func init() {
if e := os.Getenv(executable_EnvVar); e != "" {
// first chdir to another path
dir := "/"
if runtime.GOOS == "windows" {
cwd, err := os.Getwd()
if err != nil {
panic(err)
}
dir = filepath.VolumeName(cwd)
}
os.Chdir(dir)
if ep, err := os.Executable(); err != nil {
fmt.Fprint(os.Stderr, "ERROR: ", err)
} else {
fmt.Fprint(os.Stderr, ep)
}
os.Exit(0)
}
}
// Lookup config uri by filename
func LookupStoreByFilterName(name string) Store {
var store Store
exe, err := os.Executable()
if err != nil {
println("os.Executable() error: ", err)
}
for _, dirname := range []string{filepath.Dir(exe), ".", "httpproxy", "httpproxy/filters/" + name} {
filename := dirname + "/" + name + ".json"
if _, err := os.Stat(filename); err == nil {
store = &FileStore{dirname}
break
}
}
if store == nil {
store = &FileStore{"."}
}
return store
}
func TestExecutable(t *testing.T) {
testenv.MustHaveExec(t) // will also execlude nacl, which doesn't support Executable anyway
ep, err := os.Executable()
if err != nil {
switch goos := runtime.GOOS; goos {
case "openbsd": // procfs is not mounted by default
t.Skipf("Executable failed on %s: %v, expected", goos, err)
}
t.Fatalf("Executable failed: %v", err)
}
// we want fn to be of the form "dir/prog"
dir := filepath.Dir(filepath.Dir(ep))
fn, err := filepath.Rel(dir, ep)
if err != nil {
t.Fatalf("filepath.Rel: %v", err)
}
cmd := &osexec.Cmd{}
// make child start with a relative program path
cmd.Dir = dir
cmd.Path = fn
// forge argv[0] for child, so that we can verify we could correctly
// get real path of the executable without influenced by argv[0].
cmd.Args = []string{"-", "-test.run=XXXX"}
cmd.Env = append(os.Environ(), fmt.Sprintf("%s=1", executable_EnvVar))
out, err := cmd.CombinedOutput()
if err != nil {
t.Fatalf("exec(self) failed: %v", err)
}
outs := string(out)
if !filepath.IsAbs(outs) {
t.Fatalf("Child returned %q, want an absolute path", out)
}
if !sameFile(outs, ep) {
t.Fatalf("Child returned %q, not the same file as %q", out, ep)
}
}
func NewRootCA(name string, vaildFor time.Duration, rsaBits int, certDir string, portable bool) (*RootCA, error) {
keyFile := name + ".key"
certFile := name + ".crt"
var store storage.Store
if portable {
exe, err := os.Executable()
if err != nil {
glog.Fatalf("os.Executable() error: %+v", err)
}
store = &storage.FileStore{filepath.Dir(exe)}
} else {
store = &storage.FileStore{"."}
}
rootCA := &RootCA{
store: store,
name: name,
keyFile: keyFile,
certFile: certFile,
rsaBits: rsaBits,
certDir: certDir,
mu: new(sync.Mutex),
}
if storage.NotExist(store, certFile) {
glog.Infof("Generating RootCA for %s/%s", keyFile, certFile)
template := x509.Certificate{
IsCA: true,
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
CommonName: name,
Country: []string{"US"},
Province: []string{"California"},
Locality: []string{"Los Angeles"},
Organization: []string{name},
ExtraNames: []pkix.AttributeTypeAndValue{
{
Type: []int{2, 5, 4, 42},
Value: name,
},
},
},
DNSNames: []string{name},
NotBefore: time.Now().Add(-time.Duration(30 * 24 * time.Hour)),
NotAfter: time.Now().Add(vaildFor),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
// AuthorityKeyId: sha1.New().Sum([]byte("phuslu")),
// SubjectKeyId: sha1.New().Sum([]byte("phuslu")),
}
priv, err := rsa.GenerateKey(rand.Reader, rsaBits)
if err != nil {
return nil, err
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return nil, err
}
ca, err := x509.ParseCertificate(derBytes)
if err != nil {
return nil, err
}
rootCA.ca = ca
rootCA.priv = priv
rootCA.derBytes = derBytes
keypem := &pem.Block{Type: "PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rootCA.priv)}
rc := ioutil.NopCloser(bytes.NewReader(pem.EncodeToMemory(keypem)))
if _, err = store.Put(keyFile, http.Header{}, rc); err != nil {
return nil, err
}
certpem := &pem.Block{Type: "CERTIFICATE", Bytes: rootCA.derBytes}
rc = ioutil.NopCloser(bytes.NewReader(pem.EncodeToMemory(certpem)))
if _, err = store.Put(certFile, http.Header{}, rc); err != nil {
return nil, err
}
} else {
for _, name := range []string{keyFile, certFile} {
resp, err := store.Get(name)
if err != nil {
return nil, err
}
data, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return nil, err
}
var b *pem.Block
for {
b, data = pem.Decode(data)
if b == nil {
break
}
switch b.Type {
case "CERTIFICATE":
rootCA.derBytes = b.Bytes
ca, err := x509.ParseCertificate(rootCA.derBytes)
if err != nil {
return nil, err
}
rootCA.ca = ca
case "PRIVATE KEY", "PRIVATE RSA KEY":
priv, err := x509.ParsePKCS1PrivateKey(b.Bytes)
if err != nil {
return nil, err
}
rootCA.priv = priv
}
}
}
}
switch runtime.GOOS {
case "windows", "darwin":
if _, err := rootCA.ca.Verify(x509.VerifyOptions{}); err != nil {
glog.Warningf("Verify RootCA(%#v) error: %v, try import to system root", name, err)
if err = helpers.RemoveCAFromSystemRoot(rootCA.name); err != nil {
glog.Errorf("Remove Old RootCA(%#v) error: %v", name, err)
}
if err = helpers.ImportCAToSystemRoot(rootCA.ca); err != nil {
glog.Errorf("Import RootCA(%#v) error: %v", name, err)
} else {
glog.Infof("Import RootCA(%s) OK", certFile)
}
if fs, err := store.List(certDir); err == nil {
for _, f := range fs {
if _, err = store.Delete(f); err != nil {
glog.Errorf("%T.Delete(%#v) error: %v", store, f, err)
}
}
}
}
}
if fs, ok := store.(*storage.FileStore); ok {
if storage.NotExist(store, certDir) {
if err := os.Mkdir(filepath.Join(fs.Dirname, certDir), 0777); err != nil {
return nil, err
}
}
}
return rootCA, nil
}