louis/oktopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TLS to NATS connection

Browse Source
This commit is contained in:
Adriano Chiesa 2024-07-05 16:29:51 -03:00
parent 1a85da603c
commit 291d15b183
18 changed files with 252 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
backend/services/acs/internal/config/config.go
View File

@ -14,10 +14,11 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Acs struct {
@ -40,6 +41,12 @@ type Config struct {
Nats Nats
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config {
loadEnvVariables()
@ -47,7 +54,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
acsPort := flag.String("acs_port", lookupEnvOrString("ACS_PORT", ":9292"), "port for acs server")
acsRoute := flag.String("acs_route", lookupEnvOrString("ACS_ROUTE", "/acs"), "route for acs server")
connReqUser := flag.String("connrq_user", lookupEnvOrString("CONN_RQ_USER", ""), "Connection Request Username")
@ -77,10 +87,15 @@ func NewConfig() *Config {
return &Config{
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Acs: Acs{
Port: *acsPort,

6
backend/services/acs/internal/nats/nats.go
View File

@ -141,8 +141,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/bulkdata/http/internal/config/config.go
View File

@ -13,10 +13,11 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type RestApi struct {
@ -29,6 +30,12 @@ type Config struct {
Nats Nats
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config {
loadEnvVariables()
@ -36,7 +43,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "4000"), "Rest api port")
flHelp := flag.Bool("help", false, "Help")
@ -62,10 +72,15 @@ func NewConfig() *Config {
Ctx: ctx,
},
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
}
}

6
backend/services/bulkdata/http/internal/nats/nats.go
View File

@ -70,8 +70,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/controller/internal/config/config.go
View File

@ -13,10 +13,11 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Mongo struct {
@ -42,6 +43,12 @@ type Config struct {
Enterprise Enterprise
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config {
loadEnvVariables()
@ -49,7 +56,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "controller"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "8000"), "Rest api port")
mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server")
enterpise := flag.Bool("enterprise", lookupEnvOrBool("ENTERPRISE", false), "enterprise version enable")
@ -79,10 +89,15 @@ func NewConfig() *Config {
Ctx: ctx,
},
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Mongo: Mongo{
Uri: *mongoUri,

6
backend/services/controller/internal/nats/nats.go
View File

@ -77,8 +77,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/mtp/adapter/internal/config/config.go
View File

@ -13,10 +13,17 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Mongo struct {
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server")
controllerId := flag.String("controller_id", lookupEnvOrString("CONTROLLER_ID", "oktopusController"), "usp controller endpoint id")
controllerPassword := flag.String("controller_passwd", lookupEnvOrString("CONTROLLER_PASSWORD", ""), "usp controller endpoint password to connect to")
@ -66,10 +76,15 @@ func NewConfig() *Config {
return &Config{
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Mongo: Mongo{
Uri: *mongoUri,

6
backend/services/mtp/adapter/internal/nats/nats.go
View File

@ -150,8 +150,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/mtp/mqtt-adapter/internal/config/config.go
View File

@ -13,10 +13,17 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Mqtt struct {
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
mqttUrl := flag.String("mqtt_url", lookupEnvOrString("MQTT_URL", "tcp://localhost:1883"), "url for mqtt server")
mqttsUrl := flag.String("mqtts_url", lookupEnvOrString("MQTTS_URL", ""), "url for mqtts server")
mqttsSkipVerify := flag.Bool("mqtts_skip_verify", lookupEnvOrBool("MQTTS_SKIP_VERIFY", false), "skip verification of server certificate for mqtts")
@ -69,10 +79,15 @@ func NewConfig() *Config {
return &Config{
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Mqtt: Mqtt{
Url: *mqttUrl,

6
backend/services/mtp/mqtt-adapter/internal/nats/nats.go
View File

@ -92,8 +92,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/mtp/mqtt/internal/config/config.go
View File

@ -32,10 +32,17 @@ type Config struct {
}
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() Config {
@ -66,7 +73,10 @@ func NewConfig() Config {
logLevel := flag.Int("log_level", lookupEnvOrInt("LOG_LEVEL", 1), "0=DEBUG, 1=INFO, 2=WARNING, 3=ERROR")
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flag.Parse()
flHelp := flag.Bool("help", false, "Help")
@ -99,10 +109,15 @@ func NewConfig() Config {
HttpPort: *httpPort,
LogLevel: *logLevel,
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
}

6
backend/services/mtp/mqtt/internal/nats/nats.go
View File

@ -74,8 +74,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/mtp/stomp-adapter/internal/config/config.go
View File

@ -13,10 +13,17 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Stomp struct {
@ -37,7 +44,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
stompAddr := flag.String("stomp_server", lookupEnvOrString("STOMP_SERVER", "localhost:61613"), "STOMP server endpoint")
stompUser := flag.String("stomp_user", lookupEnvOrString("STOMP_USER", ""), "stomp server user")
stompPassword := flag.String("stomp_passsword", lookupEnvOrString("STOMP_PASSWD", ""), "stomp server password")
@ -61,10 +71,15 @@ func NewConfig() *Config {
return &Config{
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Stomp: Stomp{
Url: *stompAddr,

7
backend/services/mtp/stomp-adapter/internal/nats/nats.go
View File

@ -81,9 +81,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts
}

33
backend/services/mtp/ws-adapter/internal/config/config.go
View File

@ -13,10 +13,17 @@ import (
const LOCAL_ENV = ".env.local"
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Ws struct {
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
wsAuthEnable := flag.Bool("ws_auth_enable", lookupEnvOrBool("WS_AUTH_ENABLE", false), "enable authentication for websocket server")
wsAddr := flag.String("ws_addr", lookupEnvOrString("WS_ADDR", "localhost"), "websocket server address (domain or ip)")
wsPort := flag.String("ws_port", lookupEnvOrString("WS_PORT", ":8080"), "websocket server port")
@ -68,10 +78,15 @@ func NewConfig() *Config {
return &Config{
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
Ws: Ws{
AuthEnable: *wsAuthEnable,

6
backend/services/mtp/ws-adapter/internal/nats/nats.go
View File

@ -91,8 +91,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts

33
backend/services/mtp/ws/internal/config/config.go
View File

@ -24,10 +24,17 @@ type Config struct {
}
type Nats struct {
Url string
Name string
VerifyCertificates bool
Ctx context.Context
Url string
Name string
EnableTls bool
Cert Tls
Ctx context.Context
}
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() Config {
@ -47,7 +54,10 @@ func NewConfig() Config {
/* ------------------------------ define flags ------------------------------ */
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server")
natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flPort := flag.String("port", lookupEnvOrString("SERVER_PORT", ":8080"), "Server port")
flAuth := flag.Bool("auth", lookupEnvOrBool("SERVER_AUTH_ENABLE", false), "Server auth enable/disable")
flControllerEid := flag.String("controller-eid", lookupEnvOrString("CONTROLLER_EID", "oktopusController"), "Controller eid")
@ -81,10 +91,15 @@ func NewConfig() Config {
FullChain: *flFullchain,
PrivateKey: *flPrivKey,
Nats: Nats{
Url: *natsUrl,
Name: *natsName,
VerifyCertificates: *natsVerifyCertificates,
Ctx: ctx,
Url: *natsUrl,
Name: *natsName,
EnableTls: *natsEnableTls,
Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
},
}
}

6
backend/services/mtp/ws/internal/nats/nats.go
View File

@ -66,8 +66,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError())
}))
if c.VerifyCertificates {
opts = append(opts, nats.RootCAs())
if c.EnableTls {
log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
}
return opts