Ejemplo n.º 1
0
// LoadRoot parses a config structure into a Root structure
func LoadRoot(cfg map[string]string) (*Root, error) {
	var root Root
	var err error
	spec, ok := cfg["private"]
	if !ok {
		return nil, ErrMissingPrivateKey
	}

	certPath, ok := cfg["certificate"]
	if !ok {
		return nil, ErrMissingCertificatePath
	}

	configPath, ok := cfg["config"]
	if !ok {
		return nil, ErrMissingConfigPath
	}

	root.PrivateKey, err = parsePrivateKeySpec(spec, cfg)
	if err != nil {
		return nil, err
	}

	in, err := ioutil.ReadFile(certPath)
	if err != nil {
		return nil, err
	}

	root.Certificate, err = helpers.ParseCertificatePEM(in)
	if err != nil {
		return nil, err
	}

	conf, err := config.LoadFile(configPath)
	if err != nil {
		return nil, err
	}
	root.Config = conf.Signing

	nets := cfg["nets"]
	if nets != "" {
		root.ACL, err = parseACL(nets)
		if err != nil {
			return nil, err
		}
	}

	dbConfig := cfg["dbconfig"]
	if dbConfig != "" {
		db, err := certdb.DBFromConfig(dbConfig)
		if err != nil {
			return nil, err
		}
		root.DB = db
	}

	return &root, nil
}
// The CFSSL standard is to have a configuration file for a label as
// <config>.json.
func findLabel(label string) *config.Config {
	for _, dir := range cfsslConfigDirs {
		cfgFile := filepath.Join(dir, label+".json")
		cfg, err := config.LoadFile(cfgFile)
		if err == nil {
			return cfg
		}
	}

	return nil
}
Ejemplo n.º 3
0
// Parse loads a RootList from a file.
func Parse(filename string) (RootList, error) {
	cfgMap, err := parseFile(filename)
	if err != nil {
		return nil, err
	}

	var rootList = RootList{}
	for label, entries := range cfgMap {
		var root Root
		spec, ok := entries["private"]
		if !ok {
			return nil, ErrMissingPrivateKey
		}

		certPath, ok := entries["certificate"]
		if !ok {
			return nil, ErrMissingCertificatePath
		}

		configPath, ok := entries["config"]
		if !ok {
			return nil, ErrMissingConfigPath
		}

		// Entries is provided for any additional
		// configuration data that may need to come from the
		// section.
		root.PrivateKey, err = parsePrivateKeySpec(spec, entries)
		if err != nil {
			return nil, err
		}

		in, err := ioutil.ReadFile(certPath)
		if err != nil {
			return nil, err
		}

		root.Certificate, err = helpers.ParseCertificatePEM(in)
		if err != nil {
			return nil, err
		}

		conf, err := config.LoadFile(configPath)
		if err != nil {
			return nil, err
		}
		root.Config = conf.Signing

		rootList[label] = &root
	}

	return rootList, nil
}
Ejemplo n.º 4
0
// main defines the newkey usage and registers all defined commands and flags.
func main() {

	var newkeyFlagSet = flag.NewFlagSet("newkey", flag.ExitOnError)
	var c cli.Config

	var usageText = `cfssl-newkey -- generate a new key and CSR

	Usage of genkey:
        	newkey CSRJSON

	Arguments:
        	CSRJSON:    JSON file containing the request, use '-' for reading JSON from stdin

	Flags:
	`

	registerFlags(&c, newkeyFlagSet)

	newkeyFlagSet.Usage = func() {
		fmt.Fprintf(os.Stderr, "\t%s", usageText)
		for _, name := range genkey.Command.Flags {
			if f := newkeyFlagSet.Lookup(name); f != nil {
				printDefaultValue(f)
			}
		}
	}
	args := os.Args[1:]
	newkeyFlagSet.Parse(args)
	args = newkeyFlagSet.Args()

	var err error
	c.CFG, err = config.LoadFile(c.ConfigFile)
	if c.ConfigFile != "" && err != nil {
		fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
	}

	if err := genkey.Command.Main(args, c); err != nil {
		fmt.Fprintln(os.Stderr, err)
	}
}
// main defines the bundle usage and registers all defined commands and flags.
func main() {

	var bundleFlagSet = flag.NewFlagSet("bundle", flag.ExitOnError)
	var c cli.Config
	var usageText = `cfssl-bundle -- create a certificate bundle that contains the client cert

