This is an automated email from the ASF dual-hosted git repository.
liujun pushed a commit to branch refactor-with-go
in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
The following commit(s) were added to refs/heads/refactor-with-go by this push:
new 067398a Introduce ca server (#984)
067398a is described below
commit 067398a82e9923654d1d33c467f95e59096de4bd
Author: Albumen Kevin <[email protected]>
AuthorDate: Tue Feb 21 10:09:01 2023 +0800
Introduce ca server (#984)
---
ca/go.mod | 29 +++++
ca/go.sum | 19 +++
ca/main.go | 143 ++++++++++++++++++++++
ca/v1alpha1/ca.pb.go | 301 ++++++++++++++++++++++++++++++++++++++++++++++
ca/v1alpha1/ca.proto | 45 +++++++
ca/v1alpha1/ca_grpc.pb.go | 108 +++++++++++++++++
6 files changed, 645 insertions(+)
diff --git a/ca/go.mod b/ca/go.mod
new file mode 100644
index 0000000..2f74f01
--- /dev/null
+++ b/ca/go.mod
@@ -0,0 +1,29 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+module github.com/apache/dubbo-admin/ca
+
+go 1.19
+
+require (
+ github.com/golang/protobuf v1.5.2 // indirect
+ golang.org/x/net v0.7.0 // indirect
+ golang.org/x/sys v0.5.0 // indirect
+ golang.org/x/text v0.7.0 // indirect
+ google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44 //
indirect
+ google.golang.org/grpc v1.53.0 // indirect
+ google.golang.org/protobuf v1.28.1 // indirect
+)
diff --git a/ca/go.sum b/ca/go.sum
new file mode 100644
index 0000000..d99aff2
--- /dev/null
+++ b/ca/go.sum
@@ -0,0 +1,19 @@
+github.com/golang/protobuf v1.5.0/go.mod
h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2
h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod
h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44
h1:EfLuoKW5WfkgVdDy7dTK8qSbH37AX5mj/MFh+bGPz14=
+google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod
h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.53.0/go.mod
h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod
h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod
h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.1
h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod
h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
diff --git a/ca/main.go b/ca/main.go
new file mode 100644
index 0000000..8d9eb59
--- /dev/null
+++ b/ca/main.go
@@ -0,0 +1,143 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package main
+
+import (
+ "bytes"
+ "context"
+ "crypto/rand"
+ "crypto/rsa"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "encoding/pem"
+ ca "github.com/apache/dubbo-admin/ca/v1alpha1"
+ "google.golang.org/grpc"
+ "log"
+ "math/big"
+ "net"
+ "time"
+)
+
+type DubboCertificateServiceServerImpl struct {
+ ca.UnimplementedDubboCertificateServiceServer
+
+ rootCert *x509.Certificate
+ pubKey string
+ privKey *rsa.PrivateKey
+}
+
+func (s *DubboCertificateServiceServerImpl) CreateCertificate(c
context.Context, req *ca.DubboCertificateRequest)
(*ca.DubboCertificateResponse, error) {
+ csr, _ := LoadCSR(req.Csr)
+ log.Printf("Receive csr request " + req.Csr)
+ csrTemplate := x509.Certificate{
+ Signature: csr.Signature,
+ SignatureAlgorithm: csr.SignatureAlgorithm,
+
+ PublicKeyAlgorithm: csr.PublicKeyAlgorithm,
+ PublicKey: csr.PublicKey,
+
+ SerialNumber: big.NewInt(2019),
+ Issuer: s.rootCert.Subject,
+ Subject: csr.Subject,
+ NotBefore: time.Now(),
+ NotAfter: time.Now().AddDate(0, 0, 1),
+ KeyUsage: x509.KeyUsageDigitalSignature,
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+ }
+ csrTemplate.DNSNames = csr.DNSNames
+
+ result, err := x509.CreateCertificate(rand.Reader, &csrTemplate,
s.rootCert, csrTemplate.PublicKey, s.privKey)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ pubPEM := new(bytes.Buffer)
+ pem.Encode(pubPEM, &pem.Block{
+ Type: "CERTIFICATE",
+ Bytes: result,
+ })
+ pub := pubPEM.String()
+ log.Printf("Sign csr request " + pub)
+
+ puba := pub
+ return &ca.DubboCertificateResponse{
+ PublicKey: puba,
+ TrustCerts: []string{s.pubKey},
+ ExpireTime: time.Now().AddDate(0, 0, 1).UnixMilli(),
+ }, nil
+}
