func main() { app := cmd.NewAppShell("boulder-ca") app.Action = func(c cmd.Config) { stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix) cmd.FailOnError(err, "Couldn't connect to statsd") // Set up logging auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats) cmd.FailOnError(err, "Could not connect to Syslog") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) go cmd.DebugServer(c.CA.DebugAddr) cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBConnect) cmd.FailOnError(err, "Failed to create CA database") if c.SQL.CreateTables { err = cadb.CreateTablesIfNotExists() cmd.FailOnError(err, "Failed to create CA tables") } cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert) cmd.FailOnError(err, "Failed to create CA impl") cai.MaxKeySize = c.Common.MaxKeySize go cmd.ProfileCmd("CA", stats) for { ch, err := cmd.AmqpChannel(c) cmd.FailOnError(err, "Could not connect to AMQP") closeChan := ch.NotifyClose(make(chan *amqp.Error, 1)) saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, ch) cmd.FailOnError(err, "Unable to create RPC client") sac, err := rpc.NewStorageAuthorityClient(saRPC) cmd.FailOnError(err, "Failed to create SA client") cai.SA = &sac cas := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, ch) err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Unable to create CA server") auditlogger.Info(app.VersionString()) cmd.RunUntilSignaled(auditlogger, cas, closeChan) } } app.Run() }
func main() { app := cmd.NewAppShell("boulder-ca", "Handles issuance operations") app.Action = func(c cmd.Config) { stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix) cmd.FailOnError(err, "Couldn't connect to statsd") // Set up logging auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats) cmd.FailOnError(err, "Could not connect to Syslog") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) go cmd.DebugServer(c.CA.DebugAddr) dbMap, err := sa.NewDbMap(c.CA.DBConnect) cmd.FailOnError(err, "Couldn't connect to CA database") cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap) cmd.FailOnError(err, "Failed to create CA database") paDbMap, err := sa.NewDbMap(c.PA.DBConnect) cmd.FailOnError(err, "Couldn't connect to policy database") pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist) cmd.FailOnError(err, "Couldn't create PA") cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, clock.Default(), c.Common.IssuerCert) cmd.FailOnError(err, "Failed to create CA impl") cai.MaxKeySize = c.Common.MaxKeySize cai.PA = pa go cmd.ProfileCmd("CA", stats) connectionHandler := func(srv *rpc.AmqpRPCServer) { saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, srv.Channel) cmd.FailOnError(err, "Unable to create RPC client") sac, err := rpc.NewStorageAuthorityClient(saRPC) cmd.FailOnError(err, "Failed to create SA client") cai.SA = &sac } cas, err := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, connectionHandler) cmd.FailOnError(err, "Unable to create CA RPC server") rpc.NewCertificateAuthorityServer(cas, cai) auditlogger.Info(app.VersionString()) err = cas.Start(c) cmd.FailOnError(err, "Unable to run CA RPC server") } app.Run() }
func main() { app := cmd.NewAppShell("boulder-ca", "Handles issuance operations") app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) { // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") go cmd.DebugServer(c.CA.DebugAddr) pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), stats, issuers, c.KeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa go cmd.ProfileCmd("CA", stats) amqpConf := c.CA.AMQP cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") if c.CA.PublisherService != nil { conn, err := bgrpc.ClientSetup(c.CA.PublisherService) cmd.FailOnError(err, "Failed to load credentials and create connection to service") cai.Publisher = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn), c.CA.PublisherService.Timeout.Duration) } else { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create Publisher client") } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats, logger) cmd.FailOnError(err, "Unable to create CA RPC server") err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") } app.Run() }
