add tls mode (#73)

* add tls mode Co-authored-by: AlexBreadman <[email protected]>
VoltDB · Nov 18, 2021 · ec3cdad · ec3cdad
1 parent 823adcf
commit ec3cdad
Show file tree

Hide file tree

Showing 6 changed files with 386 additions and 35 deletions.
diff --git a/examples/tls/foo.pem b/examples/tls/foo.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    friendlyName: example
+    localKeyID: 54 69 6D 65 20 31 36 33 36 39 39 39 38 33 32 35 34 36 
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUxQvRQEi5IwCAggA
+MBQGCCqGSIb3DQMHBAjHeWCQiSxHuASCBMjXArMh0EaguG7HW1I+ZsTAD5EJGU2C
+QbClEedcPGYiDoQbHcz06rrFQPwds03QkS/M15I1QGoVxFjIgKVQsLd9AI01vwZd
+15wbDJhKei7Q+YCmkxrjhyndBk4mwyls1Hfas4BafdLUgPanBM3Sb9FZEM63odNx
+/RRnwrm1jlMTd8bgZgg4UBOK/vgT8CVDCQ98SB5jJEvXyPP8OMM4FFST/Ea2H+Ze
+f+QBPo2IvQgvVwmUdGlAE/UWMe7E3cq1m5EnA4qUIAzRNXdnuOrZuP355LENqAoX
+gCkneQKYUDTAGNYe2N0BkmvPGeBMSGgxP58jgHyCHhaCAVfioy6f7+4qF03WqxVe
+VWhfgCdvo9AnOIn4iOG6wVPeQv55oZMosEPLe+E+1uUJDe0ppaBJRNO3hFlk4j/O
+Hy84mNN78Sq8s+m2AMQvrlaLtJmcag0jfrCYv9/EN7MVMeTRjA1/DCGRf+Yv68DL
+WJZCcj9NBMLY0ZG+fI5biII8OTOTPHn6l5dQ+fNzWYGcDSHpdjgrNCysxVZz56WZ
+cq++jYmq6OyFxRWQE/Og25VvolKjkGCCFQp+53PiXs73dT2EppQzoUjEepw3Lv5c
+nQwHTUkd7EMP1DzFTlU2QbeXkuLfEzZnT3tZjbbRBsJ4yyTtxLc2HWQUpPeV164f
+Y731R7mLryIWv+FxwIjR3LSP75C3zxN/ypequBYV1xJlzjd0oJBgrXpM5yg6Y5YH
+it9QHNYs1tmU/28w+4Nv3zQC6sY2ZK2+yWiZUSKFRoOPKaAj6EmH/E4fCa5HgmVS
+XM5Kk+MzoRYU6AIG3rkvQXNYHuuaeUaQY2MtEtCZPvYb2N3usS3wyhUQ8eD1tFEt
+jmrge8h7zAN19hyTggQflx2rbLBJI7Caghl/h3Lcj6aGZZq1/lesY4SuJ3yEhy/Q
+cNKIRQ+h+40LABZ+PO+Zww2oSVS3UNU5OSZuBP5jnNhoYIGi7CONepIJNzv11mmv
+D/t6SFheddG572fPU27KiyQ/Ooiavyv8qTBhSqtCTxoi5zQ+dQpTrtomL2g/vFJT
+1ah84GFIo1PAdRT9lxFaznmPWFPh3HSpNo7BsrbHXFD/cRtF+DBUb/olMHf4DFQ4
+XdwcK/+xAOp0eYWwo6RSt+CBP9905m3byrd7cbb71zdbUWxpSn7gb9nwtFn+EGEn
+ct1YaJ5W7xiGcb1TpJT4b/Y4PKXeddCUNq3SyJY7n6wvmxUtwYd/LeX38/WS0+FI
+pnMMYjrkKmyAoj3cZpz0pXUk26bpLCWxPhUmZDuSPrfEQbgW3RJ6iHUmy44EFS+e
+Mn72/i7CuEJuq0c5C8uBkxjOfyMNtVVhr1NYSw0ebtRk5WivzvMDH8Fy5hN3EmE1
+6GTbETJGnL8w43EpoC5OnWcli993RpxZVNU12I808+9JgLQqq+uc6jCxLSJJRIAc
+TddSrCArKXTDT0Bbom2gII0gvkkmkxVGC1B2OTAVkIU29IHBCh4MZdXmPepnAaZu
+qJAyDdVSgg/k0ao1VZTGzC4dHcnUvl9h6eYiGTCy/N2ATCbLmSdltIr01IbptDZ8
+KQSqVpMA0R/5qATg0x33B3EpReKWFEIuF9eK/b/TEJsEr9Mxq+rs3I/TD9kRMd8k
+YkQ=
+-----END ENCRYPTED PRIVATE KEY-----
+Bag Attributes
