feat: get grpc credentials by certificate from key with password
This commit is contained in:
parent
50713ba531
commit
2131a3addb
|
|
@ -0,0 +1,16 @@
|
|||
module gitea.urkob.com/urko/go-gprc-certificate
|
||||
|
||||
go 1.19
|
||||
|
||||
require (
|
||||
github.com/stretchr/testify v1.8.2
|
||||
google.golang.org/grpc v1.53.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
google.golang.org/protobuf v1.28.1 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
||||
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
|
||||
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
|
||||
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
|
||||
google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
|
||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
||||
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
||||
google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
|
||||
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
package credentials
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"google.golang.org/grpc/credentials"
|
||||
)
|
||||
|
||||
func CredentialsFromKeyWithPasswd(certFile, certKey, passwd string) (credentials.TransportCredentials, error) {
|
||||
if certFile == "" {
|
||||
return nil, errors.New("certFile cannot be empty")
|
||||
}
|
||||
if certKey == "" {
|
||||
return nil, errors.New("certKey cannot be empty")
|
||||
}
|
||||
|
||||
bts, err := os.ReadFile(certKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("os.ReadFile certKey: %s", err)
|
||||
}
|
||||
|
||||
keyBlock, rest := pem.Decode(bts)
|
||||
if keyBlock == nil {
|
||||
return nil, errors.New("not valid pem file")
|
||||
}
|
||||
if len(rest) > 0 {
|
||||
return nil, errors.New("rest is not empty")
|
||||
}
|
||||
|
||||
if !strings.Contains(keyBlock.Type, "ENCRYPTED") {
|
||||
return nil, fmt.Errorf("certificate should has been encrypted with password")
|
||||
}
|
||||
|
||||
decriptedKeyPem, err := decryptRSA(certKey, passwd)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("decryptRSA: %s", err)
|
||||
}
|
||||
|
||||
bts, err = os.ReadFile(certFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("os.ReadFile certFile: %s", err)
|
||||
}
|
||||
cert, err := tls.X509KeyPair(bts, []byte(decriptedKeyPem))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("tls.X509KeyPair: %s", err)
|
||||
}
|
||||
log.Println("cert loaded successfuly")
|
||||
|
||||
return credentials.NewServerTLSFromCert(&cert), nil
|
||||
}
|
||||
|
||||
func decryptRSA(keyFile, password string) (string, error) {
|
||||
// openssl rsa -passin pass:test -in passwd.pem -out passwd.enc.key
|
||||
cmd := exec.Command("openssl", "rsa", "-in", keyFile, "-passin", formatPass(password), "-text")
|
||||
output_bts, err := cmd.Output()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("cmd.Output: %s", err)
|
||||
}
|
||||
|
||||
idx := strings.Index(string(output_bts), "-----BEGIN")
|
||||
return string(output_bts)[idx:], nil
|
||||
}
|
||||
|
||||
func formatPass(password string) string {
|
||||
if password == "" {
|
||||
return ""
|
||||
}
|
||||
return "pass:" + password
|
||||
}
|
||||
Loading…
Reference in New Issue