func main() { app := cmd.NewAppShell("boulder-ca", "Handles issuance operations") app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) { // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) go cmd.DebugServer(c.CA.DebugAddr) dbURL, err := c.PA.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") paDbMap, err := sa.NewDbMap(dbURL) cmd.FailOnError(err, "Couldn't connect to policy database") pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") priv, err := loadPrivateKey(c.CA.Key) cmd.FailOnError(err, "Couldn't load private key") issuer, err := core.LoadCert(c.Common.IssuerCert) cmd.FailOnError(err, "Couldn't load issuer cert") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), stats, issuer, priv, c.KeyPolicy()) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa go cmd.ProfileCmd("CA", stats) amqpConf := c.CA.AMQP cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create Publisher client") cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats) cmd.FailOnError(err, "Unable to create CA RPC server") rpc.NewCertificateAuthorityServer(cas, cai) err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") } app.Run() }
func main() { app := cmd.NewAppShell("boulder-ca", "Handles issuance operations") app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) { // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") c.PA.SetDefaultChallengesIfEmpty() // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) go cmd.DebugServer(c.CA.DebugAddr) paDbMap, err := sa.NewDbMap(c.PA.DBConnect) cmd.FailOnError(err, "Couldn't connect to policy database") pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") cai, err := ca.NewCertificateAuthorityImpl(c.CA, clock.Default(), stats, c.Common.IssuerCert) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa go cmd.ProfileCmd("CA", stats) saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, c, stats) cmd.FailOnError(err, "Unable to create RPC client") sac, err := rpc.NewStorageAuthorityClient(saRPC) cmd.FailOnError(err, "Failed to create SA client") pubRPC, err := rpc.NewAmqpRPCClient("CA->Publisher", c.AMQP.Publisher.Server, c, stats) cmd.FailOnError(err, "Unable to create RPC client") pubc, err := rpc.NewPublisherClient(pubRPC) cmd.FailOnError(err, "Failed to create Publisher client") cai.Publisher = &pubc cai.SA = &sac cas, err := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, c.CA.MaxConcurrentRPCServerRequests, c) cmd.FailOnError(err, "Unable to create CA RPC server") rpc.NewCertificateAuthorityServer(cas, cai) err = cas.Start(c) cmd.FailOnError(err, "Unable to run CA RPC server") } app.Run() }
func main() { app := cmd.NewAppShell("boulder-ca") app.Action = func(c cmd.Config) { stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix) cmd.FailOnError(err, "Couldn't connect to statsd") // Set up logging auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats) cmd.FailOnError(err, "Could not connect to Syslog") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName) cmd.FailOnError(err, "Failed to create CA database") cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA) cmd.FailOnError(err, "Failed to create CA impl") go cmd.ProfileCmd("CA", stats) for { ch := cmd.AmqpChannel(c.AMQP.Server) closeChan := ch.NotifyClose(make(chan *amqp.Error, 1)) sac, err := rpc.NewStorageAuthorityClient(c.AMQP.SA.Client, c.AMQP.SA.Client, ch) cmd.FailOnError(err, "Failed to create SA client") cai.SA = &sac cas, err := rpc.NewCertificateAuthorityServer(c.AMQP.CA.Server, ch, cai) cmd.FailOnError(err, "Unable to create CA server") cmd.RunUntilSignaled(auditlogger, cas, closeChan) } } app.Run() }
func main() { app := cmd.NewAppShell("boulder") app.Action = func(c cmd.Config) { stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix) cmd.FailOnError(err, "Couldn't connect to statsd") // Set up logging auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats) cmd.FailOnError(err, "Could not connect to Syslog") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) // Run StatsD profiling go cmd.ProfileCmd("Monolith", stats) // Create the components wfe := wfe.NewWebFrontEndImpl() sa, err := sa.NewSQLStorageAuthority(c.SA.DBDriver, c.SA.DBName) cmd.FailOnError(err, "Unable to create SA") ra := ra.NewRegistrationAuthorityImpl() va := va.NewValidationAuthorityImpl(c.CA.TestMode) cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName) cmd.FailOnError(err, "Failed to create CA database") ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA) cmd.FailOnError(err, "Unable to create CA") // Wire them up wfe.RA = &ra wfe.SA = sa wfe.Stats = stats wfe.SubscriberAgreementURL = c.SubscriberAgreementURL wfe.