/* * * Copyright 2022 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ // Binary server is an example server which authenticates clients using mTLS. package main import ( "context" "crypto/tls" "crypto/x509" "flag" "fmt" "log" "net" "os" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/examples/data" pb "google.golang.org/grpc/examples/features/proto/echo" ) var port = flag.Int("port", 50051, "the port to serve on") type ecServer struct { pb.UnimplementedEchoServer } func (s *ecServer) UnaryEcho(_ context.Context, req *pb.EchoRequest) (*pb.EchoResponse, error) { return &pb.EchoResponse{Message: req.Message}, nil } func main() { flag.Parse() log.Printf("server starting on port %d...\n", *port) cert, err := tls.LoadX509KeyPair(data.Path("x509/server_cert.pem"), data.Path("x509/server_key.pem")) if err != nil { log.Fatalf("failed to load key pair: %s", err) } ca := x509.NewCertPool() caFilePath := data.Path("x509/client_ca_cert.pem") caBytes, err := os.ReadFile(caFilePath) if err != nil { log.Fatalf("failed to read ca cert %q: %v", caFilePath, err) } if ok := ca.AppendCertsFromPEM(caBytes); !ok { log.Fatalf("failed to parse %q", caFilePath) } tlsConfig := &tls.Config{ ClientAuth: tls.RequireAndVerifyClientCert, Certificates: []tls.Certificate{cert}, ClientCAs: ca, } s := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConfig))) pb.RegisterEchoServer(s, &ecServer{}) lis, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", *port)) if err != nil { log.Fatalf("failed to listen: %v", err) } if err := s.Serve(lis); err != nil { log.Fatalf("failed to serve: %v", err) } }