Permalink
Browse files

Add service key to client RPC calls

  • Loading branch information...
1 parent 601ede8 commit 95637331bc686f2338648ecff642c857a29a0b04 @cesarghali cesarghali committed Feb 11, 2017
Showing with 25 additions and 3 deletions.
  1. +1 −0 .keytransparency.yaml
  2. +20 −2 cmd/keytransparency-client/cmd/root.go
  3. +4 −1 scripts/prepare_client.sh
@@ -6,3 +6,4 @@ kt-sig: "testdata/p256-pubkey.pem"
domain: "example.com"
kt-url: "104.199.112.76:5001"
client-secret: "client_secret.json"
+service-key: ""
@@ -166,6 +166,14 @@ func getCreds(clientSecretFile string) (credentials.PerRPCCredentials, error) {
return oauth.NewOauthAccess(tok), nil
}
+func getServiceCreds(serviceKeyFile string) (credentials.PerRPCCredentials, error) {
+ b, err := ioutil.ReadFile(serviceKeyFile)
+ if err != nil {
+ return nil, err
+ }
+ return oauth.NewServiceAccountFromKey(b, authentication.RequiredScopes...)
+}
+
func readSignatureVerifier(ktPEM string) (signatures.Verifier, error) {
pem, err := ioutil.ReadFile(ktPEM)
if err != nil {
@@ -212,7 +220,7 @@ func getClient(cc *grpc.ClientConn, mapID, vrfPubFile, ktSig, ctURL, ctPEM strin
return grpcc.New(mapID, cli, vrfKey, verifier, ctClient), nil
}
-func dial(ktURL, caFile, clientSecretFile string) (*grpc.ClientConn, error) {
+func dial(ktURL, caFile, clientSecretFile string, serviceKeyFile string) (*grpc.ClientConn, error) {
var opts []grpc.DialOption
if true {
host, _, err := net.SplitHostPort(ktURL)
@@ -233,12 +241,21 @@ func dial(ktURL, caFile, clientSecretFile string) (*grpc.ClientConn, error) {
opts = append(opts, grpc.WithTransportCredentials(creds))
}
+ // Add client credentials otherwise add service credentials. Client
+ // credentials take priority over service credentials. Only one of the
+ // two should exist in an RPC call.
if clientSecretFile != "" {
creds, err := getCreds(clientSecretFile)
if err != nil {
return nil, err
}
opts = append(opts, grpc.WithPerRPCCredentials(creds))
+ } else if serviceKeyFile != "" {
+ creds, err := getServiceCreds(serviceKeyFile)
+ if err != nil {
+ return nil, err
+ }
+ opts = append(opts, grpc.WithPerRPCCredentials(creds))
}
cc, err := grpc.Dial(ktURL, opts...)
if err != nil {
@@ -257,7 +274,8 @@ func GetClient(clientSecretFile string) (*grpcc.Client, error) {
ctURL := viper.GetString("ct-url")
ctPEM := viper.GetString("ct-key")
vrfFile := viper.GetString("vrf")
- cc, err := dial(ktURL, ktPEM, clientSecretFile)
+ serviceKeyFile := viper.GetString("service-key")
+ cc, err := dial(ktURL, ktPEM, clientSecretFile, serviceKeyFile)
if err != nil {
return nil, fmt.Errorf("Error Dialing %v: %v", ktURL, err)
}
@@ -25,6 +25,7 @@ DOMAIN=""
KTURLDEFAULT="104.199.112.76:5001"
KTURL=""
CLIENTSECRET=""
+SERVICEKEY=""
##################################
##### Collecting information #####
@@ -56,6 +57,7 @@ if [[ -z "${KTURL}" ]]; then
fi
read -p "Path to client secret file: " CLIENTSECRET
+read -p "Path to service key file: " SERVICEKEY
#####################
@@ -75,6 +77,7 @@ kt-key: \"${KTKEY}\"
kt-sig: \"${SIGKEY}\"
domain: \"${DOMAIN}\"
kt-url: \"${KTURL}\"
-client-secret: \"${CLIENTSECRET}\""
+client-secret: \"${CLIENTSECRET}\"
+service-key: \"${SERVICEKEY}\""
printf "%s\n" "${KTYAML}" > .keytransparency.yaml

0 comments on commit 9563733

Please sign in to comment.