зеркало из https://github.com/microsoft/moc.git
Родитель
5d1835104f
Коммит
e19fa3e819
2
Makefile
2
Makefile
|
@ -30,7 +30,7 @@ bootstrap:
|
|||
test: unittest
|
||||
|
||||
unittest:
|
||||
$(GOTEST) ./...
|
||||
$(GOTEST) ./pkg/...
|
||||
|
||||
generate: bootstrap
|
||||
(./gen.sh)
|
||||
|
|
10
go.mod
10
go.mod
|
@ -3,19 +3,18 @@ module github.com/microsoft/moc
|
|||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/golang-jwt/jwt v3.2.2+incompatible
|
||||
github.com/golang/protobuf v1.5.3
|
||||
github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95
|
||||
github.com/jmespath/go-jmespath v0.3.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
google.golang.org/grpc v1.26.0
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
|
||||
github.com/stretchr/testify v1.8.1
|
||||
google.golang.org/grpc v1.54.0
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/golang/mock v1.6.0
|
||||
github.com/kr/pretty v0.1.0 // indirect
|
||||
golang.org/x/text v0.8.0 // indirect
|
||||
google.golang.org/protobuf v1.30.0 // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
|
||||
)
|
||||
|
@ -25,5 +24,4 @@ replace (
|
|||
github.com/golang/protobuf/protoc-gen-go => github.com/golang/protobuf/protoc-gen-go v1.3.2
|
||||
golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c
|
||||
golang.org/x/sys => golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24
|
||||
google.golang.org/grpc => google.golang.org/grpc v1.26.0
|
||||
)
|
||||
|
|
928
go.sum
928
go.sum
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
562
pkg/auth/auth.go
562
pkg/auth/auth.go
|
@ -8,47 +8,26 @@ import (
|
|||
context "context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"io/fs"
|
||||
|
||||
"github.com/microsoft/moc/pkg/certs"
|
||||
"github.com/microsoft/moc/pkg/config"
|
||||
"github.com/microsoft/moc/pkg/marshal"
|
||||
wssdnet "github.com/microsoft/moc/pkg/net"
|
||||
"github.com/microsoft/moc/rpc/common"
|
||||
"google.golang.org/grpc/credentials"
|
||||
)
|
||||
|
||||
const (
|
||||
ClientTokenName = ".token"
|
||||
ClientCertName = "wssd.pem"
|
||||
ClientTokenPath = "WSSD_CLIENT_TOKEN"
|
||||
WssdConfigPath = "WSSD_CONFIG_PATH"
|
||||
AccessFileDirPath = "ACCESSFILE_DIR_PATH"
|
||||
DefaultWSSDFolder = ".wssd"
|
||||
AccessFileDefaultName = "cloudconfig"
|
||||
ServerName = "ServerName"
|
||||
)
|
||||
|
||||
// LoginType
|
||||
type LoginType string
|
||||
|
||||
const (
|
||||
// SelfSigned ...
|
||||
SelfSigned LoginType = "Self-Signed"
|
||||
// CASigned ...
|
||||
CASigned LoginType = "CA-Signed"
|
||||
ServerName = "ServerName"
|
||||
)
|
||||
|
||||
type WssdConfig struct {
|
||||
CloudCertificate string
|
||||
ClientCertificate string
|
||||
ClientKey string
|
||||
ClientCertificateType LoginType
|
||||
IdentityName string
|
||||
ClientCertificateType LoginType //Depricated : Needs to cleaned up after removing references
|
||||
}
|
||||
|
||||
type Authorizer interface {
|
||||
|
@ -82,7 +61,167 @@ type LoginConfig struct {
|
|||
CloudPort int32 `json:"cloudport,omitempty"`
|
||||
CloudAuthPort int32 `json:"cloudauthport,omitempty"`
|
||||
Location string `json:"location,omitempty"`
|
||||
Type LoginType `json:"type,omitempty"`
|
||||
Type LoginType `json:"type,omitempty"` //Depricated : Needs to cleaned up after removing references
|
||||
}
|
||||
|
||||
// LoginType [Depricated : Needs to cleaned up after removing references]
|
||||
type LoginType string
|
||||
|
||||
const (
|
||||
// SelfSigned ...
|
||||
SelfSigned LoginType = "Self-Signed"
|
||||
// CASigned ...
|
||||
CASigned LoginType = "CA-Signed"
|
||||
)
|
||||
|
||||
func LoginTypeToAuthType(authType string) common.AuthenticationType {
|
||||
switch authType {
|
||||
case string(SelfSigned):
|
||||
return common.AuthenticationType_SELFSIGNED
|
||||
case string(CASigned):
|
||||
return common.AuthenticationType_CASIGNED
|
||||
}
|
||||
return common.AuthenticationType_SELFSIGNED
|
||||
}
|
||||
|
||||
func AuthTypeToLoginType(authType common.AuthenticationType) LoginType {
|
||||
switch authType {
|
||||
case common.AuthenticationType_SELFSIGNED:
|
||||
return SelfSigned
|
||||
case common.AuthenticationType_CASIGNED:
|
||||
return CASigned
|
||||
}
|
||||
return SelfSigned
|
||||
}
|
||||
|
||||
type JwtTokenProvider struct {
|
||||
RawData string `json:"rawdata"`
|
||||
}
|
||||
|
||||
func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
|
||||
return map[string]string{
|
||||
"authorization": c.RawData,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (c JwtTokenProvider) RequireTransportSecurity() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func NewTokenCredentialProvider(token string) JwtTokenProvider {
|
||||
return JwtTokenProvider{token}
|
||||
}
|
||||
|
||||
func NewEmptyTokenCredentialProvider() JwtTokenProvider {
|
||||
return JwtTokenProvider{}
|
||||
}
|
||||
|
||||
type TransportCredentialsProvider struct {
|
||||
serverName string
|
||||
certificate []tls.Certificate
|
||||
rootCAPool *x509.CertPool
|
||||
verifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
||||
}
|
||||
|
||||
func NewEmptyTransportCredential() *TransportCredentialsProvider {
|
||||
return &TransportCredentialsProvider{}
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromAuthBase64(serverName string, rootCACertsBase64 string) (*TransportCredentialsProvider, error) {
|
||||
caCertPem, err := marshal.FromBase64(rootCACertsBase64)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not marshal the server certificate")
|
||||
}
|
||||
|
||||
return NewTransportCredentialFromAuthFromPem(serverName, caCertPem)
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromAuthFromPem(serverName string, caCertPem []byte) (*TransportCredentialsProvider, error) {
|
||||
certPool := x509.NewCertPool()
|
||||
// Append the client certificates from the CA
|
||||
if ok := certPool.AppendCertsFromPEM(caCertPem); !ok {
|
||||
return nil, fmt.Errorf("could not append the server certificate")
|
||||
}
|
||||
return &TransportCredentialsProvider{
|
||||
serverName: serverName,
|
||||
rootCAPool: certPool,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromBase64(serverName, clientCertificateBase64, clientKeyBase64 string, rootCACertsBase64 string) (*TransportCredentialsProvider, error) {
|
||||
transportCreds, err := NewTransportCredentialFromAuthBase64(serverName, rootCACertsBase64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
clientPem, err := marshal.FromBase64(clientCertificateBase64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
keyPem, err := marshal.FromBase64(clientKeyBase64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = certCheck(clientPem); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tlsCert, err := tls.X509KeyPair(clientPem, keyPem)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
transportCreds.certificate = []tls.Certificate{tlsCert}
|
||||
|
||||
return transportCreds, nil
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromTlsCerts(serverName string, tlsCerts []tls.Certificate, rootCACertsPem []byte) (*TransportCredentialsProvider, error) {
|
||||
transportCreds, err := NewTransportCredentialFromAuthFromPem(serverName, rootCACertsPem)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
transportCreds.certificate = tlsCerts
|
||||
return transportCreds, nil
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromAccessFileLocation(serverName, accessFileLocation string) (*TransportCredentialsProvider, error) {
|
||||
accessFile := WssdConfig{}
|
||||
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return NewTransportCredentialFromAccessFile(serverName, accessFile)
|
||||
}
|
||||
|
||||
func NewTransportCredentialFromAccessFile(serverName string, accessFile WssdConfig) (*TransportCredentialsProvider, error) {
|
||||
caCertPem, tlscerts, err := AccessFileToTls(accessFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return NewTransportCredentialFromTlsCerts(serverName, []tls.Certificate{tlscerts}, caCertPem)
|
||||
}
|
||||
|
||||
func (transportCredentials *TransportCredentialsProvider) GetTransportCredentials() credentials.TransportCredentials {
|
||||
creds := &tls.Config{
|
||||
ServerName: transportCredentials.serverName,
|
||||
}
|
||||
if len(transportCredentials.certificate) > 0 {
|
||||
creds.Certificates = transportCredentials.certificate
|
||||
}
|
||||
if transportCredentials.rootCAPool != nil {
|
||||
creds.RootCAs = transportCredentials.rootCAPool
|
||||
}
|
||||
if transportCredentials.verifyPeerCertificate != nil {
|
||||
creds.VerifyPeerCertificate = transportCredentials.verifyPeerCertificate
|
||||
}
|
||||
return credentials.NewTLS(creds)
|
||||
}
|
||||
|
||||
// BearerAuthorizer implements the bearer authorization
|
||||
type BearerAuthorizer struct {
|
||||
tokenProvider JwtTokenProvider
|
||||
transportCredentials credentials.TransportCredentials
|
||||
}
|
||||
|
||||
func (ba *BearerAuthorizer) WithRPCAuthorization() credentials.PerRPCCredentials {
|
||||
|
@ -93,14 +232,11 @@ func (ba *BearerAuthorizer) WithTransportAuthorization() credentials.TransportCr
|
|||
return ba.transportCredentials
|
||||
}
|
||||
|
||||
type JwtTokenProvider struct {
|
||||
RawData string `json:"rawdata"`
|
||||
}
|
||||
|
||||
// BearerAuthorizer implements the bearer authorization
|
||||
type BearerAuthorizer struct {
|
||||
tokenProvider JwtTokenProvider
|
||||
transportCredentials credentials.TransportCredentials
|
||||
func NewEmptyBearerAuthorizer() *BearerAuthorizer {
|
||||
return &BearerAuthorizer{
|
||||
tokenProvider: NewEmptyTokenCredentialProvider(),
|
||||
transportCredentials: NewEmptyBearerAuthorizer().transportCredentials,
|
||||
}
|
||||
}
|
||||
|
||||
// NewBearerAuthorizer crates a BearerAuthorizer using the given token provider
|
||||
|
@ -117,11 +253,8 @@ type EnvironmentSettings struct {
|
|||
}
|
||||
|
||||
func NewAuthorizerFromEnvironment(serverName string) (Authorizer, error) {
|
||||
settings, err := GetSettingsFromEnvironment(serverName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = RenewCertificates(settings.GetManagedIdentityConfig().ServerName, settings.GetManagedIdentityConfig().WssdConfigPath)
|
||||
settings := GetSettingsFromEnvironment(serverName)
|
||||
err := RenewCertificates(settings.GetManagedIdentityConfig().ServerName, settings.GetManagedIdentityConfig().WssdConfigPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -142,31 +275,19 @@ func NewAuthorizerFromEnvironmentByName(serverName, subfolder, filename string)
|
|||
|
||||
func NewAuthorizerFromInput(tlsCert tls.Certificate, serverCertificate []byte, server string) (Authorizer, error) {
|
||||
transportCreds := TransportCredentialsFromNode(tlsCert, serverCertificate, server)
|
||||
return NewBearerAuthorizer(JwtTokenProvider{}, transportCreds), nil
|
||||
return NewBearerAuthorizer(NewEmptyTokenCredentialProvider(), transportCreds), nil
|
||||
}
|
||||
|
||||
func NewAuthorizerForAuth(tokenString string, certificate string, server string) (Authorizer, error) {
|
||||
|
||||
serverPem, err := marshal.FromBase64(certificate)
|
||||
credentials, err := NewTransportCredentialFromAuthBase64(server, certificate)
|
||||
if err != nil {
|
||||
return NewBearerAuthorizer(JwtTokenProvider{}, credentials.NewTLS(nil)), fmt.Errorf("could not marshal the server certificate")
|
||||
return NewEmptyBearerAuthorizer(), err
|
||||
}
|
||||
|
||||
certPool := x509.NewCertPool()
|
||||
// Append the client certificates from the CA
|
||||
if ok := certPool.AppendCertsFromPEM(serverPem); !ok {
|
||||
return NewBearerAuthorizer(JwtTokenProvider{}, credentials.NewTLS(nil)), fmt.Errorf("could not append the server certificate")
|
||||
}
|
||||
