func maybeAutoPublish(cmd *cobra.Command, doPublish bool, gun string, config *viper.Viper, passRetriever notary.PassRetriever) error { if !doPublish { return nil } // We need to set up a http RoundTripper when publishing rt, err := getTransport(config, gun, readWrite) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewFileCachedNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, passRetriever, trustPin) if err != nil { return err } cmd.Println("Auto-publishing changes to", gun) return publishAndPrintToCLI(cmd, nRepo, gun) }
func newObcBatch(id uint64, config *viper.Viper, stack consensus.Stack) *obcBatch { var err error op := &obcBatch{stack: stack} op.startup = make(chan []byte) op.executor = NewOBCExecutor(config, op, stack) logger.Debug("Replica %d obtaining startup information", id) startupInfo := <-op.startup close(op.startup) op.pbft = newPbftCore(id, config, op, startupInfo) queueSize := config.GetInt("executor.queuesize") if queueSize <= int(op.pbft.L) { logger.Error("Replica %d has executor queue size %d less than PBFT log size %d, this indicates a misconfiguration", id, queueSize, op.pbft.L) } op.batchSize = config.GetInt("general.batchSize") op.batchStore = nil op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } // create non-running timer op.batchTimer = time.NewTimer(100 * time.Hour) // XXX ugly op.batchTimer.Stop() go op.batchTimerHander() return op }
func (k *keyCommander) getKeyStores( config *viper.Viper, withHardware, hardwareBackup bool) ([]trustmanager.KeyStore, error) { retriever := k.getRetriever() directory := config.GetString("trust_dir") fileKeyStore, err := trustmanager.NewKeyFileStore(directory, retriever) if err != nil { return nil, fmt.Errorf( "Failed to create private key store in directory: %s", directory) } ks := []trustmanager.KeyStore{fileKeyStore} if withHardware { var yubiStore trustmanager.KeyStore if hardwareBackup { yubiStore, err = getYubiStore(fileKeyStore, retriever) } else { yubiStore, err = getYubiStore(nil, retriever) } if err == nil && yubiStore != nil { // Note that the order is important, since we want to prioritize // the yubikey store ks = []trustmanager.KeyStore{yubiStore, fileKeyStore} } } return ks, nil }
func newObcBatch(id uint64, config *viper.Viper, stack consensus.Stack) *obcBatch { var err error op := &obcBatch{ obcGeneric: obcGeneric{stack}, stack: stack, } op.persistForward.persistor = stack logger.Debug("Replica %d obtaining startup information", id) op.pbft = newPbftCore(id, config, op) op.batchSize = config.GetInt("general.batchSize") op.batchStore = nil op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } op.incomingChan = make(chan *batchMessage) // create non-running timer op.batchTimer = time.NewTimer(100 * time.Hour) // XXX ugly op.batchTimer.Stop() op.idleChan = make(chan struct{}) go op.main() return op }
// ParseStorage tries to parse out Storage from a Viper. If backend and // URL are not provided, returns a nil pointer. Storage is required (if // a backend is not provided, an error will be returned.) func ParseStorage(configuration *viper.Viper, allowedBackends []string) (*Storage, error) { store := Storage{ Backend: configuration.GetString("storage.backend"), Source: configuration.GetString("storage.db_url"), } supported := false store.Backend = strings.ToLower(store.Backend) for _, backend := range allowedBackends { if backend == store.Backend { supported = true break } } if !supported { return nil, fmt.Errorf( "must specify one of these supported backends: %s", strings.Join(allowedBackends, ", ")) } if store.Backend == MemoryBackend { return &Storage{Backend: MemoryBackend}, nil } if store.Source == "" { return nil, fmt.Errorf( "must provide a non-empty database source for %s", store.Backend) } return &store, nil }
