lab/grpc-gateway-example
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add tls

Browse Source
This commit is contained in:
finlab 2021-01-17 05:25:49 +08:00
parent 3544aa459d
commit ea69c6b33a
20 changed files with 383 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Makefile
View File

@ -44,3 +44,25 @@ openapi:
--openapiv2_out ./gen/openapi2 \
--openapiv2_opt logtostderr=true \
/protos/echo/v1/echo.proto
certs:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 \
-subj "/C=GB/L=China/O=gobook/CN=github.com" \
-key ca.key -out ca.crt
openssl req -new \
-subj "/C=GB/L=China/O=server/CN=server.io" \
-key server.key \
-out server.csr
openssl x509 -req -sha256 \
-CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 \
-in server.csr \
-out server.crt
openssl req -new \
-subj "/C=GB/L=China/O=client/CN=client.io" \
-key client.key \
-out client.csr
openssl x509 -req -sha256 \
-CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 \
-in client.csr \
-out client.crt

38
cert/Makefile Normal file
View File

@ -0,0 +1,38 @@
ca:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 \
-subj "/C=GB/L=China/O=gd/CN=ca.com" \
-key ca.key -out ca.pem
server:
openssl genrsa -out server.key 2048
openssl req -new \
-subj "/C=GB/L=China/O=server/CN=server.grpc.io" \
-key server.key \
-out server.csr
openssl x509 -req -sha256 \
-CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 \
-extfile server-ext.cnf \
-in server.csr \
-out server.pem
client:
openssl genrsa -out client.key 2048
openssl req -new \
-subj "/C=GB/L=China/O=client/CN=client.grpc.io" \
-key client.key \
-out client.csr
openssl x509 -req -sha256 \
-CA ca.pem -CAkey ca.key -CAcreateserial -days 3650 \
-extfile client-ext.cnf \
-in client.csr \
-out client.pem
vca:
openssl x509 -text -noout -in ca.pem
vsrv:
openssl x509 -text -noout -in server.pem
vcli:
openssl x509 -text -noout -in client.pem

18
cert/ca.crt Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC8jCCAdoCCQCbJvTNVPI+kjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJH
QjEOMAwGA1UEBwwFQ2hpbmExCzAJBgNVBAoMAmdkMQ8wDQYDVQQDDAZjYS5jb20w
HhcNMjEwMTE2MjExNTUzWhcNMzEwMTE0MjExNTUzWjA7MQswCQYDVQQGEwJHQjEO
MAwGA1UEBwwFQ2hpbmExCzAJBgNVBAoMAmdkMQ8wDQYDVQQDDAZjYS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0aVz7T1FpqnMLBZR07pcYgmok
uOc6zlWDuxIE0EoF/vaAistqYMLrxBnftyeBBIHsTpACvWvFiVHvnv0gGeQ2Km3X
Z8VbwGnmDagZ+xN3V9gzFEUtmTy3P9UtQBbaHg2YFaOWnpfn6S7tSYflsHY9qO54
YoTjGEIidyebCOgFKAPICvWrr0v6+ySF+A29rV7YJAeM5LumIFtSPUIZHeyrCDNa
1njXX210bhCiHCC0iw+57aFwZZA+tPo5gux5GIaQ+ZFnceHkF8FMdsu04eM4tPbz
P3BRCX7cPSf0T9sL3vcwO6iZw315bDGGUBtMWapk3ElV1qReJTDaZIpSD8hZAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAIDEsRZMRiW7xPZa3iRTeGS7ZJdTO2Fgtc/v
0P8RE0l+mAO+LZs0FJ6vaWzttd4HMTS2o7hvIkEUkaGEFtdvWPpWIeVzR6P56Ag4
tQ6dzstLLhSFnus3aPEr4kvZpgMFltnGzmQkg4cYBIq3jLdXINRjy3hGx6kRsQzD
fbiST8PlXaZvzkNx/2BQfISAfXCL62Ur4925CHZ1F8kticHAjAo9AH59pzdScALi
GWq2GpcMT/Ve6cUPFqZY+OiDM0HfUgcOrRw0rdgITL0ceIZdQbDX/kgGCR/RH1sW
vFz3Am9wWr3iv1LUqekLZAQ/rDu4JsCSy77Yl942Olo97sXoaig=
-----END CERTIFICATE-----

