Merge pull request #615 from egodigitus/examples-tls

[ADDED] tls in example clients
nats-io · May 4, 2021 · 904b259 · 904b259
2 parents 35e9be9 + 7dcfa15
commit 904b259
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/examples/nats-pub/main.go b/examples/nats-pub/main.go
@@ -1,4 +1,4 @@
-// Copyright 2012-2019 The NATS Authors
+// Copyright 2012-2020 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -26,7 +26,7 @@ import (
 // nats-pub -s demo.nats.io:4443 <subject> <msg> (TLS version)
 
 func usage() {
-	log.Printf("Usage: nats-pub [-s server] [-creds file] <subject> <msg>\n")
+	log.Printf("Usage: nats-pub [-s server] [-creds file] [-tlscert file] [-tlskey file] [-tlscacert file] <subject> <msg>\n")
 	flag.PrintDefaults()
 }
 
@@ -38,8 +38,11 @@ func showUsageAndExit(exitcode int) {
 func main() {
 	var urls = flag.String("s", nats.DefaultURL, "The nats server URLs (separated by comma)")
 	var userCreds = flag.String("creds", "", "User Credentials File")
-	var showHelp = flag.Bool("h", false, "Show help message")
+	var tlsClientCert = flag.String("tlscert", "", "TLS client certificate file")
+	var tlsClientKey = flag.String("tlskey", "", "Private key file for client certificate")
+	var tlsCACert = flag.String("tlscacert", "", "CA certificate to verify peer against")
 	var reply = flag.String("reply", "", "Sets a specific reply subject")
+	var showHelp = flag.Bool("h", false, "Show help message")
 
 	log.SetFlags(0)
 	flag.Usage = usage
@@ -62,6 +65,16 @@ func main() {
 		opts = append(opts, nats.UserCredentials(*userCreds))
 	}
 
+	// Use TLS client authentication
+	if *tlsClientCert != "" && *tlsClientKey != "" {
+		opts = append(opts, nats.ClientCert(*tlsClientCert, *tlsClientKey))
+	}
+
+	// Use specific CA certificate
+	if *tlsCACert != "" {
+		opts = append(opts, nats.RootCAs(*tlsCACert))
+	}
+
 	// Connect to NATS
 	nc, err := nats.Connect(*urls, opts...)
 	if err != nil {

diff --git a/examples/nats-sub/main.go b/examples/nats-sub/main.go
@@ -1,4 +1,4 @@
-// Copyright 2012-2019 The NATS Authors
+// Copyright 2012-2020 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -28,7 +28,7 @@ import (
 // nats-sub -s demo.nats.io:4443 <subject> (TLS version)
 
 func usage() {
-	log.Printf("Usage: nats-sub [-s server] [-creds file] [-t] <subject>\n")
+	log.Printf("Usage: nats-sub [-s server] [-creds file] [-tlscert file] [-tlskey file] [-tlscacert file] [-t] <subject>\n")
 	flag.PrintDefaults()
 }
 
@@ -44,6 +44,9 @@ func printMsg(m *nats.Msg, i int) {
 func main() {
 	var urls = flag.String("s", nats.DefaultURL, "The nats server URLs (separated by comma)")
 	var userCreds = flag.String("creds", "", "User Credentials File")
+	var tlsClientCert = flag.String("tlscert", "", "TLS client certificate file")
+	var tlsClientKey = flag.String("tlskey", "", "Private key file for client certificate")
+	var tlsCACert = flag.String("tlscacert", "", "CA certificate to verify peer against")
 	var showTime = flag.Bool("t", false, "Display timestamps")
 	var showHelp = flag.Bool("h", false, "Show help message")
 
@@ -69,6 +72,16 @@ func main() {
 		opts = append(opts, nats.UserCredentials(*userCreds))
 	}
 
+	// Use TLS client authentication
+	if *tlsClientCert != "" && *tlsClientKey != "" {
+		opts = append(opts, nats.ClientCert(*tlsClientCert, *tlsClientKey))
+	}
+
+	// Use specific CA certificate
+	if *tlsCACert != "" {
+		opts = append(opts, nats.RootCAs(*tlsCACert))
+	}
+
 	// Connect to NATS
 	nc, err := nats.Connect(*urls, opts...)
 	if err != nil {