transportCreds := credentials.NewTLS(&tls.Config{
|
||||
ServerName: server,
|
||||
RootCAs: certPool,
|
||||
})
|
||||
|
||||
return NewBearerAuthorizer(JwtTokenProvider{tokenString}, transportCreds), nil
|
||||
return NewBearerAuthorizer(NewTokenCredentialProvider(tokenString), credentials.GetTransportCredentials()), nil
|
||||
}
|
||||
|
||||
// GetSettingsFromEnvironment Read settings from WssdConfigLocation
|
||||
func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings, err error) {
|
||||
func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings) {
|
||||
s = EnvironmentSettings{
|
||||
Values: map[string]string{},
|
||||
}
|
||||
|
@ -185,7 +306,6 @@ func GetSettingsFromEnvironmentByName(serverName, subfolder, filename string) (s
|
|||
}
|
||||
s.Values[ClientTokenPath] = getClientTokenLocation()
|
||||
s.Values[WssdConfigPath] = GetMocConfigLocationName(subfolder, filename)
|
||||
|
||||
s.Values[ServerName] = serverName
|
||||
|
||||
return
|
||||
|
@ -205,47 +325,37 @@ func (settings EnvironmentSettings) GetManagedIdentityConfig() ManagedIdentityCo
|
|||
|
||||
func (mc ManagedIdentityConfig) Authorizer() (Authorizer, error) {
|
||||
|
||||
jwtCreds := TokenProviderFromFile(mc.ClientTokenPath)
|
||||
jwtCreds, err := TokenProviderFromFile(mc.ClientTokenPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
transportCreds := TransportCredentialsFromFile(mc.WssdConfigPath, mc.ServerName)
|
||||
|
||||
return NewBearerAuthorizer(jwtCreds, transportCreds), nil
|
||||
}
|
||||
|
||||
func TokenProviderFromFile(tokenLocation string) JwtTokenProvider {
|
||||
data, err := ioutil.ReadFile(tokenLocation)
|
||||
if err != nil {
|
||||
// Call to open the token file most likely failed do to
|
||||
// token not being set. This is expected when the an identity is not yet
|
||||
// set. Log and continue
|
||||
return JwtTokenProvider{}
|
||||
func TokenProviderFromFile(tokenLocation string) (JwtTokenProvider, error) {
|
||||
if tokenLocation == "" {
|
||||
return NewEmptyTokenCredentialProvider(), nil
|
||||
}
|
||||
|
||||
return JwtTokenProvider{string(data)}
|
||||
loginconfig := LoginConfig{}
|
||||
err := config.LoadYAMLFile(tokenLocation, &loginconfig)
|
||||
if err != nil {
|
||||
// if File does not exist we return no error. This to prevent any breaking changes
|
||||
if errors.Is(err, fs.ErrNotExist) {
|
||||
err = nil
|
||||
}
|
||||
return NewEmptyTokenCredentialProvider(), err
|
||||
}
|
||||
return NewTokenCredentialProvider(loginconfig.Token), nil
|
||||
}
|
||||
|
||||
func TransportCredentialsFromFile(wssdConfigLocation string, server string) credentials.TransportCredentials {
|
||||
clientCerts := []tls.Certificate{}
|
||||
certPool := x509.NewCertPool()
|
||||
|
||||
serverPem, tlsCert, err := ReadAccessFileToTls(wssdConfigLocation)
|
||||
if err == nil {
|
||||
clientCerts = append(clientCerts, tlsCert)
|
||||
// Append the client certificates from the CA
|
||||
if ok := certPool.AppendCertsFromPEM(serverPem); !ok {
|
||||
return credentials.NewTLS(&tls.Config{})
|
||||
}
|
||||
credentials, err := NewTransportCredentialFromAccessFileLocation(server, wssdConfigLocation)
|
||||
if err != nil {
|
||||
return NewEmptyTransportCredential().GetTransportCredentials()
|
||||
}
|
||||
verifyPeerCertificate := func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
||||
// This is the for extra verification
|
||||
return nil
|
||||
}
|
||||
|
||||
return credentials.NewTLS(&tls.Config{
|
||||
ServerName: server,
|
||||
Certificates: clientCerts,
|
||||
RootCAs: certPool,
|
||||
VerifyPeerCertificate: verifyPeerCertificate,
|
||||
})
|
||||
return credentials.GetTransportCredentials()
|
||||
}
|
||||
|
||||
func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, error) {
|
||||
|
@ -258,250 +368,12 @@ func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, er
|
|||
}
|
||||
func TransportCredentialsFromNode(tlsCert tls.Certificate, serverCertificate []byte, server string) credentials.TransportCredentials {
|
||||
|
||||
certPool := x509.NewCertPool()
|
||||
// Append the client certificates from the CA
|
||||
if ok := certPool.AppendCertsFromPEM(serverCertificate); !ok {
|
||||
return credentials.NewTLS(&tls.Config{})
|
||||
}
|
||||
verifyPeerCertificate := func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
||||
// This is the for extra verification
|
||||
return nil
|
||||
}
|
||||
|
||||
return credentials.NewTLS(&tls.Config{
|
||||
ServerName: server,
|
||||
Certificates: []tls.Certificate{tlsCert},
|
||||
RootCAs: certPool,
|
||||
VerifyPeerCertificate: verifyPeerCertificate,
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
|
||||
return map[string]string{
|
||||
"authorization": c.RawData,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (c JwtTokenProvider) RequireTransportSecurity() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func getClientTokenLocation() string {
|
||||
clientTokenPath := os.Getenv(ClientTokenPath)
|
||||
if clientTokenPath == "" {
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Create the default token path and set the
|
||||
// env variable
|
||||
defaultPath := filepath.Join(wd, DefaultWSSDFolder)
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
clientTokenPath = filepath.Join(defaultPath, ClientTokenName)
|
||||
os.Setenv(ClientTokenPath, clientTokenPath)
|
||||
}
|
||||
return clientTokenPath
|
||||
}
|
||||
|
||||
func getExecutableName() (string, error) {
|
||||
execPath, err := os.Executable()
|
||||
credential, err := NewTransportCredentialFromTlsCerts(server, []tls.Certificate{tlsCert}, serverCertificate)
|
||||
if err != nil {
|
||||
return "", err
|
||||
return NewEmptyTransportCredential().GetTransportCredentials()
|
||||
}
|
||||
return strings.TrimSuffix(filepath.Base(execPath), filepath.Ext(execPath)), nil
|
||||
}
|
||||
return credential.GetTransportCredentials()
|
||||
|
||||
// GetWssdConfigLocation gets the path for access file from environment
|
||||
func GetWssdConfigLocation() string {
|
||||
accessFileDirPath := os.Getenv(AccessFileDirPath)
|
||||
wssdConfigPath := os.Getenv(WssdConfigPath)
|
||||
defaultPath := accessFileDirPath
|
||||
|
||||
if accessFileDirPath == "" && wssdConfigPath != "" {
|
||||
return wssdConfigPath
|
||||
}
|
||||
|
||||
if accessFileDirPath == "" && wssdConfigPath == "" {
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Create the default config path and set the
|
||||
// env variable
|
||||
defaultPath = filepath.Join(wd, DefaultWSSDFolder)
|
||||
os.Setenv(AccessFileDirPath, defaultPath)
|
||||
}
|
||||
|
||||
if execName, err := getExecutableName(); err == nil {
|
||||
defaultPath = filepath.Join(defaultPath, execName)
|
||||
}
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
accessFilePath := filepath.Join(defaultPath, AccessFileDefaultName)
|
||||
return accessFilePath
|
||||
}
|
||||
|
||||
// GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName
|
||||
func GetMocConfigLocationName(subfolder, filename string) string {
|
||||
wssdConfigPath := os.Getenv(WssdConfigPath)
|
||||
|
||||
file := AccessFileDefaultName
|
||||
if filename != "" {
|
||||
file = filename
|
||||
}
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if wssdConfigPath == "" || !strings.HasSuffix(wssdConfigPath, filepath.Join(wd, subfolder, file)) {
|
||||
// Create the default config path and set the
|
||||
// env variable
|
||||
defaultPath := filepath.Join(wd, DefaultWSSDFolder, subfolder)
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
wssdConfigPath = filepath.Join(defaultPath, file)
|
||||
os.Setenv(WssdConfigPath, wssdConfigPath)
|
||||
}
|
||||
return wssdConfigPath
|
||||
}
|
||||
|
||||
func SaveToken(tokenStr string) error {
|
||||
return ioutil.WriteFile(
|
||||
getClientTokenLocation(),
|
||||
[]byte(tokenStr),
|
||||
0644)
|
||||
}
|
||||
|
||||
// GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation
|
||||
// If the file exists the values from the fie is returned
|
||||
func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetWssdConfigLocation())
|
||||
if err != nil {
|
||||
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
certBytesClient := certs.EncodeCertPEM(x509CertClient)
|
||||
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
|
||||
ClientKey: marshal.ToBase64(string(keyBytesClient)),
|
||||
}
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return accessFile.ClientCertificate, accessFile, nil
|
||||
}
|
||||
|
||||
func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetWssdConfigLocation())
|
||||
cloudAgentIpAddress, err := wssdnet.GetIPAddress()
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
localHostName, err := os.Hostname()
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
cloudAgentIPAddress := wssdnet.StringToNetIPAddress(cloudAgentIpAddress)
|
||||
ipAddresses := []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), cloudAgentIPAddress}
|
||||
dnsNames := []string{"localhost", localHostName}
|
||||
|
||||
conf := &certs.Config{
|
||||
CommonName: loginconfig.Name,
|
||||
AltNames: certs.AltNames{
|
||||
DNSNames: dnsNames,
|
||||
IPs: ipAddresses,
|
||||
},
|
||||
}
|
||||
x509Csr, keyClient, err := certs.GenerateCertificateRequest(conf, nil)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: "",
|
||||
ClientKey: marshal.ToBase64(string(keyClient)),
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return string(x509Csr), accessFile, nil
|
||||
}
|
||||
|
||||
// GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName
|
||||
// If the file exists the values from the fie is returned
|
||||
func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetMocConfigLocationName(subfolder, filename))
|
||||
if err != nil {
|
||||
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
certBytesClient := certs.EncodeCertPEM(x509CertClient)
|
||||
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
|
||||
ClientKey: marshal.ToBase64(string(keyBytesClient)),
|
||||
}
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return accessFile.ClientCertificate, accessFile, nil
|
||||
}
|
||||
|
||||
// PrintAccessFile stores wssdConfig in WssdConfigLocation
|
||||
|
@ -514,16 +386,6 @@ func PrintAccessFileByName(accessFile WssdConfig, subfolder, filename string) er
|
|||
return marshal.ToJSONFile(accessFile, GetMocConfigLocationName(subfolder, filename))
|
||||
}
|
||||
|
||||
func readAccessFile(accessFileLocation string) (WssdConfig, error) {
|
||||
accessFile := WssdConfig{}
|
||||
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
|
||||
if err != nil {
|
||||
return WssdConfig{}, err
|
||||
}
|
||||
|
||||
return accessFile, nil
|
||||
}
|
||||
|
||||
func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error) {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
|
@ -549,23 +411,3 @@ func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error) {
|
|||
|
||||
return serverPem, tlsCert, nil
|
||||
}
|
||||
|
||||
func LoginTypeToAuthType(authType string) common.AuthenticationType {
|
||||
switch authType {
|
||||
case string(SelfSigned):
|
||||
return common.AuthenticationType_SELFSIGNED
|
||||
case string(CASigned):
|
||||
return common.AuthenticationType_CASIGNED
|
||||
}
|
||||
return common.AuthenticationType_SELFSIGNED
|
||||
}
|
||||
|
||||
func AuthTypeToLoginType(authType common.AuthenticationType) LoginType {
|
||||
switch authType {
|
||||
case common.AuthenticationType_SELFSIGNED:
|
||||
return SelfSigned
|
||||
case common.AuthenticationType_CASIGNED:
|
||||
return CASigned
|
||||
}
|
||||
return SelfSigned
|
||||
}
|
||||
|
|
|
@ -0,0 +1,134 @@
|
|||
// Copyright (c) Microsoft Corporation.
|
||||
// Licensed under the Apache v2.0 license.
