// Client Commands func clientCmd() { // new-user var newUserCmd = flag.NewFlagSet("new-user", flag.ExitOnError) var keyLength = newUserCmd.Int("size", 4096, "User key size") var username = newUserCmd.String("username", "user", "Username") var out = newUserCmd.String("out", "id_rsa", "Key output file") var expiresDays = newUserCmd.Int("days", daysInTenYears, "User key expires after (days)") var expires = time.Now().AddDate(0, 0, *expiresDays).UTC() // new-token var newTokenCmd = flag.NewFlagSet("new-token", flag.ExitOnError) var newTokenHostname = newTokenCmd.String("hostname", "", "Username") var privateKeyPath = newTokenCmd.String("key", "id_rsa", "Private key file") // ca-hash var caHashCmd = flag.NewFlagSet("ca-hash", flag.ExitOnError) var caHost = caHashCmd.String("host", "localhost", "Certificate Authority hostname") var caPort = caHashCmd.String("port", "33004", "Certificate Authority port") // select subcommand //switch os.Args[2] { switch os.Args[1] { case "new-user": newUserCmd.Parse(os.Args[2:]) encodedCert, _, _, err := client.NewUserKey(username, *keyLength, &expires, out) if err != nil { logger.Error.Printf("Failed to create new user key: %s", err) os.Exit(2) } fmt.Println(*encodedCert) case "new-token": newTokenCmd.Parse(os.Args[2:]) token, err := client.NewTokenUsingPrivateKeyFile(*privateKeyPath, *newTokenHostname, defaultTokenDuration) if err != nil { logger.Error.Printf("Failed to create token: %s", err) os.Exit(2) } fmt.Println(*token) case "ca-hash": caHashCmd.Parse(os.Args[2:]) endpoint := "https://" + (*caHost) + ":" + (*caPort) hash, err := client.GetCACertHashEncoded(&endpoint) if err != nil { logger.Error.Printf("Failed to get CA Hash: %s", err) os.Exit(2) } fmt.Println(*hash) default: error := fmt.Sprintf("%q is not valid command.\n", os.Args[1]) argError(error) os.Exit(2) } }
func TestContainer(t *testing.T) { logger.InitLogs(os.Stdout, os.Stdout, os.Stderr) // create root keys keysize := 2048 key, err := pkix.CreateRSAKey(keysize) if err != nil { t.Fatal("Unable to generate keys.", err) } // start CA keylength := 4098 organization := "org" country := "PT-PT" expiresDays := 10 expires := time.Now().AddDate(0, 0, expiresDays).UTC() _, caCert, _, err := ca.NewRootCertificate(keylength, expires, organization, country) caFingerprint, err := caCert.Fingerprint() if err != nil { t.Fatal("Unable to generate keys.", err) } // add user to CA keyLength := 2048 username := "******" userExpires := time.Now().AddDate(1, 0, 0).UTC() // generate private key _, userCert, userPrivateKey, err := client.NewUserKey(&username, keyLength, &userExpires, nil) if err != nil { t.Error(err) } ca.SetUserCertificate(userCert) userPrivateKeyBytes, err := userPrivateKey.ExportPrivate() if err != nil { t.Error(err) } tokenExpires := time.Duration(time.Second * 20) token, err := client.NewToken(userPrivateKeyBytes, username, tokenExpires) if err != nil { t.Error(err) } //setup mockHTTPServer ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // /cert if r.URL.String() == "/v1/cert" { ca.HandleCertRequest(w, r) } if r.URL.String() == "/v1/csr" { ca.HandleCSR(w, r) } })) defer ts.Close() fmt.Println(ts.URL) certProp := CertificateProperties{ name: "Tommy", ip_list: "192.168.1.1", domain_list: "symbios", organization: "symbios", country: "US", } _, err = Authenticate(&ts.URL, token, key, &certProp, &caFingerprint) if err != nil { t.Fatalf("Unable to authenticate.", err) } }