func main() {
addr := flag.String("addr", "boulder:9090", "CCS address")
name := flag.String("name", "", "Name to check")
issuer := flag.String("issuerDomain", "", "Issuer domain to check against")
flag.Parse()
// Set up a connection to the server.
conn, err := bgrpc.ClientSetup(&cmd.GRPCClientConfig{
ServerAddresses: []string{*addr},
ServerIssuerPath: "test/grpc-creds/ca.pem",
ClientCertificatePath: "test/grpc-creds/client.pem",
ClientKeyPath: "test/grpc-creds/key.pem",
})
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to setup client connection: %s\n", err)
os.Exit(1)
}
defer conn.Close()
c := pb.NewCAACheckerClient(conn)
r, err := c.ValidForIssuance(context.Background(), &pb.Check{Name: name, IssuerDomain: issuer})
if err != nil {
fmt.Fprintf(os.Stderr, "ValidForIssuance call failed: %s\n", err)
os.Exit(1)
}
fmt.Fprintf(os.Stderr, "%s valid for issuance: %t (records present: %t)\n", *name, *r.Valid, *r.Present)
}
func main() {
app := cmd.NewAppShell("boulder-va", "Handles challenge validation")
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
go cmd.DebugServer(c.VA.DebugAddr)
go cmd.ProfileCmd("VA", stats)
pc := &cmd.PortConfig{
HTTPPort: 80,
HTTPSPort: 443,
TLSPort: 443,
}
if c.VA.PortConfig.HTTPPort != 0 {
pc.HTTPPort = c.VA.PortConfig.HTTPPort
}
if c.VA.PortConfig.HTTPSPort != 0 {
pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
}
if c.VA.PortConfig.TLSPort != 0 {
pc.TLSPort = c.VA.PortConfig.TLSPort
}
var caaClient caaPB.CAACheckerClient
if c.VA.CAAService != nil {
conn, err := bgrpc.ClientSetup(c.VA.CAAService)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
caaClient = caaPB.NewCAACheckerClient(conn)
}
scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
var cdrClient *cdr.CAADistributedResolver
if c.VA.CAADistributedResolver != nil {
var err error
cdrClient, err = cdr.New(
scoped,
c.VA.CAADistributedResolver.Timeout.Duration,
c.VA.CAADistributedResolver.MaxFailures,
c.VA.CAADistributedResolver.Proxies,
logger,
)
cmd.FailOnError(err, "Failed to create CAADistributedResolver")
}
dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse DNS timeout")
dnsTries := c.VA.DNSTries
if dnsTries < 1 {
dnsTries = 1
}
clk := clock.Default()
var resolver bdns.DNSResolver
if !c.Common.DNSAllowLoopbackAddresses {
r := bdns.NewDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
r.LookupIPv6 = c.VA.LookupIPv6
resolver = r
} else {
r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
r.LookupIPv6 = c.VA.LookupIPv6
resolver = r
}
vai := va.NewValidationAuthorityImpl(
pc,
sbc,
caaClient,
cdrClient,
resolver,
c.VA.UserAgent,
c.VA.IssuerDomain,
stats,
clk,
logger)
amqpConf := c.VA.AMQP
if c.VA.GRPC != nil {
s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
cmd.FailOnError(err, "Unable to setup VA gRPC server")
err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
cmd.FailOnError(err, "Unable to register VA gRPC server")
go func() {
err = s.Serve(l)
cmd.FailOnError(err, "VA gRPC service failed")
}()
}
vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
cmd.FailOnError(err, "Unable to create VA RPC server")
err = rpc.NewValidationAuthorityServer(vas, vai)
cmd.FailOnError(err, "Unable to setup VA RPC server")
err = vas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run VA RPC server")
}
app.Run()
}
func main() {
configFile := flag.String("config", "", "File path to the configuration file for this service")
flag.Parse()
if *configFile == "" {
flag.Usage()
os.Exit(1)
}
var c config
err := cmd.ReadJSONFile(*configFile, &c)
cmd.FailOnError(err, "Reading JSON config file into config structure")
go cmd.DebugServer(c.VA.DebugAddr)
stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
defer logger.AuditPanic()
logger.Info(cmd.VersionString(clientName))
go cmd.ProfileCmd("VA", stats)
pc := &cmd.PortConfig{
HTTPPort: 80,
HTTPSPort: 443,
TLSPort: 443,
}
if c.VA.PortConfig.HTTPPort != 0 {
pc.HTTPPort = c.VA.PortConfig.HTTPPort