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
ClientTokenName = ".token"
|
||||
ClientCertName = "wssd.pem"
|
||||
ClientTokenPath = "WSSD_CLIENT_TOKEN"
|
||||
WssdConfigPath = "WSSD_CONFIG_PATH"
|
||||
AccessFileDirPath = "ACCESSFILE_DIR_PATH"
|
||||
DefaultWSSDFolder = ".wssd"
|
||||
AccessFileDefaultName = "cloudconfig"
|
||||
)
|
||||
|
||||
func getExecutableName() (string, error) {
|
||||
execPath, err := os.Executable()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return strings.TrimSuffix(filepath.Base(execPath), filepath.Ext(execPath)), nil
|
||||
}
|
||||
|
||||
// SetCertificateDirPath sets the directory path where the client certificate will be stored
|
||||
// This is achieved by setting ACCESSFILE_DIR_PATH environment variable
|
||||
// The path is appended with the executable name before the certificate is stored
|
||||
func SetCertificateDirPath(certificateDirPath string) error {
|
||||
return os.Setenv(AccessFileDirPath, certificateDirPath)
|
||||
}
|
||||
|
||||
// SetCertificateFilePath sets the file path where the client certificate will be stored
|
||||
// This is achieved by setting WSSD_CONFIG_PATH environment variable
|
||||
func SetCertificateFilePath(certificateFilePath string) error {
|
||||
return os.Setenv(WssdConfigPath, certificateFilePath)
|
||||
}
|
||||
|
||||
// SetLoginTokenPath sets the path where the login yaml will be stored
|
||||
// This is achieved by setting WSSD_CLIENT_TOKEN environment variable
|
||||
// The path is appended with the executable name before the certificate is stored
|
||||
func SetLoginTokenPath(loginConfigPath string) error {
|
||||
return os.Setenv(ClientTokenPath, loginConfigPath)
|
||||
}
|
||||
|
||||
// GetCertificateDirPath will return the directory path where the client certificate will be stored
|
||||
func GetCertificateDirPath() string {
|
||||
return os.Getenv(AccessFileDirPath)
|
||||
}
|
||||
|
||||
// GetCertificateFilePath will return the file path where the client certificate will be stored
|
||||
func GetCertificateFilePath() string {
|
||||
return os.Getenv(WssdConfigPath)
|
||||
}
|
||||
|
||||
// GetLoginTokenPath will return the file path where the login yaml will be stored
|
||||
func GetLoginTokenPath() string {
|
||||
return os.Getenv(ClientTokenPath)
|
||||
}
|
||||
|
||||
// GetWssdConfigLocation gets the path for access file from environment
|
||||
func GetWssdConfigLocation() string {
|
||||
accessFileDirPath := os.Getenv(AccessFileDirPath)
|
||||
wssdConfigPath := os.Getenv(WssdConfigPath)
|
||||
defaultPath := accessFileDirPath
|
||||
|
||||
if accessFileDirPath == "" && wssdConfigPath != "" {
|
||||
return wssdConfigPath
|
||||
}
|
||||
|
||||
if accessFileDirPath == "" && wssdConfigPath == "" {
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Create the default config path and set the
|
||||
// env variable
|
||||
defaultPath = filepath.Join(wd, DefaultWSSDFolder)
|
||||
os.Setenv(AccessFileDirPath, defaultPath)
|
||||
}
|
||||
|
||||
if execName, err := getExecutableName(); err == nil {
|
||||
defaultPath = filepath.Join(defaultPath, execName)
|
||||
}
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
accessFilePath := filepath.Join(defaultPath, AccessFileDefaultName)
|
||||
return accessFilePath
|
||||
}
|
||||
|
||||
// GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName
|
||||
func GetMocConfigLocationName(subfolder, filename string) string {
|
||||
wssdConfigPath := os.Getenv(WssdConfigPath)
|
||||
|
||||
file := AccessFileDefaultName
|
||||
if filename != "" {
|
||||
file = filename
|
||||
}
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if wssdConfigPath == "" || !strings.HasSuffix(wssdConfigPath, filepath.Join(wd, subfolder, file)) {
|
||||
// Create the default config path and set the
|
||||
// env variable
|
||||
defaultPath := filepath.Join(wd, DefaultWSSDFolder, subfolder)
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
wssdConfigPath = filepath.Join(defaultPath, file)
|
||||
os.Setenv(WssdConfigPath, wssdConfigPath)
|
||||
}
|
||||
return wssdConfigPath
|
||||
}
|
||||
|
||||
func getClientTokenLocation() string {
|
||||
clientTokenPath := os.Getenv(ClientTokenPath)
|
||||
if clientTokenPath == "" {
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Create the default token path and set the
|
||||
// env variable
|
||||
defaultPath := filepath.Join(wd, DefaultWSSDFolder)
|
||||
os.MkdirAll(defaultPath, os.ModePerm)
|
||||
clientTokenPath = filepath.Join(defaultPath, ClientTokenName)
|
||||
os.Setenv(ClientTokenPath, clientTokenPath)
|
||||
}
|
||||
return clientTokenPath
|
||||
}
|
|
@ -0,0 +1,114 @@
|
|||
// Copyright (c) Microsoft Corporation.
|
||||
// Licensed under the Apache v2.0 license.
|
||||
package auth
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
)
|
||||
|
||||
var key *rsa.PrivateKey
|
||||
|
||||
func init() {
|
||||
os.MkdirAll("/tmp/auth", os.ModePerm)
|
||||
key, _ = rsa.GenerateKey(rand.Reader, 2048)
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationWssdConfigPathSet(t *testing.T) {
|
||||
|
||||
os.Unsetenv(AccessFileDirPath)
|
||||
os.Setenv(WssdConfigPath, "TestWssdConfigPath")
|
||||
|
||||
wssdConfigPath := os.Getenv(WssdConfigPath)
|
||||
path := GetWssdConfigLocation()
|
||||
expectedPath := wssdConfigPath
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when ACCESSFILE_DIR_PATH is not set and WSSD_CONFIG_PATH is set! Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationEnvNotSet(t *testing.T) {
|
||||
|
||||
os.Unsetenv(WssdConfigPath)
|
||||
os.Unsetenv(AccessFileDirPath)
|
||||
|
||||
path := GetWssdConfigLocation()
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
t.Errorf("Failed to get user home directory path %v", err)
|
||||
}
|
||||
execName, err := getExecutableName()
|
||||
if err != nil {
|
||||
t.Errorf("Failed to get executable name %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(wd, ".wssd", execName, "cloudconfig")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when both ACCESSFILE_DIR_PATH and WSSD_CONFIG_PATH env variables are not set! Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationAccessFileDirPathSet(t *testing.T) {
|
||||
|
||||
os.Setenv(AccessFileDirPath, "TestAccessFileDirPath")
|
||||
accessFileDirPath := os.Getenv(AccessFileDirPath)
|
||||
path := GetWssdConfigLocation()
|
||||
execName, err := getExecutableName()
|
||||
if err != nil {
|
||||
t.Errorf("Failed to get executable name %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(accessFileDirPath, execName, "cloudconfig")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when ACCESSFILE_DIR_PATH env variable is set! Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationName(t *testing.T) {
|
||||
path := GetMocConfigLocationName("", "")
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
t.Errorf("Failed getting home path %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(wd, ".wssd/cloudconfig")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationNameWithSubfolder(t *testing.T) {
|
||||
path := GetMocConfigLocationName("test", "")
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
t.Errorf("Failed getting home path %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(wd, ".wssd/test/cloudconfig")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationNameWithSubfolderName(t *testing.T) {
|
||||
path := GetMocConfigLocationName("test", "cc")
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
t.Errorf("Failed getting home path %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(wd, ".wssd/test/cc")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetWssdConfigLocationNameWithName(t *testing.T) {
|
||||
path := GetMocConfigLocationName("", "cc")
|
||||
wd, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
t.Errorf("Failed getting home path %v", err)
|
||||
}
|
||||
expectedPath := filepath.Join(wd, ".wssd/cc")
|
||||
if path != expectedPath {
|
||||
t.Errorf("Invalid path when not passed no subfolder or filename Expected %s Actual %s", expectedPath, path)
|
||||
}
|
||||
}
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -162,11 +162,10 @@ func renewCertificate(server string, wssdConfig *WssdConfig) (retConfig *WssdCon
|
|||
renewed = true
|
||||
|
||||
newWssdConfig := &WssdConfig{
|
||||
CloudCertificate: wssdConfig.CloudCertificate,
|
||||
ClientCertificate: marshal.ToBase64(response.Certificates[0].Certificate),
|
||||
ClientKey: marshal.ToBase64(string(newKey)),
|
||||
ClientCertificateType: wssdConfig.ClientCertificateType,
|
||||
IdentityName: wssdConfig.IdentityName,
|
||||
CloudCertificate: wssdConfig.CloudCertificate,
|
||||
ClientCertificate: marshal.ToBase64(response.Certificates[0].Certificate),
|
||||
ClientKey: marshal.ToBase64(string(newKey)),
|
||||
IdentityName: wssdConfig.IdentityName,
|
||||
}
|
||||
return newWssdConfig, renewed, nil
|
||||
}
|
||||
|
@ -181,16 +180,14 @@ func RenewCertificates(server string, wssdConfigLocation string) error {
|
|||
}
|
||||
return err
|
||||
}
|
||||
if accessFile.ClientCertificateType == CASigned {
|
||||
retAccessFile, renewed, err := renewCertificate(server, &accessFile)
|
||||
if err != nil {
|
||||
retAccessFile, renewed, err := renewCertificate(server, &accessFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if renewed {
|
||||
if err = marshal.ToJSONFile(*retAccessFile, wssdConfigLocation); err != nil {
|
||||
return err
|
||||
}
|
||||
if renewed {
|
||||
if err = marshal.ToJSONFile(*retAccessFile, wssdConfigLocation); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
|
@ -0,0 +1,223 @@
|
|||
// Copyright (c) Microsoft Corporation.
|
||||
// Licensed under the Apache v2.0 license.
|
||||
package auth
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"math/big"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/microsoft/moc/pkg/certs"
|
||||
"github.com/microsoft/moc/pkg/errors"
|
||||
)
|
||||
|
||||
func init() {
|
||||
os.MkdirAll("/tmp/auth", os.ModePerm)
|
||||
key, _ = rsa.GenerateKey(rand.Reader, 2048)
|
||||
}
|
||||
|
||||
func Test_GetCertRenewRequired(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now,
|
||||
NotAfter: now.Add(time.Second * 10),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
if renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:false Actual:true")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetCertRenewRequiredExpired(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now.Add(-(time.Second * 10)),
|
||||
NotAfter: now,
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
if !renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:true Actual:false")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetCertRenewRequiredBeforeThreshold(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now.Add(-(time.Second * 6)),
|
||||
NotAfter: now.Add(time.Second * 4),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
if renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:false Actual:true")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetCertRenewRequiredAfterThreshold(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now.Add(-(time.Second * 8)),
|
||||
NotAfter: now.Add(time.Second * 2),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
if !renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:true Actual:false")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetCertRenewRequiredDelay(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now.Add(-(time.Second * 6)),
|
||||
NotAfter: now.Add(time.Second * 4),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
if renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:false Actual:true")
|
||||
}
|
||||
time.Sleep(time.Second * 2)
|
||||
if !renewRequired(x509Cert) {
|
||||
t.Errorf("RenewRequired Expected:true Actual:false")
|
||||
}
|
||||
}
|
||||
|
||||
func Test_CertCheckNotExpired(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now,
|
||||
NotAfter: now.Add(time.Second * 30),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
|
||||
certPem := certs.EncodeCertPEM(x509Cert)
|
||||
if err = certCheck(certPem); err != nil {
|
||||
if errors.IsExpired(err) {
|
||||
t.Errorf("certCheck return certificate expired %v: Expected Valid Certificate", err)
|
||||
} else {
|
||||
t.Errorf("certCheck Expected:nil Actual:%v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func Test_CertCheckExpired(t *testing.T) {
|
||||
now := time.Now().UTC()
|
||||
|
||||
tmpl := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
CommonName: "test",
|
||||
},
|
||||
NotBefore: now.Add(time.Second * -10),
|
||||
NotAfter: now.Add(time.Second * -1),
|
||||
}
|
||||
|
||||
b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
|
||||
if err != nil {
|
||||
t.Errorf("Failed creating certificate %v", err)
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(b)
|
||||
if err != nil {
|
||||
t.Errorf("Failed parsing certificate %v", err)
|
||||
}
|
||||
|
||||
certPem := certs.EncodeCertPEM(x509Cert)
|
||||
if err = certCheck(certPem); err == nil || !errors.IsExpired(err) {
|
||||
t.Errorf("certCheck Expected:Expired Actual:%v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_CertCheckEmpty(t *testing.T) {
|
||||
|
||||
if err := certCheck([]byte{}); err == nil || !errors.IsInvalidInput(err) {
|
||||
t.Errorf("certCheck Expected:InvalidInput Actual:%v", err)
|
||||
}
|
||||
}
|
|
@ -0,0 +1,154 @@
|
|||
// Copyright (c) Microsoft Corporation.
|
||||
// Licensed under the Apache v2.0 license.
