Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added examples/add with is a simple TLS/SSL enabled service to add 2 …
…numbers
- Loading branch information
bill
committed
Apr 5, 2012
1 parent
193746c
commit 8f303d5
Showing
4 changed files
with
129 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
|
||
This is a simple add service that happens over a TLS connection. | ||
|
||
To generate code from the protobuf file: | ||
cd addservice | ||
protoc --go_out=. addservice.proto | ||
|
||
To compile the server: | ||
go build add.go | ||
|
||
To compile the client: | ||
go build client.go | ||
|
||
To make test certificates: | ||
./makecert.sh AnyFakeOrRealEmail@foo.com | ||
|
||
To test run add in one window/shell and client in the other. | ||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
package main | ||
|
||
import ( | ||
"flag" | ||
"log" | ||
"net" | ||
"crypto/rand" | ||
"crypto/tls" | ||
"crypto/x509" | ||
"./addservice" | ||
) | ||
|
||
// Add is the type which will implement the addservice.AddService interface | ||
// and can be called remotely. In this case, it does not have any state, but | ||
// it could. | ||
type Add struct{} | ||
|
||
// Add is the function that can be called remotely. Note that this can be | ||
// called concurrently, so if the Echo structure did have internal state, | ||
// it should be designed for concurrent access. | ||
func (Add) Add(in *addservice.AddMessage, out *addservice.SumMessage) error { | ||
log.Printf("server: X=%d", *in.X) | ||
log.Printf("server: Y=%d", *in.Y) | ||
out.Z = new(int32) | ||
*out.Z = *in.X + *in.Y | ||
log.Printf("server: Z=%d", *out.Z) | ||
return nil | ||
} | ||
|
||
func handleClient(conn net.Conn) { | ||
tlscon, ok := conn.(*tls.Conn) | ||
if ok { | ||
log.Print("server: conn: type assert to TLS succeedded") | ||
err := tlscon.Handshake() | ||
if err != nil { | ||
log.Fatalf("server: handshake failed: %s", err) | ||
} else { | ||
log.Print("server: conn: Handshake completed") | ||
} | ||
state := tlscon.ConnectionState() | ||
// Note we could reject clients if we don't like their public key. | ||
log.Println("Server: client public key is:") | ||
for _, v := range state.PeerCertificates { | ||
log.Print(x509.MarshalPKIXPublicKey(v.PublicKey)) | ||
} | ||
// Now that we have completed SSL/TLS | ||
addservice.ServeAddService(tlscon,Add{}) | ||
} | ||
} | ||
|
||
func serverTLSListen(service string) { | ||
|
||
// Load x509 certificates for our private/public key, makecert.sh will | ||
// generate them for you. | ||
|
||
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key") | ||
if err != nil { | ||
log.Fatalf("server: loadkeys: %s", err) | ||
} | ||
// Note if we don't tls.RequireAnyClientCert client side certs are ignored. | ||
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert} | ||
config.Rand = rand.Reader | ||
listener, err := tls.Listen("tcp", service, &config) | ||
if err != nil { | ||
log.Fatalf("server: listen: %s", err) | ||
} | ||
log.Print("server: listening") | ||
// Keep this loop simple/fast as to be able to handle new connections | ||
for { | ||
conn, err := listener.Accept() | ||
if err != nil { | ||
log.Printf("server: accept: %s", err) | ||
break | ||
} | ||
log.Printf("server: accepted from %s", conn.RemoteAddr()) | ||
// Fire off go routing to handle rest of connection. | ||
go handleClient(conn) | ||
} | ||
} | ||
|
||
func main() { | ||
flag.Parse() | ||
serverTLSListen("0.0.0.0:8000") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package addservice; | ||
|
||
message add_message { | ||
required int32 x=1; | ||
required int32 y=2; | ||
} | ||
|
||
message sum_message { | ||
required int32 z=1; | ||
} | ||
|
||
service add_service { | ||
rpc add (add_message) returns (sum_message); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
# call this script with an email address (valid or not). | ||
# like: | ||
# ./makecert.sh joe@random.com | ||
mkdir certs | ||
rm certs/* | ||
echo "make server cert" | ||
openssl req -new -nodes -x509 -out certs/server.pem -keyout certs/server.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1" | ||
echo "make client cert" | ||
openssl req -new -nodes -x509 -out certs/client.pem -keyout certs/client.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1" |