func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Scope) ( core.CertificateAuthority, core.Publisher, core.StorageAuthority, ) { amqpConf := c.AMQP var cac core.CertificateAuthority if c.CAService != nil { conn, err := bgrpc.ClientSetup(c.CAService, stats) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to CA") cac = bgrpc.NewCertificateAuthorityClient(capb.NewCertificateAuthorityClient(conn)) } else { var err error cac, err = rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create CA client") } conn, err := bgrpc.ClientSetup(c.Publisher, stats) cmd.FailOnError(err, "Failed to load credentials and create connection to service") pubc := bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn)) var sac core.StorageAuthority if c.SAService != nil { conn, err := bgrpc.ClientSetup(c.SAService, stats) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create SA client") } return cac, pubc, sac }
func setupWFE(c config, logger blog.Logger, stats metrics.Scope) (core.RegistrationAuthority, core.StorageAuthority) { amqpConf := c.WFE.AMQP var rac core.RegistrationAuthority if c.WFE.RAService != nil { conn, err := bgrpc.ClientSetup(c.WFE.RAService, stats) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn)) } else { var err error rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create RA AMQP client") } var sac core.StorageAuthority if c.WFE.SAService != nil { conn, err := bgrpc.ClientSetup(c.WFE.SAService, stats) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { var err error sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create SA client") } return rac, sac }
func setupContext(c config) (core.RegistrationAuthority, blog.Logger, *gorp.DbMap, core.StorageAuthority, metrics.Scope) { stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "AdminRevoker") amqpConf := c.Revoker.AMQP var rac core.RegistrationAuthority if c.Revoker.RAService != nil { conn, err := bgrpc.ClientSetup(c.Revoker.RAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn)) } else { var err error rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create RA AMQP client") } dbURL, err := c.Revoker.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, c.Revoker.DBConfig.MaxDBConns) cmd.FailOnError(err, "Couldn't setup database connection") go sa.ReportDbConnCount(dbMap, scope) var sac core.StorageAuthority if c.Revoker.SAService != nil { conn, err := bgrpc.ClientSetup(c.Revoker.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create SA client") } return rac, logger, dbMap, sac, scope }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") certLimit := flag.Int("cert_limit", 0, "Count of certificates to process per expiration period") reconnBase := flag.Duration("reconnectBase", 1*time.Second, "Base sleep duration between reconnect attempts") reconnMax := flag.Duration("reconnectMax", 5*60*time.Second, "Max sleep duration between reconnect attempts after exponential backoff") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "Expiration") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) if *certLimit > 0 { c.Mailer.CertLimit = *certLimit } // Default to 100 if no certLimit is set if c.Mailer.CertLimit == 0 { c.Mailer.CertLimit = 100 } // Configure DB dbURL, err := c.Mailer.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, c.Mailer.DBConfig.MaxDBConns) sa.SetSQLDebug(dbMap, logger) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, scope) var sac core.StorageAuthority if c.Mailer.SAService != nil { conn, err := bgrpc.ClientSetup(c.Mailer.