Giter VIP home page Giter VIP logo

grpc-authenticated-greeter's Introduction

Building

go build

Example usage

Generate CA, server, and client certs

./grpc-authenticated-greeter gencerts

Start the server on port 7676:

./grpc-authenticated-greeter server \
  --ca ca_cert.pem --cert server_cert.pem --key server_key.pem \
  --binding :7676

In another terminal, run a client:

./grpc-authenticated-greeter client \
  --ca ca_cert.pem --cert client1_cert.pem --key client1_key.pem \
  --serveraddress 127.0.0.1:7676 --servername server \
  --message "Read me"

The client should log the response from the server, such as:

INFO[0000] got response   response="Hello, client1. You said 'Read me'"

Re-generating protobuf/gRPC code

Follow these instructions to install protoc and the grpc plugin.

Run the following to regenerate the *.pb.go file, protocol/HelloService.pb.go

go generate ./...

What I learned

  • go-arg is very cool! Just feed it a struct and it'll parse command line arguments. It's very flexible and intuitive. Even embedding common arguments into a "command struct" did what I expected
type ClientServerArgs struct {
	Ca   string `arg:"required" help:"PEM file containing the CA cert shared by server and clients"`
	Key  string `arg:"required" help:"PEM file containing private key"`
	Cert string `arg:"required" help:"PEM file containing public certificate"`
}

type ServerCmd struct {
	ClientServerArgs
	Binding string `arg:"required" help:"host:port of server binding where host is optional"`
}
  • Generating a self-signed CA cert and then signing client and server certs is quite doable in Go. Check out certs/generate.go to see how that's done
  • The authenticating client info is a little bit buried when implementing a server handler, but peer.FromContext was the key to cracking that open. server/server.go is where that is used.
  • To do full mTLS authentication, be sure to configure the server's TLS to require and verify the client cert:
	transportCreds := credentials.NewTLS(&tls.Config{
		Certificates: []tls.Certificate{cert},
		ClientAuth:   tls.RequireAndVerifyClientCert,
		ClientCAs:    clientCertPool,
	})
option go_package = "protocol";

grpc-authenticated-greeter's People

Contributors

itzg avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.