// Client Commands
func clientCmd() {
// new-user
var newUserCmd = flag.NewFlagSet("new-user", flag.ExitOnError)
var keyLength = newUserCmd.Int("size", 4096, "User key size")
var username = newUserCmd.String("username", "user", "Username")
var out = newUserCmd.String("out", "id_rsa", "Key output file")
var expiresDays = newUserCmd.Int("days", daysInTenYears, "User key expires after (days)")
var expires = time.Now().AddDate(0, 0, *expiresDays).UTC()
// new-token
var newTokenCmd = flag.NewFlagSet("new-token", flag.ExitOnError)
var newTokenHostname = newTokenCmd.String("hostname", "", "Username")
var privateKeyPath = newTokenCmd.String("key", "id_rsa", "Private key file")
// ca-hash
var caHashCmd = flag.NewFlagSet("ca-hash", flag.ExitOnError)
var caHost = caHashCmd.String("host", "localhost", "Certificate Authority hostname")
var caPort = caHashCmd.String("port", "33004", "Certificate Authority port")
// select subcommand
//switch os.Args[2] {
switch os.Args[1] {
case "new-user":
newUserCmd.Parse(os.Args[2:])
encodedCert, _, _, err := client.NewUserKey(username, *keyLength, &expires, out)
if err != nil {
logger.Error.Printf("Failed to create new user key: %s", err)
os.Exit(2)
}
fmt.Println(*encodedCert)
case "new-token":
newTokenCmd.Parse(os.Args[2:])
token, err := client.NewTokenUsingPrivateKeyFile(*privateKeyPath, *newTokenHostname, defaultTokenDuration)
if err != nil {
logger.Error.Printf("Failed to create token: %s", err)
os.Exit(2)
}
fmt.Println(*token)
case "ca-hash":
caHashCmd.Parse(os.Args[2:])
endpoint := "https://" + (*caHost) + ":" + (*caPort)
hash, err := client.GetCACertHashEncoded(&endpoint)
if err != nil {
logger.Error.Printf("Failed to get CA Hash: %s", err)
os.Exit(2)
}
fmt.Println(*hash)
default:
error := fmt.Sprintf("%q is not valid command.\n", os.Args[1])
argError(error)
os.Exit(2)
}
}
func TestContainer(t *testing.T) {
logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)
// create root keys
keysize := 2048
key, err := pkix.CreateRSAKey(keysize)
if err != nil {
t.Fatal("Unable to generate keys.", err)
}
// start CA
keylength := 4098
organization := "org"
country := "PT-PT"
expiresDays := 10
expires := time.Now().AddDate(0, 0, expiresDays).UTC()
_, caCert, _, err := ca.NewRootCertificate(keylength, expires, organization, country)
caFingerprint, err := caCert.Fingerprint()
if err != nil {
t.Fatal("Unable to generate keys.", err)
}
// add user to CA
keyLength := 2048
username := "******"
userExpires := time.Now().AddDate(1, 0, 0).UTC()
// generate private key
_, userCert, userPrivateKey, err := client.NewUserKey(&username, keyLength, &userExpires, nil)
if err != nil {
t.Error(err)
}
ca.SetUserCertificate(userCert)
userPrivateKeyBytes, err := userPrivateKey.ExportPrivate()
if err != nil {
t.Error(err)
}
tokenExpires := time.Duration(time.Second * 20)
token, err := client.NewToken(userPrivateKeyBytes, username, tokenExpires)
if err != nil {
t.Error(err)
}
//setup mockHTTPServer
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// /cert
if r.URL.String() == "/v1/cert" {
ca.HandleCertRequest(w, r)
}
if r.URL.String() == "/v1/csr" {
ca.HandleCSR(w, r)
}
}))
defer ts.Close()
fmt.Println(ts.URL)
certProp := CertificateProperties{
name: "Tommy",
ip_list: "192.168.1.1",
domain_list: "symbios",
organization: "symbios",
country: "US",
}
_, err = Authenticate(&ts.URL, token, key, &certProp, &caFingerprint)
if err != nil {
t.Fatalf("Unable to authenticate.", err)
}
}