+
+func LoadCSR(csrString string) (*x509.CertificateRequest, error) {
+ block, _ := pem.Decode([]byte(csrString))
+ csr, _ := x509.ParseCertificateRequest(block.Bytes)
+
+ return csr, nil
+}
+
+func main() {
+ cert := &x509.Certificate{
+ SerialNumber: big.NewInt(2019),
+ Subject: pkix.Name{
+ CommonName: "Dubbo",
+ Organization: []string{"Apache Dubbo"},
+ },
+ NotBefore: time.Now(),
+ NotAfter: time.Now().AddDate(1, 0, 0),
+ IsCA: true,
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+ KeyUsage: x509.KeyUsageDigitalSignature |
x509.KeyUsageCertSign,
+ BasicConstraintsValid: true,
+ }
+
+ caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ caBytes, err := x509.CreateCertificate(rand.Reader, cert, cert,
&caPrivKey.PublicKey, caPrivKey)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ caPEM := new(bytes.Buffer)
+ pem.Encode(caPEM, &pem.Block{
+ Type: "CERTIFICATE",
+ Bytes: caBytes,
+ })
+ log.Printf(caPEM.String())
+
+ caPrivKeyPEM := new(bytes.Buffer)
+ pem.Encode(caPrivKeyPEM, &pem.Block{
+ Type: "RSA PRIVATE KEY",
+ Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+ })
+ log.Printf(caPrivKeyPEM.String())
+
+ impl := &DubboCertificateServiceServerImpl{
+ rootCert: cert,
+ pubKey: caPEM.String(),
+ privKey: caPrivKey,
+ }
+ //impl.CreateCertificate(nil, &ca.DubboCertificateRequest{Csr:
"-----BEGIN CERTIFICATE
REQUEST-----\nMIHTMHsCAQAwGTEXMBUGA1UECgwOY2x1c3Rlci5kb21haW4wWTATBgcqhkjOPQIB\nBggqhkjOPQMBBwNCAAQzg1QJajZxbYJOODjl+33guXFHR1Ryit2H5B6qRTC9Dpsl\nYSccYbRzWUnr4m0BLJyXMnZoEEV5zDo67eWzzEhnoAAwCgYIKoZIzj0EAwIDSAAw\nRQIhAM5oYu1r6ceV2SFgJUVrwYsq8ztuN4C0BUM9M3eJJmPfAiBVvnwRCMBkGhOs\nD+RtZ3fXn6aOxQvUMEZiywj9OcYnVA==\n-----END
CERTIFICATE REQUEST-----"})
+
+ grpcServer := grpc.NewServer()
+ ca.RegisterDubboCertificateServiceServer(grpcServer, impl)
+
+ lis, err := net.Listen("tcp", ":1234")
+ if err != nil {
+ log.Fatal(err)
+ }
+ grpcServer.Serve(lis)
+}
diff --git a/ca/v1alpha1/ca.pb.go b/ca/v1alpha1/ca.pb.go
new file mode 100644
index 0000000..7d72b56
--- /dev/null
+++ b/ca/v1alpha1/ca.pb.go
@@ -0,0 +1,301 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.28.1
+// protoc v3.21.6
+// source: v1alpha1/ca.proto
+
+// Keep this package for backward compatibility.
+
+package v1alpha1
+
+import (
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ structpb "google.golang.org/protobuf/types/known/structpb"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Certificate request message. The authentication should be based on:
+// 1. Bearer tokens carried in the side channel;
+// 2. Client-side certificate via Mutual TLS handshake.
+// Note: the service implementation is REQUIRED to verify the authenticated
caller is authorize to
+// all SANs in the CSR. The server side may overwrite any requested
certificate field based on its
+// policies.
+type DubboCertificateRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // PEM-encoded certificate request.
+ // The public key in the CSR is used to generate the certificate,
+ // and other fields in the generated certificate may be overwritten by
the CA.
+ Csr string `protobuf:"bytes,1,opt,name=csr,proto3"
json:"csr,omitempty"`
+ Type string `protobuf:"bytes,2,opt,name=type,proto3"
json:"type,omitempty"`
+ // $hide_from_docs
+ // Optional: Opaque metadata provided by the XDS node to Istio.
+ // Supported metadata: WorkloadName, WorkloadIP, ClusterID
+ Metadata *structpb.Struct `protobuf:"bytes,3,opt,name=metadata,proto3"
json:"metadata,omitempty"`
+}
+
+func (x *DubboCertificateRequest) Reset() {
+ *x = DubboCertificateRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_v1alpha1_ca_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DubboCertificateRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DubboCertificateRequest) ProtoMessage() {}
+
+func (x *DubboCertificateRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_v1alpha1_ca_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DubboCertificateRequest.ProtoReflect.Descriptor instead.
