in cmd/securesession/main.go [42:98]
func main() {
flag.Parse()
ctx := context.Background()
// Generate new JWT from service account credentials if not passed via flag.
if *authToken == "" {
// Use host of service address as the audience for the JWT if not passed
// in as a flag (needed when the connection is done via an IP address).
if *audience == "" {
u, err := url.Parse(*addr)
if err != nil {
glog.Exitf("Failed to parse host from address: %v", err)
}
*audience = u.Host
}
var err error
if *authToken, err = jwt.GenerateJWT(ctx, *audience); err != nil {
glog.Exitf("Failed to generate new JWT: %v", err)
}
glog.Infof("Generated new JWT: %v", *authToken)
}
glog.Infof("Attempting to connect to secure session server at %v.", *addr)
ssClient, err := securesession.EstablishSecureSession(ctx, *addr, *authToken, securesession.SkipTLSVerify(*skipTLSVerify))
if err != nil {
glog.Exit(fmt.Sprintf("Error establishing secure session: %v", err.Error()))
}
glog.Info("Established secure session")
wrappedBlob, err := ssClient.ConfidentialWrap(ctx, *keyPath, *resourceName, []byte(*plaintext))
if err != nil {
glog.Exit(fmt.Sprintf("Error calling ConfidentialWrap: %v", err.Error()))
}
unwrapped, err := ssClient.ConfidentialUnwrap(ctx, *keyPath, *resourceName, wrappedBlob)
if err != nil {
glog.Exit(fmt.Sprintf("Error calling ConfidentialUnwrap: %v", err.Error()))
}
if !bytes.Equal([]byte(*plaintext), unwrapped) {
glog.Exitf("Wrap result mismatch: expected %v, was %v", []byte(*plaintext), unwrapped)
}
glog.Info("Wrapped and unwrapped test plaintext")
// Try ending the session explicitly, which confirms that the session
// was indeed established successfully from the server's perspective.
if err := ssClient.EndSession(ctx); err != nil {
glog.Exit(fmt.Sprintf("Error ending session: %v", err.Error()))
}
glog.Info("Ended secure session")
}