func setupWFE(c config, logger blog.Logger, stats metrics.Scope) (core.RegistrationAuthority, core.StorageAuthority) {
amqpConf := c.WFE.AMQP
var rac core.RegistrationAuthority
if c.WFE.RAService != nil {
conn, err := bgrpc.ClientSetup(c.WFE.RAService, stats)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn))
} else {
var err error
rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create RA AMQP client")
}
var sac core.StorageAuthority
if c.WFE.SAService != nil {
conn, err := bgrpc.ClientSetup(c.WFE.SAService, stats)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
} else {
var err error
sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
}
return rac, sac
}
func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Scope) (
core.CertificateAuthority,
core.Publisher,
core.StorageAuthority,
) {
amqpConf := c.AMQP
var cac core.CertificateAuthority
if c.CAService != nil {
conn, err := bgrpc.ClientSetup(c.CAService, stats)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to CA")
cac = bgrpc.NewCertificateAuthorityClient(capb.NewCertificateAuthorityClient(conn))
} else {
var err error
cac, err = rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
}
conn, err := bgrpc.ClientSetup(c.Publisher, stats)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
pubc := bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn))
var sac core.StorageAuthority
if c.SAService != nil {
conn, err := bgrpc.ClientSetup(c.SAService, stats)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
} else {
sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
}
return cac, pubc, sac
}
func main() {
app := cmd.NewAppShell("boulder-publisher", "Submits issued certificates to CT logs")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
pubi, err := publisher.NewPublisherImpl(c.Common.CT)
cmd.FailOnError(err, "Could not setup Publisher")
go cmd.DebugServer(c.Publisher.DebugAddr)
go cmd.ProfileCmd("Publisher", stats)
saRPC, err := rpc.NewAmqpRPCClient("Publisher->SA", c.AMQP.SA.Server, c, stats)
cmd.FailOnError(err, "Unable to create SA RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create SA client")
pubi.SA = &sac
pubs, err := rpc.NewAmqpRPCServer(c.AMQP.Publisher.Server, c.Publisher.MaxConcurrentRPCServerRequests, c)
cmd.FailOnError(err, "Unable to create Publisher RPC server")
rpc.NewPublisherServer(pubs, &pubi)
err = pubs.Start(c)
cmd.FailOnError(err, "Unable to run Publisher RPC server")
}
app.Run()
}
func setupContext(c config) (core.RegistrationAuthority, blog.Logger, *gorp.DbMap, core.StorageAuthority, metrics.Scope) {
stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
scope := metrics.NewStatsdScope(stats, "AdminRevoker")
amqpConf := c.Revoker.AMQP
var rac core.RegistrationAuthority
if c.Revoker.RAService != nil {
conn, err := bgrpc.ClientSetup(c.Revoker.RAService, scope)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn))
} else {
var err error
rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, scope)
cmd.FailOnError(err, "Unable to create RA AMQP client")
}
dbURL, err := c.Revoker.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
dbMap, err := sa.NewDbMap(dbURL, c.Revoker.DBConfig.MaxDBConns)
cmd.FailOnError(err, "Couldn't setup database connection")
go sa.ReportDbConnCount(dbMap, scope)
var sac core.StorageAuthority
if c.Revoker.SAService != nil {
conn, err := bgrpc.ClientSetup(c.Revoker.SAService, scope)
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
} else {
sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope)
cmd.FailOnError(err, "Failed to create SA client")
}
return rac, logger, dbMap, sac, scope
}
func setupClients(c cmd.Config, stats statsd.Statter) (
core.CertificateAuthority,
core.Publisher,