	Usage of bundle:
		- Bundle local certificate files
        	bundle -cert file [-ca-bundle file] [-int-bundle file] [-int-dir dir] [-metadata file] [-key keyfile] [-flavor optimal|ubiquitous|force] [-password password]
		- Bundle certificate from remote server.
        	bundle -domain domain_name [-ip ip_address] [-ca-bundle file] [-int-bundle file] [-int-dir dir] [-metadata file]

	Flags:
	`

	registerFlags(&c, bundleFlagSet)

	bundleFlagSet.Usage = func() {
		fmt.Fprintf(os.Stderr, "\t%s", usageText)
		for _, name := range bundle.Command.Flags {
			if f := bundleFlagSet.Lookup(name); f != nil {
				printDefaultValue(f)
			}
		}
	}
	args := os.Args[1:]
	bundleFlagSet.Parse(args)
	args = bundleFlagSet.Args()

	var err error
	c.CFG, err = config.LoadFile(c.ConfigFile)
	if c.ConfigFile != "" && err != nil {
		fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
	}

	if err := bundle.Command.Main(args, c); err != nil {
		fmt.Fprintln(os.Stderr, err)
	}
}
Ejemplo n.º 6
0
Archivo: cfssl.go Proyecto: npk/cfssl
// The main entrance point of cfssl command line tools.
func main() {
	// Initial parse of command line arguments. By convention, only -h/-help is supported.
	flag.Parse()

	if flag.NArg() < 1 {
		fmt.Fprintf(os.Stderr, "No command is given.\n")
		flag.Usage()
		return
	}

	// Clip out the command name and args for the command
	cmdName = flag.Arg(0)
	args := flag.Args()[1:]
	if cmd, found := cmds[cmdName]; !found {
		fmt.Fprintf(os.Stderr, "Command %s is not defined.\n", cmdName)
		flag.Usage()
		return
	} else {
		// The usage of each individual command is re-written to mention
		// flags defined and referenced only in that command.
		cfsslFlagSet.Usage = func() {
			fmt.Fprintf(os.Stderr, "%s", cmd.UsageText)
			for _, name := range cmd.Flags {
				if f := cfsslFlagSet.Lookup(name); f != nil {
					printDefaultValue(f)
				}
			}
		}
		// Parse all flags and take the rest as argument lists for the command
		cfsslFlagSet.Parse(args)
		args = cfsslFlagSet.Args()

		Config.cfg = config.LoadFile(Config.configFile)

		if err := cmd.Main(args); err != nil {
			fmt.Fprintln(os.Stderr, err)
		}
	}
}
Ejemplo n.º 7
0
// main defines the newkey usage and registers all defined commands and flags.
func main() {

	var certinfoFlagSet = flag.NewFlagSet("certinfo", flag.ExitOnError)
	var c cli.Config
	registerFlags(&c, certinfoFlagSet)
	var usageText = `cfssl-certinfo -- output certinfo about the given cert

	Usage of certinfo:
		- Data from local certificate files
        	certinfo -cert file
		- Data from certificate from remote server.
        	certinfo -domain domain_name

	Flags:
	`

	certinfoFlagSet.Usage = func() {
		fmt.Fprintf(os.Stderr, "\t%s", usageText)
		for _, name := range certinfo.Command.Flags {
			if f := certinfoFlagSet.Lookup(name); f != nil {
				printDefaultValue(f)
			}
		}
	}
	args := os.Args[1:]
	certinfoFlagSet.Parse(args)
	args = certinfoFlagSet.Args()

	var err error
	c.CFG, err = config.LoadFile(c.ConfigFile)
	if c.ConfigFile != "" && err != nil {
		fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
	}

	if err := certinfo.Command.Main(args, c); err != nil {
		fmt.Fprintln(os.Stderr, err)
	}
}
Ejemplo n.º 8
0
// main defines the scan usage and registers all defined commands and flags.
func main() {

	var scanFlagSet = flag.NewFlagSet("scan", flag.ExitOnError)
	var c cli.Config
	var usageText = `cfssl scan -- scan a host for issues
Usage of scan:
        cfssl scan [-family regexp] [-scanner regexp] [-timeout duration] [-ip IPAddr] [-num-workers num] [-max-hosts num] [-csv hosts.csv] HOST+
        cfssl scan -list

