// LoadRoot parses a config structure into a Root structure
func LoadRoot(cfg map[string]string) (*Root, error) {
var root Root
var err error
spec, ok := cfg["private"]
if !ok {
return nil, ErrMissingPrivateKey
}
certPath, ok := cfg["certificate"]
if !ok {
return nil, ErrMissingCertificatePath
}
configPath, ok := cfg["config"]
if !ok {
return nil, ErrMissingConfigPath
}
root.PrivateKey, err = parsePrivateKeySpec(spec, cfg)
if err != nil {
return nil, err
}
in, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, err
}
root.Certificate, err = helpers.ParseCertificatePEM(in)
if err != nil {
return nil, err
}
conf, err := config.LoadFile(configPath)
if err != nil {
return nil, err
}
root.Config = conf.Signing
nets := cfg["nets"]
if nets != "" {
root.ACL, err = parseACL(nets)
if err != nil {
return nil, err
}
}
dbConfig := cfg["dbconfig"]
if dbConfig != "" {
db, err := certdb.DBFromConfig(dbConfig)
if err != nil {
return nil, err
}
root.DB = db
}
return &root, nil
}
// The CFSSL standard is to have a configuration file for a label as
// <config>.json.
func findLabel(label string) *config.Config {
for _, dir := range cfsslConfigDirs {
cfgFile := filepath.Join(dir, label+".json")
cfg, err := config.LoadFile(cfgFile)
if err == nil {
return cfg
}
}
return nil
}
// Parse loads a RootList from a file.
func Parse(filename string) (RootList, error) {
cfgMap, err := parseFile(filename)
if err != nil {
return nil, err
}
var rootList = RootList{}
for label, entries := range cfgMap {
var root Root
spec, ok := entries["private"]
if !ok {
return nil, ErrMissingPrivateKey
}
certPath, ok := entries["certificate"]
if !ok {
return nil, ErrMissingCertificatePath
}
configPath, ok := entries["config"]
if !ok {
return nil, ErrMissingConfigPath
}
// Entries is provided for any additional
// configuration data that may need to come from the
// section.
root.PrivateKey, err = parsePrivateKeySpec(spec, entries)
if err != nil {
return nil, err
}
in, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, err
}
root.Certificate, err = helpers.ParseCertificatePEM(in)
if err != nil {
return nil, err
}
conf, err := config.LoadFile(configPath)
if err != nil {
return nil, err
}
root.Config = conf.Signing
rootList[label] = &root
}
return rootList, nil
}
// main defines the newkey usage and registers all defined commands and flags.
func main() {
var newkeyFlagSet = flag.NewFlagSet("newkey", flag.ExitOnError)
var c cli.Config
var usageText = `cfssl-newkey -- generate a new key and CSR
Usage of genkey:
newkey CSRJSON
Arguments:
CSRJSON: JSON file containing the request, use '-' for reading JSON from stdin
Flags:
`
registerFlags(&c, newkeyFlagSet)
newkeyFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "\t%s", usageText)
for _, name := range genkey.Command.Flags {
if f := newkeyFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
args := os.Args[1:]
newkeyFlagSet.Parse(args)
args = newkeyFlagSet.Args()
var err error
c.CFG, err = config.LoadFile(c.ConfigFile)
if c.ConfigFile != "" && err != nil {
fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
}
if err := genkey.Command.Main(args, c); err != nil {
fmt.Fprintln(os.Stderr, err)
}
}
// main defines the bundle usage and registers all defined commands and flags.
func main() {
var bundleFlagSet = flag.NewFlagSet("bundle", flag.ExitOnError)
var c cli.Config
var usageText = `cfssl-bundle -- create a certificate bundle that contains the client cert
Usage of bundle:
- Bundle local certificate files
bundle -cert file [-ca-bundle file] [-int-bundle file] [-int-dir dir] [-metadata file] [-key keyfile] [-flavor optimal|ubiquitous|force] [-password password]
- Bundle certificate from remote server.
bundle -domain domain_name [-ip ip_address] [-ca-bundle file] [-int-bundle file] [-int-dir dir] [-metadata file]
Flags:
`
registerFlags(&c, bundleFlagSet)
bundleFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "\t%s", usageText)
for _, name := range bundle.Command.Flags {
if f := bundleFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
args := os.Args[1:]
bundleFlagSet.Parse(args)
args = bundleFlagSet.Args()
var err error
c.CFG, err = config.LoadFile(c.ConfigFile)
if c.ConfigFile != "" && err != nil {
fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
}
if err := bundle.Command.Main(args, c); err != nil {
fmt.Fprintln(os.Stderr, err)
}
}
// The main entrance point of cfssl command line tools.
func main() {
// Initial parse of command line arguments. By convention, only -h/-help is supported.
flag.Parse()
if flag.NArg() < 1 {
fmt.Fprintf(os.Stderr, "No command is given.\n")
flag.Usage()
return
}
// Clip out the command name and args for the command
cmdName = flag.Arg(0)
args := flag.Args()[1:]
if cmd, found := cmds[cmdName]; !found {
fmt.Fprintf(os.Stderr, "Command %s is not defined.\n", cmdName)
flag.Usage()
return
} else {
// The usage of each individual command is re-written to mention
// flags defined and referenced only in that command.
cfsslFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "%s", cmd.UsageText)
for _, name := range cmd.Flags {
if f := cfsslFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
// Parse all flags and take the rest as argument lists for the command
cfsslFlagSet.Parse(args)
args = cfsslFlagSet.Args()
Config.cfg = config.LoadFile(Config.configFile)
if err := cmd.Main(args); err != nil {
fmt.Fprintln(os.Stderr, err)
}
}
}
// main defines the newkey usage and registers all defined commands and flags.