func newObcBatch(id uint64, config *viper.Viper, stack consensus.Stack) *obcBatch { var err error op := &obcBatch{ obcGeneric: obcGeneric{stack: stack}, } op.persistForward.persistor = stack logger.Debugf("Replica %d obtaining startup information", id) op.manager = events.NewManagerImpl() // TODO, this is hacky, eventually rip it out op.manager.SetReceiver(op) etf := events.NewTimerFactoryImpl(op.manager) op.pbft = newPbftCore(id, config, op, etf) op.manager.Start() blockchainInfoBlob := stack.GetBlockchainInfoBlob() op.externalEventReceiver.manager = op.manager op.broadcaster = newBroadcaster(id, op.pbft.N, op.pbft.f, op.pbft.broadcastTimeout, stack) op.manager.Queue() <- workEvent(func() { op.pbft.stateTransfer(&stateUpdateTarget{ checkpointMessage: checkpointMessage{ seqNo: op.pbft.lastExec, id: blockchainInfoBlob, }, }) }) op.batchSize = config.GetInt("general.batchsize") op.batchStore = nil op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } logger.Infof("PBFT Batch size = %d", op.batchSize) logger.Infof("PBFT Batch timeout = %v", op.batchTimeout) if op.batchTimeout >= op.pbft.requestTimeout { op.pbft.requestTimeout = 3 * op.batchTimeout / 2 logger.Warningf("Configured request timeout must be greater than batch timeout, setting to %v", op.pbft.requestTimeout) } if op.pbft.requestTimeout >= op.pbft.nullRequestTimeout && op.pbft.nullRequestTimeout != 0 { op.pbft.nullRequestTimeout = 3 * op.pbft.requestTimeout / 2 logger.Warningf("Configured null request timeout must be greater than request timeout, setting to %v", op.pbft.nullRequestTimeout) } op.incomingChan = make(chan *batchMessage) op.batchTimer = etf.CreateTimer() op.reqStore = newRequestStore() op.deduplicator = newDeduplicator() op.idleChan = make(chan struct{}) close(op.idleChan) // TODO remove eventually return op }
// Parse the cache configurations for GET-ting current and checksummed metadata, // returning the configuration for current (non-content-addressed) metadata // first, then the configuration for consistent (content-addressed) metadata // second. The configuration consists mainly of the max-age (an integer in seconds, // just like in the Cache-Control header) for each type of metadata. // The max-age must be between 0 and 31536000 (one year in seconds, which is // the recommended maximum time data is cached), else parsing will return an error. // A max-age of 0 will disable caching for that type of download (consistent or current). func getCacheConfig(configuration *viper.Viper) (current, consistent utils.CacheControlConfig, err error) { cccs := make(map[string]utils.CacheControlConfig) currentOpt, consistentOpt := "current_metadata", "consistent_metadata" defaults := map[string]int{ currentOpt: int(notary.CurrentMetadataCacheMaxAge.Seconds()), consistentOpt: int(notary.ConsistentMetadataCacheMaxAge.Seconds()), } maxMaxAge := int(notary.CacheMaxAgeLimit.Seconds()) for optionName, seconds := range defaults { m := configuration.GetString(fmt.Sprintf("caching.max_age.%s", optionName)) if m != "" { seconds, err = strconv.Atoi(m) if err != nil || seconds < 0 || seconds > maxMaxAge { return nil, nil, fmt.Errorf( "must specify a cache-control max-age between 0 and %v", maxMaxAge) } } cccs[optionName] = utils.NewCacheControlConfig(seconds, optionName == currentOpt) } current = cccs[currentOpt] consistent = cccs[consistentOpt] return }
// GetPathRelativeToConfig gets a configuration key which is a path, and if // it is not empty or an absolute path, returns the absolute path relative // to the configuration file func GetPathRelativeToConfig(configuration *viper.Viper, key string) string { configFile := configuration.ConfigFileUsed() p := configuration.GetString(key) if p == "" || filepath.IsAbs(p) { return p } return filepath.Clean(filepath.Join(filepath.Dir(configFile), p)) }
// Open and return a listening unix socket. func NewUnixListener(v *viper.Viper) (*net.UnixListener, error) { l, err := net.ListenUnix("unix", &net.UnixAddr{Net: "unix", Name: v.GetString("socket")}) if err != nil { return nil, err } return l, nil }
