b, 0xa9, 0xd9, 0x72, 0x2d, 0x9c, 0x43, 0xf4, 0x53, 0xe8, 0x38, 0x1f, 0xfa, 0xd4,
0xb1, 0x15, 0x6c, 0xaf, 0x87, 0x23, 0x3a, 0x46, 0x88, 0x17, 0xa1, 0xcc, 0x20, 0xb1, 0x11, 0x38,
0x7d, 0x34, 0x08, 0xe4, 0x06, 0xa9, 0x63, 0xf4, 0x21, 0x2c, 0xf9, 0x30, 0x72, 0xac, 0x87, 0x65,
0xba, 0x58, 0xe6, 0x55, 0x18, 0x39, 0x8e, 0x30, 0xfd, 0x19, 0xd6, 0x44, 0xfd, 0x42, 0xd6, 0xf0,
0x42, 0x9e, 0xdc, 0xfa, 0x0a, 0xea, 0x37, 0xe3, 0x0e, 0xb5, 0xb7, 0xf3, 0x42, 0x7f, 0xa3, 0x1c,
0xdd, 0x85, 0x1e, 0xf6, 0x73, 0xf8, 0x4b, 0xa2, 0xec, 0x9c, 0xad, 0x0f, 0xc8, 0xa8, 0xbd, 0xdf,
0x62, 0x84, 0xd7, 0x61, 0x3a, 0x06, 0x10, 0xb1, 0x92, 0xda, 0xa3, 0xf7, 0x36, 0xd0, 0x7b, 0x9b,
0x28, 0xe1, 0x60, 0x01, 0xf3, 0x1a, 0x85, 0x7e, 0x02, 0x5d, 0x14, 0xf7, 0xfc, 0xf5, 0x54, 0xb3,
0x4d, 0xec, 0xba, 0x02, 0x16, 0xd1, 0x97, 0xc6, 0x7a, 0xb6, 0x35, 0x20, 0xa3, 0x65, 0x5e, 0x01,
0xd9, 0xed, 0xe1, 0xc7, 0x5e, 0xea, 0xcf, 0x91, 0x71, 0x0f, 0x19, 0x4d, 0x90, 0x7e, 0x09, 0xab,
0x61, 0xea, 0xcf, 0x51, 0x10, 0x45, 0x41, 0x3b, 0x28, 0x28, 0x23, 0x64, 0x13, 0x10, 0x0b, 0xcf,
0x63, 0x3b, 0x0b, 0x32, 0x65, 0xb0, 0x62, 0xe5, 0x1b, 0x73, 0x21, 0xa7, 0xec, 0xfe, 0x80, 0x8c,
0x56, 0x79, 0xf9, 0x49, 0x1f, 0x01, 0x84, 0xa9, 0x37, 0xdc, 0xf8, 0xd0, 0x4b, 0xb6, 0x8d, 0xc1,
0x1a, 0x92, 0x09, 0x8b, 0x4d, 0xa4, 0xf4, 0x73, 0x15, 0xcb, 0x97, 0xa1, 0x3f, 0x67, 0x1f, 0xe6,
0xb6, 0x6a, 0x80, 0x74, 0x02, 0xdb, 0xb5, 0xd1, 0x1d, 0xe9, 0x63, 0x29, 0x8c, 0x9e, 0x3a, 0xf6,
0x20, 0x1b, 0x2d, 0xbf, 0x36, 0xd6, 0x7f, 0x06, 0xf7, 0xae, 0x5c, 0x17, 0xdd, 0x82, 0xf6, 0x85,
0x9c, 0x17, 0x46, 0xcf, 0xfe, 0x66, 0xcf, 0xe3, 0x4d, 0xf6, 0x5e, 0x0a, 0xab, 0xe7, 0x1f, 0x5f,
0xb7, 0xbe, 0x22, 0x93, 0x7f, 0x5a, 0xb0, 0x5e, 0xde, 0xfc, 0x5e, 0x66, 0x08, 0x7a, 0x02, 0x9d,
0x23, 0x9d, 0xf5, 0x45, 0x47, 0xb7, 0x6f, 0xcc, 0x7c, 0xd5, 0xf4, 0x3f, 0x7b, 0x0f, 0x66, 0xbe,
0x27, 0x86, 0x1f, 0x50, 0x05, 0x2b, 0xf9, 0x6a, 0x91, 0xf4, 0x8b, 0x5b, 0xf3, 0x2e, 0xaf, 0xf6,
0xbb, 0x1d, 0xf5, 0x2b, 0x81, 0xfb, 0xc5, 0x59, 0x8d, 0x15, 0x73, 0xfb, 0x2b, 0xb8, 0xba, 0xb4,
0xfb, 0x4f, 0xef, 0x96, 0x54, 0x8a, 0xd8, 0x9f, 0xfc, 0xf4, 0x79, 0xa4, 0xfc, 0x79, 0x7a, 0x1a,
0x08, 0x33, 0x1b, 0xcf, 0x94, 0xb0, 0xc6, 0x99, 0x33, 0x3f, 0x9e, 0x19, 0x31, 0xb6, 0x89, 0x18,
0x57, 0x15, 0xc7, 0x65, 0xc5, 0xd3, 0x0e, 0xee, 0xba, 0x27, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff,
0xae, 0xa8, 0x0b, 0xe1, 0xbf, 0x08, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.

