Skip to content
Snippets Groups Projects
Unverified Commit 5bb52dbf authored by Max Adamo's avatar Max Adamo
Browse files

use os.Rename to put certs in place

parent ce4b75f7
No related branches found
No related tags found
No related merge requests found
...@@ -7,6 +7,7 @@ import ( ...@@ -7,6 +7,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"os/user"
"path/filepath" "path/filepath"
"runtime" "runtime"
"strconv" "strconv"
...@@ -24,6 +25,7 @@ var ( ...@@ -24,6 +25,7 @@ var (
CertBase string CertBase string
KeyBase string KeyBase string
GroupName string GroupName string
GroupID int
RedisBaseURL string RedisBaseURL string
VaultBaseURL string VaultBaseURL string
certificateDestination string certificateDestination string
...@@ -209,12 +211,11 @@ func GetVaultKey(vaulturl string, vaulttoken string) string { ...@@ -209,12 +211,11 @@ func GetVaultKey(vaulturl string, vaulttoken string) string {
} }
// create directory structure and write certificate to file // create directory structure and write certificate to file
func WriteToFile(content string, destination string, groupname string, filemode os.FileMode, dirmode os.FileMode) { func WriteToFile(content string, destination string, filemode os.FileMode) {
baseDir := filepath.Dir(destination) baseDir := filepath.Dir(destination)
if _, err := os.Stat(baseDir); os.IsNotExist(err) { if _, err := os.Stat(baseDir); os.IsNotExist(err) {
os.MkdirAll(baseDir, 0755) os.MkdirAll(baseDir, 0755)
} }
os.Chmod(baseDir, dirmode)
file, err := os.OpenFile(destination, os.O_WRONLY|os.O_CREATE, filemode) file, err := os.OpenFile(destination, os.O_WRONLY|os.O_CREATE, filemode)
if err != nil { if err != nil {
...@@ -226,6 +227,27 @@ func WriteToFile(content string, destination string, groupname string, filemode ...@@ -226,6 +227,27 @@ func WriteToFile(content string, destination string, groupname string, filemode
file.Close() file.Close()
} }
// move temp file to destination
func moveFile(source string, destination string, groupid int, filemode os.FileMode, dirmode os.FileMode) {
baseDir := filepath.Dir(destination)
if _, err := os.Stat(baseDir); os.IsNotExist(err) {
os.MkdirAll(baseDir, 0755)
}
err := os.Rename(source, destination)
if err != nil {
fmt.Printf("[ERR] Fail to install %v: %v\n", destination, err)
appExit(255)
}
if runtime.GOOS != "windows" {
err = os.Chown(destination, 0, groupid)
if err != nil {
fmt.Printf("[ERR] Changing file owner to %v", groupid)
appExit(255)
}
}
fmt.Printf("[INFO] installed: %v\n", destination)
}
// ReadOSRelease from /etc/os-release // ReadOSRelease from /etc/os-release
func ReadOSRelease(configfile string) map[string]string { func ReadOSRelease(configfile string) map[string]string {
ConfigParams := make(map[string]string) ConfigParams := make(map[string]string)
...@@ -283,7 +305,7 @@ Options: ...@@ -283,7 +305,7 @@ Options:
--redis-token=REDISTOKEN Redis access token --redis-token=REDISTOKEN Redis access token
--vault-token=VAULTTOKEN Vault access token --vault-token=VAULTTOKEN Vault access token
--cert-name=CERTNAME Certificate name --cert-name=CERTNAME Certificate name
--team-name=TEAMNAME Team name: swd, dream_team, it, ne, ti... --team-name=TEAMNAME Team name: swd, it, ne, ti...
--days=DAYS Days before expiration [default: 30] --days=DAYS Days before expiration [default: 30]
--type=TYPE Type, EV or OV [default: EV] --type=TYPE Type, EV or OV [default: EV]
--cert-destination=CERTDESTINATION Cert Destination [default: %v/<cert-name>.crt] --cert-destination=CERTDESTINATION Cert Destination [default: %v/<cert-name>.crt]
...@@ -304,11 +326,18 @@ Options: ...@@ -304,11 +326,18 @@ Options:
tmpFullchainDestination = "C:\\tmp\\acme-downloader\\cert\\amce_fullchain.pem" tmpFullchainDestination = "C:\\tmp\\acme-downloader\\cert\\amce_fullchain.pem"
tmpCaDestination = "C:\\tmp\\acme-downloader\\cert\\amce_ca.pem" tmpCaDestination = "C:\\tmp\\acme-downloader\\cert\\amce_ca.pem"
tmpKeyDestination = "C:\\tmp\\acme-downloader\\key\\amce_key.pem" tmpKeyDestination = "C:\\tmp\\acme-downloader\\key\\amce_key.pem"
GroupID = 0 // just a fake one
} else { } else {
tmpCertificateDestination = "/tmp/acme-downloader/cert/amce_cert.pem" tmpCertificateDestination = "/tmp/acme-downloader/cert/amce_cert.pem"
tmpFullchainDestination = "/tmp/acme-downloader/cert/amce_fullchain.pem" tmpFullchainDestination = "/tmp/acme-downloader/cert/amce_fullchain.pem"
tmpCaDestination = "/tmp/acme-downloader/cert/amce_ca.pem" tmpCaDestination = "/tmp/acme-downloader/cert/amce_ca.pem"
tmpKeyDestination = "/tmp/acme-downloader/key/amce_key.pem" tmpKeyDestination = "/tmp/acme-downloader/key/amce_key.pem"
group, groupErr := user.LookupGroup(GroupName)
if groupErr != nil {
fmt.Printf("[ERR] Fail looking up %v user user info", GroupName)
appExit(255)
}
GroupID, _ = strconv.Atoi(group.Gid)
} }
VaultToken := arguments["--vault-token"].(string) VaultToken := arguments["--vault-token"].(string)
...@@ -330,9 +359,7 @@ Options: ...@@ -330,9 +359,7 @@ Options:
RedisCAURL := fmt.Sprintf("%v/%v:%v:redis_%v_chain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUndercored) RedisCAURL := fmt.Sprintf("%v/%v:%v:redis_%v_chain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUndercored)
RedisFullChainURL := fmt.Sprintf("%v/%v:%v:redis_%v_fullchain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUndercored) RedisFullChainURL := fmt.Sprintf("%v/%v:%v:redis_%v_fullchain_pem.txt", RedisBaseURL, TeamName, CertName, CertNameUndercored)
// fmt.Println(filepath.Join("a", "b", "c"))
if arguments["--cert-destination"] == fmt.Sprintf(filepath.Join(CertBase, "<cert-name>.crt")) { if arguments["--cert-destination"] == fmt.Sprintf(filepath.Join(CertBase, "<cert-name>.crt")) {
// certificateDestination = fmt.Sprintf("%v/%v.crt", CertBase, CertName)
certificateDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v.crt", CertName))) certificateDestination = fmt.Sprintf(filepath.Join(CertBase, fmt.Sprintf("%v.crt", CertName)))
} else { } else {
certificateDestination = arguments["--cert-destination"].(string) certificateDestination = arguments["--cert-destination"].(string)
...@@ -365,22 +392,18 @@ Options: ...@@ -365,22 +392,18 @@ Options:
privKey := GetVaultKey(VaultURL, VaultToken) privKey := GetVaultKey(VaultURL, VaultToken)
// download and test certificates on a temporary location // download and test certificates on a temporary location
WriteToFile(certificate, tmpCertificateDestination, GroupName, 0644, 0755) WriteToFile(certificate, tmpCertificateDestination, 0644)
WriteToFile(fullChain, tmpFullchainDestination, GroupName, 0644, 0755) WriteToFile(fullChain, tmpFullchainDestination, 0644)
WriteToFile(ca, tmpCaDestination, GroupName, 0644, 0755) WriteToFile(ca, tmpCaDestination, 0644)
WriteToFile(privKey, tmpKeyDestination, GroupName, 0640, 0750) WriteToFile(privKey, tmpKeyDestination, 0640)
checkCerificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, true) checkCerificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, true)
WriteToFile(certificate, certificateDestination, GroupName, 0644, 0755) // move certificates in place
WriteToFile(fullChain, fullchainDestination, GroupName, 0644, 0755) moveFile(tmpCertificateDestination, certificateDestination, GroupID, 0644, 0755)
WriteToFile(ca, caDestination, GroupName, 0644, 0755) moveFile(tmpFullchainDestination, fullchainDestination, GroupID, 0644, 0755)
WriteToFile(privKey, keyDestination, GroupName, 0640, 0750) moveFile(tmpCaDestination, caDestination, GroupID, 0644, 0755)
moveFile(tmpKeyDestination, keyDestination, GroupID, 0640, 0750)
fmt.Printf("[INFO] installed: %v\n", certificateDestination)
fmt.Printf("[INFO] installed: %v\n", caDestination)
fmt.Printf("[INFO] installed: %v\n", fullchainDestination)
fmt.Printf("[INFO] installed: %v\n", keyDestination)
// Exit 1 means application needs to be reloaded // Exit 1 means application needs to be reloaded
appExit(1) appExit(1)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment