/
transport.go
141 lines (124 loc) · 3.61 KB
/
transport.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package transport
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"time"
"github.com/konveyor/crane-lib/state_transfer/endpoint"
"github.com/konveyor/crane-lib/state_transfer/meta"
v1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// Transport knows how to create an end to end tunnel for a transfer to work on
type Transport interface {
// NamespacedNamePair returns a source and a destination pair to identify this transport
NamespacedNamePair() meta.NamespacedNamePair
//.CA returns CA used by the transport
CA() *bytes.Buffer
// Crt returns certificate used by the transport for encryption
Crt() *bytes.Buffer
Key() *bytes.Buffer
// Port returns a port on which the transport listens for connections
Port() int32
// ExposedPort returns an exposed port for transfers to use
ExposedPort() int32
// ClientContainers returns a list of containers transfers can add to their client Pods
ClientContainers() []v1.Container
// ClientVolumes returns a list of volumes transfers can add to their client Pods
ClientVolumes() []v1.Volume
// ServerContainers returns a list of containers transfers can add to their server Pods
ServerContainers() []v1.Container
// ServerVolumes returns a list of volumes transfers can add to their server Pods
ServerVolumes() []v1.Volume
Direct() bool
CreateServer(client.Client, endpoint.Endpoint) error
CreateClient(client.Client, endpoint.Endpoint) error
Options() *Options
// Type
Type() TransportType
}
type Options struct {
ProxyURL string
ProxyUsername string
ProxyPassword string
NoVerifyCA bool
CAVerifyLevel string
StunnelClientImage string
StunnelServerImage string
}
type TransportType string
func CreateServer(t Transport, c client.Client, e endpoint.Endpoint) (Transport, error) {
err := t.CreateServer(c, e)
if err != nil {
return nil, err
}
return t, nil
}
func CreateClient(t Transport, c client.Client, e endpoint.Endpoint) (Transport, error) {
err := t.CreateClient(c, e)
if err != nil {
return nil, err
}
return t, nil
}
func DestroyServer(t Transport) error {
return nil
}
func DestroyClient(t Transport) error {
return nil
}
func GenerateSSLCert() (*bytes.Buffer, *bytes.Buffer, *bytes.Buffer, error) {
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, nil, nil, err
}
subj := pkix.Name{
CommonName: "openshift.io",
Country: []string{"US"},
Province: []string{"NC"},
Locality: []string{"RDU"},
Organization: []string{"Migration Engineering"},
OrganizationalUnit: []string{"Engineering"},
}
certTemp := x509.Certificate{
SerialNumber: big.NewInt(2020),
Subject: subj,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
caBytes, err := x509.CreateCertificate(
rand.Reader,
&certTemp,
&certTemp,
&caPrivKey.PublicKey,
caPrivKey,
)
if err != nil {
return nil, nil, nil, err
}
crt := new(bytes.Buffer)
err = pem.Encode(crt, &pem.Block{
Type: "CERTIFICATE",
Bytes: caBytes,
})
if err != nil {
return nil, nil, nil, err
}
key := new(bytes.Buffer)
err = pem.Encode(key, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
})
if err != nil {
return nil, nil, nil, err
}
return crt, crt, key, nil
}