Просмотреть файл

@ -151,3 +151,9 @@ protoc -I $Agent/$Module/keyvault -I ./common -I $Agent/$Module/keyvault/secret
protoc -I $Agent/$Module/authentication -I ./common -I $Agent/$Module/identity -I $Agent/$Module/certificate $Agent/$Module/authentication/moc_cloudagent_authentication.proto --go_out=plugins=grpc:../bld/gen/
protoc -I $Agent/$Module/certificate -I ./common $Agent/$Module/certificate/moc_cloudagent_certificate.proto --go_out=plugins=grpc:../bld/gen/
protoc -I $Agent/$Module/role -I ./common $Agent/$Module/role/moc_cloudagent_role.proto --go_out=plugins=grpc:../bld/gen/
Agent="testagent"
echo "Generating Protoc for $Agent"
protoc -I $Agent $Agent/auth_test.proto --go_out=plugins=grpc:../bld/gen/
protoc -I $Agent $Agent/tls_test.proto --go_out=plugins=grpc:../bld/gen/

Просмотреть файл

@ -0,0 +1,164 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: auth_test.proto
package testagent
import (
context "context"
fmt "fmt"
proto "github.com/golang/protobuf/proto"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Holla struct {
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Holla) Reset() { *m = Holla{} }
func (m *Holla) String() string { return proto.CompactTextString(m) }
func (*Holla) ProtoMessage() {}
func (*Holla) Descriptor() ([]byte, []int) {
return fileDescriptor_3c665ea62f7f06db, []int{0}
}
func (m *Holla) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Holla.Unmarshal(m, b)
}
func (m *Holla) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Holla.Marshal(b, m, deterministic)
}
func (m *Holla) XXX_Merge(src proto.Message) {
xxx_messageInfo_Holla.Merge(m, src)
}
func (m *Holla) XXX_Size() int {
return xxx_messageInfo_Holla.Size(m)
}
func (m *Holla) XXX_DiscardUnknown() {
xxx_messageInfo_Holla.DiscardUnknown(m)
}
var xxx_messageInfo_Holla proto.InternalMessageInfo
func (m *Holla) GetName() string {
if m != nil {
return m.Name
}
return ""
}
func init() {
proto.RegisterType((*Holla)(nil), "testagent.Holla")
}
func init() { proto.RegisterFile("auth_test.proto", fileDescriptor_3c665ea62f7f06db) }
var fileDescriptor_3c665ea62f7f06db = []byte{
// 145 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4f, 0x2c, 0x2d, 0xc9,
0x88, 0x2f, 0x49, 0x2d, 0x2e, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x04, 0xb1, 0x13,
0xd3, 0x53, 0xf3, 0x4a, 0x94, 0xa4, 0xb9, 0x58, 0x3d, 0xf2, 0x73, 0x72, 0x12, 0x85, 0x84, 0xb8,
0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x23, 0x5b,
0x2e, 0x2e, 0xb0, 0xa4, 0x23, 0x48, 0xa9, 0x90, 0x3e, 0x17, 0x67, 0x40, 0x66, 0x5e, 0x3a, 0x44,