+func (*DubboCertificateRequest) Descriptor() ([]byte, []int) {
+ return file_v1alpha1_ca_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DubboCertificateRequest) GetCsr() string {
+ if x != nil {
+ return x.Csr
+ }
+ return ""
+}
+
+func (x *DubboCertificateRequest) GetType() string {
+ if x != nil {
+ return x.Type
+ }
+ return ""
+}
+
+func (x *DubboCertificateRequest) GetMetadata() *structpb.Struct {
+ if x != nil {
+ return x.Metadata
+ }
+ return nil
+}
+
+// Certificate response message.
+type DubboCertificateResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // PEM-encoded certificate chain.
+ // The leaf cert is the first element, and the root cert is the last
element.
+ PublicKey string
`protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3"
json:"public_key,omitempty"`
+ TrustCerts []string
`protobuf:"bytes,2,rep,name=trust_certs,json=trustCerts,proto3"
json:"trust_certs,omitempty"`
+ ExpireTime int64
`protobuf:"varint,3,opt,name=expire_time,json=expireTime,proto3"
json:"expire_time,omitempty"`
+}
+
+func (x *DubboCertificateResponse) Reset() {
+ *x = DubboCertificateResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_v1alpha1_ca_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *DubboCertificateResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DubboCertificateResponse) ProtoMessage() {}
+
+func (x *DubboCertificateResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_v1alpha1_ca_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DubboCertificateResponse.ProtoReflect.Descriptor instead.
+func (*DubboCertificateResponse) Descriptor() ([]byte, []int) {
+ return file_v1alpha1_ca_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *DubboCertificateResponse) GetPublicKey() string {
+ if x != nil {
+ return x.PublicKey
+ }
+ return ""
+}
+
+func (x *DubboCertificateResponse) GetTrustCerts() []string {
+ if x != nil {
+ return x.TrustCerts
+ }
+ return nil
+}
+
+func (x *DubboCertificateResponse) GetExpireTime() int64 {
+ if x != nil {
+ return x.ExpireTime
+ }
+ return 0
+}
+
+var File_v1alpha1_ca_proto protoreflect.FileDescriptor
+
+var file_v1alpha1_ca_proto_rawDesc = []byte{
+ 0x0a, 0x11, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63,
0x61, 0x2e, 0x70, 0x72,
+ 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x6f, 0x72, 0x67, 0x2e, 0x61, 0x70, 0x61,
0x63, 0x68, 0x65, 0x2e,
+ 0x64, 0x75, 0x62, 0x62, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76,
0x31, 0x61, 0x6c, 0x70,
+ 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e,
0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x22, 0x74, 0x0a, 0x17, 0x44, 0x75, 0x62, 0x62, 0x6f, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66,
+ 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x12, 0x10, 0x0a, 0x03,
+ 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x63,
0x73, 0x72, 0x12, 0x12,
+ 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x04, 0x74, 0x79,
+ 0x70, 0x65, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
0x74, 0x61, 0x18, 0x03,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
0x65, 0x2e, 0x70, 0x72,
+ 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63,
0x74, 0x52, 0x08, 0x6d,
+ 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x7b, 0x0a, 0x18, 0x44,
0x75, 0x62, 0x62, 0x6f,
+ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69,
0x63, 0x5f, 0x6b, 0x65,
+ 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x75, 0x62,
0x6c, 0x69, 0x63, 0x4b,
+ 0x65, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f,
0x63, 0x65, 0x72, 0x74,
+ 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x72, 0x75,
0x73, 0x74, 0x43, 0x65,
+ 0x72, 0x74, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x69, 0x72,
0x65, 0x5f, 0x74, 0x69,
+ 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x65, 0x78,
0x70, 0x69, 0x72, 0x65,
+ 0x54, 0x69, 0x6d, 0x65, 0x32, 0xa4, 0x01, 0x0a, 0x17, 0x44, 0x75, 0x62,
0x62, 0x6f, 0x43, 0x65,
+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72,
0x76, 0x69, 0x63, 0x65,
+ 0x12, 0x88, 0x01, 0x0a, 0x11, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43,
0x65, 0x72, 0x74, 0x69,
+ 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x37, 0x2e, 0x6f, 0x72, 0x67,
0x2e, 0x61, 0x70, 0x61,
+ 0x63, 0x68, 0x65, 0x2e, 0x64, 0x75, 0x62, 0x62, 0x6f, 0x2e, 0x61, 0x75,
0x74, 0x68, 0x2e, 0x76,
+ 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x75, 0x62, 0x62,
0x6f, 0x43, 0x65, 0x72,
+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a,