27
cert/ca.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuwZy9/z+xmUKfpFiakMvkeWZcEt8rctV3LYo1sg0bBPOPfu7
lhBS+NJrwvblP3vod+VUptoN2YEj5EJVwwsXR0P6JrQUNdoitBLqmKgmMls0UZGQ
qweB9eHthtFI4QCmGjHfymvsO/pMYsO9WSGPfqhQHqcJfN/pdslUZfC3JJftlPvO
A+CHkkxIwnU76qSjdc7lxlliYekMeYbTkdn6RQQKdTcOV6TrSw8FFvLYcG+G5kDq
J2GIoH9hPf+VewN9ME5JB//qcYWPcKK04FJR1HiLMELPZ5ZQHySVdS9IqpAhuL2+
+hqJMqY+Tsy1K9wSFkoxEAEfZ/WvHPgFtDQ3sQIDAQABAoIBAQCjge/hfv3+1Tdn
kBNKc5KTKvgKhPRrvOlEHL13iXDLTEVzSzGk8ICZqN0thkzGQ73plEV92gVhstV+
KcBw1LF1TKjWTXmd2yeb5y3SaK98NuB2r5ya6eVk4jCXPUFJ9RdCr3fHsLLHfPxr
HFXeJskdImlpYv+YfOnPQBTZSqnTAsDcYUj8c48ag7MhPTiBhMuk/eskUd6IGybj
nVR3Y1EnTWJ9HaByNhpC42ZsbFXaXu9pLxQzSlc07yN4tqHrI5YrnX2XDEHDuuqz
IrA02qX5+KDbI8pNlHRViAMDErkfUzGPcP3838hwW7SfJuib0VoXXN9s5c9veQ3K
VwGbjfQBAoGBAOqUPbnjL19kpiIGGUpowF4mRmr9HHDcrLsbp+lu80Vu6Z68Qw7S
iQZBoK//3ika5vPweAsWPezVoadIl/06mGpaPVYDekUONbZpgqUgORfPFWYS/+R3
Nerq3IvMAjey0hqoKmYf8kAj1diQLET+5NYX1e7QFyoDnHVBvZfqCMlZAoGBAMwa
ikwKsGPzhDRwgiVp4jXTUKWGshmnAaFeI0r7Z6IhYxSslcmMA5q4X6K6NHywuzc0
RbOps66rKxxc8jwYXDK5PXIIRFZ2/G2EmVzH/Dm25jTTLbubhn13NfwHTPeUiGhG
94OKUJTDcl4wmWXMMosXutvn9bL0pU1JOjuFnT4ZAoGAJKUv12A0QFS610nYnZUr
qAmWqpQL41215iz12DOq8UfYWyHR3/jnywBpl9UC4a0AM093kVPSLLNa44UlqTuE
H+kk99DnQu5rWam17RHRmXSSRTXmn8w3shEqjvQ5zHW0+NEYfoezEm4GtCQhpk2j
dgaXNw1u8PNLd83jTl4TLVECgYBD9sZ8gcaw0cMBL0G3MaX45G/jXpHpxtndIRrB
eivNKi7zEHEkVvJQT/rQlg6qQrNks4xOQkEp9ad6X1zuM/JnlZVnZmdTH3X5BgGH
irRrh4LqrjN5WFWVa9/XF5tCifxONOtwqtsgXmC0CpzZ8AAYnwNC/N+tApgUv0Cb
12c/6QKBgQCO6hiEkpfMAcWE91B06kRdBwEbrOHaGKuYMYI4PAQD9SEW0GVH3YnO
rbcByes0eHutm3A7NfqsQ/MgFQWfQxGeXNVFeC56APq4Nh0MH0XLrV8hgDy78VyJ
OZNZiIdi94jclgiNykrVBvT5fXt1ykTSBaCpuIiwqoDbKRvXJDVilw==
-----END RSA PRIVATE KEY-----