+    friendlyName: example
+    localKeyID: 54 69 6D 65 20 31 36 33 36 39 39 39 38 33 32 35 34 36 
+subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
+issuer=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEY6rrgzANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdV
+bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
+VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
+MB4XDTIxMTExNTE4MDYwM1oXDTIyMTExNTE4MDYwM1owbDEQMA4GA1UEBhMHVW5r
+bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
+ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBaovqLoe5Jg5UT5ckBSuL9
+zZthmNUP76QTGSZhdVJU/bnf2DCJDwx0xOmZtdQ/pbupv5KcXmEh27OPNyIrN/G/
+lpiUiquMjSf44KCnKZwBM/QPiVTZvEWAlKyJu4nzTNtagLj+kIybPQzPIimw3g9f
+RYXkHAANe82xodPuTUsIV5+T15IXBYyGSCM+nEtpA3KE9Tjt4jji1jpsprbzfnuD
+fIxnMlRoFklT3AoQclM2R+IhwDxhGmh/8uH4EDoHTjwMvo73RJh+ffO5LrJL1Jwa
+y8zQLS5C1omPwQmEwBpetBXME90S/3o68zrFU8ffKiJyReZxtWtcVH+wkTInMF8C
+AwEAAaMhMB8wHQYDVR0OBBYEFEIkA/Ea9liBA6wZu7brPGh6RON9MA0GCSqGSIb3
+DQEBCwUAA4IBAQCsMxXgiP4cSvxjzTeW/Kp84NS3sXGX0Ia/bMtPDZYkzkIMoDoW
+z8xrsHqWB9E4VwvmsAtTWV2ICwcSOiSym41CevOpFAHeRjQDZkwqQ9nOL2HmKji5
+wlCnDxB+Yetr4aPCrYwYjLoo2Ge77uOUneu3LJMJKYwRFB8s5U1r5QlaIVusDeOy
+AIALlr0KFfqxVNXZ8WRvHBTHYnNECto+DXIqpkIC8s2wyxiWKVS2RUYdFxQLo3NP
+SQNRU5uiv6dc7EQA67IY8SQtKB+wiMyxxIVMnBsyy3d3iepQcHmR3FH7SIWr79cn
+HPQF833pXriJ8Lw0wdU8IT+p9eSWkaY2Ce2J
+-----END CERTIFICATE-----
diff --git a/examples/tls/main_test.go b/examples/tls/main_test.go
@@ -0,0 +1,35 @@
+package main
+
+import (
+	"testing"
+
+	"database/sql/driver"
+
+	"github.com/kr/pretty"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/VoltDB/voltdb-client-go/voltdbclient"
+)
+
+func TestMain(t *testing.T) {
+
+	conn, err := voltdbclient.OpenTLSConn("127.0.0.1", voltdbclient.ClientConfig{"foo.pem", false})
+	assert.NotNil(t, err)
+	assert.Nil(t, conn)
+
+	conn, err = voltdbclient.OpenTLSConn("127.0.0.1", voltdbclient.ClientConfig{"foo.pem", true})
+	assert.Nil(t, err)
+	assert.NotNil(t, conn)
+
+	var params []driver.Value
+
+	for _, s := range []interface{}{"PAUSE_CHECK", int32(0)} {
+		params = append(params, s)
+	}
+
+	vr, err := conn.Query("@Statistics", params)
+	assert.Nil(t, err)
+	assert.NotNil(t, vr)
+
+	pretty.Print(vr)
+}
diff --git a/go.mod b/go.mod
@@ -2,4 +2,8 @@ module github.com/VoltDB/voltdb-client-go
 