+ 0x38, 0x2e, 0x6f, 0x72, 0x67, 0x2e, 0x61, 0x70, 0x61, 0x63, 0x68, 0x65,
0x2e, 0x64, 0x75, 0x62,
+ 0x62, 0x6f, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
0x70, 0x68, 0x61, 0x31,
+ 0x2e, 0x44, 0x75, 0x62, 0x62, 0x6f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74,
+ 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42,
0x2d, 0x50, 0x01, 0x5a,
+ 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
0x61, 0x70, 0x61, 0x63,
+ 0x68, 0x65, 0x2f, 0x64, 0x75, 0x62, 0x62, 0x6f, 0x2d, 0x61, 0x64, 0x6d,
0x69, 0x6e, 0x2f, 0x63,
+ 0x61, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x33,
+}
+
+var (
+ file_v1alpha1_ca_proto_rawDescOnce sync.Once
+ file_v1alpha1_ca_proto_rawDescData = file_v1alpha1_ca_proto_rawDesc
+)
+
+func file_v1alpha1_ca_proto_rawDescGZIP() []byte {
+ file_v1alpha1_ca_proto_rawDescOnce.Do(func() {
+ file_v1alpha1_ca_proto_rawDescData =
protoimpl.X.CompressGZIP(file_v1alpha1_ca_proto_rawDescData)
+ })
+ return file_v1alpha1_ca_proto_rawDescData
+}
+
+var file_v1alpha1_ca_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_v1alpha1_ca_proto_goTypes = []interface{}{
+ (*DubboCertificateRequest)(nil), // 0:
org.apache.dubbo.auth.v1alpha1.DubboCertificateRequest
+ (*DubboCertificateResponse)(nil), // 1:
org.apache.dubbo.auth.v1alpha1.DubboCertificateResponse
+ (*structpb.Struct)(nil), // 2: google.protobuf.Struct
+}
+var file_v1alpha1_ca_proto_depIdxs = []int32{
+ 2, // 0:
org.apache.dubbo.auth.v1alpha1.DubboCertificateRequest.metadata:type_name ->
google.protobuf.Struct
+ 0, // 1:
org.apache.dubbo.auth.v1alpha1.DubboCertificateService.CreateCertificate:input_type
-> org.apache.dubbo.auth.v1alpha1.DubboCertificateRequest
+ 1, // 2:
org.apache.dubbo.auth.v1alpha1.DubboCertificateService.CreateCertificate:output_type
-> org.apache.dubbo.auth.v1alpha1.DubboCertificateResponse
+ 2, // [2:3] is the sub-list for method output_type
+ 1, // [1:2] is the sub-list for method input_type
+ 1, // [1:1] is the sub-list for extension type_name
+ 1, // [1:1] is the sub-list for extension extendee
+ 0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_v1alpha1_ca_proto_init() }
+func file_v1alpha1_ca_proto_init() {
+ if File_v1alpha1_ca_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_v1alpha1_ca_proto_msgTypes[0].Exporter = func(v
interface{}, i int) interface{} {
+ switch v := v.(*DubboCertificateRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_v1alpha1_ca_proto_msgTypes[1].Exporter = func(v
interface{}, i int) interface{} {
+ switch v := v.(*DubboCertificateResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_v1alpha1_ca_proto_rawDesc,
+ NumEnums: 0,
+ NumMessages: 2,
+ NumExtensions: 0,
+ NumServices: 1,
+ },
+ GoTypes: file_v1alpha1_ca_proto_goTypes,
+ DependencyIndexes: file_v1alpha1_ca_proto_depIdxs,
+ MessageInfos: file_v1alpha1_ca_proto_msgTypes,
+ }.Build()
+ File_v1alpha1_ca_proto = out.File
+ file_v1alpha1_ca_proto_rawDesc = nil
+ file_v1alpha1_ca_proto_goTypes = nil
+ file_v1alpha1_ca_proto_depIdxs = nil
+}
diff --git a/ca/v1alpha1/ca.proto b/ca/v1alpha1/ca.proto
new file mode 100644
index 0000000..77d8fc0
--- /dev/null
+++ b/ca/v1alpha1/ca.proto
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+import "google/protobuf/struct.proto";
+
+package org.apache.dubbo.auth.v1alpha1;
+
+option go_package = "github.com/apache/dubbo-admin/ca/v1alpha1";
+option java_multiple_files = true;
+
+
+message DubboCertificateRequest {
+ string csr = 1;
+ string type = 2;
+
+ google.protobuf.Struct metadata = 3;
+}
+
+message DubboCertificateResponse {
+ string public_key = 1;
+ repeated string trust_certs = 2;
+ int64 expire_time = 3;
+}
+
+service DubboCertificateService {
+ rpc CreateCertificate(DubboCertificateRequest)
+ returns (DubboCertificateResponse) {
+ }
+}
diff --git a/ca/v1alpha1/ca_grpc.pb.go b/ca/v1alpha1/ca_grpc.pb.go
new file mode 100644
index 0000000..c71e1af
--- /dev/null
+++ b/ca/v1alpha1/ca_grpc.pb.go
@@ -0,0 +1,108 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc v3.21.6
+// source: v1alpha1/ca.proto
+
+package v1alpha1
+
+import (
+ context "context"
+ grpc "google.golang.org/grpc"
+ codes "google.golang.org/grpc/codes"
+ status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+// DubboCertificateServiceClient is the client API for DubboCertificateService
service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please
refer to
https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type DubboCertificateServiceClient interface {
+ // Using provided CSR, returns a signed certificate.
