decozo
/
okapidemo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename certgen -> cryptoutil

Browse Source
master
Bas Kloosterman 12 months ago
parent b90d8fe800
commit 1670759499
9 changed files with 24 additions and 23 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      cryptoutil/certgen.go
  2. 4
      dvzaservice/main.go
  3. 6
      dvzaservice/openapisrv.go
  4. 4
      his/openapiclient.go
  5. 10
      his/srv.go
  6. 4
      sharedmodel/auth.go
  7. 4
      sharedmodel/registration.go
  8. 5
      whiteboxservice/main.go
  9. 8
      whiteboxservice/openapisrv.go

2
certgen/certgen.go → cryptoutil/certgen.go
Unescape View File

@ -1,4 +1,4 @@
package certgen package cryptoutil
import ( import (
"bytes" "bytes"

4
dvzaservice/main.go
Unescape View File

@ -12,8 +12,8 @@ import (
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
) )
var rpcPort = "9999" var rpcPort = "9999"
@ -25,7 +25,7 @@ func loadCert() *tls.Certificate {
_, err := os.Stat("certs/client.crt") _, err := os.Stat("certs/client.crt")
if err != nil { if err != nil {
_, _, certPem, keyPem, err := certgen.GenCert("dvza", "dvza") _, _, certPem, keyPem, err := cryptoutil.GenCert("dvza", "dvza")
if err != nil { if err != nil {
panic(err) panic(err)

6
dvzaservice/openapisrv.go
Unescape View File

@ -13,8 +13,8 @@ import (
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/structpb"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
"src.whiteboxsystems.nl/decozo/okapidemo/dvzaservice/model" "src.whiteboxsystems.nl/decozo/okapidemo/dvzaservice/model"
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" "src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel"
) )
@ -59,7 +59,7 @@ func requireConnection(db *gorm.DB, ctx context.Context) (*sharedmodel.Connectio
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok {
item := mtls.State.PeerCertificates[0] item := mtls.State.PeerCertificates[0]
log.Println("request certificate subject:", item.Subject) log.Println("request certificate subject:", item.Subject)
pk, err := certgen.PublicKeyToJWK(item.PublicKey) pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey)
if err != nil { if err != nil {
return nil, errNotAuthorized return nil, errNotAuthorized
} }
@ -240,7 +240,7 @@ func (srv *OkAPIServer) CompleteRegistration(
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok {
item := mtls.State.PeerCertificates[0] item := mtls.State.PeerCertificates[0]
pk, err := certgen.PublicKeyToJWK(item.PublicKey) pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey)
if err != nil { if err != nil {
return nil, errNotAuthorized return nil, errNotAuthorized
} }

4
his/openapiclient.go
Unescape View File

@ -11,8 +11,8 @@ import (
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/structpb"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
"src.whiteboxsystems.nl/decozo/okapidemo/his/model" "src.whiteboxsystems.nl/decozo/okapidemo/his/model"
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" "src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel"
) )
@ -88,7 +88,7 @@ func (srv *HISServer) register(addr string) (*model.ServiceProvider, error) {
return nil, err return nil, err
} }
jwkBytes, err := certgen.PublicKeyToJWKJson(certgen.ExtractPublicKey(srv.clientCert.PrivateKey)) jwkBytes, err := cryptoutil.PublicKeyToJWKJson(cryptoutil.ExtractPublicKey(srv.clientCert.PrivateKey))
if err != nil { if err != nil {
return nil, err return nil, err

10
his/srv.go
Unescape View File

@ -18,8 +18,8 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
"src.whiteboxsystems.nl/decozo/okapidemo/his/model" "src.whiteboxsystems.nl/decozo/okapidemo/his/model"
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" "src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel"
) )
@ -28,7 +28,7 @@ func loadCert() *tls.Certificate {
_, err := os.Stat("certs/client.crt") _, err := os.Stat("certs/client.crt")
if err != nil { if err != nil {
_, _, certPem, keyPem, err := certgen.GenCert("whitebox", "whitebox") _, _, certPem, keyPem, err := cryptoutil.GenCert("whitebox", "whitebox")
if err != nil { if err != nil {
panic(err) panic(err)
@ -266,7 +266,7 @@ func (srv *HISServer) Authenticate(c *gin.Context) {
raw := "" raw := ""
method := "" method := ""
if len(c.Request.TLS.PeerCertificates) > 0 { if len(c.Request.TLS.PeerCertificates) > 0 {
jwk, err := certgen.PublicKeyToJWK(c.Request.TLS.PeerCertificates[0].PublicKey) jwk, err := cryptoutil.PublicKeyToJWK(c.Request.TLS.PeerCertificates[0].PublicKey)
if err != nil { if err != nil {
log.Printf("Error extracting public key JKW: %v", err) log.Printf("Error extracting public key JKW: %v", err)
@ -568,7 +568,7 @@ func (srv *HISServer) GetPatient(c *gin.Context) {
return return
} }
f, err := os.Open(path.Join("./data/patients", patient.FileBase+".edi")) f, err := os.Open(path.Join("./patients", patient.FileBase+".edi"))
if err != nil { if err != nil {
c.Error(err) c.Error(err)
return return
@ -599,7 +599,7 @@ func (srv *HISServer) GetFHIRPatient(c *gin.Context) {
return return
} }
f, err := os.Open(path.Join("./data/patients", patient.FileBase+".fhir.json")) f, err := os.Open(path.Join("./patients", patient.FileBase+".fhir.json"))
if err != nil { if err != nil {
c.Error(err) c.Error(err)
return return

