Example #1
0
func main() {
	flag.Parse()

	if *flagKeyID == "" {
		log.Fatal("you need to specify -keyid")
	}
	if *flagClaimedIP == "" {
		log.Fatal("you need to specify -ip")
	}

	gpgchallenge.ClientChallengedPort = *flagPort
	cl, err := gpgchallenge.NewClient(
		*flagKeyRing,
		*flagKeyID,
		*flagClaimedIP,
	)
	if err != nil {
		log.Fatal(err)
	}

	config := &tls.Config{
		NextProtos: []string{http2.NextProtoTLS, "http/1.1"},
		MinVersion: tls.VersionTLS12,
	}
	selfCert, selfKey, err := httputil.GenSelfTLS(*flagClaimedIP + "-challenge")
	if err != nil {
		log.Fatalf("could no generate self-signed certificate: %v", err)
	}
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0], err = tls.X509KeyPair(selfCert, selfKey)
	if err != nil {
		log.Fatalf("could not load TLS certificate: %v", err)
	}
	laddr := fmt.Sprintf(":%d", *flagPort)
	l, err := tls.Listen("tcp", laddr, config)
	if err != nil {
		log.Fatalf("could not listen on %v for challenge: %v", laddr, err)
	}

	pattern, handler := cl.Handler()
	http.Handle(pattern, handler)
	errc := make(chan error, 1)
	go func() {
		errc <- http.Serve(l, handler)
	}()
	time.Sleep(time.Second)
	if err := cl.Challenge(*flagServer); err != nil {
		log.Fatal(err)
	}
	log.Printf("Challenge success")
}
Example #2
0
// setupHTTPS uploads to the configuration bucket the certificate and key used by the
// instance for HTTPS. It generates them if d.Conf.CertFile or d.Conf.KeyFile is not defined.
// It should be called after setBuckets.
func (d *Deployer) setupHTTPS(storageService *storage.Service) error {
	installedCert, _, err := d.getInstalledTLS()
	if err != nil && err != os.ErrNotExist {
		return err
	}
	if err == nil {
		sigs, err := httputil.CertFingerprints(installedCert)
		if err != nil {
			return fmt.Errorf("could not get fingerprints of certificate: %v", err)
		}
		d.certFingerprints = sigs
		if Verbose {
			d.Printf("Reusing existing certificate with fingerprint %v", sigs["SHA-256"])
		}
		return nil
	}
	var cert, key io.ReadCloser
	if d.Conf.CertFile != "" && d.Conf.KeyFile != "" {
		// Note: it is not a bug that we do not set d.certFingerprint in that case, because only
		// the wizard template cares about d.certFingerprint, and we never get here with the wizard
		// - but only with camdeploy.
		cert, err = os.Open(d.Conf.CertFile)
		if err != nil {
			return err
		}
		defer cert.Close()
		key, err = os.Open(d.Conf.KeyFile)
		if err != nil {
			return err
		}
		defer key.Close()
	} else {

		if Verbose {
			d.Printf("Generating self-signed certificate for %v ...", d.Conf.Hostname)
		}
		certBytes, keyBytes, err := httputil.GenSelfTLS(d.Conf.Hostname)
		if err != nil {
			return fmt.Errorf("error generating certificates: %v", err)
		}
		sigs, err := httputil.CertFingerprints(certBytes)
		if err != nil {
			return fmt.Errorf("could not get fingerprints of certificate: %v", err)
		}
		d.certFingerprints = sigs
		if Verbose {
			d.Printf("Wrote certificate with SHA-256 fingerprint %s", sigs["SHA-256"])
		}
		cert = ioutil.NopCloser(bytes.NewReader(certBytes))
		key = ioutil.NopCloser(bytes.NewReader(keyBytes))
	}

	if Verbose {
		d.Print("Uploading certificate and key...")
	}
	_, err = storageService.Objects.Insert(d.Conf.bucketBase(),
		&storage.Object{Name: path.Join(configDir, certFilename())}).Media(cert).Do()
	if err != nil {
		return fmt.Errorf("cert upload failed: %v", err)
	}
	_, err = storageService.Objects.Insert(d.Conf.bucketBase(),
		&storage.Object{Name: path.Join(configDir, keyFilename())}).Media(key).Do()
	if err != nil {
		return fmt.Errorf("key upload failed: %v", err)
	}
	return nil
}