core.StorageAuthority,
chan *amqp.Error,
) {
ch, err := rpc.AmqpChannel(c)
cmd.FailOnError(err, "Could not connect to AMQP")
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
caRPC, err := rpc.NewAmqpRPCClient("OCSP->CA", c.AMQP.CA.Server, ch, stats)
cmd.FailOnError(err, "Unable to create RPC client")
cac, err := rpc.NewCertificateAuthorityClient(caRPC)
cmd.FailOnError(err, "Unable to create CA client")
pubRPC, err := rpc.NewAmqpRPCClient("OCSP->Publisher", c.AMQP.Publisher.Server, ch, stats)
cmd.FailOnError(err, "Unable to create RPC client")
pubc, err := rpc.NewPublisherClient(pubRPC)
cmd.FailOnError(err, "Unable to create Publisher client")
saRPC, err := rpc.NewAmqpRPCClient("OCSP->SA", c.AMQP.SA.Server, ch, stats)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create Publisher client")
return cac, pubc, sac, closeChan
}
func setupContext(context *cli.Context) (rpc.CertificateAuthorityClient, *blog.AuditLogger, *gorp.DbMap, rpc.StorageAuthorityClient) {
c, err := loadConfig(context)
cmd.FailOnError(err, "Failed to load Boulder configuration")
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
blog.SetAuditLogger(auditlogger)
ch, err := rpc.AmqpChannel(c)
cmd.FailOnError(err, "Could not connect to AMQP")
caRPC, err := rpc.NewAmqpRPCClient("revoker->CA", c.AMQP.CA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
cac, err := rpc.NewCertificateAuthorityClient(caRPC)
cmd.FailOnError(err, "Unable to create CA client")
dbMap, err := sa.NewDbMap(c.Revoker.DBConnect)
cmd.FailOnError(err, "Couldn't setup database connection")
saRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->SA", c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
return cac, auditlogger, dbMap, sac
}
func setupClients(c cmd.Config, stats statsd.Statter) (
core.CertificateAuthority,
core.Publisher,
core.StorageAuthority,
) {
caRPC, err := rpc.NewAmqpRPCClient("OCSP->CA", c.AMQP.CA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
cac, err := rpc.NewCertificateAuthorityClient(caRPC)
cmd.FailOnError(err, "Unable to create CA client")
pubRPC, err := rpc.NewAmqpRPCClient("OCSP->Publisher", c.AMQP.Publisher.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
pubc, err := rpc.NewPublisherClient(pubRPC)
cmd.FailOnError(err, "Unable to create Publisher client")
saRPC, err := rpc.NewAmqpRPCClient("OCSP->SA", c.AMQP.SA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create Publisher client")
return cac, pubc, sac
}
func main() {
app := cmd.NewAppShell("boulder-ca")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBConnect)
cmd.FailOnError(err, "Failed to create CA database")
if c.SQL.CreateTables {
err = cadb.CreateTablesIfNotExists()
cmd.FailOnError(err, "Failed to create CA tables")
}
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
cmd.FailOnError(err, "Failed to create CA impl")
cai.MaxKeySize = c.Common.MaxKeySize
go cmd.ProfileCmd("CA", stats)
for {
ch, err := cmd.AmqpChannel(c)
cmd.FailOnError(err, "Could not connect to AMQP")
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
cas := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, ch)
err = rpc.NewCertificateAuthorityServer(cas, cai)
cmd.FailOnError(err, "Unable to create CA server")
auditlogger.Info(app.VersionString())
cmd.RunUntilSignaled(auditlogger, cas, closeChan)
}
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder-ra", "Handles service orchestration")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
c.PA.SetDefaultChallengesIfEmpty()
go cmd.DebugServer(c.RA.DebugAddr)
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
rateLimitPolicies, err := cmd.LoadRateLimitPolicies(c.RA.RateLimitPoliciesFilename)
cmd.FailOnError(err, "Couldn't load rate limit policies file")