func main() {
var certinfoFlagSet = flag.NewFlagSet("certinfo", flag.ExitOnError)
var c cli.Config
registerFlags(&c, certinfoFlagSet)
var usageText = `cfssl-certinfo -- output certinfo about the given cert
Usage of certinfo:
- Data from local certificate files
certinfo -cert file
- Data from certificate from remote server.
certinfo -domain domain_name
Flags:
`
certinfoFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "\t%s", usageText)
for _, name := range certinfo.Command.Flags {
if f := certinfoFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
args := os.Args[1:]
certinfoFlagSet.Parse(args)
args = certinfoFlagSet.Args()
var err error
c.CFG, err = config.LoadFile(c.ConfigFile)
if c.ConfigFile != "" && err != nil {
fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
}
if err := certinfo.Command.Main(args, c); err != nil {
fmt.Fprintln(os.Stderr, err)
}
}
// main defines the scan usage and registers all defined commands and flags.
func main() {
var scanFlagSet = flag.NewFlagSet("scan", flag.ExitOnError)
var c cli.Config
var usageText = `cfssl scan -- scan a host for issues
Usage of scan:
cfssl scan [-family regexp] [-scanner regexp] [-timeout duration] [-ip IPAddr] [-num-workers num] [-max-hosts num] [-csv hosts.csv] HOST+
cfssl scan -list
Arguments:
HOST: Host(s) to scan (including port)
Flags:
`
registerFlags(&c, scanFlagSet)
scanFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "\t%s", usageText)
for _, name := range scan.Command.Flags {
if f := scanFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
args := os.Args[1:]
scanFlagSet.Parse(args)
args = scanFlagSet.Args()
var err error
c.CFG, err = config.LoadFile(c.ConfigFile)
if c.ConfigFile != "" && err != nil {
fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
}
if err := scan.Command.Main(args, c); err != nil {
fmt.Fprintln(os.Stderr, err)
}
}
func main() {
flag.Parse()
if c.interval == 0 {
log.Fatal("interval is required and must be > 0")
}
if len(c.csrfile) == 0 {
log.Fatal("csrfile is required")
}
if len(c.certpath) == 0 {
log.Fatal("path is required")
}
if len(c.certname) == 0 {
log.Fatal("certname is required")
}
if len(s.Remote) == 0 {
log.Fatal("remote is required")
}
log.Println("cfssl-sidecar")
log.Printf("operating with interval %s", c.interval)
if err := os.MkdirAll(c.certpath, os.FileMode(c.perms)); err != nil {
log.Fatal(err)
}
if len(c.cfgfile) > 0 {
loadedCfg, err := config.LoadFile(c.cfgfile)
if err != nil {
log.Fatal(err)
}
s.CFG = loadedCfg
} else {
log.Println("WARNING: no config file specified.")
}
log.Println("updating key and csr.")
keypath, csrpath, err := createKey(c)
if err != nil {
log.Fatal(err)
}
log.Printf("key(%s) and csr(%s) up to date.", *keypath, *csrpath)
for {
log.Println("updating certificate.")
log.Println("reloading config.")
if len(c.cfgfile) > 0 {
loadedCfg, err := config.LoadFile(c.cfgfile)
if err != nil {
log.Fatal(err)
}
s.CFG = loadedCfg
} else {
log.Println("WARNING: no config file specified.")
}
s.CSRFile = *csrpath
certpath, err := createCert(c, s)
if err != nil {
log.Fatal(err)
}
log.Printf("cert(%s) updated.", *certpath)
log.Printf("sleeping for interval %s.", c.interval)
time.Sleep(c.interval)
}
}
// Start is the entrance point of cfssl command line tools.
func Start(cmds map[string]*Command) error {
// cfsslFlagSet is the flag sets for cfssl.
var cfsslFlagSet = flag.NewFlagSet("cfssl", flag.ExitOnError)
var c Config
registerFlags(&c, cfsslFlagSet)
// Initial parse of command line arguments. By convention, only -h/-help is supported.
if flag.Usage == nil {
flag.Usage = func() {
fmt.Fprintf(os.Stderr, usage)
for name := range cmds {
fmt.Fprintf(os.Stderr, "\t%s\n", name)
}
fmt.Fprintf(os.Stderr, "Top-level flags:\n")
flag.PrintDefaults()
}
}
flag.Parse()
if flag.NArg() < 1 {
fmt.Fprintf(os.Stderr, "No command is given.\n")
flag.Usage()
return errors.New("no command was given")
}
// Clip out the command name and args for the command
cmdName = flag.Arg(0)
args := flag.Args()[1:]
cmd, found := cmds[cmdName]
if !found {
fmt.Fprintf(os.Stderr, "Command %s is not defined.\n", cmdName)
flag.Usage()
return errors.New("undefined command")
}
// always have flag 'loglevel' for each command
cmd.Flags = append(cmd.Flags, "loglevel")
// The usage of each individual command is re-written to mention
// flags defined and referenced only in that command.
cfsslFlagSet.Usage = func() {
fmt.Fprintf(os.Stderr, "\t%s", cmd.UsageText)
for _, name := range cmd.Flags {
if f := cfsslFlagSet.Lookup(name); f != nil {
printDefaultValue(f)
}
}
}
// Parse all flags and take the rest as argument lists for the command
cfsslFlagSet.Parse(args)
args = cfsslFlagSet.Args()
var err error
if c.ConfigFile != "" {
c.CFG, err = config.LoadFile(c.ConfigFile)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to load config file: %v", err)
return errors.New("failed to load config file")
}
}
if err := cmd.Main(args, c); err != nil {
fmt.Fprintln(os.Stderr, err)
return err
}
return nil
}