comm

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2018 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
		"are not implemented with serverCreds")
	OverrrideHostnameNotSupportedError = errors.New(
		"core/comm: OverrideServerName is " +
			"not supported")
	MissingServerConfigError = errors.New(
		"core/comm: `serverConfig` cannot be nil")
)
View Source 
var EndpointDisableInterval = time.Second * 10

Functions

func AddPemToCertPool added in v1.1.0 

func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error

AddPemToCertPool adds PEM-encoded certs to a cert pool

func ClientKeepaliveOptions 

func ClientKeepaliveOptions(ka *KeepaliveOptions) []grpc.DialOption

ClientKeepaliveOptions returns gRPC keepalive options for clients. If opts is nil, the default keepalive options are returned

func ExtractCertificateHashFromContext added in v1.1.0 

func ExtractCertificateHashFromContext(ctx context.Context) []byte

ExtractCertificateHashFromContext extracts the hash of the certificate from the given context

func InitTLSForShim added in v1.1.0 

func InitTLSForShim(key, certStr string) credentials.TransportCredentials

func MaxRecvMsgSize 

func MaxRecvMsgSize() int

MaxRecvMsgSize returns the maximum message size in bytes that gRPC clients and servers can receive

func MaxSendMsgSize 

func MaxSendMsgSize() int

MaxSendMsgSize returns the maximum message size in bytes that gRPC clients and servers can send

func NewClientConnectionWithAddress 

func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool,
	creds credentials.TransportCredentials, ka *KeepaliveOptions) (*grpc.ClientConn, error)

NewClientConnectionWithAddress Returns a new grpc.ClientConn to the given address

func NewServerTransportCredentials 

func NewServerTransportCredentials(serverConfig *tls.Config) credentials.TransportCredentials

NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

func ServerKeepaliveOptions 

func ServerKeepaliveOptions(ka *KeepaliveOptions) []grpc.ServerOption

ServerKeepaliveOptions returns gRPC keepalive options for server. If opts is nil, the default keepalive options are returned

func SetMaxRecvMsgSize 

func SetMaxRecvMsgSize(size int)

SetMaxRecvMsgSize sets the maximum message size in bytes that gRPC clients and servers can receive

func SetMaxSendMsgSize 

func SetMaxSendMsgSize(size int)

SetMaxSendMsgSize sets the maximum message size in bytes that gRPC clients and servers can send

func TLSEnabled 

func TLSEnabled() bool

TLSEnabled return cached value for "peer.tls.enabled" configuration value

Types

type BindingInspector added in v1.1.0 

type BindingInspector func(context.Context, proto.Message) error

BindingInspector receives as parameters a gRPC context and an Envelope, and verifies whether the message contains an appropriate binding to the context

func NewBindingInspector added in v1.1.0 

func NewBindingInspector(mutualTLS bool, extractTLSCertHash CertHashExtractor) BindingInspector

NewBindingInspector returns a BindingInspector according to whether mutualTLS is configured or not, and according to a function that extracts TLS certificate hashes from proto messages

type CASupport 

type CASupport struct {
	sync.RWMutex
	AppRootCAsByChain     map[string][][]byte
	OrdererRootCAsByChain map[string][][]byte
	ClientRootCAs         [][]byte
	ServerRootCAs         [][]byte
}

CASupport type manages certificate authorities scoped by channel

func (*CASupport) GetClientRootCAs 

func (cas *CASupport) GetClientRootCAs() (appRootCAs, ordererRootCAs [][]byte)

GetClientRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted client roots for TLS servers.

func (*CASupport) GetServerRootCAs 

func (cas *CASupport) GetServerRootCAs() (appRootCAs, ordererRootCAs [][]byte)

GetServerRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted server roots for TLS clients.

type CertHashExtractor added in v1.1.0 

type CertHashExtractor func(proto.Message) []byte

CertHashExtractor extracts a certificate from a proto.Message message

type ClientConfig added in v1.1.0 

type ClientConfig struct {
	// SecOpts defines the security parameters
	SecOpts *SecureOptions
	// KaOpts defines the keepalive parameters
	KaOpts *KeepaliveOptions
	// Timeout specifies how long the client will block when attempting to
	// establish a connection
	Timeout time.Duration
}