0xb9, 0x80, 0x1e, 0xdc, 0x0c, 0x3d, 0xb0, 0x88, 0x14, 0x86, 0x88, 0x93, 0x46, 0x94, 0x5a, 0x7a,
0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x6e, 0x66, 0x72, 0x51, 0x7e, 0x71,
0x7e, 0x5a, 0x89, 0x7e, 0x6e, 0x7e, 0xb2, 0x7e, 0x51, 0x41, 0xb2, 0x3e, 0x5c, 0x7d, 0x12, 0x1b,
0xd8, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xdf, 0xb5, 0x1a, 0xfb, 0xaa, 0x00, 0x00,
0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// HollaAgentClient is the client API for HollaAgent service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type HollaAgentClient interface {
PingHolla(ctx context.Context, in *Holla, opts ...grpc.CallOption) (*Holla, error)
}
type hollaAgentClient struct {
cc *grpc.ClientConn
}
func NewHollaAgentClient(cc *grpc.ClientConn) HollaAgentClient {
return &hollaAgentClient{cc}
}
func (c *hollaAgentClient) PingHolla(ctx context.Context, in *Holla, opts ...grpc.CallOption) (*Holla, error) {
out := new(Holla)
err := c.cc.Invoke(ctx, "/testagent.HollaAgent/PingHolla", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// HollaAgentServer is the server API for HollaAgent service.
type HollaAgentServer interface {
PingHolla(context.Context, *Holla) (*Holla, error)
}
// UnimplementedHollaAgentServer can be embedded to have forward compatible implementations.
type UnimplementedHollaAgentServer struct {
}
func (*UnimplementedHollaAgentServer) PingHolla(ctx context.Context, req *Holla) (*Holla, error) {
return nil, status.Errorf(codes.Unimplemented, "method PingHolla not implemented")
}
func RegisterHollaAgentServer(s *grpc.Server, srv HollaAgentServer) {
s.RegisterService(&_HollaAgent_serviceDesc, srv)
}
func _HollaAgent_PingHolla_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Holla)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(HollaAgentServer).PingHolla(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/testagent.HollaAgent/PingHolla",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(HollaAgentServer).PingHolla(ctx, req.(*Holla))
}
return interceptor(ctx, in, info, handler)
}
var _HollaAgent_serviceDesc = grpc.ServiceDesc{
ServiceName: "testagent.HollaAgent",
HandlerType: (*HollaAgentServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "PingHolla",
Handler: _HollaAgent_PingHolla_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "auth_test.proto",
}

Просмотреть файл

@ -0,0 +1,12 @@
syntax = "proto3";
option go_package = "github.com/microsoft/moc/rpc/testagent";
package testagent;
message Holla {
string Name = 1;
}
service HollaAgent {
rpc PingHolla(Holla) returns (Holla);
}

