func main() {
app := cmd.NewAppShell("boulder-ca")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBConnect)
cmd.FailOnError(err, "Failed to create CA database")
if c.SQL.CreateTables {
err = cadb.CreateTablesIfNotExists()
cmd.FailOnError(err, "Failed to create CA tables")
}
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
cmd.FailOnError(err, "Failed to create CA impl")
cai.MaxKeySize = c.Common.MaxKeySize
go cmd.ProfileCmd("CA", stats)
for {
ch, err := cmd.AmqpChannel(c)
cmd.FailOnError(err, "Could not connect to AMQP")
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
cas := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, ch)
err = rpc.NewCertificateAuthorityServer(cas, cai)
cmd.FailOnError(err, "Unable to create CA server")
auditlogger.Info(app.VersionString())
cmd.RunUntilSignaled(auditlogger, cas, closeChan)
}
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
dbMap, err := sa.NewDbMap(c.CA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to CA database")
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
cmd.FailOnError(err, "Failed to create CA database")
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist)
cmd.FailOnError(err, "Couldn't create PA")
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, clock.Default(), c.Common.IssuerCert)
cmd.FailOnError(err, "Failed to create CA impl")
cai.MaxKeySize = c.Common.MaxKeySize
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
connectionHandler := func(srv *rpc.AmqpRPCServer) {
saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, srv.Channel)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
}
cas, err := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, connectionHandler)
cmd.FailOnError(err, "Unable to create CA RPC server")
rpc.NewCertificateAuthorityServer(cas, cai)
auditlogger.Info(app.VersionString())
err = cas.Start(c)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}
// This is an unfortunate bit of tech debt that is being taken on in
// order to get the more important change of using MySQL/MariaDB in
// all of our tests working without SQLite. We already had issues with
// the RA here getting a real CertificateAuthority instead of a
// CertificateAuthorityClient, so this is only marginally worse.
// TODO(Issue #628): use a CAClient fake instead of a CAImpl instance
func caDBImpl(t *testing.T) (core.CertificateAuthorityDatabase, func()) {
dbMap, err := sa.NewDbMap(caDBConnStr)
if err != nil {
t.Fatalf("Could not construct dbMap: %s", err)
}
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
if err != nil {
t.Fatalf("Could not construct CA DB: %s", err)
}
cleanUp := test.ResetTestDatabase(t, dbMap.Db)
return cadb, cleanUp
}
// This is an unfortunate bit of tech debt that is being taken on in
// order to get the more important change of using MySQL/MariaDB in
// all of our tests working without SQLite. We already had issues with
// the RA here getting a real CertificateAuthority instead of a
// CertificateAuthorityClient, so this is only marginally worse.
// TODO(Issue #628): use a CAClient fake instead of a CAImpl instance
func caDBImpl(t *testing.T) (core.CertificateAuthorityDatabase, func()) {
dbMap, err := sa.NewDbMap(dbConnStr)
if err != nil {
t.Fatalf("Could not construct dbMap: %s", err)
}
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
if err != nil {
t.Fatalf("Could not construct CA DB: %s", err)
}
// We intentionally call CreateTablesIfNotExists twice before
// returning because of the weird insert inside it. The
// CADatabaseImpl code expects the existence of a single row in
// its serialIds table or else it errors. CreateTablesIfNotExists
// currently inserts that row and TruncateTables will remove
// it. But we need to make sure the tables exist before
// TruncateTables can be called to reset the table. So, two calls
// to CreateTablesIfNotExists.
err = cadb.CreateTablesIfNotExists()
if err != nil {
t.Fatalf("Could not construct tables: %s", err)
}
err = dbMap.TruncateTables()
if err != nil {
t.Fatalf("Could not truncate tables: %s", err)
}
err = cadb.CreateTablesIfNotExists()
if err != nil {
t.Fatalf("Could not construct tables: %s", err)
}
cleanUp := func() {
if err := dbMap.TruncateTables(); err != nil {
t.Fatalf("Could not truncate tables after the test: %s", err)
}
dbMap.Db.Close()
}
return cadb, cleanUp
}
func main() {
app := cmd.NewAppShell("boulder-ca")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
cmd.FailOnError(err, "Failed to create CA database")
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
cmd.FailOnError(err, "Failed to create CA impl")
go cmd.ProfileCmd("CA", stats)
for {
ch := cmd.AmqpChannel(c.AMQP.Server)
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
sac, err := rpc.NewStorageAuthorityClient(c.AMQP.SA.Client, c.AMQP.SA.Client, ch)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
cas, err := rpc.NewCertificateAuthorityServer(c.AMQP.CA.Server, ch, cai)
cmd.FailOnError(err, "Unable to create CA server")
cmd.RunUntilSignaled(auditlogger, cas, closeChan)
}
}
app.Run()
}
// This is an unfortunate bit of tech debt that is being taken on in
// order to get the more important change of using MySQL/MariaDB in
// all of our tests working without SQLite. We already had issues with
// the RA here getting a real CertificateAuthority instead of a
// CertificateAuthorityClient, so this is only marginally worse.