ClientConfig defines the parameters for configuring a GRPCClient instance

type ConnectionFactory 

type ConnectionFactory func(endpoint string) (*grpc.ClientConn, error)

ConnectionFactory creates a connection to a certain endpoint

type ConnectionProducer 

type ConnectionProducer interface {
	// NewConnection creates a new connection.
	// Returns the connection, the endpoint selected, nil on success.
	// Returns nil, "", error on failure
	NewConnection() (*grpc.ClientConn, string, error)
	// UpdateEndpoints updates the endpoints of the ConnectionProducer
	// to be the given endpoints
	UpdateEndpoints(endpoints []string)
	// DisableEndpoint remove endpoint from endpoint for some time
	DisableEndpoint(endpoint string)
	// GetEndpoints return ordering service endpoints
	GetEndpoints() []string
}

ConnectionProducer produces connections out of a set of predefined endpoints

func NewConnectionProducer 

func NewConnectionProducer(factory ConnectionFactory, endpoints []string) ConnectionProducer

NewConnectionProducer creates a new ConnectionProducer with given endpoints and connection factory. It returns nil, if the given endpoints slice is empty.

type CredentialSupport added in v1.1.0 

type CredentialSupport struct {
	*CASupport
	// contains filtered or unexported fields
}

CredentialSupport type manages credentials used for gRPC client connections

func GetCredentialSupport added in v1.1.0 

func GetCredentialSupport() *CredentialSupport

GetCredentialSupport returns the singleton CredentialSupport instance

func (*CredentialSupport) GetClientCertificate added in v1.1.0 

func (cs *CredentialSupport) GetClientCertificate() tls.Certificate

GetClientCertificate returns the client certificate of the CredentialSupport

func (*CredentialSupport) GetDeliverServiceCredentials added in v1.1.0 

func (cs *CredentialSupport) GetDeliverServiceCredentials(channelID string) (credentials.TransportCredentials, error)

GetDeliverServiceCredentials returns GRPC transport credentials for given channel to be used by GRPC clients which communicate with ordering service endpoints. If the channel isn't found, error is returned.

func (*CredentialSupport) GetPeerCredentials added in v1.1.0 

func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

GetPeerCredentials returns GRPC transport credentials for use by GRPC clients which communicate with remote peer endpoints.

func (*CredentialSupport) SetClientCertificate added in v1.1.0 

func (cs *CredentialSupport) SetClientCertificate(cert tls.Certificate)

SetClientCertificate sets the tls.Certificate to use for gRPC client connections

type GRPCClient added in v1.1.0 

type GRPCClient interface {
	// Certificate returns the tls.Certificate used to make TLS connections
	// when client certificates are required by the server
	Certificate() tls.Certificate
	// TLSEnabled is a flag indicating whether to use TLS for client
	// connections
	TLSEnabled() bool
	// MutualTLSRequired is a flag indicating whether the client
	// must send a certificate when making TLS connections
	MutualTLSRequired() bool
	// SetMaxRecvMsgSize sets the maximum message size the client can receive
	SetMaxRecvMsgSize(size int)
	// SetMaxSendMsgSize sets the maximum message size the client can send
	SetMaxSendMsgSize(size int)
	// SetServerRootCAs sets the list of authorities used to verify server
	// certificates based on a list of PEM-encoded X509 certificate authorities
	SetServerRootCAs(clientRoots [][]byte) error
	// NewConnection returns a grpc.ClientConn for the target address and
	// overrides the server name used to verify the hostname on the
	// certificate returned by a server when using TLS
	NewConnection(address string, serverNameOverride string) (*grpc.ClientConn, error)
}

func NewGRPCClient added in v1.1.0 

func NewGRPCClient(config ClientConfig) (GRPCClient, error)

