diff --git a/config/configs.go b/config/configs.go
new file mode 100644
index 0000000000000000000000000000000000000000..a2d37733bf31f40b6cdd895593b3cb2f54abacb1
--- /dev/null
+++ b/config/configs.go
@@ -0,0 +1,140 @@
+package config
+
+import (
+ "log"
+
+ "code.vereign.com/code/viam-apis/authentication"
+ "github.com/spf13/viper"
+)
+
+var SystemAuth = &authentication.Authentication{
+ Uuid: "undefined",
+ Session: "undefined",
+}
+
+var CertificationMethod string
+var P PEMReader
+var CertificatePEM []byte
+var PrivateKeyPEM []byte
+var CaCertificatePEM []byte
+var VereignCaCertificatePEM []byte
+var VereignCaKeyPEM []byte
+
+var MaxMessageSize int
+
+var GrpcListenAddress string
+var RestListenAddress string
+var DataStorageUrl string
+var CertDir string
+
+func SetConfigValues() {
+ // Set Default Values For Config Variables
+
+ // Vereign API Related
+ viper.SetDefault("grpcListenAddress", "localhost:7877")
+ viper.SetDefault("restListenAddress", "localhost:7878")
+ viper.SetDefault("dataStorageUrl", "localhost:7777")
+
+ viper.SetDefault("viamUUID", "viam-system")
+ viper.SetDefault("viamSession", "viam-session")
+
+ viper.SetDefault("maxMessageSize", 64)
+
+ // Certification Related
+ // File System Defaults
+ viper.SetDefault("certificationMethod", "1")
+ viper.SetDefault("certificationURL", ".")
+ viper.SetDefault("certificationToken", ".")
+ viper.SetDefault("certificationPath", "cert")
+ viper.SetDefault("certificationCertFile", "server.crt")
+ viper.SetDefault("certificationKeyFile", "server.key")
+ viper.SetDefault("certificationCaCertFile", "ca.crt")
+ viper.SetDefault("certificationVereignCertFile", "vereign_ca.cer")
+ viper.SetDefault("certificationVereignKeyFile", "vereign_ca.key")
+
+ /*
+ // Vault Defaults
+ viper.SetDefault("certificationMethod", "2")
+ viper.SetDefault("certificationURL", "http://10.6.10.119:8200")
+ viper.SetDefault("certificationToken", "")
+ viper.SetDefault("certificationPath", "/developers/data/devteam/cert")
+ viper.SetDefault("certificationCertFile", "certificateKey")
+ viper.SetDefault("certificationKeyFile", "privateKey")
+ viper.SetDefault("certificationCaCertFile", "caCertificateKey")
+ viper.SetDefault("certificationVereignCertFile", "vereignCaCertificateKey")
+ viper.SetDefault("certificationVereignKeyFile", "vereignCaPrivateKey")
+ */
+
+ // Read Config File
+ viper.SetConfigName("config")
+ viper.AddConfigPath(".")
+ if err := viper.ReadInConfig(); err != nil {
+ log.Printf("can't read config: %s, will use default values", err)
+ }
+
+ CertificationMethod = viper.GetString("certificationMethod")
+ if CertificationMethod == "1" {
+ // Read From File System
+ P = FilePEMReader{certificationURL: viper.GetString("certificationURL"),
+ certificationToken: viper.GetString("certificationToken"),
+ certificationPath: viper.GetString("certificationPath"),
+ certificationCertFile: viper.GetString("certificationCertFile"),
+ certificationKeyFile: viper.GetString("certificationKeyFile"),
+ certificationCaCertFile: viper.GetString("certificationCaCertFile"),
+ certificationVereignCertFile: viper.GetString("certificationVereignCertFile"),
+ certificationVereignKeyFile: viper.GetString("certificationVereignKeyFile")}
+ } else if CertificationMethod == "2" {
+ // Read From Vault
+ P = VaultPEMReader{certificationURL: viper.GetString("certificationURL"),
+ certificationToken: viper.GetString("certificationToken"),
+ certificationPath: viper.GetString("certificationPath"),
+ certificationCertFile: viper.GetString("certificationCertFile"),
+ certificationKeyFile: viper.GetString("certificationKeyFile"),
+ certificationCaCertFile: viper.GetString("certificationCaCertFile"),
+ certificationVereignCertFile: viper.GetString("certificationVereignCertFile"),
+ certificationVereignKeyFile: viper.GetString("certificationVereignKeyFile")}
+ }
+
+ // Print all config values to log file
+ log.Printf("All Settings From Config:")
+ as := viper.AllSettings()
+ for key, _ := range as {
+ log.Printf("%s => %s", key, viper.GetString(key))
+ }
+
+ GrpcListenAddress = viper.GetString("grpcListenAddress")
+ RestListenAddress = viper.GetString("restListenAddress")
+
+ DataStorageUrl = viper.GetString("dataStorageUrl")
+
+ SystemAuth.Uuid = viper.GetString("viamUUID")