go cmd.ProfileCmd("RA", stats)
amqpConf := c.RA.AMQP
vac, err := rpc.NewValidationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create VA client")
cac, err := rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
var dc *ra.DomainCheck
if c.RA.UseIsSafeDomain {
dc = &ra.DomainCheck{VA: vac}
}
rai := ra.NewRegistrationAuthorityImpl(clock.Default(), auditlogger, stats,
dc, rateLimitPolicies, c.RA.MaxContactsPerRegistration)
rai.PA = pa
raDNSTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse RA DNS timeout")
if !c.Common.DNSAllowLoopbackAddresses {
rai.DNSResolver = core.NewDNSResolverImpl(raDNSTimeout, []string{c.Common.DNSResolver})
} else {
rai.DNSResolver = core.NewTestDNSResolverImpl(raDNSTimeout, []string{c.Common.DNSResolver})
}
rai.VA = vac
rai.CA = cac
rai.SA = sac
ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, stats)
cmd.FailOnError(err, "Unable to create RA RPC server")
rpc.NewRegistrationAuthorityServer(ras, rai)
err = ras.Start(amqpConf)
cmd.FailOnError(err, "Unable to run RA RPC server")
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
dbMap, err := sa.NewDbMap(c.CA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to CA database")
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
cmd.FailOnError(err, "Failed to create CA database")
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist)
cmd.FailOnError(err, "Couldn't create PA")
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, clock.Default(), c.Common.IssuerCert)
cmd.FailOnError(err, "Failed to create CA impl")
cai.MaxKeySize = c.Common.MaxKeySize
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
connectionHandler := func(srv *rpc.AmqpRPCServer) {
saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, srv.Channel)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
}
cas, err := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, connectionHandler)
cmd.FailOnError(err, "Unable to create CA RPC server")
rpc.NewCertificateAuthorityServer(cas, cai)
auditlogger.Info(app.VersionString())
err = cas.Start(c)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
go cmd.DebugServer(c.CA.DebugAddr)
pa, err := policy.New(c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
if c.CA.HostnamePolicyFile == "" {
cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "")
}
err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile)
cmd.FailOnError(err, "Couldn't load hostname policy file")
issuers, err := loadIssuers(c)
cmd.FailOnError(err, "Couldn't load issuers")
cai, err := ca.NewCertificateAuthorityImpl(
c.CA,
clock.Default(),
stats,
issuers,
c.KeyPolicy(),
logger)
cmd.FailOnError(err, "Failed to create CA impl")
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
amqpConf := c.CA.AMQP
cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
if c.CA.PublisherService != nil {
conn, err := bgrpc.ClientSetup(c.CA.PublisherService)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
cai.Publisher = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn), c.CA.PublisherService.Timeout.Duration)
} else {
cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create Publisher client")
}
cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats, logger)
cmd.FailOnError(err, "Unable to create CA RPC server")
err = rpc.NewCertificateAuthorityServer(cas, cai)
cmd.FailOnError(err, "Failed to create Certificate Authority RPC server")
err = cas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}
func setupWFE(c cmd.Config, logger blog.Logger, stats metrics.Statter) (*rpc.RegistrationAuthorityClient, *rpc.StorageAuthorityClient) {
amqpConf := c.WFE.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create RA client")
