func main() {
// Start authentication engine
zmq.AuthSetVerbose(true)
zmq.AuthStart()
zmq.AuthAllow("domain1", "127.0.0.1")
// Tell the authenticator how to handle PLAIN requests
zmq.AuthPlainAdd("domain1", "admin", "secret")
// Create and bind server socket
server, _ := zmq.NewSocket(zmq.PUSH)
server.ServerAuthPlain("domain1")
server.Bind("tcp://*:9000")
// Create and connect client socket
client, _ := zmq.NewSocket(zmq.PULL)
client.SetPlainUsername("admin")
client.SetPlainPassword("secret")
client.Connect("tcp://127.0.0.1:9000")
// Send a single message from server to client
_, err := server.Send("Hello", 0)
checkErr(err)
message, err := client.Recv(0)
checkErr(err)
if message != "Hello" {
log.Fatalln(message, "!= Hello")
}
zmq.AuthStop()
fmt.Println("Woodhouse test OK")
}
func initSecurity(private_key_path string, server_key_path string, sock *zmq.Socket) {
zmq.AuthStart()
private_key, public_key, err := keyloader.InitKeys(private_key_path)
condlog.Fatal(err, fmt.Sprintf("Unable to read key pair for private key '%v'", private_key_path))
zmq.AuthCurveAdd("scrabble", public_key)
err = keyloader.CheckPermissions(server_key_path)
condlog.Fatal(err, "Untrustworthy key file")
server_key_buf, err := ioutil.ReadFile(server_key_path)
condlog.Fatal(err, fmt.Sprintf("Unable to load public server key '%v'", server_key_path))
server_key := string(server_key_buf)
sock.ClientAuthCurve(server_key, public_key, private_key)
}
func main() {
msgChan := make(chan string)
logger.Info.Println(fmt.Sprintf("SoundTouch - Connecting to SoundTouch at IP : %s on port : %s - (Version - %s)",
config.ClientConf.SoundTouchIP,
config.ClientConf.SoundTouchPort,
version.APP_VERSION))
logger.Info.Println(fmt.Sprintf("Connecting to Push Server IP : %s on port : %s",
config.ClientConf.PushServerIP,
config.ClientConf.PushServerPort))
go connectWS(msgChan, config.ClientConf.SoundTouchIP, config.ClientConf.SoundTouchPort)
clientSecretKey := config.ClientConf.ClientSecretKey
serverPublicKey := config.ClientConf.ServerPublicKey
clientPublicKey := config.ClientConf.ClientPublicKey
//Start authentication engine
zmq.AuthSetVerbose(true)
zmq.AuthStart()
zmq.AuthCurveAdd("*", string(clientPublicKey))
// Create and connect client socket
client, err := zmq.NewSocket(zmq.PUSH)
checkError(err)
defer client.Close()
client.ClientAuthCurve(string(serverPublicKey), string(clientPublicKey), string(clientSecretKey))
client.Connect("tcp://" + config.ClientConf.PushServerIP + ":" + config.ClientConf.PushServerPort)
//While we're getting messages on the msgChan channel send them to the push sever
for msg := range msgChan {
_, err = client.SendMessage(msg)
checkError(err)
logger.Info.Println("Sent : ", msg)
}
zmq.AuthStop()
}
func main() {
// Start authentication engine
zmq.AuthSetVerbose(true)
zmq.AuthStart()
zmq.AuthAllow("127.0.0.1")
// Tell the authenticator to allow any CURVE requests for this domain
zmq.AuthCurveAdd("global", zmq.CURVE_ALLOW_ANY)
// We need two certificates, one for the client and one for
// the server. The client must know the server's public key
// to make a CURVE connection.
