func init() {
pr = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil }
keyStore := trustmanager.NewKeyMemoryStore(pr)
cryptoService := cryptoservice.NewCryptoService("", keyStore)
cryptoServices := signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService}
void = &pb.Void{}
fakeHealth := func() map[string]string {
return health
}
//server setup
kms := &api.KeyManagementServer{CryptoServices: cryptoServices,
HealthChecker: fakeHealth}
ss := &api.SignerServer{CryptoServices: cryptoServices,
HealthChecker: fakeHealth}
grpcServer = grpc.NewServer()
pb.RegisterKeyManagementServer(grpcServer, kms)
pb.RegisterSignerServer(grpcServer, ss)
lis, err := net.Listen("tcp", "127.0.0.1:7899")
if err != nil {
log.Fatalf("failed to listen %v", err)
}
go grpcServer.Serve(lis)
//client setup
conn, err := grpc.Dial("127.0.0.1:7899", grpc.WithInsecure())
if err != nil {
log.Fatalf("fail to dial: %v", err)
}
kmClient = pb.NewKeyManagementClient(conn)
sClient = pb.NewSignerClient(conn)
}
func init() {
sigService := api.NewEdDSASigningService(keys.NewKeyDB())
sigServices := signer.SigningServiceIndex{data.ED25519Key: sigService, data.RSAKey: sigService}
void = &pb.Void{}
//server setup
kms := &api.KeyManagementServer{SigServices: sigServices}
ss := &api.SignerServer{SigServices: sigServices}
grpcServer = grpc.NewServer()
pb.RegisterKeyManagementServer(grpcServer, kms)
pb.RegisterSignerServer(grpcServer, ss)
lis, err := net.Listen("tcp", "127.0.0.1:7899")
if err != nil {
log.Fatalf("failed to listen %v", err)
}
go grpcServer.Serve(lis)
//client setup
conn, err := grpc.Dial("127.0.0.1:7899")
if err != nil {
log.Fatalf("fail to dial: %v", err)
}
kmClient = pb.NewKeyManagementClient(conn)
sClient = pb.NewSignerClient(conn)
}
func makeSigner(kmFunc rpcHealthCheck, conn StubGRPCConnection) NotarySigner {
return NotarySigner{
StubKeyManagementClient{
pb.NewKeyManagementClient(nil),
kmFunc,
},
pb.NewSignerClient(nil),
conn,
}
}
// NewNotarySigner is a convenience method that returns NotarySigner given a GRPC connection
func NewNotarySigner(conn *grpc.ClientConn) *NotarySigner {
kmClient := pb.NewKeyManagementClient(conn)
sClient := pb.NewSignerClient(conn)
hc := healthpb.NewHealthClient(conn)
return &NotarySigner{
kmClient: kmClient,
sClient: sClient,
healthClient: hc,
}
}
func TestCannotSignWithKeyThatDoesntExist(t *testing.T) {
memStore := trustmanager.NewKeyMemoryStore(constPass)
_, conn, cleanup := setUpSignerClient(t, setUpSignerServer(t, memStore))
defer cleanup()
key, err := utils.GenerateECDSAKey(rand.Reader)
require.NoError(t, err, "could not generate key")
remotePrivKey := client.NewRemotePrivateKey(data.PublicKeyFromPrivate(key), pb.NewSignerClient(conn))
msg := []byte("message!")
_, err = remotePrivKey.Sign(rand.Reader, msg, nil)
require.Error(t, err)
// error translated into grpc error, so compare the text
require.Equal(t, trustmanager.ErrKeyNotFound{KeyID: key.ID()}.Error(), grpc.ErrorDesc(err))
}
// NewNotarySigner is a convinience method that returns NotarySigner
func NewNotarySigner(hostname string, port string, tlsConfig *tls.Config) *NotarySigner {
var opts []grpc.DialOption
netAddr := net.JoinHostPort(hostname, port)
creds := credentials.NewTLS(tlsConfig)
opts = append(opts, grpc.WithTransportCredentials(creds))
conn, err := grpc.Dial(netAddr, opts...)
if err != nil {
logrus.Fatal("fail to dial: ", err)
}
kmClient := pb.NewKeyManagementClient(conn)
sClient := pb.NewSignerClient(conn)
return &NotarySigner{
kmClient: kmClient,
sClient: sClient,
clientConn: conn,
}
}