londo

package module
v0.0.0-...-7f0bc7a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2019 License: MIT Imports: 45 Imported by: 0

README

Londo

Londo is a Certificate Management system. Primarily, it is designed to work with Sectigo.

Requirements

Go 1.12+ RabbitMQ 3.7+ MongoDB 4.0+

Installation

WIP

License

Londo is distributed under MIT License

Documentation

Index

Constants

View Source 
const (
	CsrType        = "CERTIFICATE REQUEST"
	PrivateKeyType = "PRIVATE KEY"
	PublicKeyType  = "CERTIFICATE"
)
View Source 
const (
	EnrollExchange = "enroll-rpc"
	EnrollQueue    = "enroll"

	RevokeExchange = "revoke-rpc"
	RevokeQueue    = "revoke"

	CollectExchange = "collect-rpc"
	CollectQueue    = "collect"

	CheckExchange = "check-rpc"
	CheckQueue    = "check"

	DbReplyExchange = "db-rpc"
	DbReplyQueue    = "db-rpc-replies"

	GRPCServerExchange = "grpc"

	// Commands
	// Db
	DbDeleteSubjCmd                = "subj.delete"
	DbAddSubjCmd                   = "subj.add"
	DbUpdateSubjCmd                = "subj.update"
	DbGetSubjectCmd                = "subj.get"
	DbGetAllSubjectsCmd            = "subj.get.all"
	DbGetSubjectByTargetCmd        = "subj.get.target"
	DbGetUpdatedSubjectByTargetCmd = "subj.get.update"
	DbGetExpiringSubjectsCmd       = "subj.get.expiring"
	DbUpdateCertStatusCmd          = "subj.update.status"

	// Tell consumer to close channel
	CloseChannelCmd = "stop"

	ContentType = "application/json"

	Version = "0.1.0"
)

Variables

View Source 
var (
	Debug       bool
	ScanHours   int
	RevokeHours int

	CrtFile string
	Keyfile string

	DefaultFlags = []cli.Flag{
		cli.BoolFlag{
			Name:        "debug, d",
			Usage:       "enables debug level logging",
			EnvVar:      "LONDO_DEBUG",
			Destination: &Debug,
		},
		cli.StringFlag{
			Name:        "config, c",
			Usage:       "load configuration from `FILE`",
			EnvVar:      "LONDO_CONFIG",
			Destination: &cfgFile,
			Value:       "config/config.yml",
		},
	}
)
View Source 
var (
	SFile string
)

Functions

func AuthIntercept 

func AuthIntercept(ctx context.Context) (context.Context, error)

func DecodeChain 

func DecodeChain(chain []byte) ([]*x509.Certificate, error)

FIXME: refactor

func EncodeCSR 

func EncodeCSR(b []byte) (string, error)

func EncodePKey 

func EncodePKey(key *rsa.PrivateKey) (string, error)

func Fail 

func Fail(err error)

func GenerateCSR 

func GenerateCSR(key crypto.PrivateKey, cn string, c *Config) ([]byte, error)

func GeneratePrivateKey 

func GeneratePrivateKey(bs int) (*rsa.PrivateKey, error)

func GetCertSerialNumber 

func GetCertSerialNumber(ip string, port string, sn string) (*big.Int, error)

func ParseIPAddr 

func ParseIPAddr(ctx context.Context) (string, string, error)

func ParsePrivateKey 

func ParsePrivateKey(k string) (*rsa.PrivateKey, error)

func ParsePublicCertificate 

func ParsePublicCertificate(c string) (*x509.Certificate, error)

