|
@ -3,12 +3,14 @@ package security |
|
|
import ( |
|
|
import ( |
|
|
"crypto/tls" |
|
|
"crypto/tls" |
|
|
"crypto/x509" |
|
|
"crypto/x509" |
|
|
"github.com/spf13/viper" |
|
|
|
|
|
"io/ioutil" |
|
|
"io/ioutil" |
|
|
|
|
|
|
|
|
"github.com/chrislusf/seaweedfs/weed/glog" |
|
|
|
|
|
|
|
|
"github.com/spf13/viper" |
|
|
|
|
|
|
|
|
"google.golang.org/grpc" |
|
|
"google.golang.org/grpc" |
|
|
"google.golang.org/grpc/credentials" |
|
|
"google.golang.org/grpc/credentials" |
|
|
|
|
|
|
|
|
|
|
|
"github.com/chrislusf/seaweedfs/weed/glog" |
|
|
) |
|
|
) |
|
|
|
|
|
|
|
|
func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption { |
|
|
func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption { |
|
@ -19,12 +21,12 @@ func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption { |
|
|
// load cert/key, ca cert
|
|
|
// load cert/key, ca cert
|
|
|
cert, err := tls.LoadX509KeyPair(config.GetString(component+".cert"), config.GetString(component+".key")) |
|
|
cert, err := tls.LoadX509KeyPair(config.GetString(component+".cert"), config.GetString(component+".key")) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
glog.Errorf("load cert/key error: %v", err) |
|
|
|
|
|
|
|
|
glog.V(1).Infof("load cert/key error: %v", err) |
|
|
return nil |
|
|
return nil |
|
|
} |
|
|
} |
|
|
caCert, err := ioutil.ReadFile(config.GetString(component + ".ca")) |
|
|
caCert, err := ioutil.ReadFile(config.GetString(component + ".ca")) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
glog.Errorf("read ca cert file error: %v", err) |
|
|
|
|
|
|
|
|
glog.V(1).Infof("read ca cert file error: %v", err) |
|
|
return nil |
|
|
return nil |
|
|
} |
|
|
} |
|
|
caCertPool := x509.NewCertPool() |
|
|
caCertPool := x509.NewCertPool() |
|
@ -46,12 +48,12 @@ func LoadClientTLS(config *viper.Viper, component string) grpc.DialOption { |
|
|
// load cert/key, cacert
|
|
|
// load cert/key, cacert
|
|
|
cert, err := tls.LoadX509KeyPair(config.GetString(component+".cert"), config.GetString(component+".key")) |
|
|
cert, err := tls.LoadX509KeyPair(config.GetString(component+".cert"), config.GetString(component+".key")) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
glog.Errorf("load cert/key error: %v", err) |
|
|
|
|
|
|
|
|
glog.V(1).Infof("load cert/key error: %v", err) |
|
|
return grpc.WithInsecure() |
|
|
return grpc.WithInsecure() |
|
|
} |
|
|
} |
|
|
caCert, err := ioutil.ReadFile(config.GetString(component + ".ca")) |
|
|
caCert, err := ioutil.ReadFile(config.GetString(component + ".ca")) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
glog.Errorf("read ca cert file error: %v", err) |
|
|
|
|
|
|
|
|
glog.V(1).Infof("read ca cert file error: %v", err) |
|
|
return grpc.WithInsecure() |
|
|
return grpc.WithInsecure() |
|
|
} |
|
|
} |
|
|
caCertPool := x509.NewCertPool() |
|
|
caCertPool := x509.NewCertPool() |
|
|