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
return rac, sac
}
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
dbURL, err := c.PA.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
paDbMap, err := sa.NewDbMap(dbURL)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
priv, err := loadPrivateKey(c.CA.Key)
cmd.FailOnError(err, "Couldn't load private key")
issuer, err := core.LoadCert(c.Common.IssuerCert)
cmd.FailOnError(err, "Couldn't load issuer cert")
cai, err := ca.NewCertificateAuthorityImpl(
c.CA,
clock.Default(),
stats,
issuer,
priv,
c.KeyPolicy())
cmd.FailOnError(err, "Failed to create CA impl")
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
amqpConf := c.CA.AMQP
cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create Publisher client")
cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats)
cmd.FailOnError(err, "Unable to create CA RPC server")
rpc.NewCertificateAuthorityServer(cas, cai)
err = cas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}
func setup(c *cli.Context) (statsd.Statter, *blog.AuditLogger, *rpc.StorageAuthorityClient) {
configJSON, err := ioutil.ReadFile(c.GlobalString("config"))
cmd.FailOnError(err, "Failed to read config file")
var conf config
err = json.Unmarshal(configJSON, &conf)
cmd.FailOnError(err, "Failed to parse config file")
stats, logger := cmd.StatsAndLogging(conf.Statsd, conf.Syslog)
sa, err := rpc.NewStorageAuthorityClient("orphan-finder", &conf.AMQP, stats)
cmd.FailOnError(err, "Failed to create SA client")
return stats, logger, sa
}
func setupWFE(c cmd.Config) (rpc.RegistrationAuthorityClient, rpc.StorageAuthorityClient, chan *amqp.Error) {
ch := cmd.AmqpChannel(c.AMQP.Server)
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
rac, err := rpc.NewRegistrationAuthorityClient(c.AMQP.RA.Client, c.AMQP.RA.Server, ch)
cmd.FailOnError(err, "Unable to create RA client")
sac, err := rpc.NewStorageAuthorityClient(c.AMQP.SA.Client, c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create SA client")
return rac, sac, closeChan
}
func main() {
app := cmd.NewAppShell("boulder-publisher", "Submits issued certificates to CT logs")
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
logs := make([]*publisher.Log, len(c.Common.CT.Logs))
var err error
for i, ld := range c.Common.CT.Logs {
logs[i], err = publisher.NewLog(ld.URI, ld.Key)
cmd.FailOnError(err, "Unable to parse CT log description")
}
if c.Common.CT.IntermediateBundleFilename == "" {
logger.AuditErr("No CT submission bundle provided")
os.Exit(1)
}
pemBundle, err := core.LoadCertBundle(c.Common.CT.IntermediateBundleFilename)
cmd.FailOnError(err, "Failed to load CT submission bundle")
bundle := []ct.ASN1Cert{}
for _, cert := range pemBundle {
bundle = append(bundle, ct.ASN1Cert(cert.Raw))
}
pubi := publisher.New(bundle, logs, c.Publisher.SubmissionTimeout.Duration, logger)
go cmd.DebugServer(c.Publisher.DebugAddr)
go cmd.ProfileCmd("Publisher", stats)
amqpConf := c.Publisher.AMQP
pubi.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
if c.Publisher.GRPC != nil {
s, l, err := bgrpc.NewServer(c.Publisher.GRPC)
cmd.FailOnError(err, "Failed to setup gRPC server")
gw := bgrpc.NewPublisherServerWrapper(pubi)
pubPB.RegisterPublisherServer(s, gw)
go func() {
err = s.Serve(l)
cmd.FailOnError(err, "gRPC service failed")
}()
}
pubs, err := rpc.NewAmqpRPCServer(amqpConf, c.Publisher.MaxConcurrentRPCServerRequests, stats, logger)
cmd.FailOnError(err, "Unable to create Publisher RPC server")
err = rpc.NewPublisherServer(pubs, pubi)
cmd.FailOnError(err, "Unable to setup Publisher RPC server")
err = pubs.Start(amqpConf)
cmd.FailOnError(err, "Unable to run Publisher RPC server")
}
app.Run()
}
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