client_public, client_secret, err := zmq.NewCurveKeypair()
checkErr(err)
server_public, server_secret, _ := zmq.NewCurveKeypair()
checkErr(err)
// Create and bind server socket
server, _ := zmq.NewSocket(zmq.PUSH)
server.ServerAuthCurve("global", server_secret)
server.Bind("tcp://*:9000")
// Create and connect client socket
client, _ := zmq.NewSocket(zmq.PULL)
client.ClientAuthCurve(server_public, client_public, client_secret)
client.Connect("tcp://127.0.0.1:9000")
// Send a single message from server to client
_, err = server.Send("Hello", 0)
checkErr(err)
message, err := client.Recv(0)
checkErr(err)
if message != "Hello" {
log.Fatalln(message, "!= Hello")
}
zmq.AuthStop()
fmt.Println("Stonehouse test OK")
}
func initSecurity(client_key_path string, private_key_path string, sock *zmq.Socket) {
zmq.AuthStart()
private_key, _, err := keyloader.InitKeys(private_key_path)
condlog.Fatal(err, fmt.Sprintf("Unable to read key pair for private key '%v'", private_key_path))
sock.ServerAuthCurve("scrabble", private_key)
// Add all the public keys in the client key directory
files, err := ioutil.ReadDir(client_key_path)
condlog.Fatal(err, fmt.Sprintf("Unable to enumerate client keys in '%v'", client_key_path))
for _, f := range files {
if !f.IsDir() && strings.HasSuffix(f.Name(), ".public") {
fullpath := path.Join(client_key_path, f.Name())
err = keyloader.CheckPermissions(fullpath)
condlog.Fatal(err, "Untrustworthy key file")
buf, err := ioutil.ReadFile(fullpath)
condlog.Fatal(err, fmt.Sprintf("Unable to load public client key '%v'", fullpath))
zmq.AuthCurveAdd("scrabble", string(buf))
}
}
}
func main() {
// Get some indication of what the authenticator is deciding
zmq.AuthSetVerbose(true)
// Start the authentication engine. This engine
// allows or denies incoming connections (talking to the libzmq
// core over a protocol called ZAP).
zmq.AuthStart()
// Whitelist our address; any other address will be rejected
zmq.AuthAllow("domain1", "127.0.0.1")
// Create and bind server socket
server, err := zmq.NewSocket(zmq.PUSH)
checkErr(err)
server.ServerAuthNull("domain1")
server.Bind("tcp://*:9000")
// Create and connect client socket
client, err := zmq.NewSocket(zmq.PULL)
checkErr(err)
checkErr(client.Connect("tcp://127.0.0.1:9000"))
// Send a single message from server to client
_, err = server.Send("Hello", 0)
checkErr(err)
message, err := client.Recv(0)
checkErr(err)
if message != "Hello" {
log.Fatalln(message, "!= Hello")
}
zmq.AuthStop()
fmt.Println("Strawhouse test OK")
}
func (r *Resource) Connect() error {
//log.Println("Resource.Connect()", r.Type)
//make sure there is something to trust remotely
if len(r.Trusted) == 0 {
log.Fatal("no trusted public keys")
}
zmq.AuthSetVerbose(true)
zmq.AuthStart()
switch r.Type {
case "SUB":
return r.setup_sub()
case "PUB":
return r.setup_pub()
case "REP":
return r.setup_REP()
case "REQ":
return r.setup_REQ()
default:
log.Fatal("Invalid Resource Type", r.Type)
}
return nil
}
func TestAuthStart(t *testing.T) {
if _, minor, _ := zmq.Version(); minor >= 1 && !zmq.HasCurve() {
t.Skip("Curve not available")
}
type Meta struct {
key string
value string
ok bool
}
zmq.AuthSetVerbose(false)
// Start authentication engine
err := zmq.AuthStart()
if err != nil {
t.Fatal("AuthStart:", err)
}
defer zmq.AuthStop()
zmq.AuthSetMetadataHandler(
func(version, request_id, domain, address, identity, mechanism string, credentials ...string) (metadata map[string]string) {
return map[string]string{
"Identity": identity,
"User-Id": "anonymous",
"Hello": "World!",
"Foo": "Bar",
}
})
zmq.AuthAllow("domain1", "127.0.0.1")
// We need two certificates, one for the client and one for
// the server. The client must know the server's public key
// to make a CURVE connection.