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert) cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert)) ra.CA = ca ra.SA = sa ra.VA = &va va.RA = &ra ca.SA = sa // Set up paths wfe.BaseURL = c.WFE.BaseURL wfe.HandlePaths() // We need to tell the RA how to make challenge URIs // XXX: Better way to do this? Part of improved configuration ra.AuthzBase = wfe.AuthzBase fmt.Fprintf(os.Stderr, "Server running, listening on %s...\n", c.WFE.ListenAddress) err = http.ListenAndServe(c.WFE.ListenAddress, HandlerTimer(http.DefaultServeMux, stats)) cmd.FailOnError(err, "Error starting HTTP server") } app.Run() }
func initAuthorities(t *testing.T) (*DummyValidationAuthority, *sa.SQLStorageAuthority, *RegistrationAuthorityImpl, clock.FakeClock, func()) { err := json.Unmarshal(AccountKeyJSONA, &AccountKeyA) test.AssertNotError(t, err, "Failed to unmarshal public JWK") err = json.Unmarshal(AccountKeyJSONB, &AccountKeyB) test.AssertNotError(t, err, "Failed to unmarshal public JWK") err = json.Unmarshal(AccountKeyJSONC, &AccountKeyC) test.AssertNotError(t, err, "Failed to unmarshal public JWK") err = json.Unmarshal(AccountPrivateKeyJSON, &AccountPrivateKey) test.AssertNotError(t, err, "Failed to unmarshal private JWK") err = json.Unmarshal(ShortKeyJSON, &ShortKey) test.AssertNotError(t, err, "Failed to unmarshal JWK") fc := clock.NewFake() dbMap, err := sa.NewDbMap(vars.DBConnSA) if err != nil { t.Fatalf("Failed to create dbMap: %s", err) } ssa, err := sa.NewSQLStorageAuthority(dbMap, fc) if err != nil { t.Fatalf("Failed to create SA: %s", err) } saDBCleanUp := test.ResetSATestDatabase(t) va := &DummyValidationAuthority{} // PEM files in certificate-authority_test.go caKeyPEM, _ := pem.Decode([]byte(CAkeyPEM)) caKey, _ := x509.ParsePKCS1PrivateKey(caKeyPEM.Bytes) caCertPEM, _ := pem.Decode([]byte(CAcertPEM)) caCert, _ := x509.ParseCertificate(caCertPEM.Bytes) cfsslC := cfsslConfig.Config{ Signing: &cfsslConfig.Signing{ Default: &cfsslConfig.SigningProfile{ Usage: []string{"server auth", "client auth"}, ExpiryString: "1h", CSRWhitelist: &cfsslConfig.CSRWhitelist{ PublicKey: true, PublicKeyAlgorithm: true, SignatureAlgorithm: true, DNSNames: true, }, }, }, } caConf := cmd.CAConfig{ SerialPrefix: 10, LifespanOCSP: "1h", Expiry: "1h", CFSSL: cfsslC, } paDbMap, err := sa.NewDbMap(vars.DBConnPolicy) if err != nil { t.Fatalf("Failed to create dbMap: %s", err) } policyDBCleanUp := test.ResetPolicyTestDatabase(t) pa, err := policy.NewPolicyAuthorityImpl(paDbMap, false, SupportedChallenges) test.AssertNotError(t, err, "Couldn't create PA") stats, _ := statsd.NewNoopClient() ca, err := ca.NewCertificateAuthorityImpl( caConf, fc, stats, caCert, caKey, testKeyPolicy) test.AssertNotError(t, err, "Couldn't create CA") ca.SA = ssa ca.PA = pa ca.Publisher = &mocks.Publisher{} cleanUp := func() { saDBCleanUp() policyDBCleanUp() } csrDER, _ := hex.DecodeString(CSRhex) ExampleCSR, _ = x509.ParseCertificateRequest(csrDER) Registration, _ = ssa.NewRegistration(core.Registration{ Key: AccountKeyA, InitialIP: net.ParseIP("3.2.3.3"), }) ra := NewRegistrationAuthorityImpl(fc, blog.GetAuditLogger(), stats, &DomainCheck{va}, cmd.RateLimitConfig{ TotalCertificates: cmd.RateLimitPolicy{ Threshold: 100, Window: cmd.ConfigDuration{Duration: 24 * 90 * time.Hour}, }, }, 1, testKeyPolicy) ra.SA = ssa ra.VA = va ra.CA = ca ra.PA = pa ra.DNSResolver = &bdns.MockDNSResolver{} AuthzInitial.RegistrationID = Registration.ID challenges, combinations, err := pa.ChallengesFor(AuthzInitial.Identifier, &Registration.Key) AuthzInitial.Challenges = challenges AuthzInitial.Combinations = combinations AuthzFinal = AuthzInitial AuthzFinal.Status = "valid" exp := time.Now().Add(365 * 24 * time.Hour) AuthzFinal.Expires = &exp AuthzFinal.Challenges[0].Status = "valid" return va, ssa, ra, fc, cleanUp }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadJSONFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") go