urko
/
go-grpc-certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: urko:d94d5ec27cba24aee9723c9e5cd38bdb8d583ab1
Branches Tags
urko:main
...
compare: urko:aa713af15300b0f47b6d13698247d8d526a725ac
Branches Tags
urko:main

2 Commits
d94d5ec27c ... aa713af153

Author SHA1 Message Date
Urko aa713af153 feat: add readme 2023-03-06 18:00:40 +01:00
Urko d79f43f6a4 feat: rename method 2023-03-06 17:53:29 +01:00
3 changed files with 57 additions and 10 deletions
Show Stats Expand all files Collapse all files

44
README.md Normal file
View File

@ -0,0 +1,44 @@
# go-grpc-certificate
## Problem's context
I've got some trouble while I want to use gRPC through TLS certificates. I've created a certificated from a .pem key file which had
a password and I couldn't use it through `go` standard library. I found a solution based on this **[SO answer](https://stackoverflow.com/a/56131169/6329540)** to this **[question](https://stackoverflow.com/questions/56129533/tls-with-certificate-private-key-and-pass-phrase/56131169#comment132834574_56131169)**
## Solution
I've decided to use **[openssl](https://www.openssl.org/docs/manmaster/man1/)** to achieve this task as far as I was not able to found a solution in go standard library.
## Installation requirements
I've used this version on development. So we should check if it backwards compatible.
```shell
$ openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
```
## How to use
In your `go` project you just have to type in your terminal:
```shell
$ go get gitea.urkob.com/urko/go-grpc-certificate
```
Then place in your code like this
```go
package main
// here should be defined your imports
certcreds "gitea.urkob.com/urko/go-grpc-certificate/pkg/credentials"
func main() {
certPath := "place your certificate path"
certKeyPath := "place your key file path"
keyPassword := "place your key password here"
creds, err = certcreds.CredentialsFromKeyWithPasswd(
certPah, certKeyPath, keyPassword,
)
if err != nil {
log.Fatalf("Failed loading certificates: %v\n", err)
}
}
```

5
pkg/credentials/credentials.go
View File

@ -12,7 +12,10 @@ import (
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
) )
func CredentialsFromKeyWithPasswd(certFile, certKey, passwd string) (credentials.TransportCredentials, error) { // FromRSAKeyWithPassword receives a certificate .pem file which was
// requested with .pem key file secured by password. By default go doesn't provide a
// standard packag that is not deprecated:
func FromRSAKeyWithPassword(certFile, certKey, passwd string) (credentials.TransportCredentials, error) {
if certFile == "" { if certFile == "" {
return nil, errors.New("certFile cannot be empty") return nil, errors.New("certFile cannot be empty")
} }

18
pkg/credentials/credentials_test.go
View File

@ -83,10 +83,10 @@ func TestCredentialsFromKeyWithPasswd(t *testing.T) {
require.NoError(t, deleteTestDir()) require.NoError(t, deleteTestDir())
}() }()
_, err := CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) _, err := FromRSAKeyWithPassword(testCert, testCertKey, testKeyPass)
assert.NoError(t, err, "key with password should not fail") assert.NoError(t, err, "key with password should not fail")
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, "wrong-pass") _, err = FromRSAKeyWithPassword(testCert, testCertKey, "wrong-pass")
assert.Error(t, err, "key with wrong pass password should not fail") assert.Error(t, err, "key with wrong pass password should not fail")
} }
@ -98,30 +98,30 @@ func TestCredentialsFromKeyWithPasswdError(t *testing.T) {
require.NoError(t, deleteTestDir()) require.NoError(t, deleteTestDir())
}() }()
_, err := CredentialsFromKeyWithPasswd("", "", "") _, err := FromRSAKeyWithPassword("", "", "")
assert.Error(t, err) assert.Error(t, err)
_, err = CredentialsFromKeyWithPasswd(testCert, "", "") _, err = FromRSAKeyWithPassword(testCert, "", "")
assert.Error(t, err) assert.Error(t, err)
_, err = CredentialsFromKeyWithPasswd(testCert, "not-exists.txt", "") _, err = FromRSAKeyWithPassword(testCert, "not-exists.txt", "")
assert.Error(t, err) assert.Error(t, err)
require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend)) require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend))
_, err = CredentialsFromKeyWithPasswd(testCert, testKeyError, testKeyPass) _, err = FromRSAKeyWithPassword(testCert, testKeyError, testKeyPass)
require.Error(t, err) require.Error(t, err)
require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend)) require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend))
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) _, err = FromRSAKeyWithPassword(testCert, testCertKeyError, testKeyPass)
assert.Error(t, err) assert.Error(t, err)
require.NoError(t, os.Remove(testCertKeyError)) require.NoError(t, os.Remove(testCertKeyError))
assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend)) assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend))
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) _, err = FromRSAKeyWithPassword(testCert, testCertKeyError, testKeyPass)
assert.Error(t, err, "key without password should fail") assert.Error(t, err, "key without password should fail")
require.NoError(t, createEncryptedKeyFile()) require.NoError(t, createEncryptedKeyFile())
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) _, err = FromRSAKeyWithPassword(testCert, testCertKey, testKeyPass)
assert.Error(t, err, "key without password should fail") assert.Error(t, err, "key without password should fail")
} }