18
cert/ca.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC8jCCAdoCCQC+Ot06xy+vnjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJH
QjEOMAwGA1UEBwwFQ2hpbmExCzAJBgNVBAoMAmdkMQ8wDQYDVQQDDAZjYS5jb20w
HhcNMjEwMTE2MjEyMzU1WhcNMzEwMTE0MjEyMzU1WjA7MQswCQYDVQQGEwJHQjEO
MAwGA1UEBwwFQ2hpbmExCzAJBgNVBAoMAmdkMQ8wDQYDVQQDDAZjYS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7BnL3/P7GZQp+kWJqQy+R5Zlw
S3yty1XctijWyDRsE849+7uWEFL40mvC9uU/e+h35VSm2g3ZgSPkQlXDCxdHQ/om
tBQ12iK0EuqYqCYyWzRRkZCrB4H14e2G0UjhAKYaMd/Ka+w7+kxiw71ZIY9+qFAe
pwl83+l2yVRl8Lckl+2U+84D4IeSTEjCdTvqpKN1zuXGWWJh6Qx5htOR2fpFBAp1
Nw5XpOtLDwUW8thwb4bmQOonYYigf2E9/5V7A30wTkkH/+pxhY9worTgUlHUeIsw
Qs9nllAfJJV1L0iqkCG4vb76Gokypj5OzLUr3BIWSjEQAR9n9a8c+AW0NDexAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAHtj6EkLltGoRQp/rAktYCGQRQIi0BpUTK1v
tR1K3rOfVeabUX/gdgBR7ZWWBLpm5bik8LL8nEivqjoLrGUBOzhwXE9FLJfZQyhp
ngY3oQVGG1jCAy2LVMDBebzaL5i03gVZgOBlVeYROOB9zBgTDOO1YLJWB5gzmVAD
/zG5jrhnxGRHch0gU2AFpCFdHCL1M0BvRXcdK7rLuQQ2DTKnJJL+jLszAj4wf4mX
Wxa7W7iVPc6fMsjFs3KLw6EHf4XTdazL3pRC+O0odwtY5PEu85aww9SfEiiXoSVi
cdmtFkgIdUXEqJl3HtzoYTz/NAEFiTVYO7/NH1ZcB4KrucCIL4Q=
-----END CERTIFICATE-----

1
cert/ca.srl Normal file
View File

@ -0,0 +1 @@
C04A9C1432903DF5

1
cert/client-ext.cnf Normal file
View File

@ -0,0 +1 @@
subjectAltName=DNS:*.grpc.io,IP:0.0.0.0

19
cert/client.crt Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIJAMBKnBQykD3yMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV
BAYTAkdCMQ4wDAYDVQQHDAVDaGluYTELMAkGA1UECgwCZ2QxDzANBgNVBAMMBmNh
LmNvbTAeFw0yMTAxMTYyMTE1NTNaFw0zMTAxMTQyMTE1NTNaMEcxCzAJBgNVBAYT
AkdCMQ4wDAYDVQQHDAVDaGluYTEPMA0GA1UECgwGY2xpZW50MRcwFQYDVQQDDA5j
bGllbnQuZ3JwYy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANvd
CzIt8ZDpIPHjMkwbJeOXilEgSEgi9y28W2ZG31Od7IilKkQK2lbwHBMeZGFnFvjp
/oKivkY/MAQEVA70wn4UldukNk0oXh2cZReQz5RTvim866TElWjbOcXmeqqR/MVj
gL0Xo3ODkK+Ube+S/JqulxlXmWKBn/vWELm3IlTW3RbmmI0KgqvLwhQmat7gPLe9
TylDOzP75esmAjpbsduPVhfZaiRdyOarpk7UD5VXPr+9RC9S0wKHArEQ1YHYd0jH
ueMssJxzljjWFpvVUijm2/ohGYto8SFy3OE59ByLmhDPwZtU213i1Tu/LY97sa1D
ISUINLcphAsc2lchA/MCAwEAAaMeMBwwGgYDVR0RBBMwEYIJKi5ncnBjLmlvhwQA
AAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBKYUGuzhpgeweyLddvRCB7vAaVNuUOsWLn
SlSODKAzJvSaSkoUBr0rgx0QegfzkO0LEqN7vB+JVfGE7aj413+DaIHvhI36mclh
qkj3WfaKwrTXH99uN1aWac9/WY3bldMN3gsflRvPEXnLU/gzRX/IAkPrUcyM+YVq
F/jK14YsIR0eNsMpFE1+cl/6+IScwqS+cQZuUzta7CQdErK2OWl28S1ktBxe3hM0
f1DRRD7SI3MzRld7RNWYTrMHFpddKk76O+X7qB588BWKp2O5r+TW6Yp7FY3n1C0E
EK6astzNoiD2u2aC3fCa2+qVzheacInPBzknzuexfyvm3/AkoK+x
-----END CERTIFICATE-----