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
"net"
|
||||
"os"
|
||||
|
||||
"github.com/microsoft/moc/pkg/certs"
|
||||
"github.com/microsoft/moc/pkg/marshal"
|
||||
wssdnet "github.com/microsoft/moc/pkg/net"
|
||||
)
|
||||
|
||||
func readAccessFile(accessFileLocation string) (WssdConfig, error) {
|
||||
accessFile := WssdConfig{}
|
||||
err := marshal.FromJSONFile(accessFileLocation, &accessFile)
|
||||
if err != nil {
|
||||
return WssdConfig{}, err
|
||||
}
|
||||
|
||||
return accessFile, nil
|
||||
}
|
||||
|
||||
// GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation
|
||||
// If the file exists the values from the fie is returned
|
||||
func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetWssdConfigLocation())
|
||||
if err != nil {
|
||||
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
certBytesClient := certs.EncodeCertPEM(x509CertClient)
|
||||
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
|
||||
ClientKey: marshal.ToBase64(string(keyBytesClient)),
|
||||
}
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return accessFile.ClientCertificate, accessFile, nil
|
||||
}
|
||||
|
||||
func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetWssdConfigLocation())
|
||||
cloudAgentIpAddress, err := wssdnet.GetIPAddress()
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
localHostName, err := os.Hostname()
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
cloudAgentIPAddress := wssdnet.StringToNetIPAddress(cloudAgentIpAddress)
|
||||
ipAddresses := []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), cloudAgentIPAddress}
|
||||
dnsNames := []string{"localhost", localHostName}
|
||||
|
||||
conf := &certs.Config{
|
||||
CommonName: loginconfig.Name,
|
||||
AltNames: certs.AltNames{
|
||||
DNSNames: dnsNames,
|
||||
IPs: ipAddresses,
|
||||
},
|
||||
}
|
||||
x509Csr, keyClient, err := certs.GenerateCertificateRequest(conf, nil)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: "",
|
||||
ClientKey: marshal.ToBase64(string(keyClient)),
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return string(x509Csr), accessFile, nil
|
||||
}
|
||||
|
||||
// GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName
|
||||
// If the file exists the values from the fie is returned
|
||||
func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error) {
|
||||
certBytes, err := marshal.FromBase64(loginconfig.Certificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
accessFile, err := readAccessFile(GetMocConfigLocationName(subfolder, filename))
|
||||
if err != nil {
|
||||
x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
certBytesClient := certs.EncodeCertPEM(x509CertClient)
|
||||
keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
|
||||
|
||||
accessFile = WssdConfig{
|
||||
CloudCertificate: "",
|
||||
ClientCertificate: marshal.ToBase64(string(certBytesClient)),
|
||||
ClientKey: marshal.ToBase64(string(keyBytesClient)),
|
||||
}
|
||||
}
|
||||
|
||||
if accessFile.CloudCertificate != "" {
|
||||
serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
|
||||
if err != nil {
|
||||
return "", WssdConfig{}, err
|
||||
}
|
||||
|
||||
if string(certBytes) != string(serverPem) {
|
||||
certBytes = append(certBytes, serverPem...)
|
||||
}
|
||||
}
|
||||
|
||||
accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
|
||||
return accessFile.ClientCertificate, accessFile, nil
|
||||
}
|
|
@ -4,14 +4,18 @@ package certs
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
"fmt"
|
||||
"log"
|
||||
"math"
|
||||
"math/big"
|
||||
"net"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
@ -19,8 +23,88 @@ import (
|
|||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
mock "github.com/microsoft/moc/pkg/certs/mock"
|
||||
"github.com/microsoft/moc/rpc/testagent"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
func IsTransportUnavailable(err error) bool {
|
||||
if e, ok := status.FromError(err); ok && e.Code() == codes.Unavailable {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
type TestTlsServer struct {
|
||||
}
|
||||
|
||||
func (s *TestTlsServer) PingHello(ctx context.Context, in *testagent.Hello) (*testagent.Hello, error) {
|
||||
return &testagent.Hello{Name: "Hello From the Server!" + in.Name}, nil
|
||||
}
|
||||
|
||||
func startHelloServer(grpcServer *grpc.Server, address string) {
|
||||
lis, err := net.Listen("tcp", address)
|
||||
if err != nil {
|
||||
log.Fatalf("failed to listen: %v", err)
|
||||
}
|
||||
tlsServer := TestTlsServer{}
|
||||
testagent.RegisterHelloAgentServer(grpcServer, &tlsServer)
|
||||
if err := grpcServer.Serve(lis); err != nil {
|
||||
log.Fatalf("failed to serve: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
type CertAuthority struct {
|
||||
ca *CertificateAuthority
|
||||
}
|
||||
|
||||
func (auth *CertAuthority) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
||||
return auth.ca.VerifyClientCertificate(rawCerts)
|
||||
}
|
||||
|
||||
func getTlsCreds(t *testing.T, tlsCert tls.Certificate, certAuth *CertAuthority) credentials.TransportCredentials {
|
||||
|
||||
return credentials.NewTLS(&tls.Config{
|
||||
CipherSuites: []uint16{
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
PreferServerCipherSuites: true,
|
||||
ClientAuth: tls.RequestClientCert,
|
||||
Certificates: []tls.Certificate{tlsCert},
|
||||
VerifyPeerCertificate: certAuth.VerifyPeerCertificate,
|
||||
})
|
||||
}
|
||||
|
||||
func getGrpcServer(t *testing.T, creds credentials.TransportCredentials) *grpc.Server {
|
||||
var opts []grpc.ServerOption
|
||||
opts = append(opts, grpc.Creds(creds))
|
||||
grpcServer := grpc.NewServer(opts...)
|
||||
return grpcServer
|
||||
}
|
||||
|
||||
func makeTlsCall(t *testing.T, address string, provider credentials.TransportCredentials) (*testagent.Hello, error) {
|
||||
var conn *grpc.ClientConn
|
||||
var err error
|
||||
if provider != nil {
|
||||
conn, err = grpc.Dial(address, grpc.WithTransportCredentials(provider))
|
||||
} else {
|
||||
conn, err = grpc.Dial(address, grpc.WithInsecure())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed to dial", err)
|
||||
defer conn.Close()
|
||||
c := testagent.NewHelloAgentClient(conn)
|
||||
return c.PingHello(context.Background(), &testagent.Hello{Name: "TLSServer"})
|
||||
}
|
||||
|
||||
func createTestCertificate(before, after time.Time) (string, error) {
|
||||
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
|
@ -61,26 +145,81 @@ func createTestCertificate(before, after time.Time) (string, error) {
|
|||
return string(pemCert), nil
|
||||
}
|
||||
|
||||
func Test_CACerts(t *testing.T) {
|
||||
ca, key, err := GenerateClientCertificate("test CA")
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
|
||||
func NewTransportCredentialFromAuthFromPem(serverName string, tlsCert tls.Certificate, caCertPem []byte) (credentials.TransportCredentials, error) {
|
||||
certPool := x509.NewCertPool()
|
||||
// Append the client certificates from the CA
|
||||
if ok := certPool.AppendCertsFromPEM(caCertPem); !ok {
|
||||
return nil, fmt.Errorf("could not append the server certificate")
|
||||
}
|
||||
creds := &tls.Config{
|
||||
ServerName: serverName,
|
||||
RootCAs: certPool,
|
||||
Certificates: []tls.Certificate{tlsCert},
|
||||
}
|
||||
return credentials.NewTLS(creds), nil
|
||||
}
|
||||
|
||||
func Test_TLSServer(t *testing.T) {
|
||||
server := "localhost"
|
||||
port := "9000"
|
||||
address := server + ":" + port
|
||||
ca, key, err := GenerateClientCertificate("test CA")
|
||||
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
|
||||
|
||||
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
|
||||
if err != nil {
|
||||
t.Errorf("Failed to load root key pair: %v", err)
|
||||
return
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
|
||||
|
||||
caConfig := CAConfig{
|
||||
RootSigner: &rootSigner,
|
||||
}
|
||||
|
||||
caAuth, err := NewCertificateAuthority(&caConfig)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation CA Auth: %s", err.Error())
|
||||
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
|
||||
|
||||
certPem := EncodeCertPEM(ca)
|
||||
keyPem := EncodePrivateKeyPEM(key)
|
||||
tlsCert, err := tls.X509KeyPair(certPem, keyPem)
|
||||
assert.NoErrorf(t, err, "Failed to get tls cert", err)
|
||||
|
||||
creds := getTlsCreds(t, tlsCert, &CertAuthority{caAuth})
|
||||
grpcServer := getGrpcServer(t, creds)
|
||||
go startHelloServer(grpcServer, address)
|
||||
defer grpcServer.Stop()
|
||||
time.Sleep((time.Second * 3))
|
||||
conf := Config{
|
||||
CommonName: "Test Cert",
|
||||
Organization: []string{"microsoft"},
|
||||
}
|
||||
conf.AltNames.DNSNames = []string{"Test Cert"}
|
||||
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
|
||||
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
|
||||
|
||||
signConf := SignConfig{Offset: time.Second * 5}
|
||||
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
tlsClientCert, err := tls.X509KeyPair(clientCertPem, keyClientPem)
|
||||
assert.NoErrorf(t, err, "Failed to get tls cert", err)
|
||||
|
||||
provider, err := NewTransportCredentialFromAuthFromPem(server, tlsClientCert, EncodeCertPEM(ca))
|
||||
assert.NoErrorf(t, err, "Failed to create TLS Credentials", err)
|
||||
// Making the certificate invalid
|
||||
time.Sleep((time.Second * 10))
|
||||
_, err = makeTlsCall(t, address, provider)
|
||||
assert.True(t, IsTransportUnavailable(err))
|
||||
}
|
||||
|
||||
func Test_CACerts(t *testing.T) {
|
||||
ca, key, err := GenerateClientCertificate("test CA")
|
||||
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
|
||||
|
||||
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
|
||||
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
|
||||
|
||||
caConfig := CAConfig{
|
||||
RootSigner: &rootSigner,
|
||||
}
|
||||
caAuth, err := NewCertificateAuthority(&caConfig)
|
||||
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
|
||||
|
||||
conf := Config{
|
||||
CommonName: "Test Cert",
|
||||
|
@ -88,24 +227,13 @@ func Test_CACerts(t *testing.T) {
|
|||
}
|
||||
conf.AltNames.DNSNames = []string{"Test Cert"}
|
||||
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CSR: %s", err.Error())
|
||||
}
|
||||
|
||||
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
|
||||
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding privatekey: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
|
||||
clientCertPem, err := caAuth.SignRequest(csr, nil, nil)
|
||||
if err != nil {
|
||||
t.Errorf("Error signing CSR: %s", err.Error())
|
||||
}
|
||||
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
clientCert, err := DecodeCertPEM(clientCertPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding cert: %s", err.Error())
|
||||
}
|
||||
|
||||
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
|
||||
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != (time.Hour * 24 * 365) {
|
||||
t.Errorf("Invalid certificate expiry")
|
||||
}
|
||||
|
@ -143,24 +271,17 @@ func Test_CACerts(t *testing.T) {
|
|||
|
||||
func Test_CACertsVerify(t *testing.T) {
|
||||
ca, key, err := GenerateClientCertificate("test CA")
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
|
||||
|
||||
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
|
||||
if err != nil {
|
||||
t.Errorf("Failed to load root key pair: %v", err)
|
||||
return
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
|
||||
|
||||
caConfig := CAConfig{
|
||||
RootSigner: &rootSigner,
|
||||
}
|
||||
|
||||
caAuth, err := NewCertificateAuthority(&caConfig)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation CA Auth: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
|
||||
|
||||
conf := Config{
|
||||
CommonName: "Test Cert",
|
||||
|
@ -168,23 +289,16 @@ func Test_CACertsVerify(t *testing.T) {
|
|||
}
|
||||
conf.AltNames.DNSNames = []string{"Test Cert"}