func loadOAuth2Config(v *viper.Viper) { Config.OAuth2Enabled = v.GetBool("stormpath.web.oauth2.enabled") Config.OAuth2URI = v.GetString("stormpath.web.oauth2.uri") Config.OAuth2ClientCredentialsGrantTypeEnabled = v.GetBool("stormpath.web.oauth2.client_credentials.enabled") Config.OAuth2ClientCredentialsGrantTypeAccessTokenTTL = time.Duration(v.GetInt("stormpath.web.oauth2.client_credentials.accessToken.ttl")) * time.Second Config.OAuth2PasswordGrantTypeEnabled = v.GetBool("stormpath.web.oauth2.password.enabled") Config.OAuth2PasswordGrantTypeValidationStrategy = v.GetString("stormpath.web.oauth2.password.validationStrategy") }
// ParseLogLevel tries to parse out a log level from a Viper. If there is no // configuration, defaults to the provided error level func ParseLogLevel(configuration *viper.Viper, defaultLevel logrus.Level) ( logrus.Level, error) { logStr := configuration.GetString("logging.level") if logStr == "" { return defaultLevel, nil } return logrus.ParseLevel(logStr) }
func newPbftCore(id uint64, config *viper.Viper, consumer innerCPI) *pbftCore { instance := &pbftCore{} instance.id = id instance.consumer = consumer // in dev/debugging mode you are expected to override the config values // with the environment variable OPENCHAIN_OBCPBFT_X_Y // read from the config file // you can override the config values with the environment variable prefix // OPENCHAIN_OBCPBFT, e.g. OPENCHAIN_OBCPBFT_BYZANTINE var err error instance.byzantine = config.GetBool("replica.byzantine") instance.f = config.GetInt("general.f") instance.K = uint64(config.GetInt("general.K")) instance.requestTimeout, err = time.ParseDuration(config.GetString("general.timeout.request")) if err != nil { panic(fmt.Errorf("Cannot parse request timeout: %s", err)) } instance.newViewTimeout, err = time.ParseDuration(config.GetString("general.timeout.viewchange")) if err != nil { panic(fmt.Errorf("Cannot parse new view timeout: %s", err)) } instance.activeView = true instance.L = 2 * instance.K // log size instance.replicaCount = 3*instance.f + 1 // init the logs instance.certStore = make(map[msgID]*msgCert) instance.reqStore = make(map[string]*Request) instance.checkpointStore = make(map[Checkpoint]bool) instance.chkpts = make(map[uint64]string) instance.viewChangeStore = make(map[vcidx]*ViewChange) instance.pset = make(map[uint64]*ViewChange_PQ) instance.qset = make(map[qidx]*ViewChange_PQ) instance.newViewStore = make(map[uint64]*NewView) // load genesis checkpoint stateHash, err := instance.consumer.getStateHash(0) if err != nil { panic(fmt.Errorf("Cannot load genesis block: %s", err)) } instance.chkpts[0] = base64.StdEncoding.EncodeToString(stateHash) // create non-running timer XXX ugly instance.newViewTimer = time.NewTimer(100 * time.Hour) instance.newViewTimer.Stop() instance.lastNewViewTimeout = instance.newViewTimeout instance.outstandingReqs = make(map[string]*Request) go instance.timerHander() return instance }
func getRemoteTrustServer(config *viper.Viper) string { if remoteTrustServer == "" { configRemote := config.GetString("remote_server.url") if configRemote != "" { remoteTrustServer = configRemote } else { remoteTrustServer = defaultServerURL } } return remoteTrustServer }
// get the address for the HTTP server, and parses the optional TLS // configuration for the server - if no TLS configuration is specified, // TLS is not enabled. func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) { httpAddr := configuration.GetString("server.http_addr") if httpAddr == "" { return "", nil, fmt.Errorf("http listen address required for server") } tlsConfig, err := utils.ParseServerTLS(configuration, false) if err != nil { return "", nil, fmt.Errorf(err.Error()) } return httpAddr, tlsConfig, nil }
