func (node *nodeImpl) getTLSCAClient() (*grpc.ClientConn, obcca.TLSCAPClient, error) { node.debug("Getting TLSCA client...") conn, err := node.getClientConn(node.conf.getTLSCAPAddr(), node.conf.getTLSCAServerName()) if err != nil { node.error("Failed getting client connection: [%s]", err) } client := obcca.NewTLSCAPClient(conn) node.debug("Getting TLSCA client...done") return conn, client, nil }
func (node *nodeImpl) callTLSCACreateCertificate(ctx context.Context, in *obcca.TLSCertCreateReq, opts ...grpc.CallOption) (*obcca.Cert, error) { sockP, err := grpc.Dial(node.conf.getTLSCAPAddr(), grpc.WithInsecure()) if err != nil { node.log.Error("Failed dialing in: %s", err) return nil, err } defer sockP.Close() tlscaP := obcca.NewTLSCAPClient(sockP) cert, err := tlscaP.CreateCertificate(context.Background(), in) if err != nil { node.log.Error("Failed requesting tls certificate: %s", err) return nil, err } return cert, nil }
func requestTLSCertificate(t *testing.T) { var opts []grpc.DialOption creds, err := credentials.NewClientTLSFromFile(viper.GetString("server.tls.certfile"), "tlsca") if err != nil { t.Logf("Failed creating credentials for TLS-CA client: %s", err) t.Fail() } opts = append(opts, grpc.WithTransportCredentials(creds)) sockP, err := grpc.Dial(viper.GetString("peer.pki.tlsca.paddr"), opts...) if err != nil { t.Logf("Failed dialing in: %s", err) t.Fail() } defer sockP.Close() tlscaP := obcca.NewTLSCAPClient(sockP) // Prepare the request id := "peer" priv, err := utils.NewECDSAKey() if err != nil { t.Logf("Failed generating key: %s", err) t.Fail() } uuid, err := util.GenerateUUID() if err != nil { t.Logf("Failed generating uuid: %s", err) t.Fail() } pubraw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey) now := time.Now() timestamp := google_protobuf.Timestamp{int64(now.Second()), int32(now.Nanosecond())} req := &obcca.TLSCertCreateReq{ ×tamp, &obcca.Identity{Id: id + "-" + uuid}, &obcca.PublicKey{ Type: obcca.CryptoType_ECDSA, Key: pubraw, }, nil} rawreq, _ := proto.Marshal(req) r, s, err := ecdsa.Sign(rand.Reader, priv, utils.Hash(rawreq)) if err != nil { t.Logf("Failed signing the request: %s", err) t.Fail() } R, _ := r.MarshalText() S, _ := s.MarshalText() req.Sig = &obcca.Signature{obcca.CryptoType_ECDSA, R, S} resp, err := tlscaP.CreateCertificate(context.Background(), req) if err != nil { t.Logf("Failed requesting tls certificate: %s", err) t.Fail() } storePrivateKeyInClear("tls_peer.priv", priv, t) storeCert("tls_peer.cert", resp.Cert.Cert, t) storeCert("tls_peer.ca", resp.RootCert.Cert, t) }