Example #1
0
func (p *HttpProxy) Proxy() {
	log.Info("HTTP proxy listening on %s", log.Colorize(log.BLUE, fmt.Sprintf("%s://%s:%d", p.Protocol, p.Host, p.Port)))
	pkiMgr, err := pki.New()
	checkHttpServerError(err)
	config, err := pkiMgr.GetClientTLSConfig()
	checkHttpServerError(err)
	config.InsecureSkipVerify = false

	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		director := func(req *http.Request) {
			req = r
			req.URL.Scheme = p.ProxyProtocol
			req.URL.Host = fmt.Sprintf("%s:%d", p.ProxyHost, p.ProxyPort)
		}
		proxy := &ReverseProxy{Director: director, Middleware: p.middleware}
		proxy.Transport = &http.Transport{
			Proxy:               http.ProxyFromEnvironment,
			TLSClientConfig:     config,
			TLSHandshakeTimeout: 10 * time.Second,
		}
		proxy.ServeHTTP(w, r)
	})
	if p.Protocol == "https" {
		checkHttpServerError(err)
		checkHttpServerError(http.ListenAndServeTLS(fmt.Sprintf("%s:%d", p.Host, p.Port), pkiMgr.Config.ClientCertPath, pkiMgr.Config.ClientKeyPath, mux))
	} else {
		checkHttpServerError(http.ListenAndServe(fmt.Sprintf("%s:%d", p.Host, p.Port), mux))
	}
}
Example #2
0
func (c *PkiCommand) Run(args []string) int {
	c.meta = Meta{
		Ui: &cli.ColoredUi{
			Ui:          &cli.BasicUi{Writer: os.Stdout, Reader: os.Stdin, ErrorWriter: os.Stderr},
			OutputColor: cli.UiColorNone,
			InfoColor:   cli.UiColorNone,
			ErrorColor:  cli.UiColorRed,
		},
	}
	cmdFlags := flag.NewFlagSet("pki", flag.ContinueOnError)
	cmdFlags.Usage = func() { c.meta.Ui.Output(c.Help()) }

	cmdFlags.StringVar(&c.caHost, "caHost", "localhost", "Specify the CAs custom hostname")
	cmdFlags.StringVar(&c.importCA, "importCA", "", "Path to CA Cert to import")
	cmdFlags.StringVar(&c.importClientCert, "importClientCert", "", "Path of client certificate to import and set as the default")
	cmdFlags.StringVar(&c.importClientKey, "importClientKey", "", "Path of client key to import and set as the default")
	cmdFlags.BoolVar(&c.configure, "configure", false, "Configures a default PKI infrastructure. Warning: This will clear any existing PKI files")
	cmdFlags.BoolVar(&c.removePKI, "removePKI", false, "Remove existing PKI keys and certs.")
	cmdFlags.BoolVar(&c.outputCA, "outputCA", false, "Output the CA Certificate of this node")
	cmdFlags.BoolVar(&c.outputClientCert, "outputClientCert", false, "Output the Client Certificate")
	cmdFlags.BoolVar(&c.outputClientKey, "outputClientKey", false, "Output the Client Key")
	cmdFlags.BoolVar(&c.generateCert, "generateCert", false, "Generate a custom cert from this nodes' CA")

	pki, err := pki.New()
	if err != nil {
		c.meta.Ui.Error(fmt.Sprintf("Unable to setup public key infrastructure: %s", err.Error()))
		return 1
	}

	// Validate
	if err := cmdFlags.Parse(args); err != nil {
		return 1
	}

	if c.configure {
		c.meta.Ui.Output(fmt.Sprintf("Setting up PKI for %s...", c.caHost))
		pki.RemovePKI()
		err := pki.SetupPKI(c.caHost)
		if err != nil {
			c.meta.Ui.Error(err.Error())
		}
		c.meta.Ui.Output("PKI setup complete.")
	}

	if c.importCA != "" {
		c.meta.Ui.Output(fmt.Sprintf("Importing CA from %s", c.importCA))
		timestamp := time.Now().Unix()
		err := pki.ImportCA(fmt.Sprintf("%d", timestamp), c.importCA)
		if err != nil {
			c.meta.Ui.Error(fmt.Sprintf("Failed to import CA: %s", err.Error()))
		} else {
			c.meta.Ui.Info("CA successfully imported")
		}
	}

	if c.importClientCert != "" && c.importClientKey != "" {
		err := pki.ImportClientCertAndKey(c.importClientCert, c.importClientKey)
		if err != nil {
			c.meta.Ui.Error(fmt.Sprintf("Failed to import client keys: %s", err.Error()))
		} else {
			c.meta.Ui.Info("Client keys successfully imported")
		}
	}
	if c.outputCA {
		cert, _ := pki.OutputCACert()
		c.meta.Ui.Output(cert)
	}

	if c.outputClientCert {
		cert, _ := pki.OutputClientCert()
		c.meta.Ui.Output(cert)
	}

	if c.outputClientKey {
		cert, _ := pki.OutputClientKey()
		c.meta.Ui.Output(cert)
	}

	if c.removePKI {
		c.meta.Ui.Output("Removing existing PKI")
		err := pki.RemovePKI()
		if err != nil {
			c.meta.Ui.Error(err.Error())
		}
		c.meta.Ui.Output("PKI removal complete.")
	}

	if c.generateCert {
		c.meta.Ui.Output("Generating a new client cert")
		err := pki.GenerateClientCertificate([]string{"localhost"})
		if err != nil {
			c.meta.Ui.Error(err.Error())
		}
		c.meta.Ui.Output("Cert generation complete")
	}

	return 0
}