Exemplo n.º 1
0
// Client Commands
func clientCmd() {
	// new-user
	var newUserCmd = flag.NewFlagSet("new-user", flag.ExitOnError)
	var keyLength = newUserCmd.Int("size", 4096, "User key size")
	var username = newUserCmd.String("username", "user", "Username")
	var out = newUserCmd.String("out", "id_rsa", "Key output file")
	var expiresDays = newUserCmd.Int("days", daysInTenYears, "User key expires after (days)")
	var expires = time.Now().AddDate(0, 0, *expiresDays).UTC()

	// new-token
	var newTokenCmd = flag.NewFlagSet("new-token", flag.ExitOnError)
	var newTokenHostname = newTokenCmd.String("hostname", "", "Username")
	var privateKeyPath = newTokenCmd.String("key", "id_rsa", "Private key file")

	// ca-hash
	var caHashCmd = flag.NewFlagSet("ca-hash", flag.ExitOnError)
	var caHost = caHashCmd.String("host", "localhost", "Certificate Authority hostname")
	var caPort = caHashCmd.String("port", "33004", "Certificate Authority port")

	// select subcommand
	//switch os.Args[2] {
	switch os.Args[1] {
	case "new-user":
		newUserCmd.Parse(os.Args[2:])
		encodedCert, _, _, err := client.NewUserKey(username, *keyLength, &expires, out)
		if err != nil {
			logger.Error.Printf("Failed to create new user key: %s", err)
			os.Exit(2)
		}
		fmt.Println(*encodedCert)

	case "new-token":
		newTokenCmd.Parse(os.Args[2:])
		token, err := client.NewTokenUsingPrivateKeyFile(*privateKeyPath, *newTokenHostname, defaultTokenDuration)
		if err != nil {
			logger.Error.Printf("Failed to create token: %s", err)
			os.Exit(2)
		}
		fmt.Println(*token)

	case "ca-hash":
		caHashCmd.Parse(os.Args[2:])
		endpoint := "https://" + (*caHost) + ":" + (*caPort)
		hash, err := client.GetCACertHashEncoded(&endpoint)
		if err != nil {
			logger.Error.Printf("Failed to get CA Hash: %s", err)
			os.Exit(2)
		}
		fmt.Println(*hash)

	default:
		error := fmt.Sprintf("%q is not valid command.\n", os.Args[1])
		argError(error)
		os.Exit(2)
	}
}
Exemplo n.º 2
0
func TestContainer(t *testing.T) {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)
	// create root keys
	keysize := 2048
	key, err := pkix.CreateRSAKey(keysize)
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// start CA
	keylength := 4098
	organization := "org"
	country := "PT-PT"
	expiresDays := 10
	expires := time.Now().AddDate(0, 0, expiresDays).UTC()
	_, caCert, _, err := ca.NewRootCertificate(keylength, expires, organization, country)

	caFingerprint, err := caCert.Fingerprint()
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// add user to CA
	keyLength := 2048
	username := "******"
	userExpires := time.Now().AddDate(1, 0, 0).UTC()

	// generate private key
	_, userCert, userPrivateKey, err := client.NewUserKey(&username, keyLength, &userExpires, nil)
	if err != nil {
		t.Error(err)
	}
	ca.SetUserCertificate(userCert)
	userPrivateKeyBytes, err := userPrivateKey.ExportPrivate()
	if err != nil {
		t.Error(err)
	}

	tokenExpires := time.Duration(time.Second * 20)
	token, err := client.NewToken(userPrivateKeyBytes, username, tokenExpires)
	if err != nil {
		t.Error(err)
	}

	//setup mockHTTPServer
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// /cert
		if r.URL.String() == "/v1/cert" {
			ca.HandleCertRequest(w, r)
		}
		if r.URL.String() == "/v1/csr" {
			ca.HandleCSR(w, r)
		}
	}))

	defer ts.Close()
	fmt.Println(ts.URL)

	certProp := CertificateProperties{
		name:         "Tommy",
		ip_list:      "192.168.1.1",
		domain_list:  "symbios",
		organization: "symbios",
		country:      "US",
	}

	_, err = Authenticate(&ts.URL, token, key, &certProp, &caFingerprint)
	if err != nil {
		t.Fatalf("Unable to authenticate.", err)
	}
}