|
||||
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
|
||||
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding privatekey: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
|
||||
|
||||
signConf := SignConfig{Offset: time.Second * 5}
|
||||
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
|
||||
if err != nil {
|
||||
t.Errorf("Error signing CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
|
||||
clientCert, err := DecodeCertPEM(clientCertPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding cert: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
|
||||
|
||||
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != signConf.Offset {
|
||||
t.Errorf("Invalid certificate expiry")
|
||||
|
@ -206,39 +320,29 @@ func Test_CACertsVerify(t *testing.T) {
|
|||
|
||||
clientCerts := [][]byte{clientCert.Raw}
|
||||
|
||||
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
|
||||
panic("failed to verify certificate: " + err.Error())
|
||||
}
|
||||
err = caAuth.VerifyClientCertificate(clientCerts)
|
||||
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
|
||||
|
||||
time.Sleep(time.Second * 6)
|
||||
if err = caAuth.VerifyClientCertificate(clientCerts); err == nil {
|
||||
panic("failed to verify certificate after Expiry")
|
||||
}
|
||||
if _, err = tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient)); err != nil {
|
||||
t.Errorf("Error Verifying key and cert: %s", err.Error())
|
||||
}
|
||||
err = caAuth.VerifyClientCertificate(clientCerts)
|
||||
assert.Errorf(t, err, "failed to verify certificate after Expiry")
|
||||
|
||||
_, err = tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient))
|
||||
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
|
||||
}
|
||||
|
||||
func Test_CACertsRenewVerify(t *testing.T) {
|
||||
ca, key, err := GenerateClientCertificate("test CA")
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CA certificate failed: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation in CA certificate failed: %v", err)
|
||||
|
||||
rootSigner, err := tls.X509KeyPair(EncodeCertPEM(ca), EncodePrivateKeyPEM(key))
|
||||
if err != nil {
|
||||
t.Errorf("Failed to load root key pair: %v", err)
|
||||
return
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed to load root key pair: %v", err)
|
||||
|
||||
caConfig := CAConfig{
|
||||
RootSigner: &rootSigner,
|
||||
}
|
||||
|
||||
caAuth, err := NewCertificateAuthority(&caConfig)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation CA Auth: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation CA Auth: %v", err)
|
||||
|
||||
conf := Config{
|
||||
CommonName: "Test Cert",
|
||||
|
@ -246,22 +350,18 @@ func Test_CACertsRenewVerify(t *testing.T) {
|
|||
}
|
||||
conf.AltNames.DNSNames = []string{"Test Cert"}
|
||||
csr, keyClientPem, err := GenerateCertificateRequest(&conf, nil)
|
||||
if err != nil {
|
||||
t.Errorf("Error creation in CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creation in CSR: %v", err)
|
||||
|
||||
keyClient, err := DecodePrivateKeyPEM(keyClientPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding privatekey: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
|
||||
|
||||
signConf := SignConfig{Offset: time.Second * 5}
|
||||
clientCertPem, err := caAuth.SignRequest(csr, nil, &signConf)
|
||||
if err != nil {
|
||||
t.Errorf("Error signing CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
|
||||
clientCert, err := DecodeCertPEM(clientCertPem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding cert: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
|
||||
|
||||
// Test certificate duration
|
||||
if (clientCert.NotAfter.Sub(clientCert.NotBefore)) != signConf.Offset {
|
||||
t.Errorf("Invalid certificate expiry")
|
||||
|
@ -269,34 +369,25 @@ func Test_CACertsRenewVerify(t *testing.T) {
|
|||
|
||||
clientCerts := [][]byte{clientCert.Raw}
|
||||
|
||||
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
|
||||
panic("failed to verify certificate: " + err.Error())
|
||||
}
|
||||
err = caAuth.VerifyClientCertificate(clientCerts)
|
||||
assert.NoErrorf(t, err, "Failed to verify certificate: %v", err)
|
||||
|
||||
oldcert, err := tls.X509KeyPair(EncodeCertPEM(clientCert), EncodePrivateKeyPEM(keyClient))
|
||||
if err != nil {
|
||||
t.Errorf("Error creating X509 keypair: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creating X509 keypair: %v", err)
|
||||
|
||||
// ================= Renew 1 ========================
|
||||
csr1, keyClient1Pem, err := GenerateCertificateRenewRequest(&oldcert)
|
||||
if err != nil {
|
||||
t.Errorf("Error creating renew CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creating renew CSR: %v", err)
|
||||
|
||||
keyClient1, err := DecodePrivateKeyPEM(keyClient1Pem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding privatekey: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
|
||||
|
||||
signConf = SignConfig{Offset: time.Second * 20}
|
||||
certClient1Pem, err := caAuth.SignRequest(csr1, clientCert.Raw, &signConf)
|
||||
if err != nil {
|
||||
t.Errorf("Error signing CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
|
||||
certClient1, err := DecodeCertPEM(certClient1Pem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding cert: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
|
||||
|
||||
// Test certificate duration
|
||||
if (certClient1.NotAfter.Sub(certClient1.NotBefore)) != (time.Second * 5) {
|
||||
|
@ -330,34 +421,26 @@ func Test_CACertsRenewVerify(t *testing.T) {
|
|||
}
|
||||
|
||||
clientCerts = [][]byte{certClient1.Raw}
|
||||
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
|
||||
t.Errorf("failed to verify certificate: " + err.Error())
|
||||
}
|
||||
if _, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1)); err != nil {
|
||||
t.Errorf("Error Verifying key and cert: %s", err.Error())
|
||||
}
|
||||
err = caAuth.VerifyClientCertificate(clientCerts)
|
||||
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
|
||||
_, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1))
|
||||
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
|
||||
|
||||
// ================= Renew 2 ========================
|
||||
oldcert, err = tls.X509KeyPair(EncodeCertPEM(certClient1), EncodePrivateKeyPEM(keyClient1))
|
||||
if err != nil {
|
||||
t.Errorf("Error creating X509 keypair: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creating X509 keypair: %v", err)
|
||||
|
||||
csr2, keyClient2Pem, err := GenerateCertificateRenewRequest(&oldcert)
|
||||
if err != nil {
|
||||
t.Errorf("Error creating renew CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error creating renew CSR: %v", err)
|
||||
|
||||
keyClient2, err := DecodePrivateKeyPEM(keyClient2Pem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding privatekey: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding privatekey: %v", err)
|
||||
|
||||
certClient2Pem, err := caAuth.SignRequest(csr2, certClient1.Raw, nil)
|
||||
if err != nil {
|
||||
t.Errorf("Error signing CSR: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Error signing CSR: %v", err)
|
||||
certClient2, err := DecodeCertPEM(certClient2Pem)
|
||||
if err != nil {
|
||||
t.Errorf("Failed Decoding cert: %s", err.Error())
|
||||
}
|
||||
assert.NoErrorf(t, err, "Failed Decoding cert: %v", err)
|
||||
|
||||
// Test certificate duration
|
||||
if (certClient2.NotAfter.Sub(certClient2.NotBefore)) != (time.Second * 5) {
|
||||
t.Errorf("Invalid certificate expiry")
|
||||
|
@ -389,12 +472,10 @@ func Test_CACertsRenewVerify(t *testing.T) {
|
|||
}
|
||||
|
||||
clientCerts = [][]byte{certClient2.Raw}
|
||||
if err := caAuth.VerifyClientCertificate(clientCerts); err != nil {
|
||||
t.Errorf("failed to verify certificate: " + err.Error())
|
||||
}
|
||||
if _, err = tls.X509KeyPair(EncodeCertPEM(certClient2), EncodePrivateKeyPEM(keyClient2)); err != nil {
|
||||
t.Errorf("Error Verifying key and cert: %s", err.Error())
|
||||
}
|
||||
err = caAuth.VerifyClientCertificate(clientCerts)
|
||||
assert.NoErrorf(t, err, "failed to verify certificate: %v", err)
|
||||
_, err = tls.X509KeyPair(EncodeCertPEM(certClient2), EncodePrivateKeyPEM(keyClient2))
|
||||
assert.NoErrorf(t, err, "Error Verifying key and cert: %v", err)
|
||||
}
|
||||
|
||||
func Test_CACertsRenewVerifySameKey(t *testing.T) {
|
||||
|
@ -724,7 +805,7 @@ func Test_CalculateRenewTime(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*4) || duration.RenewBackoffDuration < time.Duration(time.Second*2) {
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*4) || duration.RenewBackoffDuration < time.Duration(time.Second*1) {
|
||||
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*4), duration.RenewBackoffDuration)
|
||||
}
|
||||
if duration.RenewBackoffDuration < time.Duration(0) {
|
||||
|
@ -751,7 +832,7 @@ func Test_CalculateRenewTime1(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*6) || duration.RenewBackoffDuration < time.Duration(time.Second*4) {
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*6) || duration.RenewBackoffDuration < time.Duration(time.Second*3) {
|
||||
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*6), duration.RenewBackoffDuration)
|
||||
}
|
||||
if duration.RenewBackoffDuration < time.Duration(0) {
|
||||
|
@ -778,7 +859,7 @@ func Test_CalculateRenewTime2(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*-10) || duration.RenewBackoffDuration < time.Duration(time.Second*-12) {
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*-10) || duration.RenewBackoffDuration < time.Duration(time.Second*-13) {
|
||||
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*-10), duration.RenewBackoffDuration)
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(0) {
|
||||
|
@ -805,7 +886,7 @@ func Test_CalculateRenewTimeNegative(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Errorf("Failed calculating Certificate renewal backoff: %s", err.Error())
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*-13) || duration.RenewBackoffDuration < time.Duration(time.Second*-15) {
|
||||
if duration.RenewBackoffDuration > time.Duration(time.Second*-13) || duration.RenewBackoffDuration < time.Duration(time.Second*-16) {
|
||||
t.Errorf("Wrong wait time returned Expected %s Actual %s", time.Duration(time.Second*-13), duration.RenewBackoffDuration)
|
||||
}
|
||||
if duration.RenewBackoffDuration > time.Duration(0) {
|
||||
|
|
|
@ -53,7 +53,7 @@ message Identity {
|
|||
string cloudFqdn = 15;
|
||||
int32 cloudPort = 16;
|
||||
int32 cloudAuthPort = 17;
|
||||
AuthenticationType authType = 18;
|
||||
AuthenticationType authType = 18 [deprecated = true];;
|
||||
bool revoked = 19;
|
||||
bool autoRotate = 20;
|
||||
string loginFilePath = 21;
|
||||
|
|
|
@ -300,7 +300,7 @@ type Identity struct {
|
|||
CloudFqdn string `protobuf:"bytes,15,opt,name=cloudFqdn,proto3" json:"cloudFqdn,omitempty"`
|
||||
CloudPort int32 `protobuf:"varint,16,opt,name=cloudPort,proto3" json:"cloudPort,omitempty"`
|
||||
CloudAuthPort int32 `protobuf:"varint,17,opt,name=cloudAuthPort,proto3" json:"cloudAuthPort,omitempty"`
|
||||
AuthType common.AuthenticationType `protobuf:"varint,18,opt,name=authType,proto3,enum=moc.AuthenticationType" json:"authType,omitempty"`
|
||||
AuthType common.AuthenticationType `protobuf:"varint,18,opt,name=authType,proto3,enum=moc.AuthenticationType" json:"authType,omitempty"` // Deprecated: Do not use.
|
||||
Revoked bool `protobuf:"varint,19,opt,name=revoked,proto3" json:"revoked,omitempty"`
|
||||
AutoRotate bool `protobuf:"varint,20,opt,name=autoRotate,proto3" json:"autoRotate,omitempty"`
|
||||
LoginFilePath string `protobuf:"bytes,21,opt,name=loginFilePath,proto3" json:"loginFilePath,omitempty"`
|
||||
|
@ -434,6 +434,7 @@ func (m *Identity) GetCloudAuthPort() int32 {
|
|||
return 0
|
||||
}
|
||||
|
||||
// Deprecated: Do not use.