Просмотреть файл

@ -0,0 +1,163 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: tls_test.proto
package testagent
import (
context "context"
fmt "fmt"
proto "github.com/golang/protobuf/proto"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Hello struct {
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Hello) Reset() { *m = Hello{} }
func (m *Hello) String() string { return proto.CompactTextString(m) }
func (*Hello) ProtoMessage() {}
func (*Hello) Descriptor() ([]byte, []int) {
return fileDescriptor_d532ee5fff61f1da, []int{0}
}
func (m *Hello) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Hello.Unmarshal(m, b)
}
func (m *Hello) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Hello.Marshal(b, m, deterministic)
}
func (m *Hello) XXX_Merge(src proto.Message) {
xxx_messageInfo_Hello.Merge(m, src)
}
func (m *Hello) XXX_Size() int {
return xxx_messageInfo_Hello.Size(m)
}
func (m *Hello) XXX_DiscardUnknown() {
xxx_messageInfo_Hello.DiscardUnknown(m)
}
var xxx_messageInfo_Hello proto.InternalMessageInfo
func (m *Hello) GetName() string {
if m != nil {
return m.Name
}
return ""
}
func init() {
proto.RegisterType((*Hello)(nil), "testagent.Hello")
}
func init() { proto.RegisterFile("tls_test.proto", fileDescriptor_d532ee5fff61f1da) }
var fileDescriptor_d532ee5fff61f1da = []byte{
// 144 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2b, 0xc9, 0x29, 0x8e,
0x2f, 0x49, 0x2d, 0x2e, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x04, 0xb1, 0x13, 0xd3,
0x53, 0xf3, 0x4a, 0x94, 0xa4, 0xb9, 0x58, 0x3d, 0x52, 0x73, 0x72, 0xf2, 0x85, 0x84, 0xb8, 0x58,
0xfc, 0x12, 0x73, 0x53, 0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x23, 0x5b, 0x2e,
0x2e, 0xb0, 0xa4, 0x23, 0x48, 0xa9, 0x90, 0x3e, 0x17, 0x67, 0x40, 0x66, 0x5e, 0x3a, 0x44, 0xb9,
0x80, 0x1e, 0xdc, 0x0c, 0x3d, 0xb0, 0x88, 0x14, 0x86, 0x88, 0x93, 0x46, 0x94, 0x5a, 0x7a, 0x66,
0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x6e, 0x66, 0x72, 0x51, 0x7e, 0x71, 0x7e,
0x5a, 0x89, 0x7e, 0x6e, 0x7e, 0xb2, 0x7e, 0x51, 0x41, 0xb2, 0x3e, 0x5c, 0x7d, 0x12, 0x1b, 0xd8,
0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x17, 0xa3, 0x1b, 0xa9, 0x00, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// HelloAgentClient is the client API for HelloAgent service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type HelloAgentClient interface {
PingHello(ctx context.Context, in *Hello, opts ...grpc.CallOption) (*Hello, error)
}
type helloAgentClient struct {
cc *grpc.ClientConn
}
func NewHelloAgentClient(cc *grpc.ClientConn) HelloAgentClient {
return &helloAgentClient{cc}
}
func (c *helloAgentClient) PingHello(ctx context.Context, in *Hello, opts ...grpc.CallOption) (*Hello, error) {
out := new(Hello)
err := c.cc.Invoke(ctx, "/testagent.HelloAgent/PingHello", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// HelloAgentServer is the server API for HelloAgent service.
type HelloAgentServer interface {
PingHello(context.Context, *Hello) (*Hello, error)
}
// UnimplementedHelloAgentServer can be embedded to have forward compatible implementations.
type UnimplementedHelloAgentServer struct {
}
func (*UnimplementedHelloAgentServer) PingHello(ctx context.Context, req *Hello) (*Hello, error) {
return nil, status.Errorf(codes.Unimplemented, "method PingHello not implemented")
}
func RegisterHelloAgentServer(s *grpc.Server, srv HelloAgentServer) {
s.RegisterService(&_HelloAgent_serviceDesc, srv)
}
func _HelloAgent_PingHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(Hello)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(HelloAgentServer).PingHello(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/testagent.HelloAgent/PingHello",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(HelloAgentServer).PingHello(ctx, req.(*Hello))
}
return interceptor(ctx, in, info, handler)
}
var _HelloAgent_serviceDesc = grpc.ServiceDesc{
ServiceName: "testagent.HelloAgent",
HandlerType: (*HelloAgentServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "PingHello",
Handler: _HelloAgent_PingHello_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "tls_test.proto",
}

Просмотреть файл

@ -0,0 +1,12 @@
syntax = "proto3";
option go_package = "github.com/microsoft/moc/rpc/testagent";
package testagent;
message Hello {
string Name = 1;
}
service HelloAgent {
rpc PingHello(Hello) returns (Hello);
}