Updates for TLS: reading from encrypted PEM file & hostname fix (#742)

* tls fixes

* updating test

* update to support linux as well

* update to support linux and windows

* remove old test file

* pushing minor changes

Author: aegal

cns/configuration/cns_config.json

@@ -18,6 +18,6 @@
     "UseHTTPS" : false,
     "TLSSubjectName" : "",
     "TLSCertificatePath" : "",
-    "TLSEndpoint" : "localhost:10091",
+    "TLSPort" : "10091",
     "WireserverIP": "168.63.129.16"
 }

cns/configuration/configuration.go

@@ -23,7 +23,7 @@ type CNSConfig struct {
 	UseHTTPS           bool
 	TLSSubjectName     string
 	TLSCertificatePath string
-	TLSEndpoint        string
+	TLSPort            string
 	WireserverIP       string
 }
 

cns/service.go

@@ -6,6 +6,7 @@ package cns
 import (
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/Azure/azure-container-networking/cns/common"
 	acn "github.com/Azure/azure-container-networking/common"
@@ -68,7 +69,12 @@ func (service *Service) Initialize(config *common.ServiceConfig) error {
 		if err != nil {
 			return err
 		}
-		if config.TlsSettings.TLSEndpoint != "" {
+		if config.TlsSettings.TLSPort != "" {
+			// listener.URL.Host will always be hostname:port, passed in to CNS via CNS command
+			// else it will default to localhost
+			// extract hostname and override tls port.
+			hostParts := strings.Split(listener.URL.Host, ":")
+			config.TlsSettings.TLSEndpoint = hostParts[0] + ":" + config.TlsSettings.TLSPort
 			// Start the listener and HTTP and HTTPS server.
 			if err = listener.StartTLS(config.ErrChan, config.TlsSettings); err != nil {
 				return err

cns/service/main.go

@@ -484,7 +484,7 @@ func main() {
 			config.TlsSettings = localtls.TlsSettings{
 				TLSSubjectName:     cnsconfig.TLSSubjectName,
 				TLSCertificatePath: cnsconfig.TLSCertificatePath,
-				TLSEndpoint:        cnsconfig.TLSEndpoint,
+				TLSPort:            cnsconfig.TLSPort,
 			}
 		}
 

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/Masterminds/semver v1.5.0
 	github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5
 	github.com/Microsoft/hcsshim v0.8.10-0.20200506181021-222e9efadbe0
+	github.com/billgraziano/dpapi v0.3.0
 	github.com/containernetworking/cni v0.7.0-rc2
 	github.com/docker/libnetwork v0.5.6
 	github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 // indirect
@@ -26,9 +27,9 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.3.2
 	go.opencensus.io v0.22.2 // indirect
-	golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975
+	golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 // indirect
 	golang.org/x/net v0.0.0-20191112182307-2180aed22343 // indirect
-	golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e
+	golang.org/x/sys v0.0.0-20200828161417-c663848e9a16
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
 	google.golang.org/appengine v1.6.5 // indirect
 	k8s.io/api v0.18.2

go.sum

@@ -46,6 +46,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/billgraziano/dpapi v0.3.0 h1:mZ9No/GUuYpgE1X3CEFeKM2TkIPYkEluCrAALfes4Co=
+github.com/billgraziano/dpapi v0.3.0/go.mod h1:gi1Lin0jvovT53j0EXITkY6UPb3hTfI92POaZgj9JBA=
 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
@@ -482,6 +484,8 @@ golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200828161417-c663848e9a16 h1:54u1berWyLujz9htI1BHtZpcCEYaYNUSDFLXMNDd7To=
+golang.org/x/sys v0.0.0-20200828161417-c663848e9a16/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200922070232-aee5d888a860 h1:YEu4SMq7D0cmT7CBbXfcH0NZeuChAXwsHe/9XueUO6o=
 golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=