c.PA.SetDefaultChallengesIfEmpty()
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
cai, err := ca.NewCertificateAuthorityImpl(c.CA, clock.Default(), stats, c.Common.IssuerCert)
cmd.FailOnError(err, "Failed to create CA impl")
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
saRPC, err := rpc.NewAmqpRPCClient("CA->SA", c.AMQP.SA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
pubRPC, err := rpc.NewAmqpRPCClient("CA->Publisher", c.AMQP.Publisher.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
pubc, err := rpc.NewPublisherClient(pubRPC)
cmd.FailOnError(err, "Failed to create Publisher client")
cai.Publisher = &pubc
cai.SA = &sac
cas, err := rpc.NewAmqpRPCServer(c.AMQP.CA.Server, c.CA.MaxConcurrentRPCServerRequests, c)
cmd.FailOnError(err, "Unable to create CA RPC server")
rpc.NewCertificateAuthorityServer(cas, cai)
err = cas.Start(c)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}
func setupWFE(c cmd.Config, logger *blog.AuditLogger, stats statsd.Statter) (rpc.RegistrationAuthorityClient, rpc.StorageAuthorityClient) {
raRPC, err := rpc.NewAmqpRPCClient("WFE->RA", c.AMQP.RA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
saRPC, err := rpc.NewAmqpRPCClient("WFE->SA", c.AMQP.SA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
rac, err := rpc.NewRegistrationAuthorityClient(raRPC)
cmd.FailOnError(err, "Unable to create RA client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create SA client")
return rac, sac
}
func main() {
app := cmd.NewAppShell("boulder-ra")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
rai := ra.NewRegistrationAuthorityImpl()
go cmd.ProfileCmd("RA", stats)
for {
ch := cmd.AmqpChannel(c.AMQP.Server)
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
vac, err := rpc.NewValidationAuthorityClient(c.AMQP.VA.Client, c.AMQP.VA.Server, ch)
cmd.FailOnError(err, "Unable to create VA client")
cac, err := rpc.NewCertificateAuthorityClient(c.AMQP.CA.Client, c.AMQP.CA.Server, ch)
cmd.FailOnError(err, "Unable to create CA client")
sac, err := rpc.NewStorageAuthorityClient(c.AMQP.SA.Client, c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create SA client")
rai.VA = &vac
rai.CA = &cac
rai.SA = &sac
ras, err := rpc.NewRegistrationAuthorityServer(c.AMQP.RA.Server, ch, &rai)
cmd.FailOnError(err, "Unable to create RA server")
cmd.RunUntilSignaled(auditlogger, ras, closeChan)
}
}
app.Run()
}
func setupClients(c cmd.OCSPUpdaterConfig, stats statsd.Statter) (
core.CertificateAuthority,
core.Publisher,
core.StorageAuthority,
) {
amqpConf := c.AMQP
cac, err := rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
pubc, err := rpc.NewPublisherClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create Publisher client")
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
return cac, pubc, sac
}
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, *blog.AuditLogger, *gorp.DbMap, rpc.StorageAuthorityClient) {
c, err := loadConfig(context)
cmd.FailOnError(err, "Failed to load Boulder configuration")
stats, auditlogger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
amqpConf := c.Revoker.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
dbMap, err := sa.NewDbMap(c.Revoker.DBConnect)
cmd.FailOnError(err, "Couldn't setup database connection")
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
return *rac, auditlogger, dbMap, *sac
}
func main() {
app := cmd.NewAppShell("boulder-publisher", "Submits issued certificates to CT logs")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Could not connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
pubi, err := publisher.NewPublisherImpl(c.Publisher.CT)
cmd.FailOnError(err, "Could not setup Publisher")
