// Reads the configuration file for storage setup, and sets up the cryptoservice // mapping func setUpCryptoservices(configuration *viper.Viper, allowedBackends []string) ( signer.CryptoServiceIndex, error) { storeConfig, err := utils.ParseStorage(configuration, allowedBackends) if err != nil { return nil, err } var keyStore trustmanager.KeyStore if storeConfig.Backend == utils.MemoryBackend { keyStore = trustmanager.NewKeyMemoryStore( passphrase.ConstantRetriever("memory-db-ignore")) } else { defaultAlias := configuration.GetString("storage.default_alias") if defaultAlias == "" { // backwards compatibility - support this environment variable defaultAlias = configuration.GetString(defaultAliasEnv) } if defaultAlias == "" { return nil, fmt.Errorf("must provide a default alias for the key DB") } logrus.Debug("Default Alias: ", defaultAlias) dbStore, err := keydbstore.NewKeyDBStore( passphraseRetriever, defaultAlias, storeConfig.Backend, storeConfig.Source) if err != nil { return nil, fmt.Errorf("failed to create a new keydbstore: %v", err) } logrus.Debugf("Using %s DB: %s", storeConfig.Backend, storeConfig.Source) health.RegisterPeriodicFunc( "DB operational", dbStore.HealthCheck, time.Second*60) keyStore = dbStore } cryptoService := cryptoservice.NewCryptoService("", keyStore) cryptoServices := make(signer.CryptoServiceIndex) cryptoServices[data.ED25519Key] = cryptoService cryptoServices[data.ECDSAKey] = cryptoService return cryptoServices, nil }
func main() { flag.Usage = usage flag.Parse() if debug { go debugServer(debugAddr) } // when the signer starts print the version for debugging and issue logs later logrus.Infof("Version: %s, Git commit: %s", version.NotaryVersion, version.GitCommit) filename := filepath.Base(configFile) ext := filepath.Ext(configFile) configPath := filepath.Dir(configFile) mainViper.SetConfigType(strings.TrimPrefix(ext, ".")) mainViper.SetConfigName(strings.TrimSuffix(filename, ext)) mainViper.AddConfigPath(configPath) err := mainViper.ReadInConfig() if err != nil { logrus.Error("Viper Error: ", err.Error()) logrus.Error("Could not read config at ", configFile) os.Exit(1) } logrus.SetLevel(logrus.Level(mainViper.GetInt("logging.level"))) tlsConfig, err := signerTLS(mainViper, true) if err != nil { logrus.Fatalf(err.Error()) } cryptoServices := make(signer.CryptoServiceIndex) configDBType := strings.ToLower(mainViper.GetString("storage.backend")) dbURL := mainViper.GetString("storage.db_url") if configDBType != dbType || dbURL == "" { usage() log.Fatalf("Currently only a MySQL database backend is supported.") } dbSQL, err := sql.Open(configDBType, dbURL) if err != nil { log.Fatalf("failed to open the database: %s, %v", dbURL, err) } defaultAlias := mainViper.GetString(defaultAliasEnv) logrus.Debug("Default Alias: ", defaultAlias) keyStore, err := keydbstore.NewKeyDBStore(passphraseRetriever, defaultAlias, configDBType, dbSQL) if err != nil { log.Fatalf("failed to create a new keydbstore: %v", err) } health.RegisterPeriodicFunc( "DB operational", keyStore.HealthCheck, time.Second*60) cryptoService := cryptoservice.NewCryptoService("", keyStore) cryptoServices[data.ED25519Key] = cryptoService cryptoServices[data.ECDSAKey] = cryptoService //RPC server setup kms := &api.KeyManagementServer{CryptoServices: cryptoServices, HealthChecker: health.CheckStatus} ss := &api.SignerServer{CryptoServices: cryptoServices, HealthChecker: health.CheckStatus} rpcAddr := mainViper.GetString("server.grpc_addr") lis, err := net.Listen("tcp", rpcAddr) if err != nil { log.Fatalf("failed to listen %v", err) } creds := credentials.NewTLS(tlsConfig) opts := []grpc.ServerOption{grpc.Creds(creds)} grpcServer := grpc.NewServer(opts...) pb.RegisterKeyManagementServer(grpcServer, kms) pb.RegisterSignerServer(grpcServer, ss) go grpcServer.Serve(lis) httpAddr := mainViper.GetString("server.http_addr") if httpAddr == "" { log.Fatalf("Server address is required") } //HTTP server setup server := http.Server{ Addr: httpAddr, Handler: api.Handlers(cryptoServices), TLSConfig: tlsConfig, } if debug { log.Println("RPC server listening on", rpcAddr) log.Println("HTTP server listening on", httpAddr) } err = server.ListenAndServeTLS("", "") if err != nil { log.Fatal("HTTPS server failed to start:", err) } }
// Reads the configuration file for storage setup, and sets up the cryptoservice // mapping func setUpCryptoservices(configuration *viper.Viper, allowedBackends []string) ( signer.CryptoServiceIndex, error) { backend := configuration.GetString("storage.backend") if !tufutils.StrSliceContains(allowedBackends, backend) { return nil, fmt.Errorf("%s is not an allowed backend, must be one of: %s", backend, allowedBackends) } var keyStore trustmanager.KeyStore switch backend { case notary.MemoryBackend: keyStore = trustmanager.NewKeyMemoryStore( passphrase.ConstantRetriever("memory-db-ignore")) case notary.RethinkDBBackend: var sess *gorethink.Session storeConfig, err := utils.ParseRethinkDBStorage(configuration) if err != nil { return nil, err } defaultAlias, err := getDefaultAlias(configuration) if err != nil { return nil, err } tlsOpts := tlsconfig.Options{ CAFile: storeConfig.CA, CertFile: storeConfig.Cert, KeyFile: storeConfig.Key, } if doBootstrap { sess, err = rethinkdb.AdminConnection(tlsOpts, storeConfig.Source) } else { sess, err = rethinkdb.UserConnection(tlsOpts, storeConfig.Source, storeConfig.Username, storeConfig.Password) } if err != nil { return nil, fmt.Errorf("Error starting %s driver: %s", backend, err.Error()) } s := keydbstore.NewRethinkDBKeyStore(storeConfig.DBName, storeConfig.Username, storeConfig.Password, passphraseRetriever, defaultAlias, sess) health.RegisterPeriodicFunc("DB operational", time.Minute, s.CheckHealth) keyStore = s case notary.MySQLBackend, notary.SQLiteBackend: storeConfig, err := utils.ParseSQLStorage(configuration) if err != nil { return nil, err } defaultAlias, err := getDefaultAlias(configuration) if err != nil { return nil, err } dbStore, err := keydbstore.NewKeyDBStore( passphraseRetriever, defaultAlias, storeConfig.Backend, storeConfig.Source) if err != nil { return nil, fmt.Errorf("failed to create a new keydbstore: %v", err) } health.RegisterPeriodicFunc( "DB operational", time.Minute, dbStore.HealthCheck) keyStore = dbStore } if doBootstrap { err := bootstrap(keyStore) if err != nil { logrus.Fatal(err.Error()) } os.Exit(0) } cryptoService := cryptoservice.NewCryptoService(keyStore) cryptoServices := make(signer.CryptoServiceIndex) cryptoServices[data.ED25519Key] = cryptoService cryptoServices[data.ECDSAKey] = cryptoService return cryptoServices, nil }