func initializeServer() *server.Server { var hosts string fmt.Print("Keyserver Hostnames/IPs (comma-seperated): ") fmt.Scanln(&hosts) hostnames := strings.Split(hosts, ",") csr, key, err := csr.ParseRequest(&csr.CertificateRequest{ CN: "Keyless Server Authentication Certificate", Hosts: hostnames, KeyRequest: &csr.BasicKeyRequest{ A: "ecdsa", S: 384, }, }) if err != nil { log.Fatal(err) } if err := ioutil.WriteFile(keyFile, key, 0400); err != nil { log.Fatal(err) } log.Infof("Key generated and saved to %s\n", keyFile) log.Info("Server entering initialization state") s, err := server.NewServerFromFile(initCertFile, initKeyFile, caFile, net.JoinHostPort("", port), net.JoinHostPort("", metricsPort)) if err != nil { log.Fatal(err) } s.ActivationToken = []byte(initToken) go func() { log.Fatal(s.ListenAndServe()) }() cert, err := initAPICall(hostnames, string(csr)) if err != nil { log.Fatal(err) } if err := ioutil.WriteFile(certFile, cert, 0644); err != nil { log.Fatal(err) } log.Infof("Cert saved to %s\n", certFile) // Remove server from activation state and initialize issued certificate. s.ActivationToken = s.ActivationToken[:0] tlsCert, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { log.Fatal(err) } s.Config.Certificates = []tls.Certificate{tlsCert} return s }
func main() { var s *server.Server if initToken != "" { s = initializeServer() } else { s, err := server.NewServerFromFile(certFile, keyFile, caFile, net.JoinHostPort("", port), net.JoinHostPort("", metricsPort)) if err != nil { log.Warningf("Could not create server. Run with `gokeyless -init-token=XXX` to get %s and %s", keyFile, certFile) log.Fatal(err) } if err := s.LoadKeysFromDir(keyDir, LoadKey); err != nil { log.Fatal(err) } // Start server in background, then listen for SIGHUPs to reload keys. go func() { log.Fatal(s.ListenAndServe()) }() } if pidFile != "" { if f, err := os.Create(pidFile); err != nil { log.Errorf("error creating pid file: %v", err) } else { fmt.Fprintf(f, "%d", os.Getpid()) f.Close() } } c := make(chan os.Signal, 1) signal.Notify(c, syscall.SIGHUP) for { select { case <-c: log.Info("Received SIGHUP, reloading keys...") if err := s.LoadKeysFromDir(keyDir, LoadKey); err != nil { log.Fatal(err) } } } }
func main() { var logOut io.Writer if silent { logOut = ioutil.Discard } else { logOut = os.Stdout } s, err := server.NewServerFromFile(certFile, keyFile, caFile, net.JoinHostPort("", port), logOut) if err != nil { log.Fatal(err) } keys, err := LoadKeysFromDir(keyDir) if err != nil { log.Fatal(err) } for _, key := range keys { s.RegisterKey(key) } log.Fatal(s.ListenAndServe()) }
// Set up compatible server and client for use by tests. func init() { var err error var pemBytes []byte var p *pem.Block var priv crypto.Signer var pub crypto.PublicKey log.Level = log.LevelFatal s, err = server.NewServerFromFile(serverCert, serverKey, keylessCA, serverAddr, "") if err != nil { log.Fatal(err) } if pemBytes, err = ioutil.ReadFile(rsaPrivKey); err != nil { log.Fatal(err) } p, _ = pem.Decode(pemBytes) if priv, err = x509.ParsePKCS1PrivateKey(p.Bytes); err != nil { log.Fatal(err) } if err = s.Keys.Add(nil, priv); err != nil { log.Fatal(err) } if pemBytes, err = ioutil.ReadFile(ecdsaPrivKey); err != nil { log.Fatal(err) } p, _ = pem.Decode(pemBytes) if priv, err = x509.ParseECPrivateKey(p.Bytes); err != nil { log.Fatal(err) } if err = s.Keys.Add(nil, priv); err != nil { log.Fatal(err) } listening := make(chan bool) go func() { listening <- true if err := s.ListenAndServe(); err != nil { log.Fatal(err) } }() <-listening if c, err = client.NewClientFromFile(clientCert, clientKey, keyserverCA); err != nil { log.Fatal(err) } if pemBytes, err = ioutil.ReadFile(rsaPubKey); err != nil { log.Fatal(err) } p, _ = pem.Decode(pemBytes) if pub, err = x509.ParsePKIXPublicKey(p.Bytes); err != nil { log.Fatal(err) } if rsaKey, err = c.RegisterPublicKey(serverAddr, pub); err != nil { log.Fatal(err) } if pemBytes, err = ioutil.ReadFile(ecdsaPubKey); err != nil { log.Fatal(err) } p, _ = pem.Decode(pemBytes) if pub, err = x509.ParsePKIXPublicKey(p.Bytes); err != nil { log.Fatal(err) } if ecdsaKey, err = c.RegisterPublicKey(serverAddr, pub); err != nil { log.Fatal(err) } }
func main() { if initCert { var hosts string fmt.Print("Keyserver Hostnames/IPs (comma-seperated): ") fmt.Scanln(&hosts) csr, key, err := csr.ParseRequest(&csr.CertificateRequest{ CN: "Keyless Server Authentication Certificate", Hosts: strings.Split(hosts, ","), KeyRequest: &csr.KeyRequest{Algo: "ecdsa", Size: 384}, }) if err != nil { log.Fatal(err) } if err := ioutil.WriteFile(keyFile, key, 0400); err != nil { log.Fatal(err) } fmt.Printf("Key generated and saved to %s\n", keyFile) fmt.Printf("Email this CSR to [email protected] for signing and save the resulting certificate to %s:\n", certFile) fmt.Print(string(csr)) return } s, err := server.NewServerFromFile(certFile, keyFile, caFile, net.JoinHostPort("", port), net.JoinHostPort("", metricsPort)) if err != nil { log.Warningf("Could not create server. Run `gokeyless -init` to get %s and %s", keyFile, certFile) log.Fatal(err) } if err := s.LoadKeysFromDir(keyDir, LoadKey); err != nil { log.Fatal(err) } // Start server in background, then listen for SIGHUPs to reload keys. go func() { log.Fatal(s.ListenAndServe()) }() if pidFile != "" { if f, err := os.Create(pidFile); err != nil { log.Errorf("error creating pid file: %v", err) } else { fmt.Fprintf(f, "%d", os.Getpid()) f.Close() } } c := make(chan os.Signal, 1) signal.Notify(c, syscall.SIGHUP) for { select { case <-c: log.Info("Received SIGHUP, reloading keys...") if err := s.LoadKeysFromDir(keyDir, LoadKey); err != nil { log.Fatal(err) } } } }