|
||||
func (m *Identity) GetAuthType() common.AuthenticationType {
|
||||
if m != nil {
|
||||
return m.AuthType
|
||||
|
@ -482,61 +483,61 @@ func init() {
|
|||
func init() { proto.RegisterFile("moc_cloudagent_identity.proto", fileDescriptor_df50a18f5e732c64) }
|
||||
|
||||
var fileDescriptor_df50a18f5e732c64 = []byte{
|
||||
// 853 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x6e, 0xdb, 0x46,
|
||||
0x10, 0x2e, 0x25, 0x5b, 0xb6, 0x46, 0xfe, 0xcb, 0xc6, 0x8d, 0xb7, 0x6a, 0x13, 0x28, 0xaa, 0x0f,
|
||||
0xea, 0x85, 0x6a, 0xe5, 0x1c, 0x8a, 0xa2, 0x40, 0x60, 0xbb, 0x4e, 0xea, 0x4b, 0x1b, 0xac, 0x83,
|
||||
0x1e, 0x0a, 0x14, 0x06, 0xbd, 0x5a, 0xd3, 0x0b, 0x93, 0xbb, 0xcc, 0xee, 0x32, 0xa9, 0xae, 0x3d,
|
||||
0xe5, 0x1d, 0xda, 0x3e, 0x44, 0x0f, 0x7d, 0x8e, 0xbe, 0x42, 0x1f, 0xa5, 0xe0, 0x90, 0x14, 0x49,
|
||||
0xff, 0x40, 0x36, 0x9a, 0x93, 0xc4, 0x6f, 0xbe, 0x99, 0xfd, 0x66, 0xf6, 0xdb, 0x81, 0xc7, 0xb1,
|
||||
0xe6, 0xa7, 0x3c, 0xd2, 0xe9, 0x34, 0x08, 0x85, 0x72, 0xa7, 0x72, 0x2a, 0x94, 0x93, 0x6e, 0xe6,
|
||||
0x27, 0x46, 0x3b, 0x4d, 0x76, 0x62, 0xcd, 0xfd, 0x2a, 0xec, 0x5b, 0xc1, 0x53, 0x23, 0xdd, 0xac,
|
||||
0xff, 0x24, 0xd4, 0x3a, 0x8c, 0xc4, 0x18, 0x69, 0x67, 0xe9, 0xf9, 0xf8, 0x9d, 0x09, 0x92, 0x44,
|
||||
0x18, 0x9b, 0x27, 0xf6, 0x07, 0x57, 0xea, 0x72, 0x61, 0x9c, 0x3c, 0x97, 0x3c, 0x70, 0xa2, 0x60,
|
||||
0xec, 0x20, 0x43, 0xc7, 0xb1, 0x56, 0xc5, 0x4f, 0x11, 0xf8, 0xa4, 0x16, 0x28, 0xcf, 0xcb, 0x43,
|
||||
0xc3, 0xf7, 0x1e, 0x6c, 0x1e, 0x17, 0x0a, 0x99, 0x78, 0x93, 0x0a, 0xeb, 0xc8, 0x73, 0xe8, 0x96,
|
||||
0x90, 0xa5, 0xde, 0xa0, 0x3d, 0xea, 0x4d, 0x9e, 0xfa, 0xb7, 0xc8, 0xf6, 0xe7, 0xc9, 0x55, 0x0e,
|
||||
0x79, 0x06, 0xeb, 0x3f, 0x26, 0xc2, 0x04, 0x4e, 0x6a, 0xf5, 0x7a, 0x96, 0x08, 0xda, 0x1a, 0x78,
|
||||
0xa3, 0x8d, 0xc9, 0x06, 0x16, 0x99, 0x47, 0x58, 0x93, 0x34, 0xfc, 0xd3, 0x83, 0xad, 0x4a, 0x8a,
|
||||
0x4d, 0xb4, 0xb2, 0xe2, 0xff, 0x6b, 0x99, 0x40, 0x87, 0x09, 0x9b, 0x46, 0x0e, 0x45, 0xf4, 0x26,
|
||||
0x7d, 0x3f, 0x9f, 0xb3, 0x5f, 0xce, 0xd9, 0x3f, 0xd0, 0x3a, 0xfa, 0x29, 0x88, 0x52, 0xc1, 0x0a,
|
||||
0x26, 0xd9, 0x86, 0xe5, 0x23, 0x63, 0xb4, 0xa1, 0xed, 0x81, 0x37, 0xea, 0xb2, 0xfc, 0x63, 0xf8,
|
||||
0xbb, 0x07, 0xb4, 0xac, 0x5b, 0x35, 0x51, 0xcc, 0x6c, 0x1f, 0xa0, 0x88, 0x49, 0x71, 0x0f, 0xa1,
|
||||
0xb5, 0x24, 0xf2, 0xed, 0xcd, 0x53, 0x7b, 0x84, 0x55, 0xae, 0x1f, 0x7c, 0x65, 0x7a, 0xff, 0x78,
|
||||
0xd0, 0x2f, 0x49, 0x87, 0x95, 0x35, 0x4a, 0x7d, 0x43, 0x58, 0x2b, 0xa3, 0x3f, 0x04, 0xb1, 0xa0,
|
||||
0x1e, 0x76, 0xd6, 0xc0, 0xc8, 0x77, 0xd0, 0x3e, 0x3c, 0x61, 0xb4, 0x85, 0xe2, 0x27, 0xb7, 0x8a,
|
||||
0xaf, 0x55, 0x3f, 0x91, 0xa1, 0x92, 0x2a, 0x2c, 0x0e, 0x61, 0x59, 0x3a, 0x79, 0x79, 0xb5, 0x8d,
|
||||
0x36, 0xb6, 0xf1, 0xb4, 0xd1, 0x46, 0xad, 0xc6, 0xad, 0x1d, 0xfd, 0xe5, 0xc1, 0xa7, 0x37, 0x76,
|
||||
0x54, 0x58, 0xe3, 0x7b, 0x58, 0xab, 0xc1, 0xe5, 0xd0, 0x77, 0xef, 0xa2, 0x9b, 0x35, 0x32, 0x3f,
|
||||
0xa0, 0x47, 0xfe, 0xe8, 0xc0, 0x6a, 0xa9, 0x99, 0x10, 0x58, 0x52, 0xd5, 0xac, 0xf1, 0x3f, 0xd9,
|
||||
0x80, 0x96, 0x9c, 0xe2, 0x31, 0x5d, 0xd6, 0x92, 0x53, 0xb2, 0x0b, 0xeb, 0x46, 0x58, 0x9d, 0x1a,
|
||||
0x2e, 0x5e, 0x1a, 0x9d, 0x26, 0x45, 0xb9, 0x26, 0x48, 0x06, 0xb0, 0x9a, 0x04, 0xd6, 0xbe, 0xd3,
|
||||
0x66, 0x4a, 0x97, 0x32, 0xc2, 0xc1, 0xd2, 0xfb, 0xbf, 0xa9, 0xc7, 0xe6, 0x28, 0xe9, 0xc3, 0xb2,
|
||||
0xd3, 0x97, 0x42, 0xd1, 0xe5, 0x5a, 0x38, 0x87, 0xc8, 0xe7, 0xd0, 0xb1, 0x2e, 0x70, 0xa9, 0xa5,
|
||||
0x2b, 0xd8, 0x5e, 0x0f, 0x47, 0x74, 0x82, 0x10, 0x2b, 0x42, 0x99, 0x41, 0x22, 0xcd, 0x71, 0xfa,
|
||||
0x68, 0x10, 0xc8, 0x0d, 0x52, 0xc7, 0xc8, 0x63, 0x58, 0x72, 0x41, 0x68, 0x69, 0x0f, 0xcb, 0x74,
|
||||
0xb1, 0xcc, 0xeb, 0x20, 0xb4, 0x0c, 0x61, 0xf2, 0x0b, 0xac, 0xf1, 0xfa, 0x85, 0xac, 0xe1, 0x85,
|
||||
0xec, 0x2d, 0x7c, 0x05, 0xf5, 0x9b, 0xb1, 0x47, 0xca, 0x99, 0x59, 0xa1, 0xbf, 0x51, 0x8e, 0xec,
|
||||
0x42, 0x0f, 0xfb, 0x39, 0xfa, 0x35, 0x91, 0x66, 0x46, 0xd7, 0x07, 0xde, 0xa8, 0x7d, 0xd0, 0xa2,
|
||||
0x1e, 0xab, 0xc3, 0x64, 0x0c, 0xc0, 0x23, 0x29, 0x94, 0x43, 0xef, 0x6d, 0xa0, 0xf7, 0x36, 0x51,
|
||||
0xc2, 0xe1, 0x1c, 0x66, 0x35, 0x0a, 0xf9, 0x0c, 0xba, 0x28, 0xee, 0xc5, 0x9b, 0xa9, 0xa2, 0x9b,
|
||||
0xd8, 0x75, 0x05, 0xcc, 0xa3, 0xaf, 0xb4, 0x71, 0x74, 0x6b, 0xe0, 0x8d, 0x96, 0x59, 0x05, 0x64,
|
||||
0xb7, 0x87, 0x1f, 0xfb, 0xa9, 0xbb, 0x40, 0xc6, 0x03, 0x64, 0x34, 0x41, 0xb2, 0x07, 0xab, 0x41,
|
||||
0xea, 0x2e, 0x50, 0x10, 0x41, 0x41, 0x3b, 0x28, 0x28, 0x23, 0x64, 0x13, 0xe0, 0x73, 0xcf, 0xb3,
|
||||
0x39, 0x91, 0x50, 0x58, 0x31, 0xe2, 0xad, 0xbe, 0x14, 0x53, 0xfa, 0x70, 0xe0, 0x8d, 0x56, 0x59,
|
||||
0xf9, 0x49, 0x9e, 0x00, 0x04, 0xa9, 0xd3, 0x4c, 0xbb, 0xc0, 0x09, 0xba, 0x8d, 0xc1, 0x1a, 0x92,
|
||||
0x89, 0x8a, 0x74, 0x28, 0xd5, 0x0b, 0x19, 0x89, 0x57, 0x81, 0xbb, 0xa0, 0x1f, 0xe7, 0x96, 0x6a,
|
||||
0x80, 0x64, 0x02, 0xdb, 0xb5, 0xb1, 0x1d, 0xab, 0x13, 0xc1, 0xb5, 0x9a, 0x5a, 0xfa, 0x28, 0x1b,
|
||||
0x2b, 0xbb, 0x31, 0xd6, 0x7f, 0x0e, 0x0f, 0xae, 0x5d, 0x15, 0xd9, 0x82, 0xf6, 0xa5, 0x98, 0x15,
|
||||
0x26, 0xcf, 0xfe, 0x66, 0x4f, 0xe3, 0x6d, 0xf6, 0x56, 0x0a, 0x9b, 0xe7, 0x1f, 0xdf, 0xb4, 0xbe,
|
||||
0xf6, 0x26, 0xff, 0xb6, 0x60, 0xbd, 0xbc, 0xf5, 0xfd, 0xcc, 0x0c, 0xe4, 0x14, 0x3a, 0xc7, 0x2a,
|
||||
0xeb, 0x8b, 0x8c, 0x16, 0x6f, 0xcb, 0x7c, 0xcd, 0xf4, 0xbf, 0xb8, 0x03, 0x33, 0xdf, 0x11, 0xc3,
|
||||
0x8f, 0x88, 0x84, 0x95, 0x7c, 0xad, 0x08, 0xf2, 0xd5, 0xc2, 0xbc, 0xab, 0x6b, 0xfd, 0x7e, 0x47,
|
||||
0xfd, 0xe6, 0xc1, 0xc3, 0xe2, 0xac, 0xc6, 0x7a, 0x59, 0xfc, 0x02, 0xae, 0x2f, 0xec, 0xfe, 0xb3,
|
||||
0xfb, 0x25, 0x95, 0x22, 0x0e, 0x26, 0x3f, 0x7f, 0x19, 0x4a, 0x77, 0x91, 0x9e, 0xf9, 0x5c, 0xc7,
|
||||
0xe3, 0x58, 0x72, 0xa3, 0xad, 0x3e, 0x77, 0xe3, 0x58, 0xf3, 0xb1, 0x49, 0xf8, 0xb8, 0xaa, 0x38,
|
||||
0x2e, 0x2b, 0x9e, 0x75, 0x70, 0xcf, 0xed, 0xfd, 0x17, 0x00, 0x00, 0xff, 0xff, 0x3a, 0x5d, 0xe4,
|
||||
0xfa, 0xbb, 0x08, 0x00, 0x00,
|
||||
// 856 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xdd, 0x6e, 0x1b, 0x45,
|
||||
0x14, 0x66, 0xec, 0xc4, 0x89, 0x8f, 0xf3, 0xd7, 0x69, 0x68, 0x06, 0x43, 0x2b, 0xd7, 0xe4, 0xc2,
|
||||
0xdc, 0xac, 0xc1, 0xad, 0x04, 0x42, 0x48, 0x55, 0x12, 0xd2, 0x92, 0x1b, 0xa8, 0x26, 0x15, 0x17,
|
||||
0x48, 0x28, 0xda, 0x8c, 0x27, 0x9b, 0x51, 0xd6, 0x33, 0xdb, 0x99, 0xd9, 0x16, 0xdf, 0x72, 0xd5,
|
||||
0x77, 0x40, 0x48, 0xbc, 0x02, 0x17, 0x3c, 0x07, 0xaf, 0xc0, 0xa3, 0xa0, 0x3d, 0xbb, 0xeb, 0xdd,
|
||||
0xcd, 0x8f, 0xd2, 0x08, 0xae, 0xec, 0xfd, 0xce, 0x77, 0xce, 0x7c, 0xe7, 0xcc, 0x37, 0x07, 0x1e,
|
||||
0xce, 0x8c, 0x38, 0x11, 0xb1, 0x49, 0xa7, 0x61, 0x24, 0xb5, 0x3f, 0x51, 0x53, 0xa9, 0xbd, 0xf2,
|
||||
