// bundlerMain is the main CLI of bundler functionality. func bundlerMain(args []string, c cli.Config) (err error) { bundler.IntermediateStash = c.IntDir ubiquity.LoadPlatforms(c.Metadata) flavor := bundler.BundleFlavor(c.Flavor) var b *bundler.Bundler // If it is a force bundle, don't require ca bundle and intermediate bundle // Otherwise, initialize a bundler with CA bundle and intermediate bundle. if flavor == bundler.Force { b = &bundler.Bundler{} } else { b, err = bundler.NewBundler(c.CABundleFile, c.IntBundleFile) if err != nil { return } } var bundle *bundler.Bundle if c.CertFile != "" { if c.CertFile == "-" { var certPEM, keyPEM []byte certPEM, err = cli.ReadStdin(c.CertFile) if err != nil { return } if c.KeyFile != "" { keyPEM, err = cli.ReadStdin(c.KeyFile) if err != nil { return } } bundle, err = b.BundleFromPEMorDER(certPEM, keyPEM, flavor, "") if err != nil { return } } else { // Bundle the client cert bundle, err = b.BundleFromFile(c.CertFile, c.KeyFile, flavor, c.Password) if err != nil { return } } } else if c.Domain != "" { bundle, err = b.BundleFromRemote(c.Domain, c.IP, flavor) if err != nil { return } } else { return errors.New("Must specify bundle target through -cert or -domain") } marshaled, err := bundle.MarshalJSON() if err != nil { return } fmt.Printf("%s", marshaled) return }
// NewHandler creates a new bundler that uses the root bundle and // intermediate bundle in the trust chain. func NewHandler(caBundleFile, intBundleFile string) (http.Handler, error) { var err error b := new(Handler) if b.bundler, err = bundler.NewBundler(caBundleFile, intBundleFile); err != nil { return nil, err } log.Info("bundler API ready") return api.HTTPHandler{Handler: b, Methods: []string{"POST"}}, nil }
func NewBundleHandler(caBundleFile, intBundleFile string) (http.Handler, error) { var err error b := new(BundlerHandler) if b.bundler, err = bundler.NewBundler(caBundleFile, intBundleFile); err != nil { return nil, err } log.Info("bundler API ready") return HttpHandler{b, "POST"}, nil }
// intermediateCAScan scans for new intermediate CAs not in the trust store. func intermediateCAScan(addr, hostname string) (grade Grade, output Output, err error) { cidr, port, _ := net.SplitHostPort(addr) _, ipnet, err := net.ParseCIDR(cidr) if err != nil { return Skipped, nil, nil } b, err := bundler.NewBundler(caBundleFile, intBundleFile) if err != nil { return } var wg sync.WaitGroup wg.Add(numWorkers) dialer := &net.Dialer{Timeout: timeout} config := &tls.Config{InsecureSkipVerify: true} addrs := make(chan string) chains := make(chan []*x509.Certificate, numWorkers) go func() { for chain := range chains { b.Bundle(chain, nil, bundler.Force) } }() for i := 0; i < numWorkers; i++ { go func() { for addr := range addrs { conn, err := tls.DialWithDialer(dialer, Network, addr, config) if err != nil { continue } conn.Close() if conn.ConnectionState().HandshakeComplete { chains <- conn.ConnectionState().PeerCertificates } } wg.Done() }() } for ip := ipnet.IP.To16(); ipnet.Contains(ip); incrementBytes(ip) { addrs <- net.JoinHostPort(ip.String(), port) } close(addrs) wg.Wait() close(chains) grade = Good return }
// bundlerMain is the main CLI of bundler functionality. // TODO(zi): Decide whether to drop the argument list and only use flags to specify all the inputs. // There are debates on whether flag or arg is more appropriate for required parameters. func bundlerMain(args []string) (err error) { // Grab cert file through args only if flag values for cert and domain are absent if Config.certFile == "" && Config.domain == "" { Config.certFile, args, err = popFirstArgument(args) if err != nil { return } } ubiquity.LoadPlatforms(Config.metadata) flavor := bundler.BundleFlavor(Config.flavor) // Initialize a bundler with CA bundle and intermediate bundle. b, err := bundler.NewBundler(Config.caBundleFile, Config.intBundleFile) if err != nil { return } var bundle *bundler.Bundle if Config.certFile != "" { // Bundle the client cert bundle, err = b.BundleFromFile(Config.certFile, Config.keyFile, flavor) if err != nil { return } } else if Config.domain != "" { bundle, err = b.BundleFromRemote(Config.domain, Config.ip) if err != nil { return } } marshaled, err := bundle.MarshalJSON() if err != nil { return } fmt.Printf("%s", marshaled) return }
// SetBundler allows injecting an optional Bundler into the CertGeneratorHandler. func (cg *CertGeneratorHandler) SetBundler(caBundleFile, intBundleFile string) (err error) { cg.bundler, err = bundler.NewBundler(caBundleFile, intBundleFile) return err }