+ SystemAuth.Session = viper.GetString("viamSession")
+
+ MaxMessageSize = viper.GetInt("maxMessageSize")
+
+ CertificatePEM = GetCertificatePEM()
+ PrivateKeyPEM = GetPrivateKeyPEM()
+ CaCertificatePEM = GetCaCertificatePEM()
+ VereignCaCertificatePEM = GetVereignCaCertificatePEM()
+ VereignCaKeyPEM = GetVereignCaKeyPEM()
+}
+
+func GetCertificatePEM() []byte {
+ return P.readCertificatePEM()
+}
+
+func GetPrivateKeyPEM() []byte {
+ return P.readPrivateKeyPEM()
+}
+
+func GetCaCertificatePEM() []byte {
+ return P.readCaCertificatePEM()
+}
+
+func GetVereignCaCertificatePEM() []byte {
+ return P.readVereignCaCertificatePEM()
+}
+
+func GetVereignCaKeyPEM() []byte {
+ return P.readVereignCaKeyPEM()
+}
diff --git a/server/pem_reader.go b/config/pem_reader.go
similarity index 79%
rename from server/pem_reader.go
rename to config/pem_reader.go
index d6a11251631a9e42fcf43da350bd0687a3a71972..c40fae40f065e526dc65ff944ec8ecc9aec089c9 100644
--- a/server/pem_reader.go
+++ b/config/pem_reader.go
@@ -1,8 +1,9 @@
-package server
+package config
import (
- "log"
"io/ioutil"
+ "log"
+
vc "github.com/hashicorp/vault/api"
)
@@ -15,70 +16,70 @@ type PEMReader interface {
}
type FilePEMReader struct {
- certificationURL string
- certificationToken string
- certificationPath string
- certificationCertFile string
- certificationKeyFile string
- certificationCaCertFile string
+ certificationURL string
+ certificationToken string
+ certificationPath string
+ certificationCertFile string
+ certificationKeyFile string
+ certificationCaCertFile string
certificationVereignCertFile string
- certificationVereignKeyFile string
+ certificationVereignKeyFile string
}
func (f FilePEMReader) readCertificatePEM() []byte {
pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCertFile)
- if err != nil {
+ if err != nil {
log.Printf("Error: %v", err)
- return []byte("")
- }
+ return []byte("")
+ }
return pem
}
func (f FilePEMReader) readPrivateKeyPEM() []byte {
- pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationKeyFile)
- if err != nil {
+ pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationKeyFile)
+ if err != nil {
log.Printf("Error: %v", err)
- return []byte("")
- }
+ return []byte("")
+ }
return pem
}
func (f FilePEMReader) readCaCertificatePEM() []byte {
- pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCaCertFile)
- if err != nil {
+ pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCaCertFile)
+ if err != nil {
log.Printf("Error: %v", err)
- return []byte("")
- }
+ return []byte("")
+ }
return pem
}
func (f FilePEMReader) readVereignCaCertificatePEM() []byte {
- pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignCertFile)
- if err != nil {
+ pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignCertFile)
+ if err != nil {
log.Printf("Error: %v", err)
- return []byte("")
- }
+ return []byte("")
+ }
return pem
}
func (f FilePEMReader) readVereignCaKeyPEM() []byte {
- pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignKeyFile)
- if err != nil {
+ pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignKeyFile)
+ if err != nil {
log.Printf("Error: %v", err)
- return []byte("")
- }
+ return []byte("")
+ }
return pem
}
type VaultPEMReader struct {
- certificationURL string
- certificationToken string
- certificationPath string
- certificationCertFile string
- certificationKeyFile string
- certificationCaCertFile string
+ certificationURL string
+ certificationToken string
+ certificationPath string
+ certificationCertFile string
+ certificationKeyFile string
+ certificationCaCertFile string
certificationVereignCertFile string
- certificationVereignKeyFile string
+ certificationVereignKeyFile string
}
func (v VaultPEMReader) readCertificatePEM() []byte {
@@ -97,7 +98,7 @@ func (v VaultPEMReader) readCertificatePEM() []byte {
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
-
+
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
@@ -124,7 +125,7 @@ func (v VaultPEMReader) readPrivateKeyPEM() []byte {
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
-
+
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
@@ -151,7 +152,7 @@ func (v VaultPEMReader) readCaCertificatePEM() []byte {
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
-
+
