decozo
/
okapidemo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use different certificates for retrieval from different services

Browse Source
master
Bas Kloosterman 11 months ago
parent c49da5c76e
commit 325d8ac7c2
3 changed files with 47 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      whiteboxservice/main.go
  2. 18
      whiteboxservice/openapisrv.go
  3. 32
      whiteboxservice/srv.go

13
whiteboxservice/main.go
Unescape View File

@ -3,6 +3,7 @@ package main
import (
"context"
"crypto/tls"
"fmt"
"io/ioutil"
"log"
"net"
@ -23,8 +24,8 @@ var patientIf = "0.0.0.0:8085"
var binFolder = "./bin/arm64"
func loadCert() *tls.Certificate {
_, err := os.Stat("certs/client.crt")
func loadCert(name string) *tls.Certificate {
_, err := os.Stat(fmt.Sprintf("certs/%s.crt", name))
if err != nil {
_, _, certPem, keyPem, err := cryptoutil.GenCert("whitebox", "whitebox")
@ -37,15 +38,15 @@ func loadCert() *tls.Certificate {
panic(err)
}
if err := ioutil.WriteFile("certs/client.crt", []byte(certPem), 0600); err != nil {
if err := ioutil.WriteFile(fmt.Sprintf("certs/%s.crt", name), []byte(certPem), 0600); err != nil {
panic(err)
}
if err := ioutil.WriteFile("certs/client.key", []byte(keyPem), 0600); err != nil {
if err := ioutil.WriteFile(fmt.Sprintf("certs/%s.key", name), []byte(keyPem), 0600); err != nil {
panic(err)
}
}
certificate, err := tls.LoadX509KeyPair("certs/client.crt", "certs/client.key")
certificate, err := tls.LoadX509KeyPair(fmt.Sprintf("certs/%s.crt", name), fmt.Sprintf("certs/%s.key", name))
if err != nil {
panic("Load client certification failed: " + err.Error())
@ -55,7 +56,7 @@ func loadCert() *tls.Certificate {
}
func loadKeyPair() credentials.TransportCredentials {
certificate := loadCert()
certificate := loadCert("client")
tlsConfig := &tls.Config{
ClientAuth: tls.RequestClientCert,

18
whiteboxservice/openapisrv.go
Unescape View File

@ -45,6 +45,8 @@ type OkAPIServer struct {
okapi.UnimplementedOkAPIServer
data *gorm.DB
clientCert tls.Certificate
visiteCert tls.Certificate
wnhCert tls.Certificate
}
func (srv *OkAPIServer) LoadData(location string) error {
@ -307,7 +309,15 @@ func (srv *OkAPIServer) EnableService(
AuthConfig: sharedmodel.NewAuthConfig(in.Fetch.Auth),
}
publicKey, err := cryptoutil.PublicKeyToJWKJson(cryptoutil.ExtractPublicKey(srv.clientCert.PrivateKey))
var cert tls.Certificate
if in.ServiceId == "wbx:visitelijst" {
cert = srv.visiteCert
} else if in.ServiceId == "wbx:waarneming" {
cert = srv.wnhCert
}
publicKey, err := cryptoutil.PublicKeyToJWKJson(cryptoutil.ExtractPublicKey(cert.PrivateKey))
if err != nil {
return nil, fmt.Errorf("Error retrieving pub key: %v", err)
@ -621,9 +631,13 @@ func (srv *OkAPIServer) ListPatientRegistrations(
}
func NewServer() *OkAPIServer {
cert := loadCert()
cert := loadCert("client")
visiteCert := loadCert("visite")
wnhCert := loadCert("wnh")
return &OkAPIServer{
clientCert: *cert,
visiteCert: *visiteCert,
wnhCert: *wnhCert,
}
}

32
whiteboxservice/srv.go
Unescape View File

@ -21,6 +21,8 @@ type UIService struct {
srv *http.Server
inited bool
clientCert tls.Certificate
visiteCert tls.Certificate
wnhCert tls.Certificate
data *gorm.DB
}
@ -117,14 +119,21 @@ func (srv *UIService) GetPatient(c *gin.Context) {
}
url := fmt.Sprintf("%v/%v/%v", protoconfig["url"], "patients", protometa["patientID"])
req, _ := http.NewRequest("GET", url, nil)
var cert tls.Certificate
if serviceConfig.Service.ServiceID == "wbx:visitelijst" {
cert = srv.visiteCert
} else if serviceConfig.Service.ServiceID == "wbx:waarneming" {
cert = srv.wnhCert
}
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
Certificates: []tls.Certificate{srv.clientCert},
Certificates: []tls.Certificate{cert},
},
},
}
@ -224,12 +233,19 @@ func (srv *UIService) GetRegistrations(c *gin.Context) {
}
func NewUIServer(addr string) *UIService {
cert := loadCert()
srv := &UIService{srv: &http.Server{
Addr: addr,
Handler: gin.Default(),
}, clientCert: *cert}
cert := loadCert("client")
visiteCert := loadCert("visite")
wnhCert := loadCert("wnh")
srv := &UIService{
srv: &http.Server{
Addr: addr,
Handler: gin.Default(),
},
clientCert: *cert,
visiteCert: *visiteCert,
wnhCert: *wnhCert,
}
return srv
}

Write Preview
Loading…
Cancel
Save