Skip to content

Commit

Permalink
Add the credentials fetching code and an example program.
Browse files Browse the repository at this point in the history
  • Loading branch information
schmidtw committed Sep 25, 2023
1 parent b80460e commit 5fd793b
Show file tree
Hide file tree
Showing 8 changed files with 1,434 additions and 1 deletion.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ go.work
xmidt-agent

internal/jwtxt/cmd/example/*
internal/credentials/cmd/example/*

*.dot
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require (
github.com/alecthomas/kong v0.8.0
github.com/foxcpp/go-mockdns v1.0.0
github.com/golang-jwt/jwt/v5 v5.0.1-0.20230913133926-0cb4fa15e31b
github.com/google/uuid v1.3.1
github.com/goschtalt/goschtalt v0.22.1
github.com/goschtalt/yaml-decoder v0.0.1
github.com/goschtalt/yaml-encoder v0.0.3
Expand All @@ -20,7 +21,6 @@ require (

require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/goschtalt/approx v1.0.0 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/miekg/dns v1.1.56 // indirect
Expand Down
120 changes: 120 additions & 0 deletions internal/credentials/cmd/example/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
// SPDX-FileCopyrightText: 2023 Comcast Cable Communications Management, LLC
// SPDX-License-Identifier: Apache-2.0

package main

import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"net/http"
"os"
"time"

"github.com/alecthomas/kong"
"github.com/xmidt-org/wrp-go/v3"
cred "github.com/xmidt-org/xmidt-agent/internal/credentials"
"github.com/xmidt-org/xmidt-agent/internal/credentials/event"
)

type CLI struct {
URL string `long:"url" help:"URL of the credential service." required:"true"`
ID string `long:"id" help:"Device ID." default:"mac:112233445566"`
Private string `long:"private" help:"mTLS private key to use."`
Public string `long:"public" help:"mTLS public key to use."`
CA string `long:"ca" help:"mTLS CA to use."`
Timeout time.Duration `long:"timeout" help:"HTTP client timeout." default:"5s"`
RedirectMax int `long:"redirect-max" help:"Maximum number of redirects to follow." default:"10"`
}

func main() {
var cli CLI
_ = kong.Parse(&cli,
kong.Name("example"),
kong.Description("Example of using the credentials package."),
kong.UsageOnError(),
)

client := http.DefaultClient

if cli.Private != "" || cli.Public != "" || cli.CA != "" {
if cli.Private == "" || cli.Public == "" || cli.CA == "" {
panic("--private, --public and --ca must be specified together")
}

cert, err := tls.LoadX509KeyPair(cli.Public, cli.Private)
if err != nil {
panic(err)
}

caCert, err := os.ReadFile("ca.crt")
if err != nil {
panic(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)

tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
tr := &http.Transport{TLSClientConfig: tlsConfig}

// Create an HTTP client with the custom transport
client.Transport = tr
}

if cli.Timeout > 0 {
client.Timeout = cli.Timeout
}

if cli.RedirectMax > 0 {
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
if len(via) > cli.RedirectMax {
return fmt.Errorf("stopped after %d redirects", cli.RedirectMax)
}
return nil
}
}

credentials, err := cred.New(
cred.URL(cli.URL),
cred.MacAddress(wrp.DeviceID(cli.ID)),
cred.HTTPClient(client),
cred.SerialNumber("1234567890"),
cred.HardwareModel("model"),
cred.HardwareManufacturer("manufacturer"),
cred.FirmwareVersion("version"),
cred.LastRebootReason("reason"),
cred.XmidtProtocol("protocol"),
cred.BootRetryWait(1),
cred.AddFetchListener(
event.FetchListenerFunc(func(fe event.Fetch) {
fmt.Println("Fetch:")
fmt.Printf(" At: %s\n", fe.At.Format(time.RFC3339))
fmt.Printf(" Duration: %s\n", fe.Duration)
fmt.Printf(" UUID: %s\n", fe.UUID)
fmt.Printf(" StatusCode: %d\n", fe.StatusCode)
fmt.Printf(" RetryIn: %s\n", fe.RetryIn)
fmt.Printf(" Expiration: %s\n", fe.Expiration.Format(time.RFC3339))
if fe.Err != nil {
fmt.Printf(" Err: %s\n", fe.Err)
} else {
fmt.Println(" Err: nil")
}
}),
),
)
if err != nil {
panic(err)
}

credentials.Start()
defer credentials.Stop()

ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
defer cancel()

credentials.WaitUntilFetched(ctx)
}
Loading

0 comments on commit 5fd793b

Please sign in to comment.