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
@@ -178,7 +179,7 @@ func (v VaultPEMReader) readVereignCaCertificatePEM() []byte {
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
-
+
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
@@ -205,7 +206,7 @@ func (v VaultPEMReader) readVereignCaKeyPEM() []byte {
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
-
+
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
@@ -214,4 +215,4 @@ func (v VaultPEMReader) readVereignCaKeyPEM() []byte {
}
}
return []byte("")
-}
\ No newline at end of file
+}
diff --git a/handler/generate_keypair.go b/handler/generate_keypair.go
index e9d4403806df659a34be139edf9d01a58611acb3..02a308034306550469dd1001d7160bea648f56ee 100644
--- a/handler/generate_keypair.go
+++ b/handler/generate_keypair.go
@@ -18,7 +18,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package handler
import (
- "log"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
@@ -26,8 +25,9 @@ import (
"crypto/sha256"
"crypto/x509"
"encoding/pem"
+ "log"
- "code.vereign.com/code/viam-apis/data-storage-agent/client"
+ keyutils "code.vereign.com/code/key-storage-agent/utils"
"code.vereign.com/code/viam-apis/key-storage-agent/api"
"code.vereign.com/code/viam-apis/utils"
"code.vereign.com/code/viam-apis/versions"
@@ -39,13 +39,12 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
auth := s.CreateAuthentication(ctx)
- client := &client.DataStorageClientImpl{}
- client.SetUpClient(auth, s.DataStorageUrl, s.CertPEM, s.KeyPEM, s.CaCertPEM, s.MaxMessageSize)
+ client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
generateKeyPairResponse := &api.GenerateKeyPairResponse{}
- uuid, err := generateUnusedUUID(client)
+ uuid, err := keyutils.GenerateUnusedUUID(client)
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
@@ -76,13 +75,13 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
encryptedPrivateKey := &api.Key{Content: encryptedPrivateKeyBytes}
result, errors, err := client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE),
encryptedPrivateKey, versions.EntitiesManagementAgentApiVersion)
- generateKeyPairResponse.StatusList = handlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+ generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
publicKey := &api.Key{Content: publicKeyBytes}
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC),
publicKey, versions.EntitiesManagementAgentApiVersion)
- generateKeyPairResponse.StatusList = handlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+ generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
}
//duplicate logic of ReserveKeyUUID
@@ -90,7 +89,7 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
emptyKey := &api.Key{Content: []byte{}}
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE),
emptyKey, versions.EntitiesManagementAgentApiVersion)
- generateKeyPairResponse.StatusList = handlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+ generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
@@ -105,7 +104,7 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
encryptedAesKey := &api.Key{Content: encryptedAesKeyBytes}
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_AES), encryptedAesKey, versions.EntitiesManagementAgentApiVersion)
- generateKeyPairResponse.StatusList = handlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+ generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
@@ -120,7 +119,7 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
encryptedNonce := &api.Key{Content: encryptedPrivateKeyNonceBytes}
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_NONCE), encryptedNonce, versions.EntitiesManagementAgentApiVersion)
- generateKeyPairResponse.StatusList = handlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
+ generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
@@ -177,7 +176,7 @@ func generateKeyPair(keySize int) ([]byte, []byte, error) {
}
func rsaEncryptWithServerKey(certPEM []byte, message []byte, label []byte) ([]byte, error) {
- serverCertificate, err := readCertificateFromPEM(certPEM)
+ serverCertificate, err := keyutils.ReadCertificateFromPEM(certPEM)
if err != nil {
log.Printf("Error: %v", err)
return nil, err
diff --git a/handler/handler.go b/handler/handler.go
