inital commit

devx · devx · commit 9b24551823d0 · 2016-06-13T18:10:45.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+docker-compose.env
+cmd/mediatord/certify
+builds/Darwin/certify
diff --git a/Makefile b/Makefile
@@ -0,0 +1,37 @@
+BUILD_FLAGS :=  "-s -w"
+SYSTEM = `uname -s`
+default: clean build
+
+linux-binary:
+	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags $(BUILD_FLAGS) -o builds/Linux/certify cmd/certify/main.go
+
+osx-binary:
+	@CGO_ENABLED=0 GOOS=darwin go build -a -installsuffix cgo  -ldflags $(BUILD_FLAGS) -o builds/Darwin/certify cmd/certify/main.go
+
+build:
+	@go build -a -ldflags $(BUILD_FLAGS) -o builds/$(SYSTEM)/certify cmd/certify/main.go
+
+install: build mv-bin
+
+mv-bin:
+	@cp builds/${SYSTEM}/certify ${GOPATH}/bin/
+
+clean:
+	rm -f cmd/certify/certify
+	rm -f builds/Darwin/certify
+	rm -f builds/Linux/certify
+
+restore:
+	godep restore
+
+depsave:
+	rm -f Godeps/Godeps.json
+	godep save
+
+test:
+	go test -cover ./...
+
+container: clean linux-binary
+	docker build -t quay.io/devx/certify:latest .
+
+release: clean restore test osx-binary linux-binary
diff --git a/builds/Darwin/.deleteme b/builds/Darwin/.deleteme
diff --git a/builds/Linux/.deleteme b/builds/Linux/.deleteme
diff --git a/cmd/certify/main.go b/cmd/certify/main.go
@@ -0,0 +1,172 @@
+package main
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+)
+
+var (
+	url       = flag.String("url", "https://localhost", "CFSSL URL")
+	username  = flag.String("user", "", "user name to use for basic auth")
+	password  = flag.String("password", "", "password to use for basic auth")
+	verifySSL = flag.Bool("verifySSL", true, "Verify certificate chain")
+	certType  = flag.String("type", "client-server", "The certificatle type to request: server, client, client-server")
+	certName  = flag.String("name", "", "Only used for client certificates, for server and client-server we use the hostname as the identifier.")
+	caCertURL = flag.String("ca_cert_url", "", "Specify an url where to downlaod the CA's certificate")
+	dir       = flag.String("dir", "/etc/certificates", "directory where to store the certificates")
+	force     = flag.Bool("force", false, "If certificates exist, overwrite them by requesting new certificates")
+)
+
+func main() {
+
+	flag.Parse()
+
+	if ok := reqClientCert(); !ok {
+		log.Fatal("Failed to get retrieve a new certificate from cfssl")
+	}
+	os.Exit(0)
+}
+
+func reqClientCert() bool {
+	log.Println("Requesting New certificates")
+	jsonStr := ""
+
+	hostname, _ := os.Hostname()
+
+	switch *certType {
+	case "client":
+		if _, err := os.Stat(fmt.Sprintf("%s/%s.pem", *dir, *certName)); err == nil {
+			if !*force {
+				fmt.Println("File already exists exiting")
+				os.Exit(0)
+			}
+		}
+		jsonStr = fmt.Sprintf("{ \"profile\": \"%s\", \"request\": { \"CN\": \"%s\", \"hosts\": [\"\"], \"key\": { \"algo\": \"rsa\", \"size\": 2048 }, \"names\": [ { \"C\": \"US\", \"L\": \"San Antonio\", \"O\": \"test\", \"OU\": \"kumoru.org\", \"ST\": \"Texas\" } ] } } ", *certType, *certName)
+	case "server", "client-server":
+		if _, err := os.Stat(fmt.Sprintf("%s/%s.pem", *dir, hostname)); err == nil {
+			if !*force {
+				fmt.Println("File already exists exiting")
+				os.Exit(0)
+			}
+		}
