Skip to content
Snippets Groups Projects
Unverified Commit d5b32cc8 authored by Max Adamo's avatar Max Adamo
Browse files

minor

parent 25fd02a9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 56 additions and 38 deletions
main.go
+ 56
38
View file @ d5b32cc8
...@@ -5,7 +5,6 @@ import ( ...@@ -5,7 +5,6 @@ import (
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
...@@ -43,7 +42,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -43,7 +42,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
certPEM, err := ioutil.ReadFile(certificate) certPEM, err := ioutil.ReadFile(certificate)
if err != nil { if err != nil {
if fail == true { if fail == true {
log.Fatal(err) fmt.Printf("[ERROR] %v\n", err)
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -52,7 +52,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -52,7 +52,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
certFullchainPEM, err := ioutil.ReadFile(fullchain) certFullchainPEM, err := ioutil.ReadFile(fullchain)
if err != nil { if err != nil {
if fail == true { if fail == true {
log.Fatal(err) fmt.Printf("[ERROR] %v\n", err)
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -61,7 +62,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -61,7 +62,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
rootPEM, err := ioutil.ReadFile(ca) rootPEM, err := ioutil.ReadFile(ca)
if err != nil { if err != nil {
if fail == true { if fail == true {
log.Fatal(err) fmt.Printf("[ERROR] %v\n", err)
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -71,7 +73,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -71,7 +73,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
ok := roots.AppendCertsFromPEM([]byte(rootPEM)) ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok { if !ok {
if fail == true { if fail == true {
panic("failed to parse root certificate") fmt.Printf("[ERROR] failed to parse root certificate\n")
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -80,7 +83,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -80,7 +83,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
block, _ := pem.Decode([]byte(certPEM)) block, _ := pem.Decode([]byte(certPEM))
if block == nil { if block == nil {
if fail == true { if fail == true {
panic("failed to parse certificate PEM") fmt.Printf("[ERROR] failed to parse certificate PEM\n")
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -88,7 +92,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -88,7 +92,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
cert, err := x509.ParseCertificate(block.Bytes) cert, err := x509.ParseCertificate(block.Bytes)
if err != nil { if err != nil {
if fail == true { if fail == true {
panic("failed to parse certificate: " + err.Error()) fmt.Printf("[ERROR] failed to parse certificate %v\n", err)
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -97,7 +102,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -97,7 +102,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
fullchainBlock, _ := pem.Decode([]byte(certFullchainPEM)) fullchainBlock, _ := pem.Decode([]byte(certFullchainPEM))
if fullchainBlock == nil { if fullchainBlock == nil {
if fail == true { if fail == true {
panic("failed to parse certificate PEM") fmt.Printf("[ERROR] failed to parse certificate PEM\n")
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -105,7 +111,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -105,7 +111,8 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
fullchainCert, fullchainErr := x509.ParseCertificate(fullchainBlock.Bytes) fullchainCert, fullchainErr := x509.ParseCertificate(fullchainBlock.Bytes)
if fullchainErr != nil { if fullchainErr != nil {
if fail == true { if fail == true {
panic("failed to parse certificate: " + fullchainErr.Error()) fmt.Printf("[ERROR] failed to parse certificate %v\n", fullchainErr)
os.Exit(255)
} else { } else {
return false return false
} }
