-
Notifications
You must be signed in to change notification settings - Fork 10
/
server.go
110 lines (97 loc) · 2.44 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package main
import (
"crypto/tls"
"flag"
"fmt"
"github.com/cloudslit/cloudslit/casdk/examples/util"
"net"
"github.com/cloudslit/cloudslit/casdk/caclient"
"github.com/cloudslit/cloudslit/casdk/keygen"
"github.com/cloudslit/cloudslit/casdk/pkg/logger"
"github.com/cloudslit/cloudslit/casdk/pkg/spiffe"
"github.com/pkg/errors"
"github.com/valyala/fasthttp"
"go.uber.org/zap/zapcore"
)
var (
caAddr = flag.String("ca", "https://192.168.2.80:8681", "CA Server")
ocspAddr = flag.String("ocsp", "http://192.168.2.80:8682", "Ocsp Server")
addr = flag.String("addr", ":6066", "")
authKey = "0739a645a7d6601d9d45f6b237c4edeadad904f2fce53625dfdd541ec4fc8134"
)
// go run server.go -ca https://127.0.0.1:8081 -ocsp http://127.0.0.1:8082
func init() {
logger.GlobalConfig(logger.Conf{
Debug: true,
Level: zapcore.DebugLevel,
})
}
func main() {
flag.Parse()
err := NewMTLSServer()
if err != nil {
logger.Fatal(err)
}
select {}
}
// NewMTLSServer mTLS Server Use example
func NewMTLSServer() error {
l, _ := logger.NewZapLogger(&logger.Conf{
// Level: 2,
Level: 0,
})
c := caclient.NewCAI(
caclient.WithCAServer(caclient.RoleDefault, *caAddr),
caclient.WithOcspAddr(*ocspAddr),
caclient.WithAuthKey(authKey),
caclient.WithLogger(l),
caclient.WithCSRConf(keygen.CSRConf{
SNIHostnames: []string{"supreme"},
IPAddresses: []string{"10.10.10.10"},
}),
)
ex, err := c.NewExchanger(&spiffe.IDGIdentity{
SiteID: "test_site",
ClusterID: "cluster_test",
UniqueID: "server1",
})
if err != nil {
return errors.Wrap(err, "Exchanger initialization failed")
}
// Start certificate rotation
go ex.RotateController().Run()
cfger, err := ex.ServerTLSConfig()
if err != nil {
panic(err)
}
cfger.BindExtraValidator(func(identity *spiffe.IDGIdentity) error {
fmt.Println("id: ", identity)
return nil
})
tlsCfg := cfger.TLSConfig()
tlsCfg.VerifyConnection = func(state tls.ConnectionState) error {
fmt.Println("test state connection")
return nil
}
go func() {
httpsServer(tlsCfg)
}()
util.ExtractCertFromExchanger(ex)
return nil
}
func httpsServer(cfg *tls.Config) {
ln, err := net.Listen("tcp4", *addr)
if err != nil {
panic(err)
}
defer ln.Close()
lnTLS := tls.NewListener(ln, cfg)
if err := fasthttp.Serve(lnTLS, func(ctx *fasthttp.RequestCtx) {
str := ctx.Request.String()
logger.Info("Recv: ", str)
ctx.SetStatusCode(200)
ctx.SetBody([]byte("Hello " + str))
}); err != nil {
panic(err)
}
}