diff --git a/main.go b/main.go
index 370dc62b62e2bc53e7a7bc08ee4a7ea40cc19fb2..53b0d74ba6e65fa0e4bacaca482aa6a07bc94dde 100644
--- a/main.go
+++ b/main.go
@@ -5,7 +5,6 @@ import (
"encoding/pem"
"fmt"
"io/ioutil"
- "log"
"net/http"
"os"
"path/filepath"
@@ -43,7 +42,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
certPEM, err := ioutil.ReadFile(certificate)
if err != nil {
if fail == true {
- log.Fatal(err)
+ fmt.Printf("[ERROR] %v\n", err)
+ os.Exit(255)
} else {
return false
}
@@ -52,7 +52,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
certFullchainPEM, err := ioutil.ReadFile(fullchain)
if err != nil {
if fail == true {
- log.Fatal(err)
+ fmt.Printf("[ERROR] %v\n", err)
+ os.Exit(255)
} else {
return false
}
@@ -61,7 +62,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
rootPEM, err := ioutil.ReadFile(ca)
if err != nil {
if fail == true {
- log.Fatal(err)
+ fmt.Printf("[ERROR] %v\n", err)
+ os.Exit(255)
} else {
return false
}
@@ -71,7 +73,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
if fail == true {
- panic("failed to parse root certificate")
+ fmt.Printf("[ERROR] failed to parse root certificate\n")
+ os.Exit(255)
} else {
return false
}
@@ -80,7 +83,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
if fail == true {
- panic("failed to parse certificate PEM")
+ fmt.Printf("[ERROR] failed to parse certificate PEM\n")
+ os.Exit(255)
} else {
return false
}
@@ -88,7 +92,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
if fail == true {
- panic("failed to parse certificate: " + err.Error())
+ fmt.Printf("[ERROR] failed to parse certificate %v\n", err)
+ os.Exit(255)
} else {
return false
}
@@ -97,7 +102,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
fullchainBlock, _ := pem.Decode([]byte(certFullchainPEM))
if fullchainBlock == nil {
if fail == true {
- panic("failed to parse certificate PEM")
+ fmt.Printf("[ERROR] failed to parse certificate PEM\n")
+ os.Exit(255)
} else {
return false
}
@@ -105,7 +111,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
fullchainCert, fullchainErr := x509.ParseCertificate(fullchainBlock.Bytes)
if fullchainErr != nil {
if fail == true {
- panic("failed to parse certificate: " + fullchainErr.Error())
+ fmt.Printf("[ERROR] failed to parse certificate %v\n", fullchainErr)
+ os.Exit(255)
} else {
return false
}
@@ -120,14 +127,15 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
if _, err := cert.Verify(opts); err != nil {
if fail == true {
- panic("failed to verify certificate: " + err.Error())
+ fmt.Printf("[ERROR] failed to parse certificate %v\n", err.Error())
+ os.Exit(255)
} else {
return false
}
}
if _, fullchainErr := fullchainCert.Verify(opts); fullchainErr != nil {
if fail == true {
- panic("failed to verify certificate: " + fullchainErr.Error())
+ fmt.Printf("[ERROR] failed to parse certificate %v\n", err.Error())
} else {
return false
}
@@ -139,19 +147,33 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
// get redis key
func GetRedisKey(redisurl string, redistoken string) string {
client := &http.Client{}
-
req, err := http.NewRequest("GET", redisurl, nil)
req.SetBasicAuth("redis", redistoken)
resp, err := client.Do(req)
body, err := ioutil.ReadAll(resp.Body)
defer resp.Body.Close()
-
if err != nil {
- log.Fatalf("[ERROR] Fail to read %v: %v", redisurl, err)
+ fmt.Printf("[ERROR] Fail to read %v: %v\n", redisurl, err)
+ os.Exit(255)
}
return fmt.Sprintf(string(body))
}
+// get Vault key
+func GetVaultKey(vaulturl string, vaulttoken string) string {
+ vaultClient := &http.Client{}
+ req, err := http.NewRequest("GET", vaulturl, nil)
+ req.Header.Add("X-vault-token", vaulttoken)
+ resp, err := vaultClient.Do(req)
+ body, err := ioutil.ReadAll(resp.Body)
+ defer resp.Body.Close()
+ if err != nil {
+ fmt.Printf("[ERROR] Fail to read %v: %v\n", vaulturl, err)
+ os.Exit(255)
+ }
+ return gjson.Get(string(body), "data.value").String()
+}
+
// create directory structure and write certificate to file
func WriteToFile(content string, destination string, groupname string, filemode os.FileMode, dirmode os.FileMode) {
baseDir := filepath.Dir(destination)
@@ -162,7 +184,8 @@ func WriteToFile(content string, destination string, groupname string, filemode
file, err := os.OpenFile(destination, os.O_WRONLY|os.O_CREATE, filemode)
if err != nil {
- log.Fatalf("[ERROR] %v cannot be created", destination)
+ fmt.Printf("[ERROR] %v cannot be created\n", destination)
+ os.Exit(255)
}
fmt.Fprintf(file, "%v\n", content)
@@ -171,14 +194,14 @@ func WriteToFile(content string, destination string, groupname string, filemode
// ReadOSRelease from /etc/os-release
func ReadOSRelease(configfile string) map[string]string {
+ ConfigParams := make(map[string]string)
cfg, err := ini.Load(configfile)
if err != nil {
- log.Fatal("[ERROR] Fail to read file: ", err)
+ ConfigParams["ID"] = "unknown"
+ } else {
+ ConfigParams["ID"] = cfg.Section("").Key("ID").String()
}
- ConfigParams := make(map[string]string)
- ConfigParams["ID"] = cfg.Section("").Key("ID").String()
-
return ConfigParams
}
@@ -198,8 +221,10 @@ func main() {
CertBase = "/etc/ssl/certs"
KeyBase = "/etc/ssl/private"
GroupName = "root"
- } else {
- log.Fatalf("don't know what to do with OS: %v", OSRelease)
+ } else if OSRelease == "unknown" {
+ CertBase = "/PATH/TO/CERTIFICATE"
+ KeyBase = "/PATH/TO/PRIV/KEY"
+ GroupName = "root"
}
usage := fmt.Sprintf(`ACME Downloader:
@@ -245,7 +270,8 @@ Options:
DayString := arguments["--days"].(string)
Days, daysErr := strconv.Atoi(DayString)
if daysErr != nil {
- log.Fatal("Days mut be an integer")
+ fmt.Printf("Days mut be an integer\n")
+ os.Exit(255)
}
RedisBaseURL = "https://redis.geant.org/GET"
VaultBaseURL = "https://vault.geant.org/v1"
@@ -280,37 +306,29 @@ Options:
keyDestination = arguments["--key-destination"].(string)
}
- // checkCerificates(dnsname string, certificate string, fullchain string, ca string, key string, fail bool)
// check if there is a certificate installed and it is valid
existingCert := checkCerificates(CertName, certificateDestination, fullchainDestination, caDestination, keyDestination, Days, false)
if existingCert == true {
- fmt.Printf("the certificates are still valid")
+ fmt.Printf("the certificates are still valid\n")
os.Exit(0)
}
certificate := GetRedisKey(RedisCertURL, RedisToken)
ca := GetRedisKey(RedisCAURL, RedisToken)
fullChain := GetRedisKey(RedisFullChainURL, RedisToken)
-
- // get Vault key
- vaultClient := &http.Client{}
- vaultReq, err := http.NewRequest("GET", VaultURL, nil)
- vaultReq.Header.Add("X-vault-token", VaultToken)
- vaultResp, err := vaultClient.Do(vaultReq)
- vaultBody, err := ioutil.ReadAll(vaultResp.Body)
- defer vaultResp.Body.Close()
- if err != nil {
- log.Fatalf("Fail to read %v: %v", VaultURL, err)
- }
- privKey := gjson.Get(string(vaultBody), "data.value").String()
+ privKey := GetVaultKey(VaultURL, VaultToken)
WriteToFile(certificate, tmpCertificateDestination, GroupName, 0644, 0755)
WriteToFile(fullChain, tmpFullchainDestination, GroupName, 0644, 0755)
WriteToFile(ca, tmpCaDestination, GroupName, 0644, 0755)
WriteToFile(privKey, tmpKeyDestination, GroupName, 0640, 0750)
+ tempCertSlice := []string{tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination}
newCert := checkCerificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, false)
if newCert == false {
- log.Fatalf("the certificates are malformed. Skippping installation")
- os.Exit(0)
+ fmt.Printf("the certificates are malformed. Skippping installation\n")
+ for _, element := range tempCertSlice {
+ os.Remove(element)
+ }
+ os.Exit(255)
}
WriteToFile(certificate, certificateDestination, GroupName, 0644, 0755)