index a5f98c712e64c0d3e9bc910de0f2573278eba604..5babaa48885be2e31e60017a07c428d954fe6e93 100644
--- a/handler/handler.go
+++ b/handler/handler.go
@@ -24,8 +24,8 @@ import (
"code.vereign.com/code/viam-apis/versions"
"github.com/golang/protobuf/proto"
+ keyutils "code.vereign.com/code/key-storage-agent/utils"
"code.vereign.com/code/viam-apis/authentication"
- "code.vereign.com/code/viam-apis/data-storage-agent/client"
"code.vereign.com/code/viam-apis/key-storage-agent/api"
"code.vereign.com/code/viam-apis/utils"
"golang.org/x/net/context"
@@ -34,13 +34,13 @@ import (
// Server represents the gRPC server
type KeyStorageServerImpl struct {
- DataStorageUrl string
- CertPEM []byte
- KeyPEM []byte
- CaCertPEM []byte
- VereignCertPEM []byte
- VereignPrivateKeyPEM []byte
- MaxMessageSize int
+ DataStorageUrl string
+ CertPEM []byte
+ KeyPEM []byte
+ CaCertPEM []byte
+ VereignCertPEM []byte
+ VereignPrivateKeyPEM []byte
+ MaxMessageSize int
}
var version = "undefined"
@@ -64,8 +64,7 @@ func (s *KeyStorageServerImpl) CreateAuthentication(ctx context.Context) *authen
func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest) (*api.GetKeyResponse, error) {
auth := s.CreateAuthentication(ctx)
- client := &client.DataStorageClientImpl{}
- client.SetUpClient(auth, s.DataStorageUrl, s.CertPEM, s.KeyPEM, s.CaCertPEM, s.MaxMessageSize)
+ client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
getKeyResponse := &api.GetKeyResponse{}
@@ -112,8 +111,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest) (*api.SetKeyResponse, error) {
auth := s.CreateAuthentication(ctx)
- client := &client.DataStorageClientImpl{}
- client.SetUpClient(auth, s.DataStorageUrl, s.CertPEM, s.KeyPEM, s.CaCertPEM, s.MaxMessageSize)
+ client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
setKeyResponse := &api.SetKeyResponse{}
@@ -147,7 +145,7 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
}
result, errors, err := client.DoPutDataCall("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), in.Key, versions.EntitiesManagementAgentApiVersion)
- setKeyResponse.StatusList = handlePutDataErrors(setKeyResponse.StatusList, errors, err)
+ setKeyResponse.StatusList = keyutils.HandlePutDataErrors(setKeyResponse.StatusList, errors, err)
if setKeyResponse.StatusList == nil || len(setKeyResponse.StatusList) == 0 {
setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
@@ -160,13 +158,12 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.ReserveKeyUUIDRequest) (*api.ReserveKeyUUIDResponse, error) {
auth := s.CreateAuthentication(ctx)
- client := &client.DataStorageClientImpl{}
- client.SetUpClient(auth, s.DataStorageUrl, s.CertPEM, s.KeyPEM, s.CaCertPEM, s.MaxMessageSize)
+ client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{}
- uuid, err := generateUnusedUUID(client)
+ uuid, err := keyutils.GenerateUnusedUUID(client)
if err != nil {
log.Printf("Error: %v", err)
reserveKeyUUIDResponse.StatusList = utils.AddStatus(reserveKeyUUIDResponse.StatusList,
@@ -178,16 +175,16 @@ func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.Reser
}
result, errors, err := client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), emptyKey, versions.EntitiesManagementAgentApiVersion)
- reserveKeyUUIDResponse.StatusList = handlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
+ reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), emptyKey, versions.EntitiesManagementAgentApiVersion)
- reserveKeyUUIDResponse.StatusList = handlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
+ reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
}
if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
result, errors, err = client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey, versions.EntitiesManagementAgentApiVersion)
- reserveKeyUUIDResponse.StatusList = handlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
+ reserveKeyUUIDResponse.StatusList = keyutils.HandlePutDataErrors(reserveKeyUUIDResponse.StatusList, errors, err)
}
if reserveKeyUUIDResponse.StatusList == nil || len(reserveKeyUUIDResponse.StatusList) == 0 {
@@ -202,4 +199,4 @@ func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.Reser
func (s *KeyStorageServerImpl) GetVersionKSA(ctx context.Context, in *api.GetVersionKSAMessage) (*api.GetVersionKSAResponseMessage, error) {
log.Println("Version: " + version)
return &api.GetVersionKSAResponseMessage{Version: version, Errors: ""}, nil
-}
\ No newline at end of file
+}
diff --git a/handler/revoke.go b/handler/revoke.go
index a6ecda13aac32c8d67fe71b4eefd510cddff6cee..002c797b3b6d5979269da0153af61a6e798784f9 100644
--- a/handler/revoke.go
+++ b/handler/revoke.go
@@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package handler
import (
+ keyutils "code.vereign.com/code/key-storage-agent/utils"
"code.vereign.com/code/viam-apis/data-storage-agent/client"
"code.vereign.com/code/viam-apis/key-storage-agent/api"
"code.vereign.com/code/viam-apis/utils"
@@ -28,8 +29,7 @@ import (
func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest) (*api.RevokeResponse, error) {
auth := s.CreateAuthentication(ctx)
- client := &client.DataStorageClientImpl{}
- client.SetUpClient(auth, s.DataStorageUrl, s.CertPEM, s.KeyPEM, s.CaCertPEM, s.MaxMessageSize)
+ client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
revokeResponse := &api.RevokeResponse{}
@@ -55,7 +55,7 @@ func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest
func revokeKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType) []*api.Status {
- key, statusList := getKey(client, uuid, keyType)
+ key, statusList := keyutils.GetKey(client, uuid, keyType)
if statusList != nil {
return statusList
}
@@ -63,7 +63,7 @@ func revokeKey(client *client.DataStorageClientImpl, uuid string, keyType api.Ke
key.Revoked = true
_, errors, err := client.DoPutDataCall("keys", uuid+"/"+api.KeyType.String(keyType), key, versions.EntitiesManagementAgentApiVersion)
- statusList = handlePutDataErrors(statusList, errors, err)
+ statusList = keyutils.HandlePutDataErrors(statusList, errors, err)
if statusList != nil && len(statusList) > 0 {
return statusList
}
diff --git a/main.go b/main.go
index d8679721b966c434632c11dee46fbbd86f0562c1..ff6754ee7753081f4d0ddcd9a86c2502743b99fe 100644
--- a/main.go
+++ b/main.go
@@ -20,24 +20,24 @@ package main
import (
"log"
+ "code.vereign.com/code/key-storage-agent/config"
"code.vereign.com/code/key-storage-agent/server"
- "github.com/spf13/viper"
)
// main start a gRPC server and waits for connection
func main() {
- server.SetConfigValues()
-
- grpcAddress := viper.GetString("grpcListenAddress")
- restAddress := viper.GetString("restListenAddress")
- dataStorageAddress := viper.GetString("dataStorageUrl")
- certPem := server.GetCertificatePEM()
- keyPem := server.GetPrivateKeyPEM()
- caCertPem := server.GetCaCertificatePEM()
- vereignCaCertificatePem := server.GetVereignCaCertificatePEM()
- vereignCaKeyPem := server.GetVereignCaKeyPEM()
-
- maxMessageSize := viper.GetInt("maxMessageSize")
+ config.SetConfigValues()
+
+ grpcAddress := config.GrpcListenAddress
+ restAddress := config.RestListenAddress
+ dataStorageAddress := config.DataStorageUrl
+ certPem := config.CertificatePEM
+ keyPem := config.PrivateKeyPEM
+ caCertPem := config.CaCertificatePEM
+ vereignCaCertificatePem := config.VereignCaCertificatePEM
+ vereignCaKeyPem := config.VereignCaKeyPEM
+
+ maxMessageSize := config.MaxMessageSize
// fire the gRPC server in a goroutine
go func() {
diff --git a/server/configs.go b/server/configs.go
deleted file mode 100644
index 9cb3a86794d8595c0321caa8e1f4c4adb69a7f77..0000000000000000000000000000000000000000
--- a/server/configs.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package server
-
-import (
- "log"
- "github.com/spf13/viper"
-)
-
-var certificationMethod string
-var p PEMReader
-var certificatePEM []byte
-var privateKeyPEM []byte
-var caCertificatePEM []byte
-var vereignCaCertificatePEM []byte
-var vereignCaKeyPEM []byte
-
-func SetConfigValues() {
- // Set Default Values For Config Variables
-
- // Vereign API Related
- viper.SetDefault("grpcListenAddress", "localhost:7877")
- viper.SetDefault("restListenAddress", "localhost:7878")
- viper.SetDefault("dataStorageUrl", "localhost:7777")
-
- viper.SetDefault("viamUUID", "viam-system")
- viper.SetDefault("viamSession", "viam-session")
-
- viper.SetDefault("maxMessageSize", 64)
-
- // Certification Related
- // File System Defaults
- viper.SetDefault("certificationMethod", "1")
- viper.SetDefault("certificationURL", ".")
- viper.SetDefault("certificationToken", ".")
