Compare commits
No commits in common. "aa713af15300b0f47b6d13698247d8d526a725ac" and "d94d5ec27cba24aee9723c9e5cd38bdb8d583ab1" have entirely different histories.
aa713af153
...
d94d5ec27c
44
README.md
44
README.md
|
@ -1,44 +0,0 @@
|
||||||
# go-grpc-certificate
|
|
||||||
|
|
||||||
## Problem's context
|
|
||||||
I've got some trouble while I want to use gRPC through TLS certificates. I've created a certificated from a .pem key file which had
|
|
||||||
a password and I couldn't use it through `go` standard library. I found a solution based on this **[SO answer](https://stackoverflow.com/a/56131169/6329540)** to this **[question](https://stackoverflow.com/questions/56129533/tls-with-certificate-private-key-and-pass-phrase/56131169#comment132834574_56131169)**
|
|
||||||
|
|
||||||
## Solution
|
|
||||||
I've decided to use **[openssl](https://www.openssl.org/docs/manmaster/man1/)** to achieve this task as far as I was not able to found a solution in go standard library.
|
|
||||||
|
|
||||||
## Installation requirements
|
|
||||||
I've used this version on development. So we should check if it backwards compatible.
|
|
||||||
```shell
|
|
||||||
$ openssl version
|
|
||||||
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## How to use
|
|
||||||
In your `go` project you just have to type in your terminal:
|
|
||||||
```shell
|
|
||||||
$ go get gitea.urkob.com/urko/go-grpc-certificate
|
|
||||||
```
|
|
||||||
|
|
||||||
Then place in your code like this
|
|
||||||
```go
|
|
||||||
package main
|
|
||||||
|
|
||||||
// here should be defined your imports
|
|
||||||
certcreds "gitea.urkob.com/urko/go-grpc-certificate/pkg/credentials"
|
|
||||||
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
certPath := "place your certificate path"
|
|
||||||
certKeyPath := "place your key file path"
|
|
||||||
keyPassword := "place your key password here"
|
|
||||||
|
|
||||||
creds, err = certcreds.CredentialsFromKeyWithPasswd(
|
|
||||||
certPah, certKeyPath, keyPassword,
|
|
||||||
)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed loading certificates: %v\n", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
|
@ -12,10 +12,7 @@ import (
|
||||||
"google.golang.org/grpc/credentials"
|
"google.golang.org/grpc/credentials"
|
||||||
)
|
)
|
||||||
|
|
||||||
// FromRSAKeyWithPassword receives a certificate .pem file which was
|
func CredentialsFromKeyWithPasswd(certFile, certKey, passwd string) (credentials.TransportCredentials, error) {
|
||||||
// requested with .pem key file secured by password. By default go doesn't provide a
|
|
||||||
// standard packag that is not deprecated:
|
|
||||||
func FromRSAKeyWithPassword(certFile, certKey, passwd string) (credentials.TransportCredentials, error) {
|
|
||||||
if certFile == "" {
|
if certFile == "" {
|
||||||
return nil, errors.New("certFile cannot be empty")
|
return nil, errors.New("certFile cannot be empty")
|
||||||
}
|
}
|
||||||
|
|
|
@ -83,10 +83,10 @@ func TestCredentialsFromKeyWithPasswd(t *testing.T) {
|
||||||
require.NoError(t, deleteTestDir())
|
require.NoError(t, deleteTestDir())
|
||||||
}()
|
}()
|
||||||
|
|
||||||
_, err := FromRSAKeyWithPassword(testCert, testCertKey, testKeyPass)
|
_, err := CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass)
|
||||||
assert.NoError(t, err, "key with password should not fail")
|
assert.NoError(t, err, "key with password should not fail")
|
||||||
|
|
||||||
_, err = FromRSAKeyWithPassword(testCert, testCertKey, "wrong-pass")
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, "wrong-pass")
|
||||||
assert.Error(t, err, "key with wrong pass password should not fail")
|
assert.Error(t, err, "key with wrong pass password should not fail")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,30 +98,30 @@ func TestCredentialsFromKeyWithPasswdError(t *testing.T) {
|
||||||
require.NoError(t, deleteTestDir())
|
require.NoError(t, deleteTestDir())
|
||||||
}()
|
}()
|
||||||
|
|
||||||
_, err := FromRSAKeyWithPassword("", "", "")
|
_, err := CredentialsFromKeyWithPasswd("", "", "")
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
_, err = FromRSAKeyWithPassword(testCert, "", "")
|
_, err = CredentialsFromKeyWithPasswd(testCert, "", "")
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
_, err = FromRSAKeyWithPassword(testCert, "not-exists.txt", "")
|
_, err = CredentialsFromKeyWithPasswd(testCert, "not-exists.txt", "")
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend))
|
require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend))
|
||||||
|
|
||||||
_, err = FromRSAKeyWithPassword(testCert, testKeyError, testKeyPass)
|
_, err = CredentialsFromKeyWithPasswd(testCert, testKeyError, testKeyPass)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
|
|
||||||
require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend))
|
require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend))
|
||||||
_, err = FromRSAKeyWithPassword(testCert, testCertKeyError, testKeyPass)
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
require.NoError(t, os.Remove(testCertKeyError))
|
require.NoError(t, os.Remove(testCertKeyError))
|
||||||
assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend))
|
assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend))
|
||||||
_, err = FromRSAKeyWithPassword(testCert, testCertKeyError, testKeyPass)
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass)
|
||||||
assert.Error(t, err, "key without password should fail")
|
assert.Error(t, err, "key without password should fail")
|
||||||
|
|
||||||
require.NoError(t, createEncryptedKeyFile())
|
require.NoError(t, createEncryptedKeyFile())
|
||||||
_, err = FromRSAKeyWithPassword(testCert, testCertKey, testKeyPass)
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass)
|
||||||
assert.Error(t, err, "key without password should fail")
|
assert.Error(t, err, "key without password should fail")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue