github.com/outbrain/consul@v1.4.5/agent/connect/ca/plugin/transport_netrpc.go (about) 1 package plugin 2 3 import ( 4 "crypto/x509" 5 "net/rpc" 6 7 "github.com/hashicorp/consul/agent/connect/ca" 8 ) 9 10 // providerPluginRPCServer implements a net/rpc backed transport for 11 // an underlying implementation of a ca.Provider. The server side is the 12 // plugin binary itself. 13 type providerPluginRPCServer struct { 14 impl ca.Provider 15 } 16 17 func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { 18 return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig) 19 } 20 21 func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { 22 return p.impl.GenerateRoot() 23 } 24 25 func (p *providerPluginRPCServer) ActiveRoot(_ struct{}, resp *ActiveRootResponse) error { 26 var err error 27 resp.CrtPem, err = p.impl.ActiveRoot() 28 return err 29 } 30 31 func (p *providerPluginRPCServer) GenerateIntermediateCSR(_ struct{}, resp *GenerateIntermediateCSRResponse) error { 32 var err error 33 resp.CsrPem, err = p.impl.GenerateIntermediateCSR() 34 return err 35 } 36 37 func (p *providerPluginRPCServer) SetIntermediate(args *SetIntermediateRPCRequest, _ *struct{}) error { 38 return p.impl.SetIntermediate(args.IntermediatePEM, args.RootPEM) 39 } 40 41 func (p *providerPluginRPCServer) ActiveIntermediate(_ struct{}, resp *ActiveIntermediateResponse) error { 42 var err error 43 resp.CrtPem, err = p.impl.ActiveIntermediate() 44 return err 45 } 46 47 func (p *providerPluginRPCServer) GenerateIntermediate(_ struct{}, resp *GenerateIntermediateResponse) error { 48 var err error 49 resp.CrtPem, err = p.impl.GenerateIntermediate() 50 return err 51 } 52 53 func (p *providerPluginRPCServer) Sign(args *SignRequest, resp *SignResponse) error { 54 csr, err := x509.ParseCertificateRequest(args.Csr) 55 if err != nil { 56 return err 57 } 58 59 resp.CrtPem, err = p.impl.Sign(csr) 60 return err 61 } 62 63 func (p *providerPluginRPCServer) SignIntermediate(args *SignIntermediateRequest, resp *SignIntermediateResponse) error { 64 csr, err := x509.ParseCertificateRequest(args.Csr) 65 if err != nil { 66 return err 67 } 68 69 resp.CrtPem, err = p.impl.SignIntermediate(csr) 70 return err 71 } 72 73 func (p *providerPluginRPCServer) CrossSignCA(args *CrossSignCARequest, resp *CrossSignCAResponse) error { 74 crt, err := x509.ParseCertificate(args.Crt) 75 if err != nil { 76 return err 77 } 78 79 resp.CrtPem, err = p.impl.CrossSignCA(crt) 80 return err 81 } 82 83 func (p *providerPluginRPCServer) Cleanup(struct{}, *struct{}) error { 84 return p.impl.Cleanup() 85 } 86 87 // providerPluginRPCClient implements a net/rpc backed transport for 88 // an underlying implementation of a ca.Provider. The client side is the 89 // software calling into the plugin binary over rpc. 90 // 91 // This implements ca.Provider. 92 type providerPluginRPCClient struct { 93 client *rpc.Client 94 } 95 96 func (p *providerPluginRPCClient) Configure( 97 clusterId string, 98 isRoot bool, 99 rawConfig map[string]interface{}) error { 100 return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ 101 ClusterId: clusterId, 102 IsRoot: isRoot, 103 RawConfig: rawConfig, 104 }, &struct{}{}) 105 } 106 107 func (p *providerPluginRPCClient) GenerateRoot() error { 108 return p.client.Call("Plugin.GenerateRoot", struct{}{}, &struct{}{}) 109 } 110 111 func (p *providerPluginRPCClient) ActiveRoot() (string, error) { 112 var resp ActiveRootResponse 113 err := p.client.Call("Plugin.ActiveRoot", struct{}{}, &resp) 114 return resp.CrtPem, err 115 } 116 117 func (p *providerPluginRPCClient) GenerateIntermediateCSR() (string, error) { 118 var resp GenerateIntermediateCSRResponse 119 err := p.client.Call("Plugin.GenerateIntermediateCSR", struct{}{}, &resp) 120 return resp.CsrPem, err 121 } 122 123 func (p *providerPluginRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { 124 return p.client.Call("Plugin.SetIntermediate", &SetIntermediateRPCRequest{ 125 IntermediatePEM: intermediatePEM, 126 RootPEM: rootPEM, 127 }, &struct{}{}) 128 } 129 130 func (p *providerPluginRPCClient) ActiveIntermediate() (string, error) { 131 var resp ActiveIntermediateResponse 132 err := p.client.Call("Plugin.ActiveIntermediate", struct{}{}, &resp) 133 return resp.CrtPem, err 134 } 135 136 func (p *providerPluginRPCClient) GenerateIntermediate() (string, error) { 137 var resp GenerateIntermediateResponse 138 err := p.client.Call("Plugin.GenerateIntermediate", struct{}{}, &resp) 139 return resp.CrtPem, err 140 } 141 142 func (p *providerPluginRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { 143 var resp SignResponse 144 err := p.client.Call("Plugin.Sign", &SignRequest{ 145 Csr: csr.Raw, 146 }, &resp) 147 return resp.CrtPem, err 148 } 149 150 func (p *providerPluginRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { 151 var resp SignIntermediateResponse 152 err := p.client.Call("Plugin.SignIntermediate", &SignIntermediateRequest{ 153 Csr: csr.Raw, 154 }, &resp) 155 return resp.CrtPem, err 156 } 157 158 func (p *providerPluginRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { 159 var resp CrossSignCAResponse 160 err := p.client.Call("Plugin.CrossSignCA", &CrossSignCARequest{ 161 Crt: crt.Raw, 162 }, &resp) 163 return resp.CrtPem, err 164 } 165 166 func (p *providerPluginRPCClient) Cleanup() error { 167 return p.client.Call("Plugin.Cleanup", struct{}{}, &struct{}{}) 168 } 169 170 // Verification 171 var _ ca.Provider = &providerPluginRPCClient{} 172 173 //------------------------------------------------------------------- 174 // Structs for net/rpc request and response 175 176 type ConfigureRPCRequest struct { 177 ClusterId string 178 IsRoot bool 179 RawConfig map[string]interface{} 180 } 181 182 type SetIntermediateRPCRequest struct { 183 IntermediatePEM string 184 RootPEM string 185 }