go cmd.DebugServer(c.Publisher.DebugAddr)
go cmd.ProfileCmd("Publisher", stats)
connectionHandler := func(srv *rpc.AmqpRPCServer) {
saRPC, err := rpc.NewAmqpRPCClient("Publisher->SA", c.AMQP.SA.Server, srv.Channel, stats)
cmd.FailOnError(err, "Unable to create SA RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create SA client")
pubi.SA = &sac
}
pubs, err := rpc.NewAmqpRPCServer(c.AMQP.Publisher.Server, connectionHandler)
cmd.FailOnError(err, "Unable to create Publisher RPC server")
rpc.NewPublisherServer(pubs, &pubi)
auditlogger.Info(app.VersionString())
err = pubs.Start(c)
cmd.FailOnError(err, "Unable to run Publisher RPC server")
}
app.Run()
}
func setupWFE(c cmd.Config) (rpc.RegistrationAuthorityClient, rpc.StorageAuthorityClient, chan *amqp.Error) {
ch, err := cmd.AmqpChannel(c)
cmd.FailOnError(err, "Could not connect to AMQP")
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
raRPC, err := rpc.NewAmqpRPCClient("WFE->RA", c.AMQP.RA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
saRPC, err := rpc.NewAmqpRPCClient("WFE->SA", c.AMQP.SA.Server, ch)
cmd.FailOnError(err, "Unable to create RPC client")
rac, err := rpc.NewRegistrationAuthorityClient(raRPC)
cmd.FailOnError(err, "Unable to create RA client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Unable to create SA client")
return rac, sac, closeChan
}
func main() {
app := cmd.NewAppShell("boulder-ca")
app.Action = func(c cmd.Config) {
stats, err := statsd.NewClient(c.Statsd.Server, c.Statsd.Prefix)
cmd.FailOnError(err, "Couldn't connect to statsd")
// Set up logging
auditlogger, err := blog.Dial(c.Syslog.Network, c.Syslog.Server, c.Syslog.Tag, stats)
cmd.FailOnError(err, "Could not connect to Syslog")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
cmd.FailOnError(err, "Failed to create CA database")
cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
cmd.FailOnError(err, "Failed to create CA impl")
go cmd.ProfileCmd("CA", stats)
for {
ch := cmd.AmqpChannel(c.AMQP.Server)
closeChan := ch.NotifyClose(make(chan *amqp.Error, 1))
sac, err := rpc.NewStorageAuthorityClient(c.AMQP.SA.Client, c.AMQP.SA.Client, ch)
cmd.FailOnError(err, "Failed to create SA client")
cai.SA = &sac
cas, err := rpc.NewCertificateAuthorityServer(c.AMQP.CA.Server, ch, cai)
cmd.FailOnError(err, "Unable to create CA server")
cmd.RunUntilSignaled(auditlogger, cas, closeChan)
}
}
app.Run()
}
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, blog.Logger, *gorp.DbMap, rpc.StorageAuthorityClient, statsd.Statter) {
c, err := loadConfig(context)
cmd.FailOnError(err, "Failed to load Boulder configuration")
stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
amqpConf := c.Revoker.AMQP
rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
dbURL, err := c.Revoker.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
dbMap, err := sa.NewDbMap(dbURL, c.Revoker.DBConfig.MaxDBConns)
cmd.FailOnError(err, "Couldn't setup database connection")
go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "AdminRevoker"))
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
return *rac, logger, dbMap, *sac, stats
}
func main() {
app := cmd.NewAppShell("boulder-publisher", "Submits issued certificates to CT logs")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
logs := make([]*publisher.Log, len(c.Common.CT.Logs))
var err error
for i, ld := range c.Common.CT.Logs {
logs[i], err = publisher.NewLog(ld.URI, ld.Key)
cmd.FailOnError(err, "Unable to parse CT log description")
}
if c.Common.CT.IntermediateBundleFilename == "" {
auditlogger.Err("No CT submission bundle provided")
os.Exit(1)
}
pemBundle, err := core.LoadCertBundle(c.Common.CT.IntermediateBundleFilename)
cmd.FailOnError(err, "Failed to load CT submission bundle")
