Home Explore
Register Sign In
SongZihuan
/
GoZeroPlus
mirror of https://github.com/SongZihuan/go-zero-plus
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

support RpcClient Vertify With Unilateralism and Mutual (#647)

Co-authored-by: Kevin Wan <wanjunfeng@gmail.com>
workman-Lu 3 years ago
parent
bef5bd4e4f
commit
9df6786b09
5 changed files with 69 additions and 2 deletions
Split View Show Diff Stats
  1. 9 0
      zrpc/client.go
  2. 0 1
      zrpc/client_test.go
  3. 6 0
      zrpc/config.go
  4. 5 0
      zrpc/config_test.go
  5. 49 1
      zrpc/internal/client.go

+ 9 - 0
zrpc/client.go
View File 

@@ -18,6 +18,12 @@ var (
 
 	WithRetry = internal.WithRetry
 
 	// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
 
 	WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
 
+	// WithInsecure is an alias of internal.WithInsecure.
 
+	WithInsecure = internal.WithInsecure
 
+	// WithTlsClientFromUnilateralism is an alias of internal.WithTlsClientFromUnilateralism
 
+	WithTlsClientFromUnilateralism = internal.WithTlsClientFromUnilateralism
 
+	// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
 
+	WithTlsClientFromMutual = internal.WithTlsClientFromMutual
 
 )
 
 
 type (
 
@@ -58,6 +64,9 @@ func NewClient(c RpcClientConf, options ...ClientOption) (Client, error) {
 
 		opts = append(opts, WithRetry())
 
 	}
 
 	opts = append(opts, options...)
 
+	if !c.HasSslVerify() {
 
+		opts = append(opts, WithInsecure())
 
+	}
 
 
 	var target string
 
 	var err error

+ 0 - 1
zrpc/client_test.go
View File 

@@ -76,7 +76,6 @@ func TestDepositServer_Deposit(t *testing.T) {
 
 			Token:     "bar",
 
 			Timeout:   1000,
 
 		},
 
-		WithDialOption(grpc.WithInsecure()),
 
 		WithDialOption(grpc.WithContextDialer(dialer())),
 
 		WithUnaryClientInterceptor(func(ctx context.Context, method string, req, reply interface{},
 
 			cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {

+ 6 - 0
zrpc/config.go
View File 

@@ -30,6 +30,7 @@ type (
 
 		Token     string          `json:",optional"`
 
 		Retry     bool            `json:",optional"` // grpc auto retry
 
 		Timeout   int64           `json:",default=2000"`
 
+		InsecureVerify bool            `json:",default=false"`
 
 	}
 
 )
 
 
@@ -72,3 +73,8 @@ func (sc RpcServerConf) Validate() error {
 
 func (cc RpcClientConf) HasCredential() bool {
 
 	return len(cc.App) > 0 && len(cc.Token) > 0
 
 }
 
+
 
+//HasTls checks if there is a SSL in config.
 
+func (cc RpcClientConf) HasSslVerify() bool {
 
+	return cc.InsecureVerify
 
+}

+ 5 - 0
zrpc/config_test.go
View File 

@@ -14,6 +14,11 @@ func TestRpcClientConf(t *testing.T) {
 
 	assert.True(t, conf.HasCredential())
 
 	conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar")
 
 	assert.True(t, conf.HasCredential())
 
+	// ssl on
 
+	conf = NewDirectClientConf([]string{"localhost:1234", "localhost:5678"}, "foo", "bar")
 
+	assert.False(t, conf.HasSslVerify())
 
+	conf.InsecureVerify = true
 
+	assert.True(t, conf.HasSslVerify())
 
 }
 
 
 func TestRpcServerConf(t *testing.T) {

+ 49 - 1
zrpc/internal/client.go
View File 

@@ -2,8 +2,12 @@ package internal
 
 
 import (
 
 	"context"
 
+	"crypto/tls"
 
+	"crypto/x509"
 
 	"errors"
 
 	"fmt"
 
+	"io/ioutil"
 
+	"log"
 
 	"strings"
 
 	"time"
 
 
@@ -11,6 +15,7 @@ import (
 
 	"github.com/tal-tech/go-zero/zrpc/internal/clientinterceptors"
 
 	"github.com/tal-tech/go-zero/zrpc/internal/resolver"
 
 	"google.golang.org/grpc"
 
+	"google.golang.org/grpc/credentials"
 
 )
 
 
 const (
 
@@ -65,7 +70,6 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
 
 	}
 
 
 	options := []grpc.DialOption{
 
-		grpc.WithInsecure(),
 
 		grpc.WithBlock(),
 
 		WithUnaryClientInterceptors(
 
 			clientinterceptors.UnaryTracingInterceptor,
 
@@ -112,6 +116,13 @@ func WithDialOption(opt grpc.DialOption) ClientOption {
 
 	}
 
 }
 
 
+// WithInsecure returns a func to customize a ClientOptions with secure option.
 
+func WithInsecure() ClientOption {
 
+	return func(options *ClientOptions) {
 
+		options.DialOptions = append(options.DialOptions, grpc.WithInsecure())
 
+	}
 
+}
 
+
 
 // WithTimeout returns a func to customize a ClientOptions with given timeout.
 
 func WithTimeout(timeout time.Duration) ClientOption {
 
 	return func(options *ClientOptions) {
 
@@ -132,3 +143,40 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO
 
 		options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
 
 	}
 
 }
 
+
 
+// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication.
 
+func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption {
 
+	return func(options *ClientOptions) {
 
+		c, err := credentials.NewClientTLSFromFile(crt, domainName)
 
+		if err != nil {
 
+			log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
 
+		}
 
+		options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
 
+	}
 
+}
 
+
 
+// WithTlsClientFromMutual return a func to customize a ClientOptions Verify with mutual authentication.
 
+func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
 
+	return func(options *ClientOptions) {
 
+		cert, err := tls.LoadX509KeyPair(crtFile, keyFile)
 
+		if err != nil {
 
+			log.Fatalf("tls.LoadX509KeyPair err: %v", err)
 
+		}
 
+		certPool := x509.NewCertPool()
 
+		ca, err := ioutil.ReadFile(caFile)
 
+		if err != nil {
 
+			log.Fatalf("credentials: failed to ReadFile CA certificates err: %v", err)
 
+		}
 
+
 
+		if !certPool.AppendCertsFromPEM(ca) {
 
+			log.Fatalf("credentials: failed to append certificates err: %v", err)
 
+		}
 
+
 
+		config := &tls.Config{
 
+			Certificates: []tls.Certificate{cert},
 
+			RootCAs:      certPool,
 
+		}
 
+
 
+		options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config)))
 
+	}
 
+}