...@@ -120,14 +127,15 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -120,14 +127,15 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
if _, err := cert.Verify(opts); err != nil { if _, err := cert.Verify(opts); err != nil {
if fail == true { if fail == true {
panic("failed to verify certificate: " + err.Error()) fmt.Printf("[ERROR] failed to parse certificate %v\n", err.Error())
os.Exit(255)
} else { } else {
return false return false
} }
} }
if _, fullchainErr := fullchainCert.Verify(opts); fullchainErr != nil { if _, fullchainErr := fullchainCert.Verify(opts); fullchainErr != nil {
if fail == true { if fail == true {
panic("failed to verify certificate: " + fullchainErr.Error()) fmt.Printf("[ERROR] failed to parse certificate %v\n", err.Error())
} else { } else {
return false return false
} }
...@@ -139,19 +147,33 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s ...@@ -139,19 +147,33 @@ func checkCerificates(dnsname string, certificate string, fullchain string, ca s
// get redis key // get redis key
func GetRedisKey(redisurl string, redistoken string) string { func GetRedisKey(redisurl string, redistoken string) string {
client := &http.Client{} client := &http.Client{}
req, err := http.NewRequest("GET", redisurl, nil) req, err := http.NewRequest("GET", redisurl, nil)
req.SetBasicAuth("redis", redistoken) req.SetBasicAuth("redis", redistoken)
resp, err := client.Do(req) resp, err := client.Do(req)
body, err := ioutil.ReadAll(resp.Body) body, err := ioutil.ReadAll(resp.Body)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
log.Fatalf("[ERROR] Fail to read %v: %v", redisurl, err) fmt.Printf("[ERROR] Fail to read %v: %v\n", redisurl, err)
os.Exit(255)
} }
return fmt.Sprintf(string(body)) return fmt.Sprintf(string(body))
} }
// get Vault key
func GetVaultKey(vaulturl string, vaulttoken string) string {
vaultClient := &http.Client{}
req, err := http.NewRequest("GET", vaulturl, nil)
req.Header.Add("X-vault-token", vaulttoken)
resp, err := vaultClient.Do(req)
body, err := ioutil.ReadAll(resp.Body)
defer resp.Body.Close()
if err != nil {
fmt.Printf("[ERROR] Fail to read %v: %v\n", vaulturl, err)
os.Exit(255)
}
return gjson.Get(string(body), "data.value").String()
}
// create directory structure and write certificate to file // create directory structure and write certificate to file
func WriteToFile(content string, destination string, groupname string, filemode os.FileMode, dirmode os.FileMode) { func WriteToFile(content string, destination string, groupname string, filemode os.FileMode, dirmode os.FileMode) {
baseDir := filepath.Dir(destination) baseDir := filepath.Dir(destination)
...@@ -162,7 +184,8 @@ func WriteToFile(content string, destination string, groupname string, filemode ...@@ -162,7 +184,8 @@ func WriteToFile(content string, destination string, groupname string, filemode
file, err := os.OpenFile(destination, os.O_WRONLY|os.O_CREATE, filemode) file, err := os.OpenFile(destination, os.O_WRONLY|os.O_CREATE, filemode)
if err != nil { if err != nil {
log.Fatalf("[ERROR] %v cannot be created", destination) fmt.Printf("[ERROR] %v cannot be created\n", destination)
os.Exit(255)
} }
fmt.Fprintf(file, "%v\n", content) fmt.Fprintf(file, "%v\n", content)
...@@ -171,14 +194,14 @@ func WriteToFile(content string, destination string, groupname string, filemode ...@@ -171,14 +194,14 @@ func WriteToFile(content string, destination string, groupname string, filemode
// ReadOSRelease from /etc/os-release // ReadOSRelease from /etc/os-release
func ReadOSRelease(configfile string) map[string]string { func ReadOSRelease(configfile string) map[string]string {
ConfigParams := make(map[string]string)
cfg, err := ini.Load(configfile) cfg, err := ini.Load(configfile)
if err != nil { if err != nil {
log.Fatal("[ERROR] Fail to read file: ", err) ConfigParams["ID"] = "unknown"
} else {
ConfigParams["ID"] = cfg.Section("").Key("ID").String()
} }
ConfigParams := make(map[string]string)
ConfigParams["ID"] = cfg.Section("").Key("ID").String()