bundle := []ct.ASN1Cert{}
for _, cert := range pemBundle {
bundle = append(bundle, ct.ASN1Cert(cert.Raw))
}
pubi := publisher.NewPublisherImpl(bundle, logs)
go cmd.DebugServer(c.Publisher.DebugAddr)
go cmd.ProfileCmd("Publisher", stats)
amqpConf := c.Publisher.AMQP
pubi.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
pubs, err := rpc.NewAmqpRPCServer(amqpConf, c.Publisher.MaxConcurrentRPCServerRequests, stats)
cmd.FailOnError(err, "Unable to create Publisher RPC server")
rpc.NewPublisherServer(pubs, &pubi)
err = pubs.Start(amqpConf)
cmd.FailOnError(err, "Unable to run Publisher RPC server")
}
app.Run()
}
func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Statter) (
core.CertificateAuthority,
core.Publisher,
core.StorageAuthority,
) {
amqpConf := c.AMQP
cac, err := rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
var pubc core.Publisher
if c.Publisher != nil {
conn, err := bgrpc.ClientSetup(c.Publisher)
cmd.FailOnError(err, "Failed to load credentials and create connection to service")
pubc = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn), c.Publisher.Timeout.Duration)
} else {
pubc, err = rpc.NewPublisherClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create Publisher client")
}
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
return cac, pubc, sac
}
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, *blog.AuditLogger, *gorp.DbMap, rpc.StorageAuthorityClient) {
c, err := loadConfig(context)
cmd.FailOnError(err, "Failed to load Boulder configuration")
stats, auditlogger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
raRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->RA", c.AMQP.RA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
rac, err := rpc.NewRegistrationAuthorityClient(raRPC)
cmd.FailOnError(err, "Unable to create CA client")
dbMap, err := sa.NewDbMap(c.Revoker.DBConnect)
cmd.FailOnError(err, "Couldn't setup database connection")
saRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->SA", c.AMQP.SA.Server, c, stats)
cmd.FailOnError(err, "Unable to create RPC client")
sac, err := rpc.NewStorageAuthorityClient(saRPC)
cmd.FailOnError(err, "Failed to create SA client")
return rac, auditlogger, dbMap, sac
}
func main() {
configFile := flag.String("config", "", "File path to the configuration file for this service")
flag.Parse()
if *configFile == "" {
flag.Usage()
os.Exit(1)
}
var c config
err := cmd.ReadJSONFile(*configFile, &c)
cmd.FailOnError(err, "Reading JSON config file into config structure")
go cmd.DebugServer(c.RA.DebugAddr)
stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig)
defer logger.AuditPanic()
logger.Info(cmd.VersionString(clientName))
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
pa, err := policy.New(c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
if c.RA.HostnamePolicyFile == "" {
cmd.FailOnError(fmt.Errorf("HostnamePolicyFile must be provided."), "")
}
err = pa.SetHostnamePolicyFile(c.RA.HostnamePolicyFile)
cmd.FailOnError(err, "Couldn't load hostname policy file")
go cmd.ProfileCmd("RA", stats)
amqpConf := c.RA.AMQP
var vac core.ValidationAuthority
if c.RA.VAService != nil {
conn, err := bgrpc.ClientSetup(c.RA.VAService)
cmd.FailOnError(err, "Unable to create VA client")
vac = bgrpc.NewValidationAuthorityGRPCClient(conn)
} else {
vac, err = rpc.NewValidationAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create VA client")
}
cac, err := rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create CA client")
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Unable to create SA client")
rai := ra.NewRegistrationAuthorityImpl(
clock.Default(),
logger,
stats,
c.RA.MaxContactsPerRegistration,
c.AllowedSigningAlgos.KeyPolicy(),
