func (r *Resource) setup_REP() error { zmq.AuthCurveAdd("global", r.Trusted[0]) r.socket, _ = zmq.NewSocket(zmq.REP) r.socket.ServerAuthCurve("global", r.PrivateKey) r.socket.Bind(r.Address) log.Println("Resource.setup_REP", r.String()) return nil }
func (r *Resource) setup_pub() error { //for _,v := range r.Trusted { // log.Println("Resource.setup_REQ.Trusting",v) // zmq.AuthCurveAdd("global", v) //} zmq.AuthCurveAdd("global", r.Trusted[0]) r.socket, _ = zmq.NewSocket(zmq.PUB) r.socket.ServerAuthCurve("global", r.PrivateKey) r.socket.Bind(r.Address) log.Println("Resource.setup_pub", r.String()) return nil }
func initSecurity(private_key_path string, server_key_path string, sock *zmq.Socket) { zmq.AuthStart() private_key, public_key, err := keyloader.InitKeys(private_key_path) condlog.Fatal(err, fmt.Sprintf("Unable to read key pair for private key '%v'", private_key_path)) zmq.AuthCurveAdd("scrabble", public_key) err = keyloader.CheckPermissions(server_key_path) condlog.Fatal(err, "Untrustworthy key file") server_key_buf, err := ioutil.ReadFile(server_key_path) condlog.Fatal(err, fmt.Sprintf("Unable to load public server key '%v'", server_key_path)) server_key := string(server_key_buf) sock.ClientAuthCurve(server_key, public_key, private_key) }
func main() { msgChan := make(chan string) logger.Info.Println(fmt.Sprintf("SoundTouch - Connecting to SoundTouch at IP : %s on port : %s - (Version - %s)", config.ClientConf.SoundTouchIP, config.ClientConf.SoundTouchPort, version.APP_VERSION)) logger.Info.Println(fmt.Sprintf("Connecting to Push Server IP : %s on port : %s", config.ClientConf.PushServerIP, config.ClientConf.PushServerPort)) go connectWS(msgChan, config.ClientConf.SoundTouchIP, config.ClientConf.SoundTouchPort) clientSecretKey := config.ClientConf.ClientSecretKey serverPublicKey := config.ClientConf.ServerPublicKey clientPublicKey := config.ClientConf.ClientPublicKey //Start authentication engine zmq.AuthSetVerbose(true) zmq.AuthStart() zmq.AuthCurveAdd("*", string(clientPublicKey)) // Create and connect client socket client, err := zmq.NewSocket(zmq.PUSH) checkError(err) defer client.Close() client.ClientAuthCurve(string(serverPublicKey), string(clientPublicKey), string(clientSecretKey)) client.Connect("tcp://" + config.ClientConf.PushServerIP + ":" + config.ClientConf.PushServerPort) //While we're getting messages on the msgChan channel send them to the push sever for msg := range msgChan { _, err = client.SendMessage(msg) checkError(err) logger.Info.Println("Sent : ", msg) } zmq.AuthStop() }
func main() { // Start authentication engine zmq.AuthSetVerbose(true) zmq.AuthStart() zmq.AuthAllow("127.0.0.1") // Tell the authenticator to allow any CURVE requests for this domain zmq.AuthCurveAdd("global", zmq.CURVE_ALLOW_ANY) // We need two certificates, one for the client and one for // the server. The client must know the server's public key // to make a CURVE connection. client_public, client_secret, err := zmq.NewCurveKeypair() checkErr(err) server_public, server_secret, _ := zmq.NewCurveKeypair() checkErr(err) // Create and bind server socket server, _ := zmq.NewSocket(zmq.PUSH) server.ServerAuthCurve("global", server_secret) server.Bind("tcp://*:9000") // Create and connect client socket client, _ := zmq.NewSocket(zmq.PULL) client.ClientAuthCurve(server_public, client_public, client_secret) client.Connect("tcp://127.0.0.1:9000") // Send a single message from server to client _, err = server.Send("Hello", 0) checkErr(err) message, err := client.Recv(0) checkErr(err) if message != "Hello" { log.Fatalln(message, "!= Hello") } zmq.AuthStop() fmt.Println("Stonehouse test OK") }
func initSecurity(client_key_path string, private_key_path string, sock *zmq.Socket) { zmq.AuthStart() private_key, _, err := keyloader.InitKeys(private_key_path) condlog.Fatal(err, fmt.Sprintf("Unable to read key pair for private key '%v'", private_key_path)) sock.ServerAuthCurve("scrabble", private_key) // Add all the public keys in the client key directory files, err := ioutil.ReadDir(client_key_path) condlog.Fatal(err, fmt.Sprintf("Unable to enumerate client keys in '%v'", client_key_path)) for _, f := range files { if !f.IsDir() && strings.HasSuffix(f.Name(), ".public") { fullpath := path.Join(client_key_path, f.Name()) err = keyloader.CheckPermissions(fullpath) condlog.Fatal(err, "Untrustworthy key file") buf, err := ioutil.ReadFile(fullpath) condlog.Fatal(err, fmt.Sprintf("Unable to load public client key '%v'", fullpath)) zmq.AuthCurveAdd("scrabble", string(buf)) } } }