16
cert/client.csr Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCR0IxDjAMBgNVBAcMBUNoaW5hMQ8wDQYD
VQQKDAZjbGllbnQxFzAVBgNVBAMMDmNsaWVudC5ncnBjLmlvMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC5xWEIR+TOX7XbcZvE+UIV8XIfb5FHDGm/X
T00usZakg5Ci4u0lztHj4IeiS8nUEcFpIFIkfHFIKBxpECj523KTXqyn6/GnlKya
IM85diXN1d9uv3WjW72ak61AZl90SJiqHGAVEP+/y5xLDHteXYVkom+0ZZuLASgk
JzK+MJsa0CJI21WmmZrr7rLgsxegjSJCXUvhPKUv7du2DQoCGLEa1pjeuiy8xUIF
VVS0a+SZXjgkUaJXSkuH4wq/NEzmSY2VoYcVTWRnXtADmRD0IUbr+RDGQ7r+Ulwb
SM2UAQnpR/7VUhS5wcmllXR9OwymvUgjgaLhEn2t7l5SIsExCwIDAQABoAAwDQYJ
KoZIhvcNAQELBQADggEBAK7fdbMWtG0+FiG8jIpggJXFi2tMJiwT9PN7x2z28trv
vbpMcuUnr9TOTKDZy95rR7Ni/p9Ei/FuZigFLahA9lGuWyTms4NHRHDMODst/4Dn
yGaNxBL63J2zj6nu4RXsMNThcvczQZIkiLuDjl79DDs6T5SDoKs7b4TlOpRLf2f4
IcPyaFI1LnuJnbaQVKFyHgtjG3Vov4SdUB7lZeOLhOBGo+sBePdVtW1sscwWwS/k
gtqw+8L2nHsfUcV26Cias2jTxclrHnvbdw+NTXwR15JDpYpM0HCsLWGOEf7V6OI+
OLy/n+t5lP8qRSJ0gZ4FH4ECMNaBehUYEC9ZKuxMAwI=
-----END CERTIFICATE REQUEST-----

27
cert/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyC5xWEIR+TOX7XbcZvE+UIV8XIfb5FHDGm/XT00usZakg5Ci
4u0lztHj4IeiS8nUEcFpIFIkfHFIKBxpECj523KTXqyn6/GnlKyaIM85diXN1d9u
v3WjW72ak61AZl90SJiqHGAVEP+/y5xLDHteXYVkom+0ZZuLASgkJzK+MJsa0CJI
21WmmZrr7rLgsxegjSJCXUvhPKUv7du2DQoCGLEa1pjeuiy8xUIFVVS0a+SZXjgk
UaJXSkuH4wq/NEzmSY2VoYcVTWRnXtADmRD0IUbr+RDGQ7r+UlwbSM2UAQnpR/7V
UhS5wcmllXR9OwymvUgjgaLhEn2t7l5SIsExCwIDAQABAoIBAQCz1q1zSeAVzlkW
N+tn/CEse8+u3UsaQq4RyRpYnxFs79YacE01qzGFLaEYbSHMDqUb0nNcWw92UNsv
Vd65auaVVMi6jEhLuwz/j1TkVubbkrjqBFHdZZT97Ue6ljI+BlFUivqAhX1HiUvI
Y0A1FXxAbn9rQwmBIwztXB+mq3qb9JMHM8ItVdk1bk3SKyecT217HjyVSYTP5GkZ
iyUyW1ykQ+NgmQRc7UD3Qhz+wvxJ3ABzPzfJdtPtHaingePQmGfLN00JXh4tq/fw
6zLgqSI4u90n6wFupBFeucT5uSDcyAcirEchZQnQZjVMmMr7cIFsq1oL0gyV4RXg
ixjX10HhAoGBAP0fBhi6zQDgYGKK/E2n8TfeDquEk0RR9Vy8F18IwUee2urlVKAJ
Sp98iHWzWP1+PvqgcCVeokLHEnpCJzVolhFJuQvG70tnxs2HX9Ei4XBUzKODrsKu
RqcaeKTSBS62Q+OA83GWbe7/Gj3CGisxU/E7W6uQ+SOujy/B9R/GiZI7AoGBAMp1
SCq2npyACD7+CvrKUO3sT7GQI4SZxeVMxGtXd/CE+Vw1MuIgJ+NSh4ORRPqcVlLJ
3siraVBxJT6ZjSHo+/oy0t9BXNpUQWKH0PNk0uSrYmHelUsZAb5WZwtvRfS/Y33o
HA53Ahdn7aP228tKfOgUMoVp+AQUy1KTxLrqT59xAoGAWsdVmGjmPPo7lxvhgLhK
eo7ZFApoBoieRrPubdbl+pmuSbAVuY+bg7dV+WBo+gDc9WW00rIt32Ul61LuXOk1
aN3Xz7F5AMInOm7ink60K2U+PyZq9scp76Q+wF3SHf6gOmd057fblWtILf3/BJ6c
TFfNeKp1r6ZbE/Wrw8mgbSECgYAyRVbrDDdsIrppcckmJrBbs47CR0kadthVrG8l
PC3S8iG8zJTa4yMkZeyyNZMMK1+f5PJFn5Jh4AZged46alCO+qmzt9YnfD5UCedP
WFypXQjrxkoJwKbXLTse8r1LHW7F56l3ygMh7rNqQDSpUNCdC87To9FqqgMmePyj
cOTecQKBgQDBHL4OubUcC2ufgt+C8Ksq+0WdIPIR5/yO9aD/eFCyv/+0UnLqcwTg
i1mKdBxlwrmfEohY33Vv3LcWG1cJ8VpWSUQcR4a8vDNWd8/SeFCIEx4wl8EkB5iw
FKrPIH52rDsv6zTsqSYvGZU8AyZG2gjCQU8io9xxyAPAFIdjEhtyFQ==
-----END RSA PRIVATE KEY-----