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, c.Mailer.AMQP, scope) cmd.FailOnError(err, "Failed to create SA client") } // Load email template emailTmpl, err := ioutil.ReadFile(c.Mailer.EmailTemplate) cmd.FailOnError(err, fmt.Sprintf("Could not read email template file [%s]", c.Mailer.EmailTemplate)) tmpl, err := template.New("expiry-email").Parse(string(emailTmpl)) cmd.FailOnError(err, "Could not parse email template") fromAddress, err := netmail.ParseAddress(c.Mailer.From) cmd.FailOnError(err, fmt.Sprintf("Could not parse from address: %s", c.Mailer.From)) smtpPassword, err := c.Mailer.PasswordConfig.Pass() cmd.FailOnError(err, "Failed to load SMTP password") mailClient := bmail.New( c.Mailer.Server, c.Mailer.Port, c.Mailer.Username, smtpPassword, *fromAddress, logger, scope, *reconnBase, *reconnMax) nagCheckInterval := defaultNagCheckInterval if s := c.Mailer.NagCheckInterval; s != "" { nagCheckInterval, err = time.ParseDuration(s) if err != nil { logger.AuditErr(fmt.Sprintf("Failed to parse NagCheckInterval string %q: %s", s, err)) return } } var nags durationSlice for _, nagDuration := range c.Mailer.NagTimes { dur, err := time.ParseDuration(nagDuration) if err != nil { logger.AuditErr(fmt.Sprintf("Failed to parse nag duration string [%s]: %s", nagDuration, err)) return } nags = append(nags, dur+nagCheckInterval) } // Make sure durations are sorted in increasing order sort.Sort(nags) m := mailer{ stats: scope, subject: c.Mailer.Subject, log: logger, dbMap: dbMap, rs: sac, mailer: mailClient, emailTemplate: tmpl, nagTimes: nags, limit: c.Mailer.CertLimit, clk: cmd.Clock(), } go cmd.DebugServer(c.Mailer.DebugAddr) err = m.findExpiringCertificates() cmd.FailOnError(err, "expiration-mailer has failed") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.CA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "CA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), scope, issuers, goodkey.NewKeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa amqpConf := c.CA.AMQP if c.CA.SAService != nil { conn, err := bgrpc.ClientSetup(c.CA.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") cai.SA = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create SA client") } if amqpConf.Publisher != nil { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create Publisher client") } var grpcSrv *grpc.Server if c.CA.GRPC != nil { s, l, err := bgrpc.NewServer(c.CA.GRPC, scope) cmd.FailOnError(err, "Unable to setup CA gRPC server") caWrapper := bgrpc.NewCertificateAuthorityServer(cai) caPB.RegisterCertificateAuthorityServer(s, caWrapper) go func() { err = s.Serve(l) cmd.FailOnError(err, "CA gRPC service failed") }() grpcSrv = s } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create CA RPC server") go cmd.CatchSignals(logger, func() { cas.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") go cmd.DebugServer(c.CA.DebugAddr) go cmd.ProfileCmd(scope) err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "Publisher") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) logs := make([]*publisher.Log, len(c.Common.CT.Logs)) for i, ld := range c.Common.CT.Logs { logs[i], err = publisher.NewLog(ld.URI, ld.Key) cmd.FailOnError(err, "Unable to parse CT log description") } if c.Common.CT.IntermediateBundleFilename == "" { logger.AuditErr("No CT submission bundle provided") os.Exit(1) } pemBundle, err := core.LoadCertBundle(c.Common.CT.IntermediateBundleFilename) cmd.FailOnError(err, "Failed to load CT submission bundle") bundle := []ct.ASN1Cert{} for _, cert := range pemBundle { bundle = append(bundle, ct.ASN1Cert(cert.Raw)) } amqpConf := c.Publisher.AMQP var sac core.StorageAuthority if c.Publisher.SAService != nil { conn, err := bgrpc.ClientSetup(c.Publisher.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create SA client") } pubi := publisher.New( bundle, logs, c.Publisher.SubmissionTimeout.Duration, logger, scope, sac) var grpcSrv *grpc.Server if c.Publisher.GRPC != nil { s, l, err := bgrpc.NewServer(c.Publisher.GRPC, scope) cmd.FailOnError(err, "Unable to setup Publisher gRPC server") gw := bgrpc.NewPublisherServerWrapper(pubi) pubPB.RegisterPublisherServer(s, gw) go func() { err = s.Serve(l) cmd.FailOnError(err, "Publisher gRPC service failed") }() grpcSrv = s } pubs, err := rpc.NewAmqpRPCServer(amqpConf, c.Publisher.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create Publisher RPC server") go cmd.CatchSignals(logger, func() { pubs.