func TestAuthStart(t *testing.T) { if _, minor, _ := zmq.Version(); minor >= 1 && !zmq.HasCurve() { t.Skip("Curve not available") } type Meta struct { key string value string ok bool } zmq.AuthSetVerbose(false) // Start authentication engine err := zmq.AuthStart() if err != nil { t.Fatal("AuthStart:", err) } defer zmq.AuthStop() zmq.AuthSetMetadataHandler( func(version, request_id, domain, address, identity, mechanism string, credentials ...string) (metadata map[string]string) { return map[string]string{ "Identity": identity, "User-Id": "anonymous", "Hello": "World!", "Foo": "Bar", } }) zmq.AuthAllow("domain1", "127.0.0.1") // We need two certificates, one for the client and one for // the server. The client must know the server's public key // to make a CURVE connection. client_public, client_secret, err := zmq.NewCurveKeypair() if err != nil { t.Fatal("NewCurveKeypair:", err) } server_public, server_secret, err := zmq.NewCurveKeypair() if err != nil { t.Fatal("NewCurveKeypair:", err) } // Tell authenticator to use this public client key zmq.AuthCurveAdd("domain1", client_public) // Create and bind server socket server, err := zmq.NewSocket(zmq.DEALER) if err != nil { t.Fatal("NewSocket:", err) } defer func() { server.SetLinger(0) server.Close() }() server.SetIdentity("Server1") server.ServerAuthCurve("domain1", server_secret) err = server.Bind("tcp://*:9000") if err != nil { t.Fatal("server.Bind:", err) } // Create and connect client socket client, err := zmq.NewSocket(zmq.DEALER) if err != nil { t.Fatal("NewSocket:", err) } defer func() { client.SetLinger(0) client.Close() }() server.SetIdentity("Client1") client.ClientAuthCurve(server_public, client_public, client_secret) err = client.Connect("tcp://127.0.0.1:9000") if err != nil { t.Fatal("client.Connect:", err) } // Send a message from client to server msg := []string{"Greetings", "Earthlings!"} _, err = client.SendMessage(msg[0], msg[1]) if err != nil { t.Fatal("client.SendMessage:", err) } // Receive message and metadata on the server tests := []Meta{ {"Identity", "Server1", true}, {"User-Id", "anonymous", true}, {"Socket-Type", "DEALER", true}, {"Hello", "World!", true}, {"Foo", "Bar", true}, {"Fuz", "", false}, } keys := make([]string, len(tests)) for i, test := range tests { keys[i] = test.key } message, metadata, err := server.RecvMessageWithMetadata(0, keys...) if err != nil { t.Fatal("server.RecvMessageWithMetadata:", err) } if !arrayEqual(message, msg) { t.Errorf("Received message was %q, expected %q", message, msg) } if _, minor, _ := zmq.Version(); minor < 1 { t.Log("Metadata not avalable in ZeroMQ versions prior to 4.1.0") } else { for _, test := range tests { value, ok := metadata[test.key] if value != test.value || ok != test.ok { t.Errorf("Metadata %s, expected %q %v, got %q %v", test.key, test.value, test.ok, value, ok) } } } }
func ExampleAuthStart() { checkErr := func(err error) bool { if err == nil { return false } log.Println(err) return true } zmq.AuthSetVerbose(false) // Start authentication engine err := zmq.AuthStart() if checkErr(err) { return } defer zmq.AuthStop() zmq.AuthSetMetadataHandler( func(version, request_id, domain, address, identity, mechanism string, credentials ...string) (metadata map[string]string) { return map[string]string{ "Identity": identity, "User-Id": "anonymous", "Hello": "World!", "Foo": "Bar", } }) zmq.AuthAllow("domain1", "127.0.0.1") // We need two certificates, one for the client and one for // the server. The client must know the server's public key // to make a CURVE connection. client_public, client_secret, err := zmq.NewCurveKeypair() if checkErr(err) { return } server_public, server_secret, err := zmq.NewCurveKeypair() if checkErr(err) { return } // Tell authenticator to use this public client key zmq.AuthCurveAdd("domain1", client_public) // Create and bind server socket server, err := zmq.NewSocket(zmq.DEALER) if checkErr(err) { return } defer server.Close() server.SetIdentity("Server1") server.ServerAuthCurve("domain1", server_secret) err = server.Bind("tcp://*:9000") if checkErr(err) { return } // Create and connect client socket client, err := zmq.NewSocket(zmq.DEALER) if checkErr(err) { return } defer client.Close() server.SetIdentity("Client1") client.ClientAuthCurve(server_public, client_public, client_secret) err = client.Connect("tcp://127.0.0.1:9000") if checkErr(err) { return } // Send a message from client to server _, err = client.SendMessage("Greatings", "Earthlings!") if checkErr(err) { return } // Receive message and metadata on the server keys := []string{"Identity", "User-Id", "Socket-Type", "Hello", "Foo", "Fuz"} message, metadata, err := server.RecvMessageWithMetadata(0, keys...) if checkErr(err) { return } fmt.Println(message) if _, minor, _ := zmq.Version(); minor < 1 { // Metadata requires at least ZeroMQ version 4.1 fmt.Println(`Identity: "Server1" true`) fmt.Println(`User-Id: "anonymous" true`) fmt.Println(`Socket-Type: "DEALER" true`) fmt.Println(`Hello: "World!" true`) fmt.Println(`Foo: "Bar" true`) fmt.Println(`Fuz: "" false`) } else { for _, key := range keys { value, ok := metadata[key] fmt.Printf("%v: %q %v\n", key, value, ok) } } // Output: // [Greatings Earthlings!] // Identity: "Server1" true // User-Id: "anonymous" true // Socket-Type: "DEALER" true // Hello: "World!" true // Foo: "Bar" true // Fuz: "" false }