func getDefaultAlias(configuration *viper.Viper) (string, error) { defaultAlias := configuration.GetString("storage.default_alias") if defaultAlias == "" { // backwards compatibility - support this environment variable defaultAlias = configuration.GetString(defaultAliasEnv) } if defaultAlias == "" { return "", fmt.Errorf("must provide a default alias for the key DB") } logrus.Debug("Default Alias: ", defaultAlias) return defaultAlias, nil }
func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) { tlsConfig, err := utils.ParseServerTLS(configuration, true) if err != nil { return "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error()) } grpcAddr := configuration.GetString("server.grpc_addr") if grpcAddr == "" { return "", nil, fmt.Errorf("grpc listen address required for server") } return grpcAddr, tlsConfig, nil }
func configureLogging(v *viper.Viper) { level, err := log.ParseLevel(v.GetString("log_level")) if err != nil { log.Fatalln(err) } log.SetLevel(level) if v.GetString("log_format") == "text" { log.SetFormatter(&log.TextFormatter{DisableColors: true, FullTimestamp: true}) } else if v.GetString("log_format") == "json" { log.SetFormatter(&log.JSONFormatter{}) } else { log.Errorln("Error: log_type invalid, defaulting to text") log.SetFormatter(&log.TextFormatter{}) } switch v.GetString("log_target") { case "stdout": log.SetOutput(os.Stdout) case "stderr": log.SetOutput(os.Stderr) default: log.Errorln("Error: log_target invalid, defaulting to Stdout") log.SetOutput(os.Stdout) } }
func newObcBatch(id uint64, config *viper.Viper, cpi consensus.CPI) *obcBatch { var err error op := &obcBatch{cpi: cpi} op.pbft = newPbftCore(id, config, op, cpi) op.batchSize = config.GetInt("general.batchSize") op.batchStore = make(map[string]*Request) op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } // create non-running timer XXX ugly op.batchTimer = time.NewTimer(100 * time.Hour) op.batchTimer.Stop() go op.batchTimerHander() return op }
func newObcBatch(id uint64, config *viper.Viper, stack consensus.Stack) *obcBatch { var err error op := &obcBatch{stack: stack} op.pbft = newPbftCore(id, config, op, stack) op.batchSize = config.GetInt("general.batchSize") op.batchStore = nil op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } // create non-running timer op.batchTimer = time.NewTimer(100 * time.Hour) // XXX ugly op.batchTimer.Stop() go op.batchTimerHander() return op }
// parses the configuration and returns a backing store for the TUF files func getStore(configuration *viper.Viper, hRegister healthRegister) ( storage.MetaStore, error) { var store storage.MetaStore backend := configuration.GetString("storage.backend") logrus.Infof("Using %s backend", backend) switch backend { case notary.MemoryBackend: return storage.NewMemStorage(), nil case notary.MySQLBackend, notary.SQLiteBackend: storeConfig, err := utils.ParseSQLStorage(configuration) if err != nil { return nil, err } s, err := storage.NewSQLStorage(storeConfig.Backend, storeConfig.Source) if err != nil { return nil, fmt.Errorf("Error starting %s driver: %s", backend, err.Error()) } store = *storage.NewTUFMetaStorage(s) hRegister("DB operational", time.Minute, s.CheckHealth) case notary.RethinkDBBackend: var sess *gorethink.Session storeConfig, err := utils.ParseRethinkDBStorage(configuration) if err != nil { return nil, err } tlsOpts := tlsconfig.Options{ CAFile: storeConfig.CA, CertFile: storeConfig.Cert, KeyFile: storeConfig.Key, } if doBootstrap { sess, err = rethinkdb.AdminConnection(tlsOpts, storeConfig.Source) } else { sess, err = rethinkdb.UserConnection(tlsOpts, storeConfig.Source, storeConfig.Username, storeConfig.Password) } if err != nil { return nil, fmt.Errorf("Error starting %s driver: %s", backend, err.Error()) } s := storage.NewRethinkDBStorage(storeConfig.DBName, storeConfig.Username, storeConfig.Password, sess) store = *storage.NewTUFMetaStorage(s) hRegister("DB operational", time.Minute, s.CheckHealth) default: return nil, fmt.Errorf("%s is not a supported storage backend", backend) } return store, nil }