+		jsonStr = fmt.Sprintf("{ \"profile\": \"%s\", \"request\": { \"CN\": \"%s\", \"hosts\": [\"%s\"], \"key\": { \"algo\": \"rsa\", \"size\": 2048 }, \"names\": [ { \"C\": \"US\", \"L\": \"San Antonio\", \"O\": \"test\", \"OU\": \"kumoru.org\", \"ST\": \"Texas\" } ] } } ", *certType, hostname, hostname)
+	}
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			MaxVersion:         tls.VersionTLS11,
+			InsecureSkipVerify: *verifySSL,
+		},
+	}
+
+	user := ""
+	pass := ""
+
+	if os.Getenv("CFSSL_USERNAME") != "" {
+		user = os.Getenv("CFSSL_USERNAME")
+		pass = os.Getenv("CFSSL_PASSWORD")
+	}
+
+	if *username != "" {
+		user = *username
+		pass = *password
+	}
+
+	if !strings.Contains("https", *url) {
+		fmt.Println("Please provide an https url")
+		os.Exit(1)
+	}
+
+	req, _ := http.NewRequest("POST", "https://ca.kumoru.org/api/v1/cfssl/newcert",
+		bytes.NewBuffer([]byte(jsonStr))) // TODO: Replace host with variable
+
+	if user != "" {
+		req.SetBasicAuth(user, pass)
+	}
+
+	client := &http.Client{Transport: tr}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Printf("%s\n", err)
+		os.Exit(1)
+	}
+	body, _ := ioutil.ReadAll(resp.Body)
+	defer resp.Body.Close()
+
+	r := new(CfsslResponse)
+	if err = json.Unmarshal(body, &r); err != nil {
+		log.Fatal("Failed to generage CFSLL Certificate")
+	}
+
+	fmt.Printf("CFSSL response: %+v\n", r)
+
+	if err := ioutil.WriteFile("/etc/certificates/client.pem", []byte(r.Result.Certificate), 0644); err != nil {
+		return false
+	}
+	if err := ioutil.WriteFile("/etc/certificates/client-key.pem", []byte(r.Result.PrivateKey), 0644); err != nil {
+		return false
+	}
+
+	if getCAcert() != nil {
+		return false
+	}
+
+	return true
+}
+
+func getCAcert() error {
+	caURL := ""
+
+	if os.Getenv("CA_CERT_URL") != "" {
+		caURL = os.Getenv("CA_CERT_URL")
+	}
+
+	if *caCertURL != "" {
+		caURL = *caCertURL
+
+	}
+
+	if caURL == "" {
+		return nil
+	}
+
+	resp, err := http.Get(os.Getenv("CA_CERT_URL")) // TODO: Replace host with variable
+	if err != nil {
+		panic(err.Error())
+	}
+	body, _ := ioutil.ReadAll(resp.Body)
+	defer resp.Body.Close()
+
+	return ioutil.WriteFile("/etc/certificates/ca.pem", body, 0644)
+
+}
+
+// CfsslResponse struct
+type CfsslResponse struct {
+	Success bool `json:"success"`
+	Result  struct {
+		Certificate        string `json:"certificate"`
+		CertificateRequest string `json:"certificate_request"`
+		PrivateKey         string `json:"private_key"`
+		Sums               struct {
+			Certificate struct {
+				Md5  string `json:"md5"`
+				Sha1 string `json:"sha-1"`
+			} `json:"certificate"`
+			CertificateRequest struct {
+				Md5  string `json:"md5"`
+				Sha1 string `json:"sha-1"`
+			} `json:"certificate_request"`
+		} `json:"sums"`
+	} `json:"result"`
+	Errors   []interface{} `json:"errors"`
+	Messages []interface{} `json:"messages"`
+}
diff --git a/test b/test
@@ -0,0 +1 @@
+client one http://192.123.12.123:2379 client two http://192.123.12.123:2379, client 3 http://192.123.12.123:2379

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+docker-compose.env`
	`2`	`+cmd/mediatord/certify`
	`3`	`+builds/Darwin/certify`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+client one http://192.123.12.123:2379 client two http://192.123.12.123:2379, client 3 http://192.123.12.123:2379`