return ConfigParams return ConfigParams
} }
...@@ -198,8 +221,10 @@ func main() { ...@@ -198,8 +221,10 @@ func main() {
CertBase = "/etc/ssl/certs" CertBase = "/etc/ssl/certs"
KeyBase = "/etc/ssl/private" KeyBase = "/etc/ssl/private"
GroupName = "root" GroupName = "root"
} else { } else if OSRelease == "unknown" {
log.Fatalf("don't know what to do with OS: %v", OSRelease) CertBase = "/PATH/TO/CERTIFICATE"
KeyBase = "/PATH/TO/PRIV/KEY"
GroupName = "root"
} }
usage := fmt.Sprintf(`ACME Downloader: usage := fmt.Sprintf(`ACME Downloader:
...@@ -245,7 +270,8 @@ Options: ...@@ -245,7 +270,8 @@ Options:
DayString := arguments["--days"].(string) DayString := arguments["--days"].(string)
Days, daysErr := strconv.Atoi(DayString) Days, daysErr := strconv.Atoi(DayString)
if daysErr != nil { if daysErr != nil {
log.Fatal("Days mut be an integer") fmt.Printf("Days mut be an integer\n")
os.Exit(255)
} }
RedisBaseURL = "https://redis.geant.org/GET" RedisBaseURL = "https://redis.geant.org/GET"
VaultBaseURL = "https://vault.geant.org/v1" VaultBaseURL = "https://vault.geant.org/v1"
...@@ -280,37 +306,29 @@ Options: ...@@ -280,37 +306,29 @@ Options:
keyDestination = arguments["--key-destination"].(string) keyDestination = arguments["--key-destination"].(string)
} }
// checkCerificates(dnsname string, certificate string, fullchain string, ca string, key string, fail bool)
// check if there is a certificate installed and it is valid // check if there is a certificate installed and it is valid
existingCert := checkCerificates(CertName, certificateDestination, fullchainDestination, caDestination, keyDestination, Days, false) existingCert := checkCerificates(CertName, certificateDestination, fullchainDestination, caDestination, keyDestination, Days, false)
if existingCert == true { if existingCert == true {
fmt.Printf("the certificates are still valid") fmt.Printf("the certificates are still valid\n")
os.Exit(0) os.Exit(0)
} }
certificate := GetRedisKey(RedisCertURL, RedisToken) certificate := GetRedisKey(RedisCertURL, RedisToken)
ca := GetRedisKey(RedisCAURL, RedisToken) ca := GetRedisKey(RedisCAURL, RedisToken)
fullChain := GetRedisKey(RedisFullChainURL, RedisToken) fullChain := GetRedisKey(RedisFullChainURL, RedisToken)
privKey := GetVaultKey(VaultURL, VaultToken)
// get Vault key
vaultClient := &http.Client{}
vaultReq, err := http.NewRequest("GET", VaultURL, nil)
vaultReq.Header.Add("X-vault-token", VaultToken)
vaultResp, err := vaultClient.Do(vaultReq)
vaultBody, err := ioutil.ReadAll(vaultResp.Body)
defer vaultResp.Body.Close()
if err != nil {
log.Fatalf("Fail to read %v: %v", VaultURL, err)
}
privKey := gjson.Get(string(vaultBody), "data.value").String()
WriteToFile(certificate, tmpCertificateDestination, GroupName, 0644, 0755) WriteToFile(certificate, tmpCertificateDestination, GroupName, 0644, 0755)
WriteToFile(fullChain, tmpFullchainDestination, GroupName, 0644, 0755) WriteToFile(fullChain, tmpFullchainDestination, GroupName, 0644, 0755)
WriteToFile(ca, tmpCaDestination, GroupName, 0644, 0755) WriteToFile(ca, tmpCaDestination, GroupName, 0644, 0755)
WriteToFile(privKey, tmpKeyDestination, GroupName, 0640, 0750) WriteToFile(privKey, tmpKeyDestination, GroupName, 0640, 0750)
tempCertSlice := []string{tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination}
newCert := checkCerificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, false) newCert := checkCerificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, false)
if newCert == false { if newCert == false {
log.Fatalf("the certificates are malformed. Skippping installation") fmt.Printf("the certificates are malformed. Skippping installation\n")
os.Exit(0) for _, element := range tempCertSlice {
os.Remove(element)
}
os.Exit(255)
} }
WriteToFile(certificate, certificateDestination, GroupName, 0644, 0755) WriteToFile(certificate, certificateDestination, GroupName, 0644, 0755)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment