mirror of
https://github.com/linka-cloud/grpc.git
synced 2025-06-22 09:12:28 +00:00
remove client pool and add tls client auth support
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
@ -2,6 +2,9 @@ package client
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
|
||||
@ -15,6 +18,9 @@ type Options interface {
|
||||
Address() string
|
||||
Secure() bool
|
||||
Registry() registry.Registry
|
||||
CA() string
|
||||
Cert() string
|
||||
Key() string
|
||||
TLSConfig() *tls.Config
|
||||
DialOptions() []grpc.DialOption
|
||||
UnaryInterceptors() []grpc.UnaryClientInterceptor
|
||||
@ -47,6 +53,24 @@ func WithAddress(address string) Option {
|
||||
}
|
||||
}
|
||||
|
||||
func WithCA(ca string) Option {
|
||||
return func(o *options) {
|
||||
o.caCert = ca
|
||||
}
|
||||
}
|
||||
|
||||
func WithCert(cert string) Option {
|
||||
return func(o *options) {
|
||||
o.cert = cert
|
||||
}
|
||||
}
|
||||
|
||||
func WithKey(key string) Option {
|
||||
return func(o *options) {
|
||||
o.key = key
|
||||
}
|
||||
}
|
||||
|
||||
func WithTLSConfig(conf *tls.Config) Option {
|
||||
return func(o *options) {
|
||||
o.tlsConfig = conf
|
||||
@ -87,10 +111,14 @@ func WithStreamInterceptors(i ...grpc.StreamClientInterceptor) Option {
|
||||
}
|
||||
|
||||
type options struct {
|
||||
registry registry.Registry
|
||||
name string
|
||||
version string
|
||||
addr string
|
||||
registry registry.Registry
|
||||
name string
|
||||
version string
|
||||
addr string
|
||||
|
||||
caCert string
|
||||
cert string
|
||||
key string
|
||||
tlsConfig *tls.Config
|
||||
secure bool
|
||||
dialOptions []grpc.DialOption
|
||||
@ -115,6 +143,18 @@ func (o *options) Registry() registry.Registry {
|
||||
return o.registry
|
||||
}
|
||||
|
||||
func (o *options) CA() string {
|
||||
return o.caCert
|
||||
}
|
||||
|
||||
func (o *options) Cert() string {
|
||||
return o.cert
|
||||
}
|
||||
|
||||
func (o *options) Key() string {
|
||||
return o.key
|
||||
}
|
||||
|
||||
func (o *options) TLSConfig() *tls.Config {
|
||||
return o.tlsConfig
|
||||
}
|
||||
@ -134,3 +174,38 @@ func (o *options) UnaryInterceptors() []grpc.UnaryClientInterceptor {
|
||||
func (o *options) StreamInterceptors() []grpc.StreamClientInterceptor {
|
||||
return o.streamInterceptors
|
||||
}
|
||||
|
||||
func (o *options) hasTLSConfig() bool {
|
||||
return o.caCert != "" && o.cert != "" && o.key != "" && o.tlsConfig == nil
|
||||
}
|
||||
|
||||
func (o *options) parseTLSConfig() error {
|
||||
if o.tlsConfig != nil {
|
||||
return nil
|
||||
}
|
||||
if !o.hasTLSConfig() {
|
||||
if !o.secure {
|
||||
return nil
|
||||
}
|
||||
o.tlsConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
return nil
|
||||
}
|
||||
caCert, err := os.ReadFile(o.caCert)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
caCertPool := x509.NewCertPool()
|
||||
ok := caCertPool.AppendCertsFromPEM(caCert)
|
||||
if !ok {
|
||||
return fmt.Errorf("failed to load CA Cert from %s", o.caCert)
|
||||
}
|
||||
cert, err := tls.LoadX509KeyPair(o.cert, o.key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
o.tlsConfig = &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
RootCAs: caCertPool,
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user