cmd.DebugServer(c.CA.DebugAddr) stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), stats, issuers, c.KeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa go cmd.ProfileCmd("CA", stats) amqpConf := c.CA.AMQP cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") if c.CA.PublisherService != nil { conn, err := bgrpc.ClientSetup(c.CA.PublisherService) cmd.FailOnError(err, "Failed to load credentials and create connection to service") cai.Publisher = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn), c.CA.PublisherService.Timeout.Duration) } else { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create Publisher client") } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats, logger) cmd.FailOnError(err, "Unable to create CA RPC server") err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.CA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "CA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), scope, issuers, goodkey.NewKeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa amqpConf := c.CA.AMQP if c.CA.SAService != nil { conn, err := bgrpc.ClientSetup(c.CA.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") cai.SA = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create SA client") } if amqpConf.Publisher != nil { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create Publisher client") } var grpcSrv *grpc.Server if c.CA.GRPC != nil { s, l, err := bgrpc.NewServer(c.CA.GRPC, scope) cmd.FailOnError(err, "Unable to setup CA gRPC server") caWrapper := bgrpc.NewCertificateAuthorityServer(cai) caPB.RegisterCertificateAuthorityServer(s, caWrapper) go func() { err = s.Serve(l) cmd.FailOnError(err, "CA gRPC service failed") }() grpcSrv = s } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create CA RPC server") go cmd.CatchSignals(logger, func() { cas.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") go cmd.DebugServer(c.CA.DebugAddr) go cmd.ProfileCmd(scope) err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") }
func main() { app := cmd.NewAppShell("boulder") app.Action = func(c cmd.Config) { stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix) cmd.FailOnError(err, "Couldn't connect to statsd") // Set up logging auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats) cmd.FailOnError(err, "Could not connect to Syslog") // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() blog.SetAuditLogger(auditlogger) // Run StatsD profiling go cmd.ProfileCmd("Monolith", stats) // Create the components wfei, err := wfe.NewWebFrontEndImpl() cmd.FailOnError(err, "Unable to create WFE") sa, err := sa.NewSQLStorageAuthority(c.SA.DBDriver, c.SA.DBName) cmd.FailOnError(err, "Unable to create SA") sa.SetSQLDebug(c.SQL.SQLDebug) ra := ra.NewRegistrationAuthorityImpl() va := va.NewValidationAuthorityImpl(c.CA.TestMode) dnsTimeout, err := time.ParseDuration(c.VA.DNSTimeout) cmd.FailOnError(err, "Couldn't parse DNS timeout") va.DNSResolver = core.NewDNSResolver(dnsTimeout, []string{c.VA.DNSResolver}) va.UserAgent = c.VA.UserAgent cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName) cmd.FailOnError(err, "Failed to create CA database") ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert) cmd.FailOnError(err, "Unable to create CA") if c.SQL.CreateTables { err = sa.CreateTablesIfNotExists() cmd.FailOnError(err, "Failed to create SA tables") err = cadb.CreateTablesIfNotExists() cmd.FailOnError(err, "Failed to create CA tables") } // Wire them up wfei.RA = &ra wfei.SA = sa wfei.Stats = stats wfei.SubscriberAgreementURL = c.SubscriberAgreementURL wfei.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert) cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert)) ra.CA = ca ra.SA = sa ra.VA = &va va.RA = &ra ca.SA = sa // Set up paths ra.AuthzBase = c.Common.BaseURL + wfe.AuthzPath wfei.BaseURL = c.Common.BaseURL wfei.HandlePaths() ra.MaxKeySize = c.Common.MaxKeySize ca.MaxKeySize = c.Common.MaxKeySize auditlogger.Info(app.VersionString()) fmt.Fprintf(os.Stderr, "Server running, listening on %s...\n", c.WFE.ListenAddress) err = http.ListenAndServe(c.WFE.ListenAddress, HandlerTimer(http.DefaultServeMux, stats)) cmd.FailOnError(err, "Error starting HTTP server") } app.Run() }