19
cert/client.pem Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIJAMBKnBQykD31MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV
BAYTAkdCMQ4wDAYDVQQHDAVDaGluYTELMAkGA1UECgwCZ2QxDzANBgNVBAMMBmNh
LmNvbTAeFw0yMTAxMTYyMTIzNTVaFw0zMTAxMTQyMTIzNTVaMEcxCzAJBgNVBAYT
AkdCMQ4wDAYDVQQHDAVDaGluYTEPMA0GA1UECgwGY2xpZW50MRcwFQYDVQQDDA5j
bGllbnQuZ3JwYy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgu
cVhCEfkzl+123GbxPlCFfFyH2+RRwxpv109NLrGWpIOQouLtJc7R4+CHokvJ1BHB
aSBSJHxxSCgcaRAo+dtyk16sp+vxp5SsmiDPOXYlzdXfbr91o1u9mpOtQGZfdEiY
qhxgFRD/v8ucSwx7Xl2FZKJvtGWbiwEoJCcyvjCbGtAiSNtVppma6+6y4LMXoI0i
Ql1L4TylL+3btg0KAhixGtaY3rosvMVCBVVUtGvkmV44JFGiV0pLh+MKvzRM5kmN
laGHFU1kZ17QA5kQ9CFG6/kQxkO6/lJcG0jNlAEJ6Uf+1VIUucHJpZV0fTsMpr1I
I4Gi4RJ9re5eUiLBMQsCAwEAAaMeMBwwGgYDVR0RBBMwEYIJKi5ncnBjLmlvhwQA
AAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAzRhGKpOpwIX/GQl5vTkJrhoReqpy25t38
zxT8q9fDdzzEwT7Q2IC1heGl6khBzFpPjrxlzqlG+xF5Ke2TgiC7fOEwM2UHOXk+
RcXkAkUAymi9SfaJozFh6YBsnbjoS4946TUEdEPXYi9lm3tvsoCNCvhv9mLJoQrn
mUarZ/StXMh7+LFr1H8kKhBOFlWbyxL4X/+SfLxFY6up+PWxhzh93bohNDnrzoo3
Zk5YkFNvJPqrVBlonkifb3o6AugOVCsD4xiC6S6jepJYjbBaPCv1+DbLQMIM6D7M
hVmvWMxOSrVIiFTChYRb2bzXmEft5iR2Gd5dUYXazDh0EN5kV7GO
-----END CERTIFICATE-----

1
cert/server-ext.cnf Normal file
View File

@ -0,0 +1 @@
subjectAltName=DNS:*.grpc.io,DNS:*.grpc.org,DNS:localhost,IP:0.0.0.0

