package main import ( "context" "crypto/tls" "crypto/x509" "flag" "fmt" "io/ioutil" "log" "github.com/coreos/dex/api" "google.golang.org/grpc" "google.golang.org/grpc/credentials" ) func newDexClient(hostAndPort, caPath, clientCrt, clientKey string) (api.DexClient, error) { cPool := x509.NewCertPool() caCert, err := ioutil.ReadFile(caPath) if err != nil { return nil, fmt.Errorf("invalid CA crt file: %s", caPath) } if cPool.AppendCertsFromPEM(caCert) != true { return nil, fmt.Errorf("failed to parse CA crt") } clientCert, err := tls.LoadX509KeyPair(clientCrt, clientKey) if err != nil { return nil, fmt.Errorf("invalid client crt file: %s", caPath) } clientTLSConfig := &tls.Config{ RootCAs: cPool, Certificates: []tls.Certificate{clientCert}, } creds := credentials.NewTLS(clientTLSConfig) conn, err := grpc.Dial(hostAndPort, grpc.WithTransportCredentials(creds)) if err != nil { return nil, fmt.Errorf("dail: %v", err) } return api.NewDexClient(conn), nil } func main() { caCrt := flag.String("ca-crt", "", "CA certificate") clientCrt := flag.String("client-crt", "", "Client certificate") clientKey := flag.String("client-key", "", "Client key") flag.Parse() if *clientCrt == "" || *caCrt == "" || *clientKey == "" { log.Fatal("Please provide CA & client certificates and client key. Usage: ./client -ca_crt= -client_crt= -client_key=") } client, err := newDexClient("127.0.0.1:5557", *caCrt, *clientCrt, *clientKey) if err != nil { log.Fatalf("failed creating dex client: %v ", err) } p := api.Password{ Email: "test@example.com", // bcrypt hash of the value "test1" with cost 10 Hash: []byte("$2a$10$XVMN/Fid.Ks4CXgzo8fpR.iU1khOMsP5g9xQeXuBm1wXjRX8pjUtO"), Username: "test", UserId: "test", } createReq := &api.CreatePasswordReq{ Password: &p, } // Create password. if resp, err := client.CreatePassword(context.TODO(), createReq); err != nil || resp.AlreadyExists { if resp.AlreadyExists { log.Fatalf("Password %s already exists", createReq.Password.Email) } log.Fatalf("failed to create password: %v", err) } else { log.Printf("Created password with email %s", createReq.Password.Email) } // List all passwords. resp, err := client.ListPasswords(context.TODO(), &api.ListPasswordReq{}) if err != nil { log.Fatalf("failed to list password: %v", err) } log.Print("Listing Passwords:\n") for _, pass := range resp.Passwords { log.Printf("%+v", pass) } deleteReq := &api.DeletePasswordReq{ Email: p.Email, } // Delete password with email = test@example.com. if resp, err := client.DeletePassword(context.TODO(), deleteReq); err != nil || resp.NotFound { if resp.NotFound { log.Fatalf("Password %s not found", deleteReq.Email) } log.Fatalf("failed to delete password: %v", err) } else { log.Printf("Deleted password with email %s", deleteReq.Email) } }