func zonesocks5(v *viper.Viper) { var wg sync.WaitGroup // Create a SOCKS5 server username := v.GetString("username") password := v.GetString("password") creds := socks5.StaticCredentials{} creds[username] = password cator := socks5.UserPassAuthenticator{Credentials: creds} conf := &socks5.Config{ AuthMethods: []socks5.Authenticator{cator}, Credentials: creds, } server, err := socks5.New(conf) if err != nil { glog.Infoln("new socks5 config error ", err) } address := v.GetString("address") glog.Infoln("listen to address ", address) wg.Add(1) go func() { if err := server.ListenAndServe("tcp", address); err != nil { glog.Errorln(err) } wg.Done() }() // signal hup c := make(chan os.Signal, 1) signal.Notify(c, syscall.SIGHUP) wg.Add(1) go func() { for sig := range c { switch sig { case syscall.SIGHUP: glog.Infoln("got hup signal") default: glog.Infoln("not ready to process ", sig.String()) } } wg.Done() }() wg.Wait() }
// SetEnvironmentSpecificConfig sets the configuration to match the given env. func SetEnvironmentSpecificConfig(v *viper.Viper, env string) { if v == nil { v = viper.New() v.SetDefault("env", env) } // Read common config v.AddConfigPath(".") v.AddConfigPath("../") v.SetConfigName("config-common") if err := v.ReadInConfig(); err != nil { panic(fmt.Errorf("Fatal error reading common config file: %s \n", err)) } // Merge in environment specific config configName := "config-" + env + ".yml" configPaths := []string{configName, "../" + configName} configFilePath := "" for _, path := range configPaths { if b, _ := exists(path); b { configFilePath = path continue } } if configFilePath == "" { panic(fmt.Errorf("Could not find config file: %s \n", configName)) } configBytes, err := ioutil.ReadFile(configFilePath) if err != nil { panic(fmt.Errorf("Could not read config file: %s \n", err)) } err = v.MergeConfig(bytes.NewBuffer(configBytes)) // Find and read the config file if err != nil { // Handle errors reading the config file panic(fmt.Errorf("Fatal error config file: %s \n", err)) } // Read config from consul v.AddRemoteProvider("consul", v.GetString("ConsulEndpoint"), v.GetString("ConsulSupportOptimizationWorkflowConfig")) v.SetConfigType("yaml") // err = v.ReadRemoteConfig() // Find and read the config file // if err != nil { // Handle errors reading the config file // panic(fmt.Errorf("Fatal error reading remote config file: %s \n", err)) // } Viper = &config{v} }
// optionally sets up TLS for the server - if no TLS configuration is // specified, TLS is not enabled. func serverTLS(configuration *viper.Viper) (*tls.Config, error) { tlsCertFile := configuration.GetString("server.tls_cert_file") tlsKeyFile := configuration.GetString("server.tls_key_file") if tlsCertFile == "" && tlsKeyFile == "" { return nil, nil } else if tlsCertFile == "" || tlsKeyFile == "" { return nil, fmt.Errorf("Partial TLS configuration found. Either include both a cert and key file in the configuration, or include neither to disable TLS.") } tlsConfig, err := utils.ConfigureServerTLS(&utils.ServerTLSOpts{ ServerCertFile: tlsCertFile, ServerKeyFile: tlsKeyFile, }) if err != nil { return nil, fmt.Errorf("Unable to set up TLS: %s", err.Error()) } return tlsConfig, nil }