20
cert/server.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDOjCCAiKgAwIBAgIJAMBKnBQykD3xMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV
BAYTAkdCMQ4wDAYDVQQHDAVDaGluYTELMAkGA1UECgwCZ2QxDzANBgNVBAMMBmNh
LmNvbTAeFw0yMTAxMTYyMTE1NTNaFw0zMTAxMTQyMTE1NTNaMEcxCzAJBgNVBAYT
AkdCMQ4wDAYDVQQHDAVDaGluYTEPMA0GA1UECgwGc2VydmVyMRcwFQYDVQQDDA5z
ZXJ2ZXIuZ3JwYy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJV
RZXItsbHDIYNcF/p26FT6/WTrZwRzhrNnAh/aKBvrf71w0LbKEkPJd9YvWDs5W+4
r948oHg9C5X9blDh1k9AYWb+LoiBiI0mbLQ8M4lAxTzqrPCPV0CUW6WZkClbOfs+
l1sa373o0qDPmkxv6uYyrj8I3Vt8tCT0n4CJOQdfyyvpnLyk/TUIHAB6G3w7lwbV
qZaGI6t+OqK4w8OHcZlZdfedfMtK9ZswRR1SAE1ZzOOh/f6FPuXulVQvKpzZdoSy
TWljJUQOC1g5aETYpDckKFizpLSp7j+HjQEgw7wIH7BdhAo+OENStI5GE4ApDXK7
aixa/DkWf0C83UFFn3ECAwEAAaM1MDMwMQYDVR0RBCowKIIJKi5ncnBjLmlvggoq
LmdycGMub3Jngglsb2NhbGhvc3SHBAAAAAAwDQYJKoZIhvcNAQELBQADggEBAFDk
bdKHx9Dsdlgctu05/N58KowmFe7yNcsVveNQoC0XYAVhnyQaTMxB4gmcmT3a3gVH
RzUmvO0joqROTzZPmrelI3PGS/urj1QIIzfrNgjVo6R6WNlAizEMtookfV1KlhMl
5AaH0fMhEHS8ej84hf6e9RkLlgRNtA9taFPZZ7d/rFIxhLB/627NuAB0apXlA4FG
26GLhNP3rHJBvCaxvZi57+UbIsidrEzFKMwgv96RipeM5RyXKz4Di9l71qGIGRK7
z8EGY9cBfTQXKd7iKHh2pmrEZLvPZ4hCpSVV+eVYMW7f8XMdBYPawT6met1Wa/wa
bdqkZTtf1jqcvIwlay8=
-----END CERTIFICATE-----

16
cert/server.csr Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCR0IxDjAMBgNVBAcMBUNoaW5hMQ8wDQYD
VQQKDAZzZXJ2ZXIxFzAVBgNVBAMMDnNlcnZlci5ncnBjLmlvMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPUi/1Tq/UFg95lyLLz8XFdaZmhLjbn4rc2z
Wcsju/G/U3DZuKNTEbF/Y/X+QjDyWMQGVYYz5uFC5cCAY4oU/a1dUGXxTId/EBU7
z/+fn6JDNyzpZ5rIu30y+LN9NCcqlVuMh7IfmNUKiveHuMqLJzvgKNz6sm75/6Sn
k+baAZG3o79hiuWMfgauOIOIEJgVg3fP9xteAlFBh8M5ImdLOqqogc2pxdG4l92j
fUoM+L1BNVztNcqUiNSRuKw12byFTrDFRl/HSZEuqWLUxrb2NC0i632mZOYy1dMU
tIjh6vZcYRR8TCaLHWnaXZTCMtYU9xlo3O3CJA+y9pTLBBwCSQIDAQABoAAwDQYJ
KoZIhvcNAQELBQADggEBADDjVyKP+kVJzUszclVpZSRLrIf991pjIGb+hwMRZ3RY
Kcudw2r7Z6ZE3guyEGvE7EYHhRSyDtOxwF/QLGY4vfkFwClvtTvlThXofSGVTshN
NMffWp7Ff9/pQxnFitX13xjTGZbtfkca3Yo728mkicWXa5pyenW5A5vcfD+F6BDF
R/HzhYNlr/13uHltB3tt/xqV41V4K5Yhh4GjaHpYdwrhuKBbeImnyiB+zBN4WAgi
LFX6Lon6XgYlfB5t3PmkcEWHC3LUbtRns1f/dbcY97Izqb/5bSgpIDKmj5rwihvD
WKks/4+f0ZAKNBm0QBNHWNis5ucA02ABLQ5W/kNBwRM=
-----END CERTIFICATE REQUEST-----

27
cert/server.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAmPUi/1Tq/UFg95lyLLz8XFdaZmhLjbn4rc2zWcsju/G/U3DZ
uKNTEbF/Y/X+QjDyWMQGVYYz5uFC5cCAY4oU/a1dUGXxTId/EBU7z/+fn6JDNyzp
Z5rIu30y+LN9NCcqlVuMh7IfmNUKiveHuMqLJzvgKNz6sm75/6Snk+baAZG3o79h
iuWMfgauOIOIEJgVg3fP9xteAlFBh8M5ImdLOqqogc2pxdG4l92jfUoM+L1BNVzt
NcqUiNSRuKw12byFTrDFRl/HSZEuqWLUxrb2NC0i632mZOYy1dMUtIjh6vZcYRR8
TCaLHWnaXZTCMtYU9xlo3O3CJA+y9pTLBBwCSQIDAQABAoIBAGv7q7Bsh9UxIb7L
ApLY/KRIOxbPDH/KyegRr0t2IQ0fNv42Tk6OZye3koLEeLLMEVtfUEVykBOv9eVz
SHB9XCJXEOigf4CSq75z7x0BjvRIvoEmYMT2vj22vpRbSsnV2LdGwWhO9QWVaXMA
Gz33J9QT7kWK9CWiOTYkTPYaZM/zsyzCLz+Ut2mT8iq+rTKDHTh0JKkce9S0yYX3
NLuQnu768qSvZRaNZvCbb0B7zgocmzYmFHIu5lTo9UXWZID2m0KciVYw6Y07moog
o+5sLhLo7kmfETE9NI+MAUmsq2T2tVeQeEZrfM+diYZiGBKeettUfgeGnvv3Dh2O
8xItHy0CgYEAyRsb9dJORiyNzJP4BEBmOvJNEci4cEOW4RUj5YId2PY9lFsZH3Cg
Pv/3W8rxgkWNqNgW8Fzic0Teg7iQfhqimpMLPftQuU+IVx5yKFBe/1aeHaA0cesZ
q/VseLjSQ6G4gz/5D4o9wdvc0rPiLliORMdZnKL1zMxjMLD/y3zuwasCgYEAwrWD
7o7dscqlJzZPU33cR8J51+5LtOLF1DlF9SqRdmLZBUITyGuFq2FRppK9j/C0dEdg
lmlaG+ZAPdL7biM+hc7aZcZyEiRvD84HKlh0A69mydUTJzSpHySywyX4SlFaQN+b
eQZjZ2h62O5FepcRHxWFN4H0x5Baz+uCIHXZ/9sCgYAVckOoEnZwe13f3EPNyERe
supPJDWvGzYi6Ms8NYUTVyc4BAMI3EzqiweJDXp15w71W54OogkwO77zEyKtoA+J
JndDc+Km8HlcuQ15iSCoYEdaZ3RQVb8WHIUl1qftuHhh3tejtZ1iaB0Dh1VuldkO
Mqg20RYfcgh979JHlBouIwKBgAsuBvREqcASpab5vFZL7MEGDp7yZNBvEPLdkwG/
vvhwNovRvncMjXFItjp9RHsmVAY1LvuT8wOVFe021w784RMnzGx5l4UpKGNc7hZl
W8v2X02JeX8PzAIoxkbkQDxsLWV6MWAimMSQQDWCgOTIFciWIL8OLDLlPAGiQSeB
/NFvAoGAVyMxtyA1VuYf5bTXkZpWtb6yo0aYgA15ryqLvGMR5xeDUjNSTvDxmBh6
mIZ78SP1UUzrS8N3ExOj/fKsEcLMe/zlR4CZm3+yhCOiDxGN3JW2QXmKVizh/AqP
Wa8lT2E4AHYXTTJ97CX2SX4J5hwk7yCjjdpl0u1GUOiifwVzrRI=
-----END RSA PRIVATE KEY-----