0xf3, 0x20, 0xb1, 0xc6, 0x1b, 0xba, 0x33, 0x33, 0x22, 0xa8, 0xc2, 0x81, 0x93, 0x22, 0xb5, 0xca,
|
||||
0xcf, 0xfb, 0x8f, 0x22, 0x63, 0xa2, 0x58, 0x8e, 0x91, 0x76, 0x9a, 0x9e, 0x8d, 0xdf, 0xda, 0x30,
|
||||
0x49, 0xa4, 0x75, 0x79, 0x62, 0x7f, 0x70, 0xa9, 0xae, 0x90, 0xd6, 0xab, 0x33, 0x25, 0x42, 0x2f,
|
||||
0x0b, 0xc6, 0x0e, 0x32, 0xcc, 0x6c, 0x66, 0x74, 0xf1, 0x53, 0x04, 0x3e, 0xaa, 0x05, 0xca, 0xf3,
|
||||
0xf2, 0xd0, 0xf0, 0x1d, 0x81, 0xcd, 0xa3, 0x42, 0x21, 0x97, 0xaf, 0x53, 0xe9, 0x3c, 0x7d, 0x06,
|
||||
0xdd, 0x12, 0x72, 0x8c, 0x0c, 0xda, 0xa3, 0xde, 0xe4, 0x71, 0x70, 0x83, 0xec, 0x60, 0x91, 0x5c,
|
||||
0xe5, 0xd0, 0xa7, 0xb0, 0xfe, 0x43, 0x22, 0x6d, 0xe8, 0x95, 0xd1, 0xaf, 0xe6, 0x89, 0x64, 0xad,
|
||||
0x01, 0x19, 0x6d, 0x4c, 0x36, 0xb0, 0xc8, 0x22, 0xc2, 0x9b, 0xa4, 0xe1, 0xef, 0x04, 0xb6, 0x2a,
|
||||
0x29, 0x2e, 0x31, 0xda, 0xc9, 0xff, 0xae, 0x65, 0x02, 0x1d, 0x2e, 0x5d, 0x1a, 0x7b, 0x14, 0xd1,
|
||||
0x9b, 0xf4, 0x83, 0x7c, 0xce, 0x41, 0x39, 0xe7, 0x60, 0xdf, 0x98, 0xf8, 0xc7, 0x30, 0x4e, 0x25,
|
||||
0x2f, 0x98, 0x74, 0x1b, 0x96, 0x0f, 0xad, 0x35, 0x96, 0xb5, 0x07, 0x64, 0xd4, 0xe5, 0xf9, 0xc7,
|
||||
0xf0, 0x37, 0x02, 0xac, 0xac, 0x5b, 0x35, 0x51, 0xcc, 0x6c, 0x0f, 0xa0, 0x88, 0x29, 0x79, 0x07,
|
||||
0xa1, 0xb5, 0x24, 0xfa, 0xcd, 0xf5, 0x53, 0x7b, 0x80, 0x55, 0xae, 0x1e, 0x7c, 0x69, 0x7a, 0x7f,
|
||||
0x13, 0xe8, 0x97, 0xa4, 0x83, 0xca, 0x1a, 0xa5, 0xbe, 0x21, 0xac, 0x95, 0xd1, 0xef, 0xc3, 0x99,
|
||||
0x64, 0x04, 0x3b, 0x6b, 0x60, 0xf4, 0x5b, 0x68, 0x1f, 0x1c, 0x73, 0xd6, 0x42, 0xf1, 0x93, 0x1b,
|
||||
0xc5, 0xd7, 0xaa, 0x1f, 0xab, 0x48, 0x2b, 0x1d, 0x15, 0x87, 0xf0, 0x2c, 0x9d, 0xbe, 0xb8, 0xdc,
|
||||
0x46, 0x1b, 0xdb, 0x78, 0xdc, 0x68, 0xa3, 0x56, 0xe3, 0xc6, 0x8e, 0xfe, 0x24, 0xf0, 0xf1, 0xb5,
|
||||
0x1d, 0x15, 0xd6, 0xf8, 0x0e, 0xd6, 0x6a, 0x70, 0x39, 0xf4, 0xdd, 0xf7, 0xd1, 0xcd, 0x1b, 0x99,
|
||||
0xff, 0xa3, 0x47, 0xfe, 0xe8, 0xc0, 0x6a, 0xa9, 0x99, 0x52, 0x58, 0xd2, 0xd5, 0xac, 0xf1, 0x3f,
|
||||
0xdd, 0x80, 0x96, 0x9a, 0xe2, 0x31, 0x5d, 0xde, 0x52, 0x53, 0xba, 0x0b, 0xeb, 0x56, 0x3a, 0x93,
|
||||
0x5a, 0x21, 0x5f, 0x58, 0x93, 0x26, 0x45, 0xb9, 0x26, 0x48, 0x07, 0xb0, 0x9a, 0x84, 0xce, 0xbd,
|
||||
0x35, 0x76, 0xca, 0x96, 0x32, 0xc2, 0xfe, 0xd2, 0xbb, 0xbf, 0x18, 0xe1, 0x0b, 0x94, 0xf6, 0x61,
|
||||
0xd9, 0x9b, 0x0b, 0xa9, 0xd9, 0x72, 0x2d, 0x9c, 0x43, 0xf4, 0x53, 0xe8, 0x38, 0x1f, 0xfa, 0xd4,
|
||||
0xb1, 0x15, 0x6c, 0xaf, 0x87, 0x23, 0x3a, 0x46, 0x88, 0x17, 0xa1, 0xcc, 0x20, 0xb1, 0x11, 0x38,
|
||||
0x7d, 0x34, 0x08, 0xe4, 0x06, 0xa9, 0x63, 0xf4, 0x21, 0x2c, 0xf9, 0x30, 0x72, 0xac, 0x87, 0x65,
|
||||
0xba, 0x58, 0xe6, 0x55, 0x18, 0x39, 0x8e, 0x30, 0xfd, 0x19, 0xd6, 0x44, 0xfd, 0x42, 0xd6, 0xf0,
|
||||
0x42, 0x9e, 0xdc, 0xfa, 0x0a, 0xea, 0x37, 0xe3, 0x0e, 0xb5, 0xb7, 0xf3, 0x42, 0x7f, 0xa3, 0x1c,
|
||||
0xdd, 0x85, 0x1e, 0xf6, 0x73, 0xf8, 0x4b, 0xa2, 0xec, 0x9c, 0xad, 0x0f, 0xc8, 0xa8, 0xbd, 0xdf,
|
||||
0x62, 0x84, 0xd7, 0x61, 0x3a, 0x06, 0x10, 0xb1, 0x92, 0xda, 0xa3, 0xf7, 0x36, 0xd0, 0x7b, 0x9b,
|
||||
0x28, 0xe1, 0x60, 0x01, 0xf3, 0x1a, 0x85, 0x7e, 0x02, 0x5d, 0x14, 0xf7, 0xfc, 0xf5, 0x54, 0xb3,
|
||||
0x4d, 0xec, 0xba, 0x02, 0x16, 0xd1, 0x97, 0xc6, 0x7a, 0xb6, 0x35, 0x20, 0xa3, 0x65, 0x5e, 0x01,
|
||||
0xd9, 0xed, 0xe1, 0xc7, 0x5e, 0xea, 0xcf, 0x91, 0x71, 0x0f, 0x19, 0x4d, 0x90, 0x7e, 0x09, 0xab,
|
||||
0x61, 0xea, 0xcf, 0x51, 0x10, 0x45, 0x41, 0x3b, 0x28, 0x28, 0x23, 0x64, 0x13, 0x10, 0x0b, 0xcf,
|
||||
0x63, 0x3b, 0x0b, 0x32, 0x65, 0xb0, 0x62, 0xe5, 0x1b, 0x73, 0x21, 0xa7, 0xec, 0xfe, 0x80, 0x8c,
|
||||
0x56, 0x79, 0xf9, 0x49, 0x1f, 0x01, 0x84, 0xa9, 0x37, 0xdc, 0xf8, 0xd0, 0x4b, 0xb6, 0x8d, 0xc1,
|
||||
0x1a, 0x92, 0x09, 0x8b, 0x4d, 0xa4, 0xf4, 0x73, 0x15, 0xcb, 0x97, 0xa1, 0x3f, 0x67, 0x1f, 0xe6,
|
||||
0xb6, 0x6a, 0x80, 0x74, 0x02, 0xdb, 0xb5, 0xd1, 0x1d, 0xe9, 0x63, 0x29, 0x8c, 0x9e, 0x3a, 0xf6,
|
||||
0x20, 0x1b, 0x2d, 0xbf, 0x36, 0xd6, 0x7f, 0x06, 0xf7, 0xae, 0x5c, 0x17, 0xdd, 0x82, 0xf6, 0x85,
|
||||
0x9c, 0x17, 0x46, 0xcf, 0xfe, 0x66, 0xcf, 0xe3, 0x4d, 0xf6, 0x5e, 0x0a, 0xab, 0xe7, 0x1f, 0x5f,
|
||||
0xb7, 0xbe, 0x22, 0x93, 0x7f, 0x5a, 0xb0, 0x5e, 0xde, 0xfc, 0x5e, 0x66, 0x08, 0x7a, 0x02, 0x9d,
|
||||
0x23, 0x9d, 0xf5, 0x45, 0x47, 0xb7, 0x6f, 0xcc, 0x7c, 0xd5, 0xf4, 0x3f, 0x7b, 0x0f, 0x66, 0xbe,
|
||||
0x27, 0x86, 0x1f, 0x50, 0x05, 0x2b, 0xf9, 0x6a, 0x91, 0xf4, 0x8b, 0x5b, 0xf3, 0x2e, 0xaf, 0xf6,
|
||||
0xbb, 0x1d, 0xf5, 0x2b, 0x81, 0xfb, 0xc5, 0x59, 0x8d, 0x15, 0x73, 0xfb, 0x2b, 0xb8, 0xba, 0xb4,
|
||||
0xfb, 0x4f, 0xef, 0x96, 0x54, 0x8a, 0xd8, 0x9f, 0xfc, 0xf4, 0x79, 0xa4, 0xfc, 0x79, 0x7a, 0x1a,
|
||||
0x08, 0x33, 0x1b, 0xcf, 0x94, 0xb0, 0xc6, 0x99, 0x33, 0x3f, 0x9e, 0x19, 0x31, 0xb6, 0x89, 0x18,
|
||||
0x57, 0x15, 0xc7, 0x65, 0xc5, 0xd3, 0x0e, 0xee, 0xba, 0x27, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff,
|
||||
0xae, 0xa8, 0x0b, 0xe1, 0xbf, 0x08, 0x00, 0x00,
|
||||
}
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
|
|
|
@ -151,3 +151,9 @@ protoc -I $Agent/$Module/keyvault -I ./common -I $Agent/$Module/keyvault/secret
|
|||
protoc -I $Agent/$Module/authentication -I ./common -I $Agent/$Module/identity -I $Agent/$Module/certificate $Agent/$Module/authentication/moc_cloudagent_authentication.proto --go_out=plugins=grpc:../bld/gen/
|
||||
protoc -I $Agent/$Module/certificate -I ./common $Agent/$Module/certificate/moc_cloudagent_certificate.proto --go_out=plugins=grpc:../bld/gen/
|
||||
protoc -I $Agent/$Module/role -I ./common $Agent/$Module/role/moc_cloudagent_role.proto --go_out=plugins=grpc:../bld/gen/
|
||||
|
||||
Agent="testagent"
|
||||
echo "Generating Protoc for $Agent"
|
||||
protoc -I $Agent $Agent/auth_test.proto --go_out=plugins=grpc:../bld/gen/
|
||||
protoc -I $Agent $Agent/tls_test.proto --go_out=plugins=grpc:../bld/gen/
|
||||
|
||||
|
|
|
@ -0,0 +1,164 @@
|
|||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// source: auth_test.proto
|
||||
|
||||
package testagent
|
||||
|
||||
import (
|
||||
context "context"
|
||||
fmt "fmt"
|
||||
proto "github.com/golang/protobuf/proto"
|
||||
grpc "google.golang.org/grpc"
|
||||
codes "google.golang.org/grpc/codes"
|
||||
status "google.golang.org/grpc/status"
|
||||
math "math"
|
||||
)
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
var _ = proto.Marshal
|
||||
var _ = fmt.Errorf
|
||||
var _ = math.Inf
|
||||
|
||||
// This is a compile-time assertion to ensure that this generated file
|
||||
// is compatible with the proto package it is being compiled against.
|
||||
// A compilation error at this line likely means your copy of the
|
||||
// proto package needs to be updated.