// Reads the configuration file for storage setup, and sets up the cryptoservice // mapping func setUpCryptoservices(configuration *viper.Viper, allowedBackends []string) ( signer.CryptoServiceIndex, error) { storeConfig, err := utils.ParseStorage(configuration, allowedBackends) if err != nil { return nil, err } var keyStore trustmanager.KeyStore if storeConfig.Backend == utils.MemoryBackend { keyStore = trustmanager.NewKeyMemoryStore( passphrase.ConstantRetriever("memory-db-ignore")) } else { defaultAlias := configuration.GetString("storage.default_alias") if defaultAlias == "" { // backwards compatibility - support this environment variable defaultAlias = configuration.GetString(defaultAliasEnv) } if defaultAlias == "" { return nil, fmt.Errorf("must provide a default alias for the key DB") } logrus.Debug("Default Alias: ", defaultAlias) dbStore, err := keydbstore.NewKeyDBStore( passphraseRetriever, defaultAlias, storeConfig.Backend, storeConfig.Source) if err != nil { return nil, fmt.Errorf("failed to create a new keydbstore: %v", err) } logrus.Debugf("Using %s DB: %s", storeConfig.Backend, storeConfig.Source) health.RegisterPeriodicFunc( "DB operational", dbStore.HealthCheck, time.Second*60) keyStore = dbStore } cryptoService := cryptoservice.NewCryptoService("", keyStore) cryptoServices := make(signer.CryptoServiceIndex) cryptoServices[data.ED25519Key] = cryptoService cryptoServices[data.ECDSAKey] = cryptoService return cryptoServices, nil }
// ParseSQLStorage tries to parse out Storage from a Viper. If backend and // URL are not provided, returns a nil pointer. Storage is required (if // a backend is not provided, an error will be returned.) func ParseSQLStorage(configuration *viper.Viper) (*Storage, error) { store := Storage{ Backend: configuration.GetString("storage.backend"), Source: configuration.GetString("storage.db_url"), } switch { case store.Backend != notary.MySQLBackend && store.Backend != notary.SQLiteBackend: return nil, fmt.Errorf( "%s is not a supported SQL backend driver", store.Backend, ) case store.Source == "": return nil, fmt.Errorf( "must provide a non-empty database source for %s", store.Backend, ) } return &store, nil }
// parses the configuration and determines which trust service and key algorithm // to return func getTrustService(configuration *viper.Viper, sFactory signerFactory, hRegister healthRegister) (signed.CryptoService, string, error) { switch configuration.GetString("trust_service.type") { case "local": logrus.Info("Using local signing service, which requires ED25519. " + "Ignoring all other trust_service parameters, including keyAlgorithm") return signed.NewEd25519(), data.ED25519Key, nil case "remote": default: return nil, "", fmt.Errorf( "must specify either a \"local\" or \"remote\" type for trust_service") } keyAlgo := configuration.GetString("trust_service.key_algorithm") if keyAlgo != data.ED25519Key && keyAlgo != data.ECDSAKey && keyAlgo != data.RSAKey { return nil, "", fmt.Errorf("invalid key algorithm configured: %s", keyAlgo) } clientTLS, err := grpcTLS(configuration) if err != nil { return nil, "", err } logrus.Info("Using remote signing service") notarySigner, err := sFactory( configuration.GetString("trust_service.hostname"), configuration.GetString("trust_service.port"), clientTLS, ) if err != nil { return nil, "", err } duration := 10 * time.Second hRegister( "Trust operational", duration, func() error { err := notarySigner.CheckHealth(duration, notary.HealthCheckOverall) if err != nil { logrus.Error("Trust not fully operational: ", err.Error()) } return err }, ) return notarySigner, keyAlgo, nil }
func newObcBatch(id uint64, config *viper.Viper, stack consensus.Stack) *obcBatch { var err error op := &obcBatch{ obcGeneric: obcGeneric{stack: stack}, } op.persistForward.persistor = stack logger.Debugf("Replica %d obtaining startup information", id) op.manager = events.NewManagerImpl() // TODO, this is hacky, eventually rip it out op.manager.SetReceiver(op) etf := events.NewTimerFactoryImpl(op.manager) op.pbft = newPbftCore(id, config, op, etf) op.manager.Start() op.externalEventReceiver.manager = op.manager op.broadcaster = newBroadcaster(id, op.pbft.N, op.pbft.f, stack) op.batchSize = config.GetInt("general.batchsize") op.batchStore = nil op.batchTimeout, err = time.ParseDuration(config.GetString("general.timeout.batch")) if err != nil { panic(fmt.Errorf("Cannot parse batch timeout: %s", err)) } logger.Infof("PBFT Batch size = %d", op.batchSize) logger.Infof("PBFT Batch timeout = %v", op.batchTimeout) op.incomingChan = make(chan *batchMessage) op.batchTimer = etf.CreateTimer() op.outstandingReqs = make(map[*Request]struct{}) op.idleChan = make(chan struct{}) close(op.idleChan) // TODO remove eventually return op }
