Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package server
/*
Copyright (c) 2018 Vereign AG [https://www.vereign.com]
This is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import (
"fmt"
"log"
"net"
"net/http"
"strings"
"github.com/grpc-ecosystem/grpc-gateway/runtime"
"golang.org/x/net/context"
"code.vereign.com/code/key-storage-agent/handler"
"code.vereign.com/code/key-storage-agent/session"
"code.vereign.com/code/viam-apis/authentication"
"code.vereign.com/code/viam-apis/data-storage-agent/client"
api "code.vereign.com/code/viam-apis/key-storage-agent/api"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
)
// private type for Context keys
type contextKey int
const (
clientIDKey contextKey = iota
)
var pkgCertFile string
func credMatcher(headerName string) (mdName string, ok bool) {
if headerName == "Session" {
return headerName, true
}
return "", false
}
// authenticateAgent check the client credentials
func authenticateClient(ctx context.Context, s *handler.KeyStorageServerImpl, invokedMethod string) (string, error) {
if md, ok := metadata.FromIncomingContext(ctx); ok {
clientAuth := &authentication.Authentication{
Uuid: strings.Join(md["uuid"], ""),
Session: strings.Join(md["session"], ""),
}
viamAuth := &authentication.Authentication{
Uuid: "viam-system",
Session: "viam-session",
}
sessionClient := &client.DataStorageClientImpl{}
sessionClient.SetUpClient(viamAuth, viper.GetString("dataStorageClientUrl"), pkgCertFile)
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
defer sessionClient.CloseClient()
if clientAuth.Uuid == viamAuth.Uuid {
if clientAuth.Session != viamAuth.Session {
return "", fmt.Errorf("bad session %s", clientAuth.Session)
}
} else {
if session.CheckSession(clientAuth.Uuid, clientAuth.Session, sessionClient) == false {
return "", fmt.Errorf("bad session %s", clientAuth.Session)
}
}
log.Printf("authenticated uuid: %s", clientAuth.Uuid)
return clientAuth.Uuid, nil
}
return "", fmt.Errorf("missing credentials")
}
// unaryInterceptor call authenticateClient with current context
func unaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler1 grpc.UnaryHandler) (interface{}, error) {
s, ok := info.Server.(*handler.KeyStorageServerImpl)
fmt.Println("Invoked method: " + info.FullMethod)
if !ok {
return nil, fmt.Errorf("unable to cast server")
}
clientID, err := authenticateClient(ctx, s, info.FullMethod)
if err != nil {
return nil, err
}
ctx = context.WithValue(ctx, clientIDKey, clientID)
return handler1(ctx, req)
}
func StartGRPCServer(address, certFilePath, privateKeyFilePath, vereignCertFilePath, vereignPrivateKeyFilePath, dataStorageAddress string) error {
pkgCertFile = certFilePath
// create a listener on TCP port
lis, err := net.Listen("tcp", address)
if err != nil {
return fmt.Errorf("failed to listen: %v", err)
}
// create a server instance
s := handler.KeyStorageServerImpl{
DataStorageUrl: dataStorageAddress,
CertFilePath: certFilePath,
VereignCertFilePath: vereignCertFilePath,
VereignPrivateKeyFilePath: vereignPrivateKeyFilePath,
creds, err := credentials.NewServerTLSFromFile(certFilePath, privateKeyFilePath)
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
if err != nil {
return fmt.Errorf("could not load TLS keys: %s", err)
}
// Create an array of gRPC options with the credentials
opts := []grpc.ServerOption{grpc.Creds(creds),
grpc.UnaryInterceptor(unaryInterceptor)}
// create a gRPC server object
grpcServer := grpc.NewServer(opts...)
// attach the CalcMinimumDistance service to the server
api.RegisterKeyStorageServer(grpcServer, &s)
// start the server
log.Printf("starting HTTP/2 gRPC server on %s", address)
if err := grpcServer.Serve(lis); err != nil {
return fmt.Errorf("failed to serve: %s", err)
}
return nil
}
func StartRESTServer(address, grpcAddress, certFile string) error {
ctx := context.Background()
ctx, cancel := context.WithCancel(ctx)
defer cancel()
mux := runtime.NewServeMux(runtime.WithIncomingHeaderMatcher(credMatcher))
creds, err := credentials.NewClientTLSFromFile(certFile, "")
if err != nil {
return fmt.Errorf("could not load TLS certificate: %s", err)
}
// Setup the client gRPC options
opts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
// Register RedisStorageServer
err = api.RegisterKeyStorageHandlerFromEndpoint(ctx, mux, grpcAddress, opts)
if err != nil {
return fmt.Errorf("could not register service RedisStorageServer: %s", err)
}
log.Printf("starting HTTP/1.1 REST server on %s", address)
http.ListenAndServe(address, mux)
return nil
}