20
cert/server.pem Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDOjCCAiKgAwIBAgIJAMBKnBQykD30MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV
BAYTAkdCMQ4wDAYDVQQHDAVDaGluYTELMAkGA1UECgwCZ2QxDzANBgNVBAMMBmNh
LmNvbTAeFw0yMTAxMTYyMTIzNTVaFw0zMTAxMTQyMTIzNTVaMEcxCzAJBgNVBAYT
AkdCMQ4wDAYDVQQHDAVDaGluYTEPMA0GA1UECgwGc2VydmVyMRcwFQYDVQQDDA5z
ZXJ2ZXIuZ3JwYy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJj1
Iv9U6v1BYPeZciy8/FxXWmZoS425+K3Ns1nLI7vxv1Nw2bijUxGxf2P1/kIw8ljE
BlWGM+bhQuXAgGOKFP2tXVBl8UyHfxAVO8//n5+iQzcs6WeayLt9MvizfTQnKpVb
jIeyH5jVCor3h7jKiyc74Cjc+rJu+f+kp5Pm2gGRt6O/YYrljH4GrjiDiBCYFYN3
z/cbXgJRQYfDOSJnSzqqqIHNqcXRuJfdo31KDPi9QTVc7TXKlIjUkbisNdm8hU6w
xUZfx0mRLqli1Ma29jQtIut9pmTmMtXTFLSI4er2XGEUfEwmix1p2l2UwjLWFPcZ
aNztwiQPsvaUywQcAkkCAwEAAaM1MDMwMQYDVR0RBCowKIIJKi5ncnBjLmlvggoq
LmdycGMub3Jngglsb2NhbGhvc3SHBAAAAAAwDQYJKoZIhvcNAQELBQADggEBAAYR
z0Th3F0TeranAaVZbbYnpX+IFaADLC4XKCIP5/BvDoIm8SZ78GiaRTDOrDIj7cTr
Y/wjRBHRbcfc1GkEhDrYLMF9qQX75cSnnqpmbWHHnQ+YLfbVMKxAAG7vd/OYWigq
3HpljA3qRT1dbd0DCIRqvKC22A15mabYYVTSzAW8BwNTUXHGvyLsGQMNu8KWWSED
raecI6yMV6JqG1IAED1IhZDISwSEkdWdN7Vfe5T1r2JVQArC+rlT21TGy9fuRTph
qZ9AxjL43o1bZeJPGfqSu2+X/X5BLJttrLbow8dLDqgAxXaRLuyU7tKAyOsf6lwt
sOV+N/K+CMOblSwtYXo=
-----END CERTIFICATE-----

55
cmd/client/main.go Normal file
View File

@ -0,0 +1,55 @@
package main
import (
"context"
"crypto/tls"
"crypto/x509"
"io/ioutil"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
pb "github.com/esinio/geco/gen/proto/echo/v1"
)
var addr = ":9090"
func main() {
cert, err := tls.LoadX509KeyPair("./cert/client.pem", "./cert/client.key")
if err != nil {
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile("./cert/ca.pem")
if err != nil {
log.Fatalf("ioutil.ReadFile err: %v", err)
}
if ok := certPool.AppendCertsFromPEM(ca); !ok {
log.Fatalf("certPool.AppendCertsFromPEM err")
}
c := credentials.NewTLS(&tls.Config{
Certificates: []tls.Certificate{cert},
ServerName: "example.grpc.io",
RootCAs: certPool,
})
conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(c))
if err != nil {
log.Fatalf("grpc.Dial err: %v", err)
}
defer conn.Close()
client := pb.NewEchoServiceClient(conn)
resp, err := client.Echo(context.Background(), &pb.StringMessage{
Value: "gRPC TLS example",
})
if err != nil {
log.Fatalf("client err: %v", err)
}
log.Printf("resp: %#v", resp)
}

27
cmd/server/main.go
View File

@ -2,16 +2,41 @@
package main
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
pb "github.com/esinio/geco/gen/proto/echo/v1"
srv "github.com/esinio/geco/service/echo/v1"
)
func main() {
s := grpc.NewServer()
cert, err := tls.LoadX509KeyPair("./cert/server.pem", "./cert/server.key")
if err != nil {
log.Fatal(err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile("./cert/ca.pem")
if err != nil {
log.Fatal(err)
}
if ok := certPool.AppendCertsFromPEM(ca); !ok {
log.Fatal("failed to append certs")
}
creds := credentials.NewTLS(&tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert, // NOTE: this is optional!
ClientCAs: certPool,
})
s := grpc.NewServer(grpc.Creds(creds))
pb.RegisterEchoServiceServer(s, srv.NewService())
lis, err := net.Listen("tcp", ":9090")
if err != nil {

1
go.mod
View File

@ -6,6 +6,7 @@ require (
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/protobuf v1.4.3
github.com/grpc-ecosystem/grpc-gateway/v2 v2.1.0
github.com/sirupsen/logrus v1.7.0
google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7
google.golang.org/grpc v1.34.0
google.golang.org/protobuf v1.25.0

11
go.sum
View File

@ -42,6 +42,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@ -111,15 +113,22 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@ -215,6 +224,7 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -367,6 +377,7 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=