client_public, client_secret, err := zmq.NewCurveKeypair()
if err != nil {
t.Fatal("NewCurveKeypair:", err)
}
server_public, server_secret, err := zmq.NewCurveKeypair()
if err != nil {
t.Fatal("NewCurveKeypair:", err)
}
// Tell authenticator to use this public client key
zmq.AuthCurveAdd("domain1", client_public)
// Create and bind server socket
server, err := zmq.NewSocket(zmq.DEALER)
if err != nil {
t.Fatal("NewSocket:", err)
}
defer func() {
server.SetLinger(0)
server.Close()
}()
server.SetIdentity("Server1")
server.ServerAuthCurve("domain1", server_secret)
err = server.Bind("tcp://*:9000")
if err != nil {
t.Fatal("server.Bind:", err)
}
// Create and connect client socket
client, err := zmq.NewSocket(zmq.DEALER)
if err != nil {
t.Fatal("NewSocket:", err)
}
defer func() {
client.SetLinger(0)
client.Close()
}()
server.SetIdentity("Client1")
client.ClientAuthCurve(server_public, client_public, client_secret)
err = client.Connect("tcp://127.0.0.1:9000")
if err != nil {
t.Fatal("client.Connect:", err)
}
// Send a message from client to server
msg := []string{"Greetings", "Earthlings!"}
_, err = client.SendMessage(msg[0], msg[1])
if err != nil {
t.Fatal("client.SendMessage:", err)
}
// Receive message and metadata on the server
tests := []Meta{
{"Identity", "Server1", true},
{"User-Id", "anonymous", true},
{"Socket-Type", "DEALER", true},
{"Hello", "World!", true},
{"Foo", "Bar", true},
{"Fuz", "", false},
}
keys := make([]string, len(tests))
for i, test := range tests {
keys[i] = test.key
}
message, metadata, err := server.RecvMessageWithMetadata(0, keys...)
if err != nil {
t.Fatal("server.RecvMessageWithMetadata:", err)
}
if !arrayEqual(message, msg) {
t.Errorf("Received message was %q, expected %q", message, msg)
}
if _, minor, _ := zmq.Version(); minor < 1 {
t.Log("Metadata not avalable in ZeroMQ versions prior to 4.1.0")
} else {
for _, test := range tests {
value, ok := metadata[test.key]
if value != test.value || ok != test.ok {
t.Errorf("Metadata %s, expected %q %v, got %q %v", test.key, test.value, test.ok, value, ok)
}
}
}
}
func ExampleAuthStart() {
checkErr := func(err error) bool {
if err == nil {
return false
}
log.Println(err)
return true
}
zmq.AuthSetVerbose(false)
// Start authentication engine
err := zmq.AuthStart()
if checkErr(err) {
return
}
defer zmq.AuthStop()
zmq.AuthSetMetadataHandler(
func(version, request_id, domain, address, identity, mechanism string, credentials ...string) (metadata map[string]string) {
return map[string]string{
"Identity": identity,
"User-Id": "anonymous",
"Hello": "World!",
"Foo": "Bar",
}
})
zmq.AuthAllow("domain1", "127.0.0.1")
// We need two certificates, one for the client and one for
// the server. The client must know the server's public key
// to make a CURVE connection.
client_public, client_secret, err := zmq.NewCurveKeypair()
if checkErr(err) {
return
}
server_public, server_secret, err := zmq.NewCurveKeypair()
if checkErr(err) {
return
}
// Tell authenticator to use this public client key
zmq.AuthCurveAdd("domain1", client_public)
// Create and bind server socket
server, err := zmq.NewSocket(zmq.DEALER)
if checkErr(err) {
return
}
defer server.Close()
server.SetIdentity("Server1")
server.ServerAuthCurve("domain1", server_secret)
err = server.Bind("tcp://*:9000")
if checkErr(err) {
return
}
// Create and connect client socket
client, err := zmq.NewSocket(zmq.DEALER)
if checkErr(err) {
return
}
defer client.Close()
server.SetIdentity("Client1")
client.ClientAuthCurve(server_public, client_public, client_secret)
err = client.Connect("tcp://127.0.0.1:9000")
if checkErr(err) {
return
}
// Send a message from client to server
_, err = client.SendMessage("Greatings", "Earthlings!")
if checkErr(err) {
return
}
// Receive message and metadata on the server
keys := []string{"Identity", "User-Id", "Socket-Type", "Hello", "Foo", "Fuz"}
message, metadata, err := server.RecvMessageWithMetadata(0, keys...)
if checkErr(err) {
return
}
fmt.Println(message)
if _, minor, _ := zmq.Version(); minor < 1 {
// Metadata requires at least ZeroMQ version 4.1
fmt.Println(`Identity: "Server1" true`)
fmt.Println(`User-Id: "anonymous" true`)
fmt.Println(`Socket-Type: "DEALER" true`)
fmt.Println(`Hello: "World!" true`)
fmt.Println(`Foo: "Bar" true`)
fmt.Println(`Fuz: "" false`)
} else {
for _, key := range keys {
value, ok := metadata[key]
fmt.Printf("%v: %q %v\n", key, value, ok)
}
}
// Output:
// [Greatings Earthlings!]
// Identity: "Server1" true
// User-Id: "anonymous" true
// Socket-Type: "DEALER" true
// Hello: "World!" true
// Foo: "Bar" true
// Fuz: "" false
}