func (node *nodeImpl) getTLSCAClient() (*grpc.ClientConn, membersrvc.TLSCAPClient, error) {
node.Debug("Getting TLSCA client...")
conn, err := node.getClientConn(node.conf.getTLSCAPAddr(), node.conf.getTLSCAServerName())
if err != nil {
node.Errorf("Failed getting client connection: [%s]", err)
}
client := membersrvc.NewTLSCAPClient(conn)
node.Debug("Getting TLSCA client...done")
return conn, client, nil
}
func requestTLSCertificate(t *testing.T) {
var opts []grpc.DialOption
creds, err := credentials.NewClientTLSFromFile(viper.GetString("server.tls.cert.file"), "tlsca")
if err != nil {
t.Logf("Failed creating credentials for TLS-CA client: %s", err)
t.Fail()
}
opts = append(opts, grpc.WithTransportCredentials(creds))
sockP, err := grpc.Dial(viper.GetString("peer.pki.tlsca.paddr"), opts...)
if err != nil {
t.Logf("Failed dialing in: %s", err)
t.Fail()
}
defer sockP.Close()
tlscaP := membersrvc.NewTLSCAPClient(sockP)
// Prepare the request
id := "peer"
priv, err := primitives.NewECDSAKey()
if err != nil {
t.Logf("Failed generating key: %s", err)
t.Fail()
}
uuid := util.GenerateUUID()
pubraw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
now := time.Now()
timestamp := timestamp.Timestamp{Seconds: int64(now.Second()), Nanos: int32(now.Nanosecond())}
req := &membersrvc.TLSCertCreateReq{
Ts: ×tamp,
Id: &membersrvc.Identity{Id: id + "-" + uuid},
Pub: &membersrvc.PublicKey{
Type: membersrvc.CryptoType_ECDSA,
Key: pubraw,
}, Sig: nil}
rawreq, _ := proto.Marshal(req)
r, s, err := ecdsa.Sign(rand.Reader, priv, primitives.Hash(rawreq))
if err != nil {
t.Logf("Failed signing the request: %s", err)
t.Fail()
}
R, _ := r.MarshalText()
S, _ := s.MarshalText()
req.Sig = &membersrvc.Signature{Type: membersrvc.CryptoType_ECDSA, R: R, S: S}
resp, err := tlscaP.CreateCertificate(context.Background(), req)
if err != nil {
t.Logf("Failed requesting tls certificate: %s", err)
t.Fail()
}
storePrivateKeyInClear("tls_peer.priv", priv, t)
storeCert("tls_peer.cert", resp.Cert.Cert, t)
storeCert("tls_peer.ca", resp.RootCert.Cert, t)
}
