Example #1
0
// Test that self-signed certificates work properly when the CA cert
// included.
func TestSSLWithSelfSignedRootCA(t *testing.T) {
	Convey("Given a test server with self-signed SSL certificates", t, func() {
		// TODO(silversupreme): Make this select random ports for testing.
		tlsServer, err := remote.NewServer("127.0.0.1:10101", testHandler)
		So(err, ShouldBeNil)

		Reset(func() {
			tlsServer.Close()
		})

		Convey("When a client connects and pings", func() {
			testPingClient, err := remote.NewClient("127.0.0.1:10101")
			So(err, ShouldBeNil)

			pingReq := protocol.Ping_REQUEST
			pingMsg := &protocol.Message{
				Ping: &protocol.Ping{
					Type: &pingReq,
				},
			}
			err = testPingClient.Write(pingMsg)
			So(err, ShouldBeNil)

			Convey("Then it should get a pong response", func() {
				resp, err := testPingClient.Read()
				So(err, ShouldBeNil)
				So(resp.GetPing(), ShouldNotBeNil)
			})
		})

	})
}
Example #2
0
func main() {
	config, err := loadConfig()
	if err != nil {
		fmt.Printf("Error loading /etc/hologram/agent.json: %s\n", err)
		os.Exit(1)
	}

	c, err := remote.NewClient(config.Host)

	if err != nil {
		fmt.Printf("Error connectiong to Hologram server: %s\n", err)
		os.Exit(2)
	}

	// Prompt the user for their username and password.
	var (
		user          string
		password      string
		passwordBytes []byte
		sshKey        string
	)

	sshKey = getAgentSSHKey()
	if sshKey == "" {
		sshKey = getUserHomeDirSSHKey()
	}

	if sshKey == "" {
		fmt.Printf("Cannot find your SSH key. Aborting.\n")
		os.Exit(1)
	}

	// Try to get the user's password from the environment.
	// This is useful for automated installation processes.
	user = os.Getenv("LDAP_USER")
	if user == "" {
		fmt.Printf("LDAP Username (not email): ")
		fmt.Scanf("%s", &user)
	}
	password = os.Getenv("LDAP_PASSWORD")
	if password == "" {
		fmt.Printf("LDAP Password: "******"{MD5}%s", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))

	testMessage := &protocol.Message{
		ServerRequest: &protocol.ServerRequest{
			AddSSHkey: &protocol.AddSSHKey{
				Username:     &user,
				Passwordhash: &password,
				Sshkeybytes:  &sshKey,
			},
		},
	}

	c.Write(testMessage)
}
Example #3
0
func (c *client) requestCredentials(req *protocol.ServerRequest, role string) error {
	conn, err := remote.NewClient(c.connectionString)
	if err != nil {
		return err
	}

	msg := &protocol.Message{ServerRequest: req}

	err = conn.Write(msg)

	if err != nil {
		return err
	}

	for skip := 0; ; {
		msg, err = conn.Read()
		if err != nil {
			return err
		}
		if msg.GetServerResponse() != nil {
			serverResponse := msg.GetServerResponse()
			if serverResponse.GetChallenge() != nil {
				challenge := serverResponse.GetChallenge().GetChallenge()

				signature, err := SSHSign([]byte(challenge), skip)
				if err != nil {
					return err
				}
				if signature == nil {
					return errors.New("No keys worked")
				}

				msg = &protocol.Message{
					ServerRequest: &protocol.ServerRequest{
						ChallengeResponse: &protocol.SSHChallengeResponse{
							Signature: signature.Blob,
							Format:    &signature.Format,
						},
					},
				}

				err = conn.Write(msg)
				if err != nil {
					return err
				}
			} else if serverResponse.GetCredentials() != nil {
				credsResponse := serverResponse.GetCredentials()
				creds := &sts.Credentials{
					AccessKeyId:     credsResponse.GetAccessKeyId(),
					SessionToken:    credsResponse.GetAccessToken(),
					SecretAccessKey: credsResponse.GetSecretAccessKey(),
					Expiration:      time.Unix(credsResponse.GetExpiration(), 0),
				}
				c.cr.SetCredentials(creds, role)
				return nil
			} else if serverResponse.GetVerificationFailure() != nil {
				// try the next key
				skip++
			} else {
				return fmt.Errorf("unexpected message from server: %v", msg)
			}
		} else if msg.GetError() != "" {
			return errors.New(msg.GetError())
		} else {
			return fmt.Errorf("unexpected message from server: %v", msg)
		}
	}
}