2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-06-13 05:40:27 -04:00
|
|
|
package dialer
|
2022-04-28 03:49:15 -04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"net"
|
|
|
|
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
|
2022-04-28 03:49:15 -04:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/credentials/insecure"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Dialer can open grpc client connections with different levels of ATLS encryption / verification.
|
|
|
|
type Dialer struct {
|
2022-06-13 05:40:27 -04:00
|
|
|
issuer atls.Issuer
|
2022-04-28 03:49:15 -04:00
|
|
|
validator atls.Validator
|
|
|
|
netDialer NetDialer
|
|
|
|
}
|
|
|
|
|
2022-06-13 05:40:27 -04:00
|
|
|
// New creates a new Dialer.
|
|
|
|
func New(issuer atls.Issuer, validator atls.Validator, netDialer NetDialer) *Dialer {
|
2022-04-28 03:49:15 -04:00
|
|
|
return &Dialer{
|
2022-06-13 05:40:27 -04:00
|
|
|
issuer: issuer,
|
2022-04-28 03:49:15 -04:00
|
|
|
validator: validator,
|
|
|
|
netDialer: netDialer,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Dial creates a new grpc client connection to the given target using the atls validator.
|
|
|
|
func (d *Dialer) Dial(ctx context.Context, target string) (*grpc.ClientConn, error) {
|
2022-06-15 09:57:36 -04:00
|
|
|
var validators []atls.Validator
|
|
|
|
if d.validator != nil {
|
|
|
|
validators = append(validators, d.validator)
|
|
|
|
}
|
|
|
|
credentials := atlscredentials.New(d.issuer, validators)
|
2022-04-28 03:49:15 -04:00
|
|
|
|
|
|
|
return grpc.DialContext(ctx, target,
|
|
|
|
d.grpcWithDialer(),
|
2022-06-13 05:40:27 -04:00
|
|
|
grpc.WithTransportCredentials(credentials),
|
2022-04-28 03:49:15 -04:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DialInsecure creates a new grpc client connection to the given target without using encryption or verification.
|
|
|
|
// Only use this method when using another kind of encryption / verification (VPN, etc).
|
|
|
|
func (d *Dialer) DialInsecure(ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
|
|
return grpc.DialContext(ctx, target,
|
|
|
|
d.grpcWithDialer(),
|
|
|
|
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DialNoVerify creates a new grpc client connection to the given target without verifying the server's attestation.
|
|
|
|
func (d *Dialer) DialNoVerify(ctx context.Context, target string) (*grpc.ClientConn, error) {
|
2022-06-13 05:40:27 -04:00
|
|
|
credentials := atlscredentials.New(nil, nil)
|
2022-04-28 03:49:15 -04:00
|
|
|
|
|
|
|
return grpc.DialContext(ctx, target,
|
|
|
|
d.grpcWithDialer(),
|
2022-06-13 05:40:27 -04:00
|
|
|
grpc.WithTransportCredentials(credentials),
|
2022-04-28 03:49:15 -04:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Dialer) grpcWithDialer() grpc.DialOption {
|
|
|
|
return grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) {
|
|
|
|
return d.netDialer.DialContext(ctx, "tcp", addr)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// NetDialer implements the net Dialer interface.
|
|
|
|
type NetDialer interface {
|
|
|
|
DialContext(ctx context.Context, network, address string) (net.Conn, error)
|
|
|
|
}
|