func main() {
flagAddr := flag.String("a", ":8888", "listening address")
flagRootFile := flag.String("roots", "", "configuration file specifying root keys")
flagDefaultLabel := flag.String("l", "", "specify a default label")
flagEndpointCert := flag.String("tls-cert", "", "server certificate")
flagEndpointKey := flag.String("tls-key", "", "server private key")
flag.IntVar(&log.Level, "loglevel", log.LevelInfo, "log level (0 = DEBUG, 4 = ERROR)")
flag.Parse()
if *flagRootFile == "" {
log.Fatal("no root file specified")
}
roots, err := config.Parse(*flagRootFile)
if err != nil {
log.Fatalf("%v", err)
}
for label, root := range roots {
s, err := parseSigner(root)
if err != nil {
log.Criticalf("%v", err)
}
signers[label] = s
if root.ACL != nil {
whitelists[label] = root.ACL
}
log.Info("loaded signer ", label)
}
defaultLabel = *flagDefaultLabel
initStats()
infoHandler, err := info.NewMultiHandler(signers, defaultLabel)
if err != nil {
log.Criticalf("%v", err)
}
var localhost = whitelist.NewBasic()
localhost.Add(net.ParseIP("127.0.0.1"))
localhost.Add(net.ParseIP("::1"))
metrics, err := whitelist.NewHandlerFunc(dumpMetrics, metricsDisallowed, localhost)
if err != nil {
log.Criticalf("failed to set up the metrics whitelist: %v", err)
}
http.HandleFunc("/api/v1/cfssl/authsign", dispatchRequest)
http.Handle("/api/v1/cfssl/info", infoHandler)
http.Handle("/api/v1/cfssl/metrics", metrics)
if *flagEndpointCert == "" && *flagEndpointKey == "" {
log.Info("Now listening on ", *flagAddr)
log.Fatal(http.ListenAndServe(*flagAddr, nil))
} else {
log.Info("Now listening on https:// ", *flagAddr)
log.Fatal(http.ListenAndServeTLS(*flagAddr, *flagEndpointCert, *flagEndpointKey, nil))
}
}
func main() {
root := flag.String("root", "files/", "file server root")
flag.Parse()
fileServer := http.StripPrefix("/files/",
http.FileServer(http.Dir(*root)))
wl.Add(net.IP{127, 0, 0, 1})
adminWL := whitelist.NewBasic()
adminWL.Add(net.IP{127, 0, 0, 1})
adminWL.Add(net.ParseIP("::1"))
protFiles, err := whitelist.NewHandler(fileServer, nil, wl)
if err != nil {
log.Fatalf("%v", err)
}
addHandler, err := whitelist.NewHandlerFunc(addIP, nil, adminWL)
if err != nil {
log.Fatalf("%v", err)
}
delHandler, err := whitelist.NewHandlerFunc(delIP, nil, adminWL)
if err != nil {
log.Fatalf("%v", err)
}
dumpHandler, err := whitelist.NewHandlerFunc(dumpWhitelist, nil, adminWL)
if err != nil {
log.Fatalf("%v", err)
}
http.Handle("/files/", protFiles)
http.Handle("/add", addHandler)
http.Handle("/del", delHandler)
http.Handle("/dump", dumpHandler)
log.Println("Serving files on :8080")
log.Fatal(http.ListenAndServe(":8080", nil))
}
package main
import (
"encoding/json"
"flag"
"fmt"
"log"
"net"
"net/http"
"github.com/cloudflare/cfssl/whitelist"
)
var wl = whitelist.NewBasic()
func addIP(w http.ResponseWriter, r *http.Request) {
addr := r.FormValue("ip")
ip := net.ParseIP(addr)
wl.Add(ip)
log.Printf("request to add %s to the whitelist", addr)
w.Write([]byte(fmt.Sprintf("Added %s to whitelist.\n", addr)))
}
func delIP(w http.ResponseWriter, r *http.Request) {
addr := r.FormValue("ip")
ip := net.ParseIP(addr)
wl.Remove(ip)
log.Printf("request to remove %s from the whitelist", addr)
w.Write([]byte(fmt.Sprintf("Removed %s from whitelist.\n", ip)))