github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/gossip/util/grpc.go

github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/gossip/util/grpc.go (about)

     1  /*
     2  Copyright hechain. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package util
     8  
     9  import (
    10  	"crypto/tls"
    11  	"crypto/x509"
    12  	"fmt"
    13  	"net"
    14  	"strconv"
    15  	"time"
    16  
    17  	"github.com/hechain20/hechain/common/crypto/tlsgen"
    18  	"github.com/hechain20/hechain/gossip/api"
    19  	"github.com/hechain20/hechain/gossip/common"
    20  	"github.com/hechain20/hechain/internal/pkg/comm"
    21  	"google.golang.org/grpc"
    22  	"google.golang.org/grpc/credentials"
    23  )
    24  
    25  // CA that generates TLS key-pairs
    26  var ca = createCAOrPanic()
    27  
    28  func createCAOrPanic() tlsgen.CA {
    29  	ca, err := tlsgen.NewCA()
    30  	if err != nil {
    31  		panic(fmt.Sprintf("failed creating CA: %+v", err))
    32  	}
    33  	return ca
    34  }
    35  
    36  // CreateGRPCLayer returns a new gRPC server with associated port, TLS certificates, SecureDialOpts and DialOption
    37  func CreateGRPCLayer() (port int, gRPCServer *comm.GRPCServer, certs *common.TLSCertificates,
    38  	secureDialOpts api.PeerSecureDialOpts, dialOpts []grpc.DialOption) {
    39  	serverKeyPair, err := ca.NewServerCertKeyPair("127.0.0.1")
    40  	if err != nil {
    41  		panic(err)
    42  	}
    43  	clientKeyPair, err := ca.NewClientCertKeyPair()
    44  	if err != nil {
    45  		panic(err)
    46  	}
    47  
    48  	tlsServerCert, err := tls.X509KeyPair(serverKeyPair.Cert, serverKeyPair.Key)
    49  	if err != nil {
    50  		panic(err)
    51  	}
    52  	tlsClientCert, err := tls.X509KeyPair(clientKeyPair.Cert, clientKeyPair.Key)
    53  	if err != nil {
    54  		panic(err)
    55  	}
    56  
    57  	tlsConf := &tls.Config{
    58  		Certificates: []tls.Certificate{tlsClientCert},
    59  		ClientAuth:   tls.RequestClientCert,
    60  		RootCAs:      x509.NewCertPool(),
    61  	}
    62  
    63  	tlsConf.RootCAs.AppendCertsFromPEM(ca.CertBytes())
    64  
    65  	ta := credentials.NewTLS(tlsConf)
    66  	dialOpts = append(dialOpts, grpc.WithTransportCredentials(ta))
    67  
    68  	secureDialOpts = func() []grpc.DialOption {
    69  		return dialOpts
    70  	}
    71  
    72  	certs = &common.TLSCertificates{}
    73  	certs.TLSServerCert.Store(&tlsServerCert)
    74  	certs.TLSClientCert.Store(&tlsClientCert)
    75  
    76  	srvConfig := comm.ServerConfig{
    77  		ConnectionTimeout: time.Second,
    78  		SecOpts: comm.SecureOptions{
    79  			Key:         serverKeyPair.Key,
    80  			Certificate: serverKeyPair.Cert,
    81  			UseTLS:      true,
    82  		},
    83  	}
    84  	gRPCServer, err = comm.NewGRPCServer("127.0.0.1:", srvConfig)
    85  	if err != nil {
    86  		panic(err)
    87  	}
    88  
    89  	_, portString, err := net.SplitHostPort(gRPCServer.Address())
    90  	if err != nil {
    91  		panic(err)
    92  	}
    93  	portInt, err := strconv.Atoi(portString)
    94  	if err != nil {
    95  		panic(err)
    96  	}
    97  
    98  	return portInt, gRPCServer, certs, secureDialOpts, dialOpts
    99  }