zeromicro/go-zero
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

support RpcClient Vertify With Unilateralism and Mutual (#647)

Browse Source 
Co-authored-by: Kevin Wan <wanjunfeng@gmail.com>
This commit is contained in:
workman-Lu
2021-10-30 22:07:15 +08:00
committed by GitHub
parent bef5bd4e4f
commit 9df6786b09
5 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
zrpc/internal/client.go
View File

@@ -2,8 +2,12 @@ package internal
import (
"context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"io/ioutil"
"log"
"strings"
"time"
@@ -11,6 +15,7 @@ import (
"github.com/tal-tech/go-zero/zrpc/internal/clientinterceptors"
"github.com/tal-tech/go-zero/zrpc/internal/resolver"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
const (
@@ -65,7 +70,6 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
}
options := []grpc.DialOption{
grpc.WithInsecure(),
grpc.WithBlock(),
WithUnaryClientInterceptors(
clientinterceptors.UnaryTracingInterceptor,
@@ -112,6 +116,13 @@ func WithDialOption(opt grpc.DialOption) ClientOption {
}
}
// WithInsecure returns a func to customize a ClientOptions with secure option.
func WithInsecure() ClientOption {
return func(options *ClientOptions) {
options.DialOptions = append(options.DialOptions, grpc.WithInsecure())
}
}
// WithTimeout returns a func to customize a ClientOptions with given timeout.
func WithTimeout(timeout time.Duration) ClientOption {
return func(options *ClientOptions) {
@@ -132,3 +143,40 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO
options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
}
}
// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication.
func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption {
return func(options *ClientOptions) {
c, err := credentials.NewClientTLSFromFile(crt, domainName)
if err != nil {
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
}
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
}
}
// WithTlsClientFromMutual return a func to customize a ClientOptions Verify with mutual authentication.
func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
return func(options *ClientOptions) {
cert, err := tls.LoadX509KeyPair(crtFile, keyFile)
if err != nil {
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile(caFile)
if err != nil {
log.Fatalf("credentials: failed to ReadFile CA certificates err: %v", err)
}
if !certPool.AppendCertsFromPEM(ca) {
log.Fatalf("credentials: failed to append certificates err: %v", err)
}
config := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: certPool,
}
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config)))
}
}