Types

type AMQP 

type AMQP struct {
	// contains filtered or unexported fields
}

func NewMQConnection 

func NewMQConnection(c *Config, db *MongoDB) (*AMQP, error)

func (*AMQP) Consume 

func (a *AMQP) Consume(queue string, wg *sync.WaitGroup, f func(d amqp.Delivery) bool)

func (*AMQP) Emit 

func (a *AMQP) Emit(exchange string, key string, msg amqp.Publishing) error

func (*AMQP) Shutdown 

func (a *AMQP) Shutdown()

type CertParams 

type CertParams struct {
	Country             string `yaml:"country"`
	Province            string `yaml:"province"`
	Locality            string `yaml:"locality"`
	Organization        string `yaml:"organization"`
	StreetAddress       string `yaml:"street_address"`
	PostalCode          string `yaml:"postal_code"`
	OrgUnit             string `yaml:"organizational_unit"`
	OrgId               int    `yaml:"org_id"`
	Term                int    `yaml:"term"`
	BitSize             int    `yaml:"bit_size"`
	FormatType          string `yaml:"format_type"`
	CertType            int    `yaml:"cert_type"`
	MultiDomainCertType int    `yaml:"multi_domain_cert_type"`
	Comments            string `yaml:"comments"`
}

type CheckCertEvent 

type CheckCertEvent struct {
	ID       string
	Subject  string
	CertID   int
	Serial   string
	Port     int32
	Match    bool
	Targets  []string
	Outdated []string
	// TODO: it may not be possible to deserialize it and from JSON
	Unresolvable time.Time
}

func (CheckCertEvent) GetMessage 

func (CheckCertEvent) GetMessage() amqp.Publishing

type CollectEvent 

type CollectEvent struct {
	CertID int
}

func (CollectEvent) GetMessage 

func (CollectEvent) GetMessage() amqp.Publishing

type CompleteEnrollEvent 

type CompleteEnrollEvent struct {
	CertID      int
	Certificate string
}

func (CompleteEnrollEvent) GetMessage 

func (CompleteEnrollEvent) GetMessage() amqp.Publishing

type Config 

type Config struct {
	DB         `yaml:"mongodb"`
	AMQP       rabbitmq `yaml:"amqp"`
	Rest       `yaml:"sectigo"`
	GRPC       `yaml:"grpc"`
	CertParams `yaml:"cert_params"`
	Debug      int `yaml:"debug"`
	JWT        `yaml:"jwt"`
}

func ReadConfig 

func ReadConfig(file string) (*Config, error)

type DB 

type DB struct {
	Hostname, Username, Password, Name string
	Port                               int
}

type DeleteSubjEvent 

type DeleteSubjEvent struct {
	CertID int
}

FIXME: not being used?

type EmptyEvent 

type EmptyEvent struct{}

func (EmptyEvent) GetMessage 

func (EmptyEvent) GetMessage() amqp.Publishing

type EnrollEvent 

type EnrollEvent struct {
	Subject  string
	Port     int32
	AltNames []string
	Targets  []string
}

func (EnrollEvent) GetMessage 

func (EnrollEvent) GetMessage() amqp.Publishing

type EnrollResponse 

type EnrollResponse struct {
	RenewID string `json:"renewId"`
	SslId   int    `json:"sslId"`
}

type ErrorResponse 

type ErrorResponse struct {
	Code        int    `json:"code"`
	Description string `json:"description"`
}

type Event 

type Event interface {
	GetMessage() amqp.Publishing
}

type ExpiringSubjectEvent 

type ExpiringSubjectEvent struct {
	Subject  string
	NotAfter time.Time
}

func (ExpiringSubjectEvent) GetMessage 

func (ExpiringSubjectEvent) GetMessage() amqp.Publishing

type GRPC 

type GRPC struct {
	Port int `yaml:"port"`
}

type GRPCServer 

type GRPCServer struct {
	Londo *Londo
}

func (*GRPCServer) AddNewSubject 

func (g *GRPCServer) AddNewSubject(
	ctx context.Context, req *londopb.AddNewSubjectRequest) (*londopb.AddNewSubjectResponse, error)

func (*GRPCServer) DeleteSubject 

func (g *GRPCServer) DeleteSubject(
	ctx context.Context, req *londopb.DeleteSubjectRequest) (*londopb.DeleteSubjectResponse, error)

func (*GRPCServer) GetExpiringSubject 

func (g *GRPCServer) GetExpiringSubject(
	req *londopb.GetExpiringSubjectsRequest, stream londopb.CertService_GetExpiringSubjectServer) error

func (*GRPCServer) GetSubject 

func (g *GRPCServer) GetSubject(
	ctx context.Context, req *londopb.GetSubjectRequest) (*londopb.GetSubjectResponse, error)

func (*GRPCServer) GetSubjectForTarget 

func (g *GRPCServer) GetSubjectForTarget(
	req *londopb.ForTargetRequest, stream londopb.CertService_GetSubjectForTargetServer) error

func (*GRPCServer) GetSubjectsByTarget 

func (g *GRPCServer) GetSubjectsByTarget(
	req *londopb.TargetRequest, stream londopb.CertService_GetSubjectsByTargetServer) error

func (*GRPCServer) GetToken 

func (g *GRPCServer) GetToken(ctx context.Context, req *londopb.GetTokenRequest) (*londopb.GetTokenResponse, error)

func (*GRPCServer) RenewSubjects 

func (g *GRPCServer) RenewSubjects(
	req *londopb.RenewSubjectRequest, stream londopb.CertService_RenewSubjectsServer) error

type GetExpiringSubjEvent 

type GetExpiringSubjEvent struct {
	Days int32
}

func (GetExpiringSubjEvent) GetMessage 

func (GetExpiringSubjEvent) GetMessage() amqp.Publishing

type GetSubjectByTargetEvent 

type GetSubjectByTargetEvent struct {
	Target []string
}

func (GetSubjectByTargetEvent) GetMessage 

func (GetSubjectByTargetEvent) GetMessage() amqp.Publishing

type GetSubjectEvent 

type GetSubjectEvent struct {
	Subject string
}

func (GetSubjectEvent) GetMessage 

func (GetSubjectEvent) GetMessage() amqp.Publishing

type JWT 

type JWT struct {
	Issuer       string `yaml:"iss"`
	Audience     string `yaml:"aud"`
	ExpiresAfter int    `yaml:"exp"`
	Secret       string `yaml:"secret"`
}

type Londo 

type Londo struct {
	Name       string
	Db         *MongoDB
	AMQP       *AMQP
	GRPC       *GRPCServer
	RestClient *RestAPI
}

func Initialize 

func Initialize(name string) *Londo

func (*Londo) AMQPConnection 

func (l *Londo) AMQPConnection() *Londo

func (*Londo) ConsumeCheck 

func (l *Londo) ConsumeCheck() *Londo

func (*Londo) ConsumeCollect 

func (l *Londo) ConsumeCollect() *Londo

func (*Londo) ConsumeDbRPC 

func (l *Londo) ConsumeDbRPC() *Londo

func (*Londo) ConsumeEnroll 

func (l *Londo) ConsumeEnroll() *Londo

func (*Londo) ConsumeGRPCReplies 

func (l *Londo) ConsumeGRPCReplies(queue string, ch chan Subject, done chan struct{}, wg *sync.WaitGroup) *Londo

func (*Londo) ConsumeRevoke 

func (l *Londo) ConsumeRevoke() *Londo

func (*Londo) DbService 

func (l *Londo) DbService() *Londo

func (*Londo) Declare 

func (l *Londo) Declare(exchange string, queue string, kind string, args amqp.Table) *Londo

func (*Londo) DeclareBindQueue 

func (l *Londo) DeclareBindQueue(exchange string, queue string) error

TODO: refactor

func (*Londo) DeclareExchange 

func (l *Londo) DeclareExchange(exchange string, kind string) *Londo

TODO: refactor

func (*Londo) GRPCServer 

func (l *Londo) GRPCServer() *Londo

func (*Londo) Publish 

func (l *Londo) Publish(exchange string, queue string, reply string, cmd string, e Event) error

func (*Londo) PublishGetAllSubjects 

func (l *Londo) PublishGetAllSubjects() *Londo

func (*Londo) PublishPeriodically 

func (l *Londo) PublishPeriodically(hours int) *Londo

TODO: needs to be improved for reusability

func (*Londo) RestAPIClient 

func (l *Londo) RestAPIClient() *Londo

func (*Londo) Run 

func (l *Londo) Run() error

type MongoDB 

type MongoDB struct {
	Name string
	// contains filtered or unexported fields
}

func NewDBConnection 

func NewDBConnection(c *Config) (*MongoDB, error)