NewGRPCClient creates a new implementation of GRPCClient given an address and client configuration

type GRPCServer 

type GRPCServer interface {
	// Address returns the listen address for the GRPCServer
	Address() string
	// Start starts the underlying grpc.Server
	Start() error
	// Stop stops the underlying grpc.Server
	Stop()
	// Server returns the grpc.Server instance for the GRPCServer
	Server() *grpc.Server
	// Listener returns the net.Listener instance for the GRPCServer
	Listener() net.Listener
	// ServerCertificate returns the tls.Certificate used by the grpc.Server
	ServerCertificate() tls.Certificate
	// TLSEnabled is a flag indicating whether or not TLS is enabled for this
	// GRPCServer instance
	TLSEnabled() bool
	// MutualTLSRequired is a flag indicating whether or not client certificates
	// are required for this GRPCServer instance
	MutualTLSRequired() bool
	// AppendClientRootCAs appends PEM-encoded X509 certificate authorities to
	// the list of authorities used to verify client certificates
	AppendClientRootCAs(clientRoots [][]byte) error
	// RemoveClientRootCAs removes PEM-encoded X509 certificate authorities from
	// the list of authorities used to verify client certificates
	RemoveClientRootCAs(clientRoots [][]byte) error
	// SetClientRootCAs sets the list of authorities used to verify client
	// certificates based on a list of PEM-encoded X509 certificate authorities
	SetClientRootCAs(clientRoots [][]byte) error
	// SetServerCertificate assigns the current TLS certificate to be the peer's server certificate
	SetServerCertificate(tls.Certificate)
}

GRPCServer defines an interface representing a GRPC-based server

func NewGRPCServer 

func NewGRPCServer(address string, serverConfig ServerConfig) (GRPCServer, error)

NewGRPCServer creates a new implementation of a GRPCServer given a listen address

func NewGRPCServerFromListener 

func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig) (GRPCServer, error)

NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

type KeepaliveOptions 

type KeepaliveOptions struct {
	// ClientInterval is the duration after which if the client does not see
	// any activity from the server it pings the server to see if it is alive
	ClientInterval time.Duration
	// ClientTimeout is the duration the client waits for a response
	// from the server after sending a ping before closing the connection
	ClientTimeout time.Duration
	// ServerInterval is the duration after which if the server does not see
	// any activity from the client it pings the client to see if it is alive
	ServerInterval time.Duration
	// ServerTimeout is the duration the server waits for a response
	// from the client after sending a ping before closing the connection
	ServerTimeout time.Duration
	// ServerMinInterval is the minimum permitted time between client pings.
	// If clients send pings more frequently, the server will disconnect them
	ServerMinInterval time.Duration
}

KeepAliveOptions is used to set the gRPC keepalive settings for both clients and servers

func DefaultKeepaliveOptions added in v1.1.0 

func DefaultKeepaliveOptions() *KeepaliveOptions

DefaultKeepaliveOptions returns sane default keepalive settings for gRPC servers and clients

type SecureOptions added in v1.1.0 

type SecureOptions struct {
	// PEM-encoded X509 public key to be used for TLS communication
	Certificate []byte
	// PEM-encoded private key to be used for TLS communication
	Key []byte
	// Set of PEM-encoded X509 certificate authorities used by clients to
	// verify server certificates
	ServerRootCAs [][]byte
	// Set of PEM-encoded X509 certificate authorities used by servers to
	// verify client certificates
	ClientRootCAs [][]byte
	// Whether or not to use TLS for communication
	UseTLS bool
	// Whether or not TLS client must present certificates for authentication
	RequireClientCert bool
	// CipherSuites is a list of supported cipher suites for TLS
	CipherSuites []uint16
}

SecureOptions defines the security parameters (e.g. TLS) for a GRPCServer instance

type ServerConfig added in v1.1.0 

type ServerConfig struct {
	// SecOpts defines the security parameters
	SecOpts *SecureOptions
	// KaOpts defines the keepalive parameters
	KaOpts *KeepaliveOptions
}

ServerConfig defines the parameters for configuring a GRPCServer instance

Source Files

  • client.go
  • config.go
  • connection.go
  • creds.go
  • producer.go
  • server.go
  • util.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.