(credsDirectory string, useRevokedCert bool, port int)
| 71 | } |
| 72 | |
| 73 | func createAndRunTLSServer(credsDirectory string, useRevokedCert bool, port int) { |
| 74 | identityProvider := makeIdentityProvider(useRevokedCert, credsDirectory) |
| 75 | defer identityProvider.Close() |
| 76 | |
| 77 | rootProvider := makeRootProvider(credsDirectory) |
| 78 | defer rootProvider.Close() |
| 79 | |
| 80 | crlProvider := makeCRLProvider(filepath.Join(credsDirectory, "crl")) |
| 81 | defer crlProvider.Close() |
| 82 | |
| 83 | options := &advancedtls.Options{ |
| 84 | IdentityOptions: advancedtls.IdentityCertificateOptions{ |
| 85 | IdentityProvider: identityProvider, |
| 86 | }, |
| 87 | RootOptions: advancedtls.RootCertificateOptions{ |
| 88 | RootProvider: rootProvider, |
| 89 | }, |
| 90 | RequireClientCert: true, |
| 91 | VerificationType: advancedtls.CertVerification, |
| 92 | } |
| 93 | |
| 94 | options.RevocationOptions = &advancedtls.RevocationOptions{ |
| 95 | CRLProvider: crlProvider, |
| 96 | } |
| 97 | |
| 98 | serverTLSCreds, err := advancedtls.NewServerCreds(options) |
| 99 | if err != nil { |
| 100 | fmt.Printf("Error %v\n", err) |
| 101 | os.Exit(1) |
| 102 | } |
| 103 | |
| 104 | s := grpc.NewServer(grpc.Creds(serverTLSCreds)) |
| 105 | lis, err := net.Listen("tcp", fmt.Sprintf(":%d", port)) |
| 106 | if err != nil { |
| 107 | fmt.Printf("Failed to listen: %v\n", err) |
| 108 | } |
| 109 | name := "Good TLS Server" |
| 110 | if useRevokedCert { |
| 111 | name = "Revoked TLS Server" |
| 112 | } |
| 113 | pb.RegisterEchoServer(s, &server{name: name}) |
| 114 | if err := s.Serve(lis); err != nil { |
| 115 | fmt.Printf("Failed to serve: %v\n", err) |
| 116 | os.Exit(1) |
| 117 | } |
| 118 | |
| 119 | } |
| 120 | |
| 121 | func makeRootProvider(credsDirectory string) certprovider.Provider { |
| 122 | rootOptions := pemfile.Options{ |
no test coverage detected