github.com/ztalab/ZACA@v0.0.1/pkg/caclient/examples/server/server.go

github.com/ztalab/ZACA@v0.0.1/pkg/caclient/examples/server/server.go (about)

     1  package main
     2  
     3  import (
     4  	"crypto/tls"
     5  	"flag"
     6  	"fmt"
     7  	"github.com/ztalab/ZACA/pkg/caclient/examples/util"
     8  	"net"
     9  
    10  	"github.com/pkg/errors"
    11  	"github.com/valyala/fasthttp"
    12  	"github.com/ztalab/ZACA/pkg/caclient"
    13  	"github.com/ztalab/ZACA/pkg/keygen"
    14  	"github.com/ztalab/ZACA/pkg/logger"
    15  	"github.com/ztalab/ZACA/pkg/spiffe"
    16  	"go.uber.org/zap/zapcore"
    17  )
    18  
    19  var (
    20  	caAddr   = flag.String("ca", "https://127.0.0.1:8081", "CA Server")
    21  	ocspAddr = flag.String("ocsp", "http://127.0.0.1:8382", "Ocsp Server")
    22  	addr     = flag.String("addr", ":6066", "")
    23  	authKey  = "0739a645a7d6601d9d45f6b237c4edeadad904f2fce53625dfdd541ec4fc8134"
    24  )
    25  
    26  func init() {
    27  	logger.GlobalConfig(logger.Conf{
    28  		Debug: true,
    29  		Level: zapcore.DebugLevel,
    30  	})
    31  }
    32  
    33  func main() {
    34  	flag.Parse()
    35  	err := NewMTLSServer()
    36  	if err != nil {
    37  		logger.Fatal(err)
    38  	}
    39  	select {}
    40  }
    41  
    42  // NewMTLSServer mTLS Server Use example
    43  func NewMTLSServer() error {
    44  	l, _ := logger.NewZapLogger(&logger.Conf{
    45  		// Level: 2,
    46  		Level: 0,
    47  	})
    48  	c := caclient.NewCAI(
    49  		caclient.WithCAServer(caclient.RoleDefault, *caAddr),
    50  		caclient.WithOcspAddr(*ocspAddr),
    51  		caclient.WithAuthKey(authKey),
    52  		caclient.WithLogger(l),
    53  		caclient.WithCSRConf(keygen.CSRConf{
    54  			SNIHostnames: []string{"supreme"},
    55  			IPAddresses:  []string{"10.10.10.10"},
    56  		}),
    57  	)
    58  	ex, err := c.NewExchanger(&spiffe.IDGIdentity{
    59  		SiteID:    "test_site",
    60  		ClusterID: "cluster_test",
    61  		UniqueID:  "server1",
    62  	})
    63  	if err != nil {
    64  		return errors.Wrap(err, "Exchanger initialization failed")
    65  	}
    66  
    67  	// Start certificate rotation
    68  	go ex.RotateController().Run()
    69  
    70  	cfger, err := ex.ServerTLSConfig()
    71  	if err != nil {
    72  		panic(err)
    73  	}
    74  	cfger.BindExtraValidator(func(identity *spiffe.IDGIdentity) error {
    75  		fmt.Println("id: ", identity)
    76  		return nil
    77  	})
    78  	tlsCfg := cfger.TLSConfig()
    79  	tlsCfg.VerifyConnection = func(state tls.ConnectionState) error {
    80  		fmt.Println("test state connection")
    81  		return nil
    82  	}
    83  	go func() {
    84  		httpsServer(tlsCfg)
    85  	}()
    86  	util.ExtractCertFromExchanger(ex)
    87  	return nil
    88  }
    89  
    90  func httpsServer(cfg *tls.Config) {
    91  	ln, err := net.Listen("tcp4", *addr)
    92  	if err != nil {
    93  		panic(err)
    94  	}
    95  
    96  	defer ln.Close()
    97  
    98  	lnTLS := tls.NewListener(ln, cfg)
    99  
   100  	if err := fasthttp.Serve(lnTLS, func(ctx *fasthttp.RequestCtx) {
   101  		str := ctx.Request.String()
   102  		logger.Info("Recv: ", str)
   103  		ctx.SetStatusCode(200)
   104  		ctx.SetBody([]byte("Hello " + str))
   105  	}); err != nil {
   106  		panic(err)
   107  	}
   108  }