// get the address for the HTTP server, and parses the optional TLS // configuration for the server - if no TLS configuration is specified, // TLS is not enabled. func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) { httpAddr := configuration.GetString("server.http_addr") if httpAddr == "" { return "", nil, fmt.Errorf("http listen address required for server") } tlsOpts, err := utils.ParseServerTLS(configuration, false) if err != nil { return "", nil, fmt.Errorf(err.Error()) } // do not support this yet since the client doesn't have client cert support if tlsOpts != nil { tlsOpts.ClientCAFile = "" tlsConfig, err := utils.ConfigureServerTLS(tlsOpts) if err != nil { return "", nil, fmt.Errorf( "unable to set up TLS for server: %s", err.Error()) } return httpAddr, tlsConfig, nil } return httpAddr, nil, nil }
// sets up TLS for the GRPC connection to notary-signer func grpcTLS(configuration *viper.Viper) (*tls.Config, error) { rootCA := utils.GetPathRelativeToConfig(configuration, "trust_service.tls_ca_file") serverName := configuration.GetString("trust_service.hostname") clientCert := utils.GetPathRelativeToConfig(configuration, "trust_service.tls_client_cert") clientKey := utils.GetPathRelativeToConfig(configuration, "trust_service.tls_client_key") if (clientCert == "" && clientKey != "") || (clientCert != "" && clientKey == "") { return nil, fmt.Errorf("Partial TLS configuration found. Either include both a client cert and client key file in the configuration, or include neither.") } tlsConfig, err := utils.ConfigureClientTLS(&utils.ClientTLSOpts{ RootCAFile: rootCA, ServerName: serverName, ClientCertFile: clientCert, ClientKeyFile: clientKey, }) if err != nil { return nil, fmt.Errorf( "Unable to configure TLS to the trust service: %s", err.Error()) } return tlsConfig, nil }
// ParseRethinkDBStorage tries to parse out Storage from a Viper. If backend and // URL are not provided, returns a nil pointer. Storage is required (if // a backend is not provided, an error will be returned.) func ParseRethinkDBStorage(configuration *viper.Viper) (*RethinkDBStorage, error) { store := RethinkDBStorage{ Storage: Storage{ Backend: configuration.GetString("storage.backend"), Source: configuration.GetString("storage.db_url"), }, CA: GetPathRelativeToConfig(configuration, "storage.tls_ca_file"), Cert: GetPathRelativeToConfig(configuration, "storage.client_cert_file"), Key: GetPathRelativeToConfig(configuration, "storage.client_key_file"), DBName: configuration.GetString("storage.database"), Username: configuration.GetString("storage.username"), Password: configuration.GetString("storage.password"), } switch { case store.Backend != notary.RethinkDBBackend: return nil, fmt.Errorf( "%s is not a supported RethinkDB backend driver", store.Backend, ) case store.Source == "": return nil, fmt.Errorf( "must provide a non-empty host:port for %s", store.Backend, ) case store.CA == "": return nil, fmt.Errorf( "cowardly refusal to connect to %s without a CA cert", store.Backend, ) case store.Cert == "" || store.Key == "": return nil, fmt.Errorf( "cowardly refusal to connect to %s without a client cert and key", store.Backend, ) case store.DBName == "": return nil, fmt.Errorf( "%s requires a specific database to connect to", store.Backend, ) case store.Username == "": return nil, fmt.Errorf( "%s requires a username to connect to the db", store.Backend, ) } return &store, nil }