- viper.SetDefault("certificationPath", "cert")
- viper.SetDefault("certificationCertFile", "server.crt")
- viper.SetDefault("certificationKeyFile", "server.key")
- viper.SetDefault("certificationCaCertFile", "ca.crt")
- viper.SetDefault("certificationVereignCertFile", "vereign_ca.cer")
- viper.SetDefault("certificationVereignKeyFile", "vereign_ca.key")
-
- /*
- // Vault Defaults
- viper.SetDefault("certificationMethod", "2")
- viper.SetDefault("certificationURL", "http://10.6.10.119:8200")
- viper.SetDefault("certificationToken", "")
- viper.SetDefault("certificationPath", "/developers/data/devteam/cert")
- viper.SetDefault("certificationCertFile", "certificateKey")
- viper.SetDefault("certificationKeyFile", "privateKey")
- viper.SetDefault("certificationCaCertFile", "caCertificateKey")
- viper.SetDefault("certificationVereignCertFile", "vereignCaCertificateKey")
- viper.SetDefault("certificationVereignKeyFile", "vereignCaPrivateKey")
- */
-
- // Read Config File
- viper.SetConfigName("config")
- viper.AddConfigPath(".")
- if err := viper.ReadInConfig(); err != nil {
- log.Printf("can't read config: %s, will use default values", err)
- }
-
- certificationMethod = viper.GetString("certificationMethod")
- if certificationMethod == "1" {
- // Read From File System
- p = FilePEMReader{certificationURL: viper.GetString("certificationURL"),
- certificationToken: viper.GetString("certificationToken"),
- certificationPath: viper.GetString("certificationPath"),
- certificationCertFile: viper.GetString("certificationCertFile"),
- certificationKeyFile: viper.GetString("certificationKeyFile"),
- certificationCaCertFile: viper.GetString("certificationCaCertFile"),
- certificationVereignCertFile: viper.GetString("certificationVereignCertFile"),
- certificationVereignKeyFile: viper.GetString("certificationVereignKeyFile")}
- } else if certificationMethod == "2" {
- // Read From Vault
- p = VaultPEMReader{certificationURL: viper.GetString("certificationURL"),
- certificationToken: viper.GetString("certificationToken"),
- certificationPath: viper.GetString("certificationPath"),
- certificationCertFile: viper.GetString("certificationCertFile"),
- certificationKeyFile: viper.GetString("certificationKeyFile"),
- certificationCaCertFile: viper.GetString("certificationCaCertFile"),
- certificationVereignCertFile: viper.GetString("certificationVereignCertFile"),
- certificationVereignKeyFile: viper.GetString("certificationVereignKeyFile")}
- }
-
- // Print all config values to log file
- log.Printf("All Settings From Config:")
- as := viper.AllSettings()
- for key, _ := range as {
- log.Printf("%s => %s", key, viper.GetString(key))
- }
-}
-
-func GetCertificatePEM() []byte {
- return p.readCertificatePEM()
-}
-
-func GetPrivateKeyPEM() []byte {
- return p.readPrivateKeyPEM()
-}
-
-func GetCaCertificatePEM() []byte {
- return p.readCaCertificatePEM()
-}
-
-func GetVereignCaCertificatePEM() []byte {
- return p.readVereignCaCertificatePEM()
-}
-
-func GetVereignCaKeyPEM() []byte {
- return p.readVereignCaKeyPEM()
-}
\ No newline at end of file
diff --git a/server/server.go b/server/server.go
index 654be0e361c695c445361b345866bf79f1bdf847..0bd5ab73423e117b5cf7679603827a30038a5ffa 100644
--- a/server/server.go
+++ b/server/server.go
@@ -18,24 +18,25 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import (
+ "crypto/tls"
+ "crypto/x509"
"fmt"
"log"
"net"
"net/http"
"strings"
- "crypto/x509"
- "crypto/tls"
- "github.com/grpc-ecosystem/grpc-gateway/runtime"
- "golang.org/x/net/context"
+
+ "code.vereign.com/code/key-storage-agent/config"
"code.vereign.com/code/key-storage-agent/handler"
"code.vereign.com/code/key-storage-agent/session"
+ "code.vereign.com/code/key-storage-agent/utils"
"code.vereign.com/code/viam-apis/authentication"
- "code.vereign.com/code/viam-apis/data-storage-agent/client"
