Exemple #1
// Test that self-signed certificates work properly when the CA cert
// included.
func TestSSLWithSelfSignedRootCA(t *testing.T) {
	Convey("Given a test server with self-signed SSL certificates", t, func() {
		// TODO(silversupreme): Make this select random ports for testing.
		tlsServer, err := remote.NewServer("", testHandler)
		So(err, ShouldBeNil)

		Reset(func() {

		Convey("When a client connects and pings", func() {
			testPingClient, err := remote.NewClient("")
			So(err, ShouldBeNil)

			pingReq := protocol.Ping_REQUEST
			pingMsg := &protocol.Message{
				Ping: &protocol.Ping{
					Type: &pingReq,
			err = testPingClient.Write(pingMsg)
			So(err, ShouldBeNil)

			Convey("Then it should get a pong response", func() {
				resp, err := testPingClient.Read()
				So(err, ShouldBeNil)
				So(resp.GetPing(), ShouldNotBeNil)

Exemple #2
func main() {
	config, err := loadConfig()
	if err != nil {
		fmt.Printf("Error loading /etc/hologram/agent.json: %s\n", err)

	c, err := remote.NewClient(config.Host)

	if err != nil {
		fmt.Printf("Error connectiong to Hologram server: %s\n", err)

	// Prompt the user for their username and password.
	var (
		user          string
		password      string
		passwordBytes []byte
		sshKey        string

	sshKey = getAgentSSHKey()
	if sshKey == "" {
		sshKey = getUserHomeDirSSHKey()

	if sshKey == "" {
		fmt.Printf("Cannot find your SSH key. Aborting.\n")

	// Try to get the user's password from the environment.
	// This is useful for automated installation processes.
	user = os.Getenv("LDAP_USER")
	if user == "" {
		fmt.Printf("LDAP Username (not email): ")
		fmt.Scanf("%s", &user)
	password = os.Getenv("LDAP_PASSWORD")
	if password == "" {
		fmt.Printf("LDAP Password: "******"{MD5}%s", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))

	testMessage := &protocol.Message{
		ServerRequest: &protocol.ServerRequest{
			AddSSHkey: &protocol.AddSSHKey{
				Username:     &user,
				Passwordhash: &password,
				Sshkeybytes:  &sshKey,

Exemple #3
func (c *client) requestCredentials(req *protocol.ServerRequest, role string) error {
	conn, err := remote.NewClient(c.connectionString)
	if err != nil {
		return err

	msg := &protocol.Message{ServerRequest: req}

	err = conn.Write(msg)

	if err != nil {
		return err

	for skip := 0; ; {
		msg, err = conn.Read()
		if err != nil {
			return err
		if msg.GetServerResponse() != nil {
			serverResponse := msg.GetServerResponse()
			if serverResponse.GetChallenge() != nil {
				challenge := serverResponse.GetChallenge().GetChallenge()

				signature, err := SSHSign([]byte(challenge), skip)
				if err != nil {
					return err
				if signature == nil {
					return errors.New("No keys worked")

				msg = &protocol.Message{
					ServerRequest: &protocol.ServerRequest{
						ChallengeResponse: &protocol.SSHChallengeResponse{
							Signature: signature.Blob,
							Format:    &signature.Format,

				err = conn.Write(msg)
				if err != nil {
					return err
			} else if serverResponse.GetCredentials() != nil {
				credsResponse := serverResponse.GetCredentials()
				creds := &sts.Credentials{
					AccessKeyId:     credsResponse.GetAccessKeyId(),
					SessionToken:    credsResponse.GetAccessToken(),
					SecretAccessKey: credsResponse.GetSecretAccessKey(),
					Expiration:      time.Unix(credsResponse.GetExpiration(), 0),
				c.cr.SetCredentials(creds, role)
				return nil
			} else if serverResponse.GetVerificationFailure() != nil {
				// try the next key
			} else {
				return fmt.Errorf("unexpected message from server: %v", msg)
		} else if msg.GetError() != "" {
			return errors.New(msg.GetError())
		} else {
			return fmt.Errorf("unexpected message from server: %v", msg)