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewPublisherServer(pubs, pubi) cmd.FailOnError(err, "Unable to setup Publisher RPC server") go cmd.DebugServer(c.Publisher.DebugAddr) go cmd.ProfileCmd(scope) err = pubs.Start(amqpConf) cmd.FailOnError(err, "Unable to run Publisher RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.RA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "RA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.RA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile must be provided."), "") } err = pa.SetHostnamePolicyFile(c.RA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") amqpConf := c.RA.AMQP var vac core.ValidationAuthority if c.RA.VAService != nil { conn, err := bgrpc.ClientSetup(c.RA.VAService, scope) cmd.FailOnError(err, "Unable to create VA client") vac = bgrpc.NewValidationAuthorityGRPCClient(conn) } else { vac, err = rpc.NewValidationAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create VA client") } var cac core.CertificateAuthority if c.RA.CAService != nil { conn, err := bgrpc.ClientSetup(c.RA.CAService, scope) cmd.FailOnError(err, "Unable to create CA client") cac = bgrpc.NewCertificateAuthorityClient(caPB.NewCertificateAuthorityClient(conn)) } else { cac, err = rpc.NewCertificateAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create CA client") } var pubc core.Publisher if c.RA.PublisherService != nil { conn, err := bgrpc.ClientSetup(c.RA.PublisherService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to Publisher") pubc = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn)) } var sac core.StorageAuthority if c.RA.SAService != nil { conn, err := bgrpc.ClientSetup(c.RA.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create SA client") } // TODO(patf): remove once RA.authorizationLifetimeDays is deployed authorizationLifetime := 300 * 24 * time.Hour if c.RA.AuthorizationLifetimeDays != 0 { authorizationLifetime = time.Duration(c.RA.AuthorizationLifetimeDays) * 24 * time.Hour } // TODO(patf): remove once RA.pendingAuthorizationLifetimeDays is deployed pendingAuthorizationLifetime := 7 * 24 * time.Hour if c.RA.PendingAuthorizationLifetimeDays != 0 { pendingAuthorizationLifetime = time.Duration(c.RA.PendingAuthorizationLifetimeDays) * 24 * time.Hour } rai := ra.NewRegistrationAuthorityImpl( clock.Default(), logger, scope, c.RA.MaxContactsPerRegistration, goodkey.NewKeyPolicy(), c.RA.MaxNames, c.RA.DoNotForceCN, c.RA.ReuseValidAuthz, authorizationLifetime, pendingAuthorizationLifetime, pubc) policyErr := rai.SetRateLimitPoliciesFile(c.RA.RateLimitPoliciesFilename) cmd.FailOnError(policyErr, "Couldn't load rate limit policies file") rai.PA = pa raDNSTimeout, err := time.ParseDuration(c.Common.DNSTimeout) cmd.FailOnError(err, "Couldn't parse RA DNS timeout") dnsTries := c.RA.DNSTries if dnsTries < 1 { dnsTries = 1 } if !c.Common.DNSAllowLoopbackAddresses { rai.DNSResolver = bdns.NewDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, nil, scope, clock.Default(), dnsTries) } else { rai.DNSResolver = bdns.NewTestDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, scope, clock.Default(), dnsTries) } rai.VA = vac rai.CA = cac rai.SA = sac err = rai.UpdateIssuedCountForever() cmd.FailOnError(err, "Updating total issuance count") var grpcSrv *grpc.Server if c.RA.GRPC != nil { var listener net.Listener grpcSrv, listener, err = bgrpc.NewServer(c.RA.GRPC, scope) cmd.FailOnError(err, "Unable to setup RA gRPC server") gw := bgrpc.NewRegistrationAuthorityServer(rai) rapb.RegisterRegistrationAuthorityServer(grpcSrv, gw) go func() { err = grpcSrv.Serve(listener) cmd.FailOnError(err, "RA gRPC service failed") }() } ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create RA RPC server") go cmd.CatchSignals(logger, func() { ras.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewRegistrationAuthorityServer(ras, rai, logger) cmd.FailOnError(err, "Unable to setup RA RPC server") go cmd.DebugServer(c.RA.DebugAddr) go cmd.ProfileCmd(scope) err = ras.Start(amqpConf) cmd.FailOnError(err, "Unable to run RA RPC server") }