// TODO(Issue #628): use a CAClient fake instead of a CAImpl instance
func caDBImpl(t *testing.T) (core.CertificateAuthorityDatabase, func()) {
dbMap, err := sa.NewDbMap(caDBConnStr)
if err != nil {
t.Fatalf("Could not construct dbMap: %s", err)
}
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
if err != nil {
t.Fatalf("Could not construct CA DB: %s", err)
}
cleanUp := test.ResetTestDatabase(t, dbMap.Db)
// This row is required to exist for caDBImpl to work
// correctly. We can no longer use
// dbMap.Insert(&SerialNumber{...}) for this because gorp will
// ignore the ID and insert a new row at a new autoincrement id.
// TODO(jmhodges): gen ids flickr-style, no row needed a head of time
_, err = dbMap.Db.Exec("insert into serialNumber (id, number, lastUpdated) VALUES (?, ?, ?)", 1, 1, time.Now())
if err != nil {
t.Fatalf("unable to create the serial number row: %s", err)
}
return cadb, cleanUp
}
func main() {
app := cmd.NewAppShell("boulder")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
// Run StatsD profiling
go cmd.ProfileCmd("Monolith", stats)
// Create the components
wfe := wfe.NewWebFrontEndImpl()
sa, err := sa.NewSQLStorageAuthority(c.SA.DBDriver, c.SA.DBName)
cmd.FailOnError(err, "Unable to create SA")
ra := ra.NewRegistrationAuthorityImpl()
va := va.NewValidationAuthorityImpl(c.CA.TestMode)
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
cmd.FailOnError(err, "Failed to create CA database")
ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
cmd.FailOnError(err, "Unable to create CA")
// Wire them up
wfe.RA = &ra
wfe.SA = sa
wfe.Stats = stats
wfe.SubscriberAgreementURL = c.SubscriberAgreementURL
wfe.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
ra.CA = ca
ra.SA = sa
ra.VA = &va
va.RA = &ra
ca.SA = sa
// Set up paths
wfe.BaseURL = c.WFE.BaseURL
wfe.HandlePaths()
// We need to tell the RA how to make challenge URIs
// XXX: Better way to do this? Part of improved configuration
ra.AuthzBase = wfe.AuthzBase
fmt.Fprintf(os.Stderr, "Server running, listening on %s...\n", c.WFE.ListenAddress)
err = http.ListenAndServe(c.WFE.ListenAddress, HandlerTimer(http.DefaultServeMux, stats))
cmd.FailOnError(err, "Error starting HTTP server")
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
// Run StatsD profiling
go cmd.ProfileCmd("Monolith", stats)
// Create the components
wfei, err := wfe.NewWebFrontEndImpl()
cmd.FailOnError(err, "Unable to create WFE")
sa, err := sa.NewSQLStorageAuthority(c.SA.DBDriver, c.SA.DBName)
cmd.FailOnError(err, "Unable to create SA")
sa.SetSQLDebug(c.SQL.SQLDebug)
ra := ra.NewRegistrationAuthorityImpl()
va := va.NewValidationAuthorityImpl(c.CA.TestMode)
dnsTimeout, err := time.ParseDuration(c.VA.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse DNS timeout")
va.DNSResolver = core.NewDNSResolver(dnsTimeout, []string{c.VA.DNSResolver})
va.UserAgent = c.VA.UserAgent
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
cmd.FailOnError(err, "Failed to create CA database")
ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
cmd.FailOnError(err, "Unable to create CA")
if c.SQL.CreateTables {
err = sa.CreateTablesIfNotExists()
cmd.FailOnError(err, "Failed to create SA tables")
err = cadb.CreateTablesIfNotExists()
cmd.FailOnError(err, "Failed to create CA tables")
}
// Wire them up
wfei.RA = &ra
wfei.SA = sa
wfei.Stats = stats
wfei.SubscriberAgreementURL = c.SubscriberAgreementURL
wfei.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
ra.CA = ca
ra.SA = sa
ra.VA = &va
va.RA = &ra
ca.SA = sa
// Set up paths
ra.AuthzBase = c.Common.BaseURL + wfe.AuthzPath
wfei.BaseURL = c.Common.BaseURL
wfei.HandlePaths()
ra.MaxKeySize = c.Common.MaxKeySize
ca.MaxKeySize = c.Common.MaxKeySize
auditlogger.Info(app.VersionString())
fmt.Fprintf(os.Stderr, "Server running, listening on %s...\n", c.WFE.ListenAddress)
err = http.ListenAndServe(c.WFE.ListenAddress, HandlerTimer(http.DefaultServeMux, stats))
cmd.FailOnError(err, "Error starting HTTP server")
}
app.Run()
}