4
sharedmodel/auth.go
Unescape View File

@ -6,8 +6,8 @@ import (
"google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/structpb"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
) )
const AuthMethodDecozoMTLS = "http://decozo.org/proto/auth/mtls" const AuthMethodDecozoMTLS = "http://decozo.org/proto/auth/mtls"
@ -56,7 +56,7 @@ func NewAuthConfig(cfg *okapi.ProtocolAuthConfiguration) *AuthConfig {
authConfig.Raw, _ = cfg.GetConfiguration().AsMap()["token"].(string) authConfig.Raw, _ = cfg.GetConfiguration().AsMap()["token"].(string)
case AuthMethodDecozoMTLS: case AuthMethodDecozoMTLS:
k, _ := cfg.GetConfiguration().AsMap()["publicKey"].(string) k, _ := cfg.GetConfiguration().AsMap()["publicKey"].(string)
jwk, _ := certgen.StringToJWK(k) jwk, _ := cryptoutil.StringToJWK(k)
if jwk != nil { if jwk != nil {
rawBytes, _ := jwk.Thumbprint(crypto.SHA256) rawBytes, _ := jwk.Thumbprint(crypto.SHA256)
authConfig.Raw = fmt.Sprintf("%X", rawBytes) authConfig.Raw = fmt.Sprintf("%X", rawBytes)

4
sharedmodel/registration.go
Unescape View File

@ -5,8 +5,8 @@ import (
"fmt" "fmt"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
) )
type RegistrationStatus string type RegistrationStatus string
@ -35,7 +35,7 @@ func (r *Registration) SetAuthConfig(cfg *okapi.XISAuthConfiguration) error {
switch cfg.Method { switch cfg.Method {
case okapi.XISAuthMethod_mTLS: case okapi.XISAuthMethod_mTLS:
k, err := certgen.StringToJWK(cfg.GetMtlsConfiguration().GetPublicKey()) k, err := cryptoutil.StringToJWK(cfg.GetMtlsConfiguration().GetPublicKey())
if err != nil { if err != nil {
return err return err

5
whiteboxservice/main.go
Unescape View File

@ -12,8 +12,8 @@ import (
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
) )
var rpcPort = "8888" var rpcPort = "8888"
@ -27,7 +27,7 @@ func loadCert() *tls.Certificate {
_, err := os.Stat("certs/client.crt") _, err := os.Stat("certs/client.crt")
if err != nil { if err != nil {
_, _, certPem, keyPem, err := certgen.GenCert("whitebox", "whitebox") _, _, certPem, keyPem, err := cryptoutil.GenCert("whitebox", "whitebox")
if err != nil { if err != nil {
panic(err) panic(err)
@ -77,6 +77,7 @@ func main() {
if ext := os.Getenv("EXT_ADDR"); ext != "" { if ext := os.Getenv("EXT_ADDR"); ext != "" {
extRpcAddr = ext + ":" + rpcPort extRpcAddr = ext + ":" + rpcPort
} }
openapisrv := NewServer() openapisrv := NewServer()
openapisrv.LoadData("./data/data.db") openapisrv.LoadData("./data/data.db")
opts := []grpc.ServerOption{ opts := []grpc.ServerOption{

8
whiteboxservice/openapisrv.go
Unescape View File

@ -14,8 +14,8 @@ import (
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/structpb"
"gorm.io/gorm" "gorm.io/gorm"
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen"
"src.whiteboxsystems.nl/decozo/okapi" "src.whiteboxsystems.nl/decozo/okapi"
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil"
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" "src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel"
"src.whiteboxsystems.nl/decozo/okapidemo/whiteboxservice/model" "src.whiteboxsystems.nl/decozo/okapidemo/whiteboxservice/model"
) )
@ -61,7 +61,7 @@ func requireConnection(db *gorm.DB, ctx context.Context) (*sharedmodel.Connectio
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok {
item := mtls.State.PeerCertificates[0] item := mtls.State.PeerCertificates[0]
log.Println("request certificate subject:", item.Subject) log.Println("request certificate subject:", item.Subject)
pk, err := certgen.PublicKeyToJWK(item.PublicKey) pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey)
if err != nil { if err != nil {
return nil, errNotAuthorized return nil, errNotAuthorized
} }
@ -224,7 +224,7 @@ func (srv *OkAPIServer) CompleteRegistration(
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok {
item := mtls.State.PeerCertificates[0] item := mtls.State.PeerCertificates[0]
pk, err := certgen.PublicKeyToJWK(item.PublicKey) pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey)
if err != nil { if err != nil {
return nil, errNotAuthorized return nil, errNotAuthorized
} }
@ -307,7 +307,7 @@ func (srv *OkAPIServer) EnableService(
AuthConfig: sharedmodel.NewAuthConfig(in.Fetch.Auth), AuthConfig: sharedmodel.NewAuthConfig(in.Fetch.Auth),
} }
publicKey, err := certgen.PublicKeyToJWKJson(certgen.ExtractPublicKey(srv.clientCert.PrivateKey)) publicKey, err := cryptoutil.PublicKeyToJWKJson(cryptoutil.ExtractPublicKey(srv.clientCert.PrivateKey))
if err != nil { if err != nil {
return nil, fmt.Errorf("Error retrieving pub key: %v", err) return nil, fmt.Errorf("Error retrieving pub key: %v", err)

Write Preview
Loading…
Cancel
Save