api "code.vereign.com/code/viam-apis/key-storage-agent/api"
+ "github.com/grpc-ecosystem/grpc-gateway/runtime"
+ "golang.org/x/net/context"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
- "github.com/spf13/viper"
)
// private type for Context keys
@@ -66,12 +67,11 @@ func authenticateClient(ctx context.Context, s *handler.KeyStorageServerImpl, in
}
viamAuth := &authentication.Authentication{
- Uuid: viper.GetString("viamUUID"),
- Session: viper.GetString("viamSession"),
+ Uuid: config.SystemAuth.Uuid,
+ Session: config.SystemAuth.Session,
}
- sessionClient := &client.DataStorageClientImpl{}
- sessionClient.SetUpClient(viamAuth, viper.GetString("dataStorageUrl"), pkgCertPEM, pkgKeyPEM, pkgCaCertPEM, viper.GetInt("maxMessageSize"))
+ sessionClient := utils.CreateDataStorageClient(viamAuth)
defer sessionClient.CloseClient()
if clientAuth.Uuid == viamAuth.Uuid {
@@ -123,46 +123,46 @@ func StartGRPCServer(address string, certPEM, privateKeyPEM, caCertPEM, vereignC
// create a server instance
s := handler.KeyStorageServerImpl{
- DataStorageUrl: dataStorageAddress,
- CertPEM: certPEM,
- KeyPEM: privateKeyPEM,
- CaCertPEM: caCertPEM,
- VereignCertPEM: vereignCertPEM,
- VereignPrivateKeyPEM: vereignPrivateKeyPEM,
- MaxMessageSize: maxMessageSize,
+ DataStorageUrl: dataStorageAddress,
+ CertPEM: certPEM,
+ KeyPEM: privateKeyPEM,
+ CaCertPEM: caCertPEM,
+ VereignCertPEM: vereignCertPEM,
+ VereignPrivateKeyPEM: vereignPrivateKeyPEM,
+ MaxMessageSize: maxMessageSize,
}
// Load the certificates from PEM Strings
- certificate, err := tls.X509KeyPair(certPEM, privateKeyPEM)
-
+ certificate, err := tls.X509KeyPair(certPEM, privateKeyPEM)
+
if err != nil {
log.Printf("Error: %v", err)
return fmt.Errorf("could not load server key pair: %s", err)
}
// Create a certificate pool from the certificate authority
- // Get the SystemCertPool, continue with an empty pool on error
+ // Get the SystemCertPool, continue with an empty pool on error
certPool, _ := x509.SystemCertPool()
if certPool == nil {
certPool = x509.NewCertPool()
}
-
+
if ok := certPool.AppendCertsFromPEM(caCertPEM); !ok {
- return fmt.Errorf("failed to append server certs")
- }
+ return fmt.Errorf("failed to append server certs")
+ }
- // Create the TLS credentials
- creds := credentials.NewTLS(&tls.Config{
- //ClientAuth: tls.RequireAndVerifyClientCert,
- Certificates: []tls.Certificate{certificate},
- ClientCAs: certPool,
- })
+ // Create the TLS credentials
+ creds := credentials.NewTLS(&tls.Config{
+ //ClientAuth: tls.RequireAndVerifyClientCert,
+ Certificates: []tls.Certificate{certificate},
+ ClientCAs: certPool,
+ })
// Create an array of gRPC options with the credentials
opts := []grpc.ServerOption{
grpc.Creds(creds),
- grpc.UnaryInterceptor(unaryInterceptor),
- grpc.MaxRecvMsgSize(viper.GetInt("maxMessageSize")*1024*1024),
+ grpc.UnaryInterceptor(unaryInterceptor),
+ grpc.MaxRecvMsgSize(config.MaxMessageSize * 1024 * 1024),
}
// create a gRPC server object
@@ -193,9 +193,9 @@ func StartRESTServer(address, grpcAddress string, certPEM []byte) error {
}
// Append the client certificates from the CA
- if ok := certPool.AppendCertsFromPEM(certPEM); !ok {
- return fmt.Errorf("failed to append client certs")
- }
+ if ok := certPool.AppendCertsFromPEM(certPEM); !ok {
+ return fmt.Errorf("failed to append client certs")
+ }
creds := credentials.NewClientTLSFromCert(certPool, "")
diff --git a/handler/utils.go b/utils/utils.go
similarity index 73%
rename from handler/utils.go
rename to utils/utils.go
index 6624e77f6778542f7b37743f32ac1989edf21dff..1184090980508d157fe292dd65a4590da7fa7ba8 100644
--- a/handler/utils.go
+++ b/utils/utils.go
@@ -15,28 +15,33 @@ You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-package handler
+package utils
import (
"crypto/rand"
"crypto/x509"
"errors"
"fmt"
- "log"
"io"
+ "log"
+
+ "encoding/pem"
+ "io/ioutil"