 go 1.16
 
-require github.com/spaolacci/murmur3 v1.1.0
+require (
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/spaolacci/murmur3 v1.1.0
+	github.com/stretchr/testify v1.7.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -1,2 +1,25 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
 github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/voltdbclient/distributor.go b/voltdbclient/distributor.go
@@ -24,6 +24,7 @@ import (
 	"log"
 	"math/rand"
 	"strings"
+	"io/ioutil"
 	"sync/atomic"
 	"time"
 )
@@ -45,6 +46,7 @@ var ProtocolVersion = 1
 
 // Conn holds the set of currently active connections.
 type Conn struct {
+	pemPath string
 	closeCh                                  chan chan bool
 	open                                     atomic.Value
 	rl                                       rateLimiter
@@ -64,6 +66,24 @@ type Conn struct {
 	partitionMasters                         map[int]*nodeConn
 }
 
+func newTLSConn(cis []string, clientConfig ClientConfig) (*Conn, error) {
+	var c = &Conn{
+		pemPath: clientConfig.PEMPath,
+		closeCh:           make(chan chan bool),
+		rl:                newTxnLimiter(),
+		drainCh:           make(chan chan bool),
+		useClientAffinity: true,
+		partitionMasters:  make(map[int]*nodeConn),
+	}
+	c.open.Store(true)
+
+	if err := c.start(cis, clientConfig.InsecureSkipVerify); err != nil {
+		return nil, err
+	}
+
+	return c, nil
+}
+
 func newConn(cis []string) (*Conn, error) {
 	var c = &Conn{
 		closeCh:           make(chan chan bool),
@@ -74,7 +94,7 @@ func newConn(cis []string) (*Conn, error) {
 	}
 	c.open.Store(true)
 
-	if err := c.start(cis); err != nil {
+	if err := c.start(cis, false); err != nil {
 		return nil, err
 	}
 
@@ -125,6 +145,21 @@ func OpenConn(ci string) (*Conn, error) {
 	return newConn(cis)
 }
 
+// OpenTLSConn uses TLS for network connections
+func OpenTLSConn(ci string, clientConfig ClientConfig) (*Conn, error) {
+	ci = strings.TrimSpace(ci)
+	if ci == "" {
+		return nil, ErrMissingServerArgument
+	}
+	cis := strings.Split(ci, ",")
+	return newTLSConn(cis, clientConfig)
+}
+
+type ClientConfig struct {
+	PEMPath string
+	InsecureSkipVerify bool
+}
+
 // OpenConnWithLatencyTarget returns a new connection to the VoltDB server.
 // This connection will try to meet the specified latency target, potentially by
 // throttling the rate at which asynchronous transactions are submitted.
@@ -160,15 +195,24 @@ func OpenConnWithMaxOutstandingTxns(ci string, maxOutTxns int) (*Conn, error) {
 	return c, nil
 }
 
-func (c *Conn) start(cis []string) error {
+func (c *Conn) start(cis []string, insecureSkipVerify bool) error {
 	var (
 		err                error
 		disconnected       []*nodeConn
 		hostIDToConnection = make(map[int]*nodeConn)
 	)
 
 	for _, ci := range cis {
-		nc := newNodeConn(ci)
+		var nc *nodeConn
+		if len(c.pemPath) > 0 {
+			pemBytes, err := ioutil.ReadFile(c.pemPath)
+			if err != nil {
+				return err
+			}
+			nc = newNodeTLSConn(ci, insecureSkipVerify, pemBytes)
+		} else {
+			nc = newNodeConn(ci)
+		}
 		if err = nc.connect(ProtocolVersion); err != nil {
 			disconnected = append(disconnected, nc)
 			continue