func main() { options.Parse() if *options.String["config"] != "" && !*options.Bool["init"] { err := options.Load(*options.String["config"]) options.FailIf(err, "Can't load configuration") } fmt.Println("Cloudproxy HTTPS Server") if tao.Parent() == nil { options.Fail(nil, "can't continue: no host Tao available") } self, err := tao.Parent().GetTaoName() options.FailIf(err, "Can't get Tao name") // TODO(kwalsh) extend tao name with operating mode and policy addr := net.JoinHostPort(*options.String["host"], *options.String["port"]) cpath := *options.String["config"] kdir := *options.String["keys"] if kdir == "" && cpath != "" { kdir = path.Dir(cpath) } else if kdir == "" { options.Fail(nil, "Option -keys or -config is required") } docs := *options.String["docs"] if docs == "" && cpath != "" { docs = path.Join(path.Dir(cpath), "docs") } else if docs == "" { options.Fail(nil, "Option -keys or -config is required") } var keys *tao.Keys if *options.Bool["init"] { keys = taoca.GenerateKeys(name, addr, kdir) } else { keys = taoca.LoadKeys(kdir) } fmt.Printf("Configuration file: %s\n", cpath) if *options.Bool["init"] && cpath != "" { err := options.Save(cpath, "HTTPS server configuration", "persistent") options.FailIf(err, "Can't save configuration") } http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool}) http.Handle("/prin/", https.ManifestHandler{"/prin/", self.String()}) http.Handle("/", http.FileServer(https.LoggingFilesystem{http.Dir(docs)})) fmt.Printf("Listening at %s using HTTPS\n", addr) err = tao.ListenAndServeTLS(addr, keys) options.FailIf(err, "can't listen and serve") fmt.Println("Server Done") }
func main() { options.Parse() if *options.String["config"] != "" && !*options.Bool["init"] { err := options.Load(*options.String["config"]) options.FailIf(err, "Can't load configuration") } fmt.Println("Cloudproxy HTTPS Netlog Viewer") if tao.Parent() == nil { options.Fail(nil, "can't continue: no host Tao available") } // TODO(kwalsh) extend tao name with operating mode and policy addr := net.JoinHostPort(*options.String["host"], *options.String["port"]) cpath := *options.String["config"] kdir := *options.String["keys"] if kdir == "" && cpath != "" { kdir = path.Dir(cpath) } else if kdir == "" { options.Fail(nil, "Option -keys or -config is required") } var keys *tao.Keys if *options.Bool["init"] { keys = taoca.GenerateKeys(name, addr, kdir) } else { keys = taoca.LoadKeys(kdir) } fmt.Printf("Configuration file: %s\n", cpath) if *options.Bool["init"] && cpath != "" { err := options.Save(cpath, "Cloudproxy HTTPS netlog viewer configuration", "persistent") options.FailIf(err, "Can't save configuration") } http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool}) http.Handle("/index.html", http.RedirectHandler("/", 301)) http.HandleFunc("/", netlog_show) fmt.Printf("Listening at %s using HTTPS\n", addr) err := tao.ListenAndServeTLS(addr, keys) options.FailIf(err, "can't listen and serve") fmt.Println("Server Done") }
func main() { verbose.Set(true) options.Parse() if *options.String["config"] != "" && !*options.Bool["init"] { err := options.Load(*options.String["config"]) options.FailIf(err, "Can't load configuration") } if *options.Bool["init"] { cpath := *options.String["config"] if cpath == "" { options.Fail(nil, "Option -init requires option -config") } fmt.Println("Initializing configuration file: " + cpath) err := options.Save(cpath, "Tao rendezvous configuration", "persistent") options.FailIf(err, "Can't save configuration") } fmt.Println("Cloudproxy Rendezvous Service") if tao.Parent() == nil { options.Fail(nil, "can't continue: no host Tao available") } allowAnon = *options.Bool["anon"] manualMode = *options.Bool["manual"] fcfsMode = *options.Bool["fcfs"] addr := *options.String["addr"] netlog.Log("rendezvous: init") netlog.Log("rendezvous: allow anon? %v", allowAnon) netlog.Log("rendezvous: manual? %v", manualMode) netlog.Log("rendezvous: fcfs? %v", fcfsMode) netlog.Log("rendezvous: addr = %v", addr) // TODO(kwalsh) extend tao name with operating mode and policy err := tao.NewOpenServer(tao.ConnHandlerFunc(doResponses)).ListenAndServe(addr) options.FailIf(err, "server died") netlog.Log("rendezvous: done") }
