go-grpc 3.SSL/TLS

30 阅读1分钟

下载配置openssl

在根目录下创建key文件夹,cd key

1.生成私钥: openssl genrsa -out server.key 2048

2.生成证书 全部回车: openssl req -new -x509 -key server.key -out server.crt -days 36500

3.生成csr: openssl req -new -key server.key -out server.csr

更改openssl.cnf(Linux下 openssl version -a 可以查看openssldir,找到cnf文件)

  • 1.复制一份cnf到项目目录
  • 2.找到[ CA _default ]打开 copy_extensions=copy(去掉#)
  • 3.找到[ req ],打开req_extension = v3_req
  • 4.找到[ V3_req ],添加subjectAltName=@alt_names
  • 5.添加新的标签[ alt_names ],和标签字段
  • DNS.1=*.kuangstudy.com

  • 生成证书私钥test.key: openssl genpkey -algorithm RSA -out test.key

  • #通过私钥test.key申城证书请求文件test.csr(注意cfg cnf): openssl req -new -nodes -key test.key -out test.csr -days 3650 -subj "/C=cn/OU=mysor/O=mycomp/CN=myname" -config ./openssl.cnf -extensions v3_req

  • #test.csr是上面生成的证书请求文件 ca.crt/server.key是CA证书文件和key,用来对test.csr进行签名认证

  • #生成SAN证书 pem:openssl x509 -req -days 365 -in test.csr -out test.pem -CA server.crt -CAkey server.key -CAcreateserial -extfile ./openssl.cnf -extensions v3_req

package main

import (
    "context"
    "fmt"
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
    "net"
    pb "xxb-grpc-study/hello-server/proto"
)

type server struct {
    pb.UnimplementedSayHelloServer
}

func (s *server) SayHello(ctx context.Context, req *pb.HelloRequest) (*pb.HelloResponse, error) {
    fmt.Printf("diao yong cheng gong")
    return &pb.HelloResponse{ResponseMsg: "hello" + req.RequestName}, nil
}

func main() {
    //TSL ren zheng : pem key

    creds, _ := credentials.NewServerTLSFromFile("/home/tyler/workspace/go/xxb-grpc-study/key/test.pem", "/home/tyler/workspace/go/xxb-grpc-study/key/test.key")

    //kaiqi duankou
    listen, err1 := net.Listen("tcp", ":9090")
    if err1 != nil {
       fmt.Println("lian jie shi bai")
       return
    } else {
       fmt.Printf("connect successful")
    }
    //chuangjian grpc fuwu
    grpcServer := grpc.NewServer(grpc.Creds(creds))

    //zai gprc feuwuduan kaiqi ziji fuwu
    pb.RegisterSayHelloServer(grpcServer, &server{})

    //qidong  fuwu
    err_server := grpcServer.Serve(listen)
    if err_server != nil {
       fmt.Printf("failed to server : %v", err_server)
       return
    }
}
package main

import (
    "context"
    "fmt"
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
    "log"
    pb "xxb-grpc-study/hello-server/proto"
)

func main() {
    // zheng shu
    creds, _ := credentials.NewClientTLSFromFile("/home/tyler/workspace/go/xxb-grpc-study/key/test.pem", "*.kuangstudy.com")

    //lianjie dao serverduan ,jin yong anquan chuanshu ,wu jiami he yanzheng
    conn, err := grpc.Dial("127.0.0.1:9090", grpc.WithTransportCredentials(creds))
    if err != nil {
       log.Fatalf("did not connect : %v", err)
       fmt.Printf("client don`t connect")
    } else {
       fmt.Println("connect server successfully")
    }
    defer conn.Close()

    //jian li lian jie
    client := pb.NewSayHelloClient(conn)

    //rpc yuan cheng diao yong
    resp, _ := client.SayHello(context.Background(), &pb.HelloRequest{RequestName: "kuangshen"})

    fmt.Println(resp.GetResponseMsg())
}