/
main.go
130 lines (115 loc) · 3.15 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package main
import (
"crypto/x509"
"flag"
"fmt"
"io/ioutil"
"net"
"net/http"
"os"
"time"
"github.com/jmhodges/clock"
"gopkg.in/yaml.v2"
"github.com/rolandshoemaker/stapled/common"
"github.com/rolandshoemaker/stapled/config"
"github.com/rolandshoemaker/stapled/log"
"github.com/rolandshoemaker/stapled/mcache"
"github.com/rolandshoemaker/stapled/scache"
)
func main() {
var configFilename string
flag.StringVar(&configFilename, "config", "example.yaml", "YAML configuration file")
flag.Parse()
configBytes, err := ioutil.ReadFile(configFilename)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to read configuration file '%s': %s", configFilename, err)
os.Exit(1)
}
var conf config.Configuration
err = yaml.Unmarshal(configBytes, &conf)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to parse configuration file: %s", err)
os.Exit(1)
}
clk := clock.Default()
logger := log.NewLogger(conf.Syslog.Network, conf.Syslog.Addr, conf.Syslog.StdoutLevel, clk)
timeout := time.Second * time.Duration(10)
if conf.Fetcher.Timeout.Duration != 0 {
timeout = conf.Fetcher.Timeout.Duration
}
client := new(http.Client)
if len(conf.Fetcher.Proxies) != 0 {
proxyFunc, err := common.ProxyFunc(conf.Fetcher.Proxies)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to parsed proxy URI: %s", err)
}
client.Transport = &http.Transport{
Proxy: proxyFunc,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
}
}
stableBackings := []scache.Cache{}
if conf.Disk.CacheFolder != "" {
stableBackings = append(stableBackings, scache.NewDisk(logger, clk, conf.Disk.CacheFolder))
}
issuers := []*x509.Certificate{}
if conf.Definitions.IssuerFolder != "" {
files, err := ioutil.ReadDir(conf.Definitions.IssuerFolder)
if err != nil {
logger.Err("Failed to read directory '%s': %s", conf.Definitions.IssuerFolder, err)
os.Exit(1)
}
for _, fi := range files {
if fi.IsDir() {
continue
}
issuer, err := common.ReadCertificate(fi.Name())
if err != nil {
logger.Err("Failed to read issuer '%s': %s", fi.Name(), err)
continue
}
issuers = append(issuers, issuer)
}
}
c := mcache.NewEntryCache(clk, logger, 1*time.Minute, stableBackings, client, timeout, issuers, conf.SupportedHashes, false)
logger.Info("Loading certificates")
for _, def := range conf.Definitions.Certificates {
var issuer *x509.Certificate
var responders []string
if def.Issuer != "" {
issuer, err = common.ReadCertificate(def.Issuer)
if err != nil {
logger.Err("Failed to load issuer '%s': %s", def.Issuer, err)
os.Exit(1)
}
}
err = c.AddFromCertificate(def.Certificate, issuer, responders)
if err != nil {
logger.Err("Failed to load entry: %s", err)
os.Exit(1)
}
}
logger.Info("Initializing stapled")
s, err := New(
c,
logger,
clk,
conf.HTTP.Addr,
conf.Fetcher.UpstreamResponders,
conf.Definitions.CertWatchFolder,
)
if err != nil {
logger.Err("Failed to initialize stapled: %s", err)
os.Exit(1)
}
logger.Info("Running stapled")
err = s.Run()
if err != nil {
logger.Err("stapled failed: %s", err)
os.Exit(1)
}
}