func main() { verbose.Set(true) options.Parse() profiling.ProfilePath = *options.String["profile"] if !verbose.Enabled { taoca.ConfirmNames = false } if *options.String["config"] != "" && !*options.Bool["init"] { err := options.Load(*options.String["config"]) options.FailIf(err, "Can't load configuration") } fmt.Println("https/tls Certificate Authority") manualMode = *options.Bool["manual"] learnMode = *options.Bool["learn"] if !manualMode && tao.Parent() == nil { options.Fail(nil, "can't continue: automatic mode, but no host Tao available") } if *options.Bool["root"] == (*options.String["subsidiary"] != "") { options.Usage("must supply exactly one of -root or -subsidiary options") } host := *options.String["host"] port := *options.String["port"] addr := net.JoinHostPort(host, port) // TODO(kwalsh) extend tao name with operating mode and policy cpath := *options.String["config"] kdir := *options.String["keys"] if kdir == "" && cpath != "" { kdir = path.Dir(cpath) } else if kdir == "" { options.Fail(nil, "Option -keys or -config is required") } ppath := path.Join(kdir, "policy") var err error if *options.Bool["init"] { if cpath != "" { err := options.Save(cpath, "HTTPS/TLS certificate authority configuration", "persistent") options.FailIf(err, "Can't save configuration") } fmt.Println("" + "Initializing fresh HTTP/TLS CA signing key. Provide the following information,\n" + "to be include in the CA's own x509 certificate. Leave the response blank to\n" + "accept the default value.\n" + "\n" + "Configuration file: " + cpath + "\n" + "Keys directory: " + kdir + "\n") var caName *pkix.Name if taoca.ConfirmNames { if *options.Bool["root"] { caName = taoca.ConfirmName(caRootName) } else { caName = taoca.ConfirmName(caSubsidiaryName) } } else { if *options.Bool["root"] { caName = caRootName } else { caName = caSubsidiaryName } } if manualMode { pwd := options.Password("Choose an HTTPS/TLS CA signing key password", "pass") caKeys, err = tao.InitOnDiskPBEKeys(tao.Signing, pwd, kdir, caName) tao.ZeroBytes(pwd) } else { caKeys, err = tao.InitOnDiskTaoSealedKeys(tao.Signing, caName, tao.Parent(), kdir, tao.SealPolicyDefault) } options.FailIf(err, "Can't initialize fresh HTTPS/TLS CA signing key") if *options.Bool["root"] { fmt.Printf(""+ "Note: To install this CA's key in the Chrome browser, go to\n"+ " 'Settings', 'Show advanced settings...', 'Manage Certificates...', 'Authorities'\n"+ " then import the following file:\n"+ " %s\n"+ " Select 'Trust this certificate for identifying websites' and/or other\n"+ " options, then click 'OK'\n", caKeys.X509Path("default")) } else { csr := taoca.NewCertificateSigningRequest(caKeys.VerifyingKey, caName) *csr.IsCa = true srv := *options.String["subsidiary"] taoca.DefaultServerName = srv taoca.SubmitAndInstall(caKeys, csr) } if !manualMode { f, err := os.Open(ppath) if err == nil { f.Close() fmt.Printf("Using existing certificate-granting policy: %s\n", ppath) } else { fmt.Printf("Creating default certificate-granting policy: %s\n", ppath) fmt.Printf("Edit that file to define the certificate-granting policy.\n") err := util.WritePath(ppath, []byte(policy.Default), 0755, 0755) options.FailIf(err, "Can't save policy rules") } } } else { if manualMode { pwd := options.Password("HTTPS/TLS CA signing key password", "pass") caKeys, err = tao.LoadOnDiskPBEKeys(tao.Signing, pwd, kdir) tao.ZeroBytes(pwd) } else { caKeys, err = tao.LoadOnDiskTaoSealedKeys(tao.Signing, tao.Parent(), kdir, tao.SealPolicyDefault) } options.FailIf(err, "Can't load HTTP/TLS CA signing key") } netlog.Log("https_ca: start") netlog.Log("https_ca: manual? %v", manualMode) if !manualMode { guard, err = policy.Load(ppath) options.FailIf(err, "Can't load certificate-granting policy") } var prin auth.Prin if tao.Parent() != nil { prin, err = tao.Parent().GetTaoName() options.FailIf(err, "Can't get tao name") } else { rendezvous.DefaultServer.Connect(caKeys) prin = caKeys.SigningKey.ToPrincipal() } name := *options.String["name"] if name != "" { err = rendezvous.Register(rendezvous.Binding{ Name: proto.String(name), Host: proto.String(host), Port: proto.String(port), Protocol: proto.String("protoc/rpc/https_ca"), Principal: proto.String(prin.String()), }) options.FailIf(err, "Can't register with rendezvous service") } statsdelay := *options.String["stats"] var srv *tao.Server if statsdelay != "" { go profiling.ShowStats(&stats, statsdelay, "sign certificates") srv = tao.NewOpenServer(tao.ConnHandlerFunc(doResponseWithStats)) } else { srv = tao.NewOpenServer(tao.ConnHandlerFunc(doResponseWithoutStats)) } srv.Keys = caKeys fmt.Printf("Listening at %s using Tao-authenticated channels\n", addr) err = srv.ListenAndServe(addr) options.FailIf(err, "server died") fmt.Println("Server Done") netlog.Log("https_ca: done") }