}
if c.VA.PortConfig.HTTPSPort != 0 {
pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
}
if c.VA.PortConfig.TLSPort != 0 {
pc.TLSPort = c.VA.PortConfig.TLSPort
}
var caaClient caaPB.CAACheckerClient
if c.VA.CAAService != nil {
conn, err := bgrpc.ClientSetup(c.VA.CAAService)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
caaClient = caaPB.NewCAACheckerClient(conn)
}
scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
var cdrClient *cdr.CAADistributedResolver
if c.VA.CAADistributedResolver != nil {
var err error
cdrClient, err = cdr.New(
scoped,
c.VA.CAADistributedResolver.Timeout.Duration,
c.VA.CAADistributedResolver.MaxFailures,
c.VA.CAADistributedResolver.Proxies,
logger)
cmd.FailOnError(err, "Failed to create CAADistributedResolver")
}
dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse DNS timeout")
dnsTries := c.VA.DNSTries
if dnsTries < 1 {
dnsTries = 1
}
clk := clock.Default()
caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions)
cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file")
var resolver bdns.DNSResolver
if !c.Common.DNSAllowLoopbackAddresses {
r := bdns.NewDNSResolverImpl(
dnsTimeout,
[]string{c.Common.DNSResolver},
caaSERVFAILExceptions,
scoped,
clk,
dnsTries)
r.LookupIPv6 = c.VA.LookupIPv6
resolver = r
} else {
r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
r.LookupIPv6 = c.VA.LookupIPv6
resolver = r
}
vai := va.NewValidationAuthorityImpl(
pc,
sbc,
caaClient,
cdrClient,
resolver,
c.VA.UserAgent,
c.VA.IssuerDomain,
stats,
clk,
logger)
amqpConf := c.VA.AMQP
if c.VA.GRPC != nil {
s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
cmd.FailOnError(err, "Unable to setup VA gRPC server")
err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
cmd.FailOnError(err, "Unable to register VA gRPC server")
go func() {
err = s.Serve(l)
cmd.FailOnError(err, "VA gRPC service failed")
}()
}
vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
cmd.FailOnError(err, "Unable to create VA RPC server")
err = rpc.NewValidationAuthorityServer(vas, vai)
cmd.FailOnError(err, "Unable to setup VA RPC server")
err = vas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run VA RPC server")
}
func main() {
app := cmd.NewAppShell("boulder-va", "Handles challenge validation")
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
go cmd.DebugServer(c.VA.DebugAddr)
go cmd.ProfileCmd("VA", stats)
pc := &cmd.PortConfig{
HTTPPort: 80,
HTTPSPort: 443,
TLSPort: 443,
}
if c.VA.PortConfig.HTTPPort != 0 {
pc.HTTPPort = c.VA.PortConfig.HTTPPort
}
if c.VA.PortConfig.HTTPSPort != 0 {
pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
}
if c.VA.PortConfig.TLSPort != 0 {
pc.TLSPort = c.VA.PortConfig.TLSPort
}
var caaClient caaPB.CAACheckerClient
if c.VA.CAAService != nil {
conn, err := bgrpc.ClientSetup(c.VA.CAAService)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
caaClient = caaPB.NewCAACheckerClient(conn)
}
clk := clock.Default()
sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
vai := va.NewValidationAuthorityImpl(pc, sbc, caaClient, stats, clk)
dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse DNS timeout")
scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
dnsTries := c.VA.DNSTries
if dnsTries < 1 {
dnsTries = 1
}
if !c.Common.DNSAllowLoopbackAddresses {
vai.DNSResolver = bdns.NewDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
} else {
vai.DNSResolver = bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
}
vai.UserAgent = c.VA.UserAgent
vai.IssuerDomain = c.VA.IssuerDomain
amqpConf := c.VA.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create RA client")
vai.RA = rac
vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats)
cmd.FailOnError(err, "Unable to create VA RPC server")
err = rpc.NewValidationAuthorityServer(vas, vai)
cmd.FailOnError(err, "Unable to setup VA RPC server")
err = vas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run VA RPC server")
}
app.Run()
}