c.RA.MaxNames,
c.RA.DoNotForceCN,
c.RA.ReuseValidAuthz)
policyErr := rai.SetRateLimitPoliciesFile(c.RA.RateLimitPoliciesFilename)
cmd.FailOnError(policyErr, "Couldn't load rate limit policies file")
rai.PA = pa
raDNSTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
cmd.FailOnError(err, "Couldn't parse RA DNS timeout")
scoped := metrics.NewStatsdScope(stats, "RA", "DNS")
dnsTries := c.RA.DNSTries
if dnsTries < 1 {
dnsTries = 1
}
if !c.Common.DNSAllowLoopbackAddresses {
rai.DNSResolver = bdns.NewDNSResolverImpl(
raDNSTimeout,
[]string{c.Common.DNSResolver},
nil,
scoped,
clock.Default(),
dnsTries)
} else {
rai.DNSResolver = bdns.NewTestDNSResolverImpl(
raDNSTimeout,
[]string{c.Common.DNSResolver},
scoped,
clock.Default(),
dnsTries)
}
rai.VA = vac
rai.CA = cac
rai.SA = sac
ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, stats, logger)
cmd.FailOnError(err, "Unable to create RA RPC server")
err = rpc.NewRegistrationAuthorityServer(ras, rai, logger)
cmd.FailOnError(err, "Unable to setup RA RPC server")
err = ras.Start(amqpConf)
cmd.FailOnError(err, "Unable to run RA RPC server")
}
func main() {
app := cmd.NewAppShell("expiration-mailer", "Sends certificate expiration emails")
app.App.Flags = append(app.App.Flags, cli.IntFlag{
Name: "cert_limit",
Value: 100,
EnvVar: "CERT_LIMIT",
Usage: "Count of certificates to process per expiration period",
})
app.Config = func(c *cli.Context, config cmd.Config) cmd.Config {
if c.GlobalInt("cert_limit") > 0 {
config.Mailer.CertLimit = c.GlobalInt("cert_limit")
}
return config
}
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
go cmd.DebugServer(c.Mailer.DebugAddr)
// Configure DB
dbURL, err := c.Mailer.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
dbMap, err := sa.NewDbMap(dbURL)
cmd.FailOnError(err, "Could not connect to database")
amqpConf := c.Mailer.AMQP
sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
// Load email template
emailTmpl, err := ioutil.ReadFile(c.Mailer.EmailTemplate)
cmd.FailOnError(err, fmt.Sprintf("Could not read email template file [%s]", c.Mailer.EmailTemplate))
tmpl, err := template.New("expiry-email").Parse(string(emailTmpl))
cmd.FailOnError(err, "Could not parse email template")
_, err = netmail.ParseAddress(c.Mailer.From)
cmd.FailOnError(err, fmt.Sprintf("Could not parse from address: %s", c.Mailer.From))
smtpPassword, err := c.Mailer.PasswordConfig.Pass()
cmd.FailOnError(err, "Failed to load SMTP password")
mailClient := mail.New(c.Mailer.Server, c.Mailer.Port, c.Mailer.Username, smtpPassword, c.Mailer.From)
err = mailClient.Connect()
cmd.FailOnError(err, "Couldn't connect to mail server.")
defer func() {
_ = mailClient.Close()
}()
nagCheckInterval := defaultNagCheckInterval
if s := c.Mailer.NagCheckInterval; s != "" {
nagCheckInterval, err = time.ParseDuration(s)
if err != nil {
logger.Err(fmt.Sprintf("Failed to parse NagCheckInterval string %q: %s", s, err))
return
}
}
var nags durationSlice
for _, nagDuration := range c.Mailer.NagTimes {
dur, err := time.ParseDuration(nagDuration)
if err != nil {
logger.Err(fmt.Sprintf("Failed to parse nag duration string [%s]: %s", nagDuration, err))
return
}
nags = append(nags, dur+nagCheckInterval)
}
// Make sure durations are sorted in increasing order
sort.Sort(nags)
subject := "Certificate expiration notice"
if c.Mailer.Subject != "" {
subject = c.Mailer.Subject
}
m := mailer{
stats: stats,
subject: subject,
log: logger,
dbMap: dbMap,
rs: sac,
mailer: &mailClient,
emailTemplate: tmpl,
nagTimes: nags,
limit: c.Mailer.CertLimit,
clk: cmd.Clock(),
}
logger.Info("expiration-mailer: Starting")
err = m.findExpiringCertificates()
cmd.FailOnError(err, "expiration-mailer has failed")
}
app.Run()
}