|
||||
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
|
||||
|
||||
type Holla struct {
|
||||
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *Holla) Reset() { *m = Holla{} }
|
||||
func (m *Holla) String() string { return proto.CompactTextString(m) }
|
||||
func (*Holla) ProtoMessage() {}
|
||||
func (*Holla) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_3c665ea62f7f06db, []int{0}
|
||||
}
|
||||
|
||||
func (m *Holla) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_Holla.Unmarshal(m, b)
|
||||
}
|
||||
func (m *Holla) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_Holla.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (m *Holla) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_Holla.Merge(m, src)
|
||||
}
|
||||
func (m *Holla) XXX_Size() int {
|
||||
return xxx_messageInfo_Holla.Size(m)
|
||||
}
|
||||
func (m *Holla) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_Holla.DiscardUnknown(m)
|
||||
}
|
||||
|
||||
var xxx_messageInfo_Holla proto.InternalMessageInfo
|
||||
|
||||
func (m *Holla) GetName() string {
|
||||
if m != nil {
|
||||
return m.Name
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func init() {
|
||||
proto.RegisterType((*Holla)(nil), "testagent.Holla")
|
||||
}
|
||||
|
||||
func init() { proto.RegisterFile("auth_test.proto", fileDescriptor_3c665ea62f7f06db) }
|
||||
|
||||
var fileDescriptor_3c665ea62f7f06db = []byte{
|
||||
// 145 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4f, 0x2c, 0x2d, 0xc9,
|
||||
0x88, 0x2f, 0x49, 0x2d, 0x2e, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x04, 0xb1, 0x13,
|
||||
0xd3, 0x53, 0xf3, 0x4a, 0x94, 0xa4, 0xb9, 0x58, 0x3d, 0xf2, 0x73, 0x72, 0x12, 0x85, 0x84, 0xb8,
|
||||
0x58, 0xfc, 0x12, 0x73, 0x53, 0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x23, 0x5b,
|
||||
0x2e, 0x2e, 0xb0, 0xa4, 0x23, 0x48, 0xa9, 0x90, 0x3e, 0x17, 0x67, 0x40, 0x66, 0x5e, 0x3a, 0x44,
|
||||
0xb9, 0x80, 0x1e, 0xdc, 0x0c, 0x3d, 0xb0, 0x88, 0x14, 0x86, 0x88, 0x93, 0x46, 0x94, 0x5a, 0x7a,
|
||||
0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x6e, 0x66, 0x72, 0x51, 0x7e, 0x71,
|
||||
0x7e, 0x5a, 0x89, 0x7e, 0x6e, 0x7e, 0xb2, 0x7e, 0x51, 0x41, 0xb2, 0x3e, 0x5c, 0x7d, 0x12, 0x1b,
|
||||
0xd8, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xdf, 0xb5, 0x1a, 0xfb, 0xaa, 0x00, 0x00,
|
||||
0x00,
|
||||
}
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
var _ context.Context
|
||||
var _ grpc.ClientConn
|
||||
|
||||
// This is a compile-time assertion to ensure that this generated file
|
||||
// is compatible with the grpc package it is being compiled against.
|
||||
const _ = grpc.SupportPackageIsVersion4
|
||||
|
||||
// HollaAgentClient is the client API for HollaAgent service.
|
||||
//
|
||||
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
|
||||
type HollaAgentClient interface {
|
||||
PingHolla(ctx context.Context, in *Holla, opts ...grpc.CallOption) (*Holla, error)
|
||||
}
|
||||
|
||||
type hollaAgentClient struct {
|
||||
cc *grpc.ClientConn
|
||||
}
|
||||
|
||||
func NewHollaAgentClient(cc *grpc.ClientConn) HollaAgentClient {
|
||||
return &hollaAgentClient{cc}
|
||||
}
|
||||
|
||||
func (c *hollaAgentClient) PingHolla(ctx context.Context, in *Holla, opts ...grpc.CallOption) (*Holla, error) {
|
||||
out := new(Holla)
|
||||
err := c.cc.Invoke(ctx, "/testagent.HollaAgent/PingHolla", in, out, opts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// HollaAgentServer is the server API for HollaAgent service.
|
||||
type HollaAgentServer interface {
|
||||
PingHolla(context.Context, *Holla) (*Holla, error)
|
||||
}
|
||||
|
||||
// UnimplementedHollaAgentServer can be embedded to have forward compatible implementations.
|
||||
type UnimplementedHollaAgentServer struct {
|
||||
}
|
||||
|
||||
func (*UnimplementedHollaAgentServer) PingHolla(ctx context.Context, req *Holla) (*Holla, error) {
|
||||
return nil, status.Errorf(codes.Unimplemented, "method PingHolla not implemented")
|
||||
}
|
||||
|
||||
func RegisterHollaAgentServer(s *grpc.Server, srv HollaAgentServer) {
|
||||
s.RegisterService(&_HollaAgent_serviceDesc, srv)
|
||||
}
|
||||
|
||||
func _HollaAgent_PingHolla_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||
in := new(Holla)
|
||||
if err := dec(in); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if interceptor == nil {
|
||||
return srv.(HollaAgentServer).PingHolla(ctx, in)
|
||||
}
|
||||
info := &grpc.UnaryServerInfo{
|
||||
Server: srv,
|
||||
FullMethod: "/testagent.HollaAgent/PingHolla",
|
||||
}
|
||||
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
return srv.(HollaAgentServer).PingHolla(ctx, req.(*Holla))
|
||||
}
|
||||
return interceptor(ctx, in, info, handler)
|
||||
}
|
||||
|
||||
var _HollaAgent_serviceDesc = grpc.ServiceDesc{
|
||||
ServiceName: "testagent.HollaAgent",
|
||||
HandlerType: (*HollaAgentServer)(nil),
|
||||
Methods: []grpc.MethodDesc{
|
||||
{
|
||||
MethodName: "PingHolla",
|
||||
Handler: _HollaAgent_PingHolla_Handler,
|
||||
},
|
||||
},
|
||||
Streams: []grpc.StreamDesc{},
|
||||
Metadata: "auth_test.proto",
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
syntax = "proto3";
|
||||
option go_package = "github.com/microsoft/moc/rpc/testagent";
|
||||
package testagent;
|
||||
|
||||
|
||||
message Holla {
|
||||
string Name = 1;
|
||||
}
|
||||
|
||||
service HollaAgent {
|
||||
rpc PingHolla(Holla) returns (Holla);
|
||||
}
|
|
@ -0,0 +1,163 @@
|
|||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// source: tls_test.proto
|
||||
|
||||
package testagent
|
||||
|
||||
import (
|
||||
context "context"
|
||||
fmt "fmt"
|
||||
proto "github.com/golang/protobuf/proto"
|
||||
grpc "google.golang.org/grpc"
|
||||
codes "google.golang.org/grpc/codes"
|
||||
status "google.golang.org/grpc/status"
|
||||
math "math"
|
||||
)
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
var _ = proto.Marshal
|
||||
var _ = fmt.Errorf
|
||||
var _ = math.Inf
|
||||
|
||||
// This is a compile-time assertion to ensure that this generated file
|
||||
// is compatible with the proto package it is being compiled against.
|
||||
// A compilation error at this line likely means your copy of the
|
||||
// proto package needs to be updated.
|
||||
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
|
||||
|
||||
type Hello struct {
|
||||
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *Hello) Reset() { *m = Hello{} }
|
||||
func (m *Hello) String() string { return proto.CompactTextString(m) }
|
||||
func (*Hello) ProtoMessage() {}
|
||||
func (*Hello) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_d532ee5fff61f1da, []int{0}
|
||||
}
|
||||
|
||||
func (m *Hello) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_Hello.Unmarshal(m, b)
|
||||
}
|
||||
func (m *Hello) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_Hello.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (m *Hello) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_Hello.Merge(m, src)
|
||||
}
|
||||
func (m *Hello) XXX_Size() int {
|
||||
return xxx_messageInfo_Hello.Size(m)
|
||||
}
|
||||
func (m *Hello) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_Hello.DiscardUnknown(m)
|
||||
}
|
||||
|
||||
var xxx_messageInfo_Hello proto.InternalMessageInfo
|
||||
|
||||
func (m *Hello) GetName() string {
|
||||
if m != nil {
|
||||
return m.Name
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func init() {
|
||||
proto.RegisterType((*Hello)(nil), "testagent.Hello")
|
||||
}
|
||||
|
||||
func init() { proto.RegisterFile("tls_test.proto", fileDescriptor_d532ee5fff61f1da) }
|
||||
|
||||
var fileDescriptor_d532ee5fff61f1da = []byte{
|
||||
// 144 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2b, 0xc9, 0x29, 0x8e,
|
||||
0x2f, 0x49, 0x2d, 0x2e, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x04, 0xb1, 0x13, 0xd3,
|
||||
0x53, 0xf3, 0x4a, 0x94, 0xa4, 0xb9, 0x58, 0x3d, 0x52, 0x73, 0x72, 0xf2, 0x85, 0x84, 0xb8, 0x58,
|
||||
0xfc, 0x12, 0x73, 0x53, 0x25, 0x18, 0x15, 0x18, 0x35, 0x38, 0x83, 0xc0, 0x6c, 0x23, 0x5b, 0x2e,
|
||||
0x2e, 0xb0, 0xa4, 0x23, 0x48, 0xa9, 0x90, 0x3e, 0x17, 0x67, 0x40, 0x66, 0x5e, 0x3a, 0x44, 0xb9,
|
||||
0x80, 0x1e, 0xdc, 0x0c, 0x3d, 0xb0, 0x88, 0x14, 0x86, 0x88, 0x93, 0x46, 0x94, 0x5a, 0x7a, 0x66,
|
||||
0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, 0x7e, 0xae, 0x7e, 0x6e, 0x66, 0x72, 0x51, 0x7e, 0x71, 0x7e,
|
||||
0x5a, 0x89, 0x7e, 0x6e, 0x7e, 0xb2, 0x7e, 0x51, 0x41, 0xb2, 0x3e, 0x5c, 0x7d, 0x12, 0x1b, 0xd8,
|
||||
0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x17, 0xa3, 0x1b, 0xa9, 0x00, 0x00, 0x00,
|
||||
}
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
var _ context.Context
|
||||
var _ grpc.ClientConn
|
||||
|
||||
// This is a compile-time assertion to ensure that this generated file
|
||||
// is compatible with the grpc package it is being compiled against.
|
||||
const _ = grpc.SupportPackageIsVersion4
|
||||
|
||||
// HelloAgentClient is the client API for HelloAgent service.
|
||||
//
|
||||
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
|
||||
type HelloAgentClient interface {
|
||||
PingHello(ctx context.Context, in *Hello, opts ...grpc.CallOption) (*Hello, error)
|
||||
}
|
||||
|
||||
type helloAgentClient struct {
|
||||
cc *grpc.ClientConn
|
||||
}
|
||||
|
||||
func NewHelloAgentClient(cc *grpc.ClientConn) HelloAgentClient {
|
||||
return &helloAgentClient{cc}
|
||||
}
|
||||
|
||||
func (c *helloAgentClient) PingHello(ctx context.Context, in *Hello, opts ...grpc.CallOption) (*Hello, error) {
|
||||
out := new(Hello)
|
||||
err := c.cc.Invoke(ctx, "/testagent.HelloAgent/PingHello", in, out, opts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// HelloAgentServer is the server API for HelloAgent service.
|
||||
type HelloAgentServer interface {
|
||||
PingHello(context.Context, *Hello) (*Hello, error)
|
||||
}
|
||||
|
||||
// UnimplementedHelloAgentServer can be embedded to have forward compatible implementations.
|
||||
type UnimplementedHelloAgentServer struct {
|
||||
}
|
||||
|
||||
func (*UnimplementedHelloAgentServer) PingHello(ctx context.Context, req *Hello) (*Hello, error) {
|
||||
return nil, status.Errorf(codes.Unimplemented, "method PingHello not implemented")
|
||||
}
|
||||
|
||||
func RegisterHelloAgentServer(s *grpc.Server, srv HelloAgentServer) {
|
||||
s.RegisterService(&_HelloAgent_serviceDesc, srv)
|
||||
}
|
||||
|
||||
func _HelloAgent_PingHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||
in := new(Hello)
|
||||
if err := dec(in); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if interceptor == nil {
|
||||
return srv.(HelloAgentServer).PingHello(ctx, in)
|
||||
}
|
||||
info := &grpc.UnaryServerInfo{
|
||||
Server: srv,
|
||||
FullMethod: "/testagent.HelloAgent/PingHello",
|
||||
}
|
||||
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
return srv.(HelloAgentServer).PingHello(ctx, req.(*Hello))
|
||||
}
|
||||
return interceptor(ctx, in, info, handler)
|
||||
}
|
||||
|
||||
var _HelloAgent_serviceDesc = grpc.ServiceDesc{
|
||||
ServiceName: "testagent.HelloAgent",
|
||||
HandlerType: (*HelloAgentServer)(nil),
|
||||
Methods: []grpc.MethodDesc{
|
||||
{
|
||||
MethodName: "PingHello",
|
||||
Handler: _HelloAgent_PingHello_Handler,
|
||||
},
|
||||
},
|
||||
Streams: []grpc.StreamDesc{},
|
||||
Metadata: "tls_test.proto",
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
syntax = "proto3";
|
||||
option go_package = "github.com/microsoft/moc/rpc/testagent";
|
||||
package testagent;
|
||||
|
||||
|
||||
message Hello {
|
||||
string Name = 1;
|
||||
}
|
||||
|
||||
service HelloAgent {
|
||||
rpc PingHello(Hello) returns (Hello);
|
||||
}
|
Загрузка…
Ссылка в новой задаче