+ CreateCertificate(ctx context.Context, in *DubboCertificateRequest,
opts ...grpc.CallOption) (*DubboCertificateResponse, error)
+}
+
+type dubboCertificateServiceClient struct {
+ cc grpc.ClientConnInterface
+}
+
+func NewDubboCertificateServiceClient(cc grpc.ClientConnInterface)
DubboCertificateServiceClient {
+ return &dubboCertificateServiceClient{cc}
+}
+
+func (c *dubboCertificateServiceClient) CreateCertificate(ctx context.Context,
in *DubboCertificateRequest, opts ...grpc.CallOption)
(*DubboCertificateResponse, error) {
+ out := new(DubboCertificateResponse)
+ err := c.cc.Invoke(ctx,
"/org.apache.dubbo.auth.v1alpha1.DubboCertificateService/CreateCertificate",
in, out, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+// DubboCertificateServiceServer is the server API for DubboCertificateService
service.
+// All implementations must embed UnimplementedDubboCertificateServiceServer
+// for forward compatibility
+type DubboCertificateServiceServer interface {
+ // Using provided CSR, returns a signed certificate.
+ CreateCertificate(context.Context, *DubboCertificateRequest)
(*DubboCertificateResponse, error)
+ mustEmbedUnimplementedDubboCertificateServiceServer()
+}
+
+// UnimplementedDubboCertificateServiceServer must be embedded to have forward
compatible implementations.
+type UnimplementedDubboCertificateServiceServer struct {
+}
+
+func (UnimplementedDubboCertificateServiceServer)
CreateCertificate(context.Context, *DubboCertificateRequest)
(*DubboCertificateResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method
CreateCertificate not implemented")
+}
+func (UnimplementedDubboCertificateServiceServer)
mustEmbedUnimplementedDubboCertificateServiceServer() {
+}
+
+// UnsafeDubboCertificateServiceServer may be embedded to opt out of forward
compatibility for this service.
+// Use of this interface is not recommended, as added methods to
DubboCertificateServiceServer will
+// result in compilation errors.
+type UnsafeDubboCertificateServiceServer interface {
+ mustEmbedUnimplementedDubboCertificateServiceServer()
+}
+
+func RegisterDubboCertificateServiceServer(s grpc.ServiceRegistrar, srv
DubboCertificateServiceServer) {
+ s.RegisterService(&DubboCertificateService_ServiceDesc, srv)
+}
+
+func _DubboCertificateService_CreateCertificate_Handler(srv interface{}, ctx
context.Context, dec func(interface{}) error, interceptor
grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(DubboCertificateRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return
srv.(DubboCertificateServiceServer).CreateCertificate(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod:
"/org.apache.dubbo.auth.v1alpha1.DubboCertificateService/CreateCertificate",
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{},
error) {
+ return
srv.(DubboCertificateServiceServer).CreateCertificate(ctx,
req.(*DubboCertificateRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+// DubboCertificateService_ServiceDesc is the grpc.ServiceDesc for
DubboCertificateService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var DubboCertificateService_ServiceDesc = grpc.ServiceDesc{
+ ServiceName: "org.apache.dubbo.auth.v1alpha1.DubboCertificateService",
+ HandlerType: (*DubboCertificateServiceServer)(nil),
+ Methods: []grpc.MethodDesc{
+ {
+ MethodName: "CreateCertificate",
+ Handler:
_DubboCertificateService_CreateCertificate_Handler,
+ },
+ },
+ Streams: []grpc.StreamDesc{},
+ Metadata: "v1alpha1/ca.proto",
+}