Arguments:
        HOST:    Host(s) to scan (including port)
Flags:
`
	registerFlags(&c, scanFlagSet)

	scanFlagSet.Usage = func() {
		fmt.Fprintf(os.Stderr, "\t%s", usageText)
		for _, name := range scan.Command.Flags {
			if f := scanFlagSet.Lookup(name); f != nil {
				printDefaultValue(f)
			}
		}
	}
	args := os.Args[1:]
	scanFlagSet.Parse(args)
	args = scanFlagSet.Args()

	var err error
	c.CFG, err = config.LoadFile(c.ConfigFile)
	if c.ConfigFile != "" && err != nil {
		fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
	}

	if err := scan.Command.Main(args, c); err != nil {
		fmt.Fprintln(os.Stderr, err)
	}
}
Ejemplo n.º 9
0
func main() {
	flag.Parse()

	if c.interval == 0 {
		log.Fatal("interval is required and must be > 0")
	}

	if len(c.csrfile) == 0 {
		log.Fatal("csrfile is required")
	}

	if len(c.certpath) == 0 {
		log.Fatal("path is required")
	}

	if len(c.certname) == 0 {
		log.Fatal("certname is required")
	}

	if len(s.Remote) == 0 {
		log.Fatal("remote is required")
	}

	log.Println("cfssl-sidecar")
	log.Printf("operating with interval %s", c.interval)

	if err := os.MkdirAll(c.certpath, os.FileMode(c.perms)); err != nil {
		log.Fatal(err)
	}

	if len(c.cfgfile) > 0 {
		loadedCfg, err := config.LoadFile(c.cfgfile)
		if err != nil {
			log.Fatal(err)
		}
		s.CFG = loadedCfg
	} else {
		log.Println("WARNING: no config file specified.")
	}

	log.Println("updating key and csr.")
	keypath, csrpath, err := createKey(c)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("key(%s) and csr(%s) up to date.", *keypath, *csrpath)

	for {
		log.Println("updating certificate.")
		log.Println("reloading config.")
		if len(c.cfgfile) > 0 {
			loadedCfg, err := config.LoadFile(c.cfgfile)
			if err != nil {
				log.Fatal(err)
			}
			s.CFG = loadedCfg
		} else {
			log.Println("WARNING: no config file specified.")
		}

		s.CSRFile = *csrpath
		certpath, err := createCert(c, s)
		if err != nil {
			log.Fatal(err)
		}
		log.Printf("cert(%s) updated.", *certpath)

		log.Printf("sleeping for interval %s.", c.interval)
		time.Sleep(c.interval)
	}
}
Ejemplo n.º 10
0
Archivo: cli.go Proyecto: nathany/cfssl
// Start is the entrance point of cfssl command line tools.
func Start(cmds map[string]*Command) error {
	// cfsslFlagSet is the flag sets for cfssl.
	var cfsslFlagSet = flag.NewFlagSet("cfssl", flag.ExitOnError)
	var c Config

	registerFlags(&c, cfsslFlagSet)
	// Initial parse of command line arguments. By convention, only -h/-help is supported.
	if flag.Usage == nil {
		flag.Usage = func() {
			fmt.Fprintf(os.Stderr, usage)
			for name := range cmds {
				fmt.Fprintf(os.Stderr, "\t%s\n", name)
			}
			fmt.Fprintf(os.Stderr, "Top-level flags:\n")
			flag.PrintDefaults()
		}
	}

	flag.Parse()

	if flag.NArg() < 1 {
		fmt.Fprintf(os.Stderr, "No command is given.\n")
		flag.Usage()
		return errors.New("no command was given")
	}

	// Clip out the command name and args for the command
	cmdName = flag.Arg(0)
	args := flag.Args()[1:]
	cmd, found := cmds[cmdName]
	if !found {
		fmt.Fprintf(os.Stderr, "Command %s is not defined.\n", cmdName)
		flag.Usage()
		return errors.New("undefined command")
	}
	// always have flag 'loglevel' for each command
	cmd.Flags = append(cmd.Flags, "loglevel")
	// The usage of each individual command is re-written to mention
	// flags defined and referenced only in that command.
	cfsslFlagSet.Usage = func() {
		fmt.Fprintf(os.Stderr, "\t%s", cmd.UsageText)
		for _, name := range cmd.Flags {
			if f := cfsslFlagSet.Lookup(name); f != nil {
				printDefaultValue(f)
			}
		}
	}

	// Parse all flags and take the rest as argument lists for the command
	cfsslFlagSet.Parse(args)
	args = cfsslFlagSet.Args()

	var err error
	if c.ConfigFile != "" {
		c.CFG, err = config.LoadFile(c.ConfigFile)
		if err != nil {
			fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
			return errors.New("failed to load config file")
		}
	}

	if err := cmd.Main(args, c); err != nil {
		fmt.Fprintln(os.Stderr, err)
		return err
	}

	return nil
}