+ "code.vereign.com/code/key-storage-agent/config"
+ "code.vereign.com/code/viam-apis/authentication"
+ "code.vereign.com/code/viam-apis/clientutils"
"code.vereign.com/code/viam-apis/data-storage-agent/client"
+ dsclient "code.vereign.com/code/viam-apis/data-storage-agent/client"
"code.vereign.com/code/viam-apis/key-storage-agent/api"
"code.vereign.com/code/viam-apis/utils"
"github.com/golang/protobuf/proto"
- "encoding/pem"
- "io/ioutil"
)
-func generateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
+func GenerateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
count := 0
for {
- uuid, err := newUUID()
+ uuid, err := NewUUID()
// check that uuid is not used
data, _ := client.DoGetDataCall("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE))
@@ -51,7 +56,7 @@ func generateUnusedUUID(client *client.DataStorageClientImpl) (string, error) {
}
}
-func newUUID() (string, error) {
+func NewUUID() (string, error) {
uuid := make([]byte, 16)
n, err := io.ReadFull(rand.Reader, uuid)
if n != len(uuid) || err != nil {
@@ -64,7 +69,7 @@ func newUUID() (string, error) {
return fmt.Sprintf("%x-%x-%x-%x-%x", uuid[0:4], uuid[4:6], uuid[6:8], uuid[8:10], uuid[10:]), nil
}
-func handlePutDataErrors(statusList []*api.Status, errors string, err error) []*api.Status {
+func HandlePutDataErrors(statusList []*api.Status, errors string, err error) []*api.Status {
if err != nil {
log.Printf("Error: %v", err)
statusList = utils.AddStatus(statusList, "500", api.StatusType_ERROR, err.Error())
@@ -75,8 +80,8 @@ func handlePutDataErrors(statusList []*api.Status, errors string, err error) []*
return statusList
}
-func readCertificateFromPEM(pemString []byte) (*x509.Certificate, error) {
- certificatePemBlock, err := readPemBlockFromBytes(pemString)
+func ReadCertificateFromPEM(pemString []byte) (*x509.Certificate, error) {
+ certificatePemBlock, err := ReadPemBlockFromBytes(pemString)
if err != nil {
log.Printf("Error: %v", err)
return nil, err
@@ -91,7 +96,7 @@ func readCertificateFromPEM(pemString []byte) (*x509.Certificate, error) {
return certificate, nil
}
-func readPemBlockFromBytes(pemString []byte) (*pem.Block, error) {
+func ReadPemBlockFromBytes(pemString []byte) (*pem.Block, error) {
fileBytes := pemString
certificatePemBlock, _ := pem.Decode(fileBytes)
@@ -99,8 +104,8 @@ func readPemBlockFromBytes(pemString []byte) (*pem.Block, error) {
return certificatePemBlock, nil
}
-func readCertificateFromFile(fileName string) (*x509.Certificate, error) {
- certificatePemBlock, err := readPemBlockFromFile(fileName)
+func ReadCertificateFromFile(fileName string) (*x509.Certificate, error) {
+ certificatePemBlock, err := ReadPemBlockFromFile(fileName)
if err != nil {
log.Printf("Error: %v", err)
return nil, err
@@ -115,7 +120,7 @@ func readCertificateFromFile(fileName string) (*x509.Certificate, error) {
return certificate, nil
}
-func readPemBlockFromFile(fileName string) (*pem.Block, error) {
+func ReadPemBlockFromFile(fileName string) (*pem.Block, error) {
fileBytes, err := ioutil.ReadFile(fileName)
if err != nil {
log.Printf("Error: %v", err)
@@ -127,7 +132,7 @@ func readPemBlockFromFile(fileName string) (*pem.Block, error) {
return certificatePemBlock, nil
}
-func getKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType) (*api.Key, []*api.Status) {
+func GetKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType) (*api.Key, []*api.Status) {
statusList := []*api.Status{}
data, _ := client.DoGetDataCall("keys", uuid+"/"+api.KeyType.String(keyType))
@@ -141,3 +146,8 @@ func getKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyTy
return key, nil
}
+
+func CreateDataStorageClient(auth *authentication.Authentication) *dsclient.DataStorageClientImpl {
+ return clientutils.CreateDataStorageClient(auth, config.DataStorageUrl, config.CertificatePEM,
+ config.PrivateKeyPEM, config.CaCertificatePEM, config.MaxMessageSize)
+}