func (*MongoDB) DeleteSubject 

func (m *MongoDB) DeleteSubject(hexId string, certid int) error

func (*MongoDB) Disconnect 

func (m *MongoDB) Disconnect() error

func (*MongoDB) FindAllSubjects 

func (m *MongoDB) FindAllSubjects() ([]*Subject, error)

func (*MongoDB) FindExpiringSubjects 

func (m *MongoDB) FindExpiringSubjects(hours int) ([]*Subject, error)

func (*MongoDB) FindManySubjects 

func (m *MongoDB) FindManySubjects(s []string, filter string) ([]Subject, error)

func (*MongoDB) FindSubject 

func (m *MongoDB) FindSubject(s string) (Subject, error)

func (*MongoDB) InsertSubject 

func (m *MongoDB) InsertSubject(s *Subject) error

func (*MongoDB) UpdateSubjCert 

func (m *MongoDB) UpdateSubjCert(certId *int, cert *string, na *time.Time, sn *big.Int) error

func (*MongoDB) UpdateUnreachable 

func (m *MongoDB) UpdateUnreachable(e *CheckCertEvent) error

type NewSubjectEvent 

type NewSubjectEvent struct {
	Subject    string
	Port       int32
	CSR        string
	PrivateKey string
	CertID     int
	OrderID    string
	AltNames   []string
	Targets    []string
}

func (NewSubjectEvent) GetMessage 

func (NewSubjectEvent) GetMessage() amqp.Publishing

type Rest 

type Rest struct {
	Url, Username, Password string
	CustomerURI             string `yaml:"customer_uri"`
	Endpoints               endpoints
}

type RestAPI 

type RestAPI struct {
	Client *resty.Client
	// contains filtered or unexported fields
}

func NewRestClient 

func NewRestClient(c *Config) *RestAPI

func (RestAPI) Collect 

func (r RestAPI) Collect(certId int) (*resty.Response, error)

func (RestAPI) Enroll 

func (r RestAPI) Enroll(s *Subject) (*resty.Response, error)

func (RestAPI) Revoke 

func (r RestAPI) Revoke(certId int, reason string) (*resty.Response, error)

func (RestAPI) VerifyStatusCode 

func (r RestAPI) VerifyStatusCode(res *resty.Response, expected int) error

type Revoke 

type Revoke struct {
	Reason string `json:"reason"`
}

type RevokeEvent 

type RevokeEvent struct {
	ID     string
	CertID int
}

func (RevokeEvent) GetMessage 

func (RevokeEvent) GetMessage() amqp.Publishing

type Subject 

type Subject struct {
	ID             primitive.ObjectID `bson:"_id"`
	Subject        string             `bson:"subject"`
	Port           int32              `bson:"port"`
	CSR            string             `bson:"csr"`
	PrivateKey     string             `bson:"private_key"`
	Certificate    string             `bson:"certificate,omitempty"`
	Serial         string             `bson:"serial"`
	CertID         int                `bson:"cert_id"`
	OrderID        string             `bson:"order_id"`
	NotAfter       time.Time          `bson:"not_after"`
	CreatedAt      time.Time          `bson:"created_at"`
	UpdatedAt      time.Time          `bson:"updated_at"`
	UnresolvableAt time.Time          `bson:"unresolvable_at,omitempty"`
	Targets        []string           `bson:"targets,omitempty"`
	AltNames       []string           `bson:"alt_names,omitempty"`
	Match          bool               `bson:"match"`
	Outdated       []string           `bson:"outdated,omitempty"`
}

func UnmarshalSubjMsg 

func UnmarshalSubjMsg(d *amqp.Delivery) (Subject, error)

func (Subject) GetMessage 

func (Subject) GetMessage() amqp.Publishing

Source Files

View all Source files

Directories

Path Synopsis
cmd
londo-admin
londo-checkerd
londo-client
londo-collectd
londo-dbd
londo-enrolld
londo-grpcd
londo-revoked
cmd/test
config
logger

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.