|
|
|
@ -2,12 +2,8 @@ package internal
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"log"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
@ -147,51 +143,17 @@ func WithRetry() ClientOption {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WithUnaryClientInterceptor returns a func to customize a ClientOptions with given interceptor.
|
|
|
|
|
func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientOption {
|
|
|
|
|
// WithTransportCredentials return a func to make the gRPC calls secured with given credentials.
|
|
|
|
|
func WithTransportCredentials(creds credentials.TransportCredentials) ClientOption {
|
|
|
|
|
return func(options *ClientOptions) {
|
|
|
|
|
options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication.
|
|
|
|
|
func WithTlsClientFromUnilateral(crt, domainName string) ClientOption {
|
|
|
|
|
return func(options *ClientOptions) {
|
|
|
|
|
c, err := credentials.NewClientTLSFromFile(crt, domainName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options.Secure = true
|
|
|
|
|
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
|
|
|
|
|
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(creds))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WithTlsClientFromMutual return a func to customize a ClientOptions Verify with mutual authentication.
|
|
|
|
|
func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
|
|
|
|
|
// WithUnaryClientInterceptor returns a func to customize a ClientOptions with given interceptor.
|
|
|
|
|
func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientOption {
|
|
|
|
|
return func(options *ClientOptions) {
|
|
|
|
|
cert, err := tls.LoadX509KeyPair(crtFile, keyFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
certPool := x509.NewCertPool()
|
|
|
|
|
ca, err := ioutil.ReadFile(caFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("credentials: failed to ReadFile CA certificates err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !certPool.AppendCertsFromPEM(ca) {
|
|
|
|
|
log.Fatalf("credentials: failed to append certificates err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := &tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
|
RootCAs: certPool,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options.Secure = true
|
|
|
|
|
options.DialOptions = append(options.DialOptions,
|
|
|
|
|
grpc.WithTransportCredentials(credentials.NewTLS(config)))
|
|
|
|
|
options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|