Permalink
Browse files

Automate server and client configuration setup

  • Loading branch information...
cesarghali committed Oct 19, 2016
1 parent b42ed90 commit def5c8b643c212af6ad223fe0acd285f65e34bdd
View
18 .env
@@ -9,14 +9,14 @@ ETCD_INITIAL_CLUSTER="infra1=http://127.0.0.1:12380,infra2=http://127.0.0.1:2238
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster-1
ETCD_LOG_PACKAGE_LEVELS="*=WARNING"
LISTEN_IP="localhost" # To listen on all IPs, use empty string.
DB="testdata/tree-db.sqlite3"
KEY="testdata/server.key"
CERT="testdata/server.crt"
VRF_PRIV="testdata/vrf-key.pem"
VRF_PUB="testdata/vrf-pubkey.pem"
SIGN_KEY="testdata/p256-key.pem"
CTLOG="http://107.178.246.112"
DOMAIN="example.com"
SIGN_PERIOD_SEC=5
GOOGLE_APPLICATION_CREDENTIALS="testdata/service_key.json"
GOOGLE_APPLICATION_CREDENTIALS="service_key.json"
DOMAIN="example.com"
DB="genfiles/key-transparency-db.sqlite3"
LISTEN_IP="localhost" # To listen on all IPs, use empty string.
KEY="genfiles/server.key"
CERT="genfiles/server.crt"
VRF_PRIV="genfiles/vrf-key.pem"
VRF_PUB="genfiles/vrf-pubkey.pem"
SIGN_KEY="genfiles/p256-key.pem"
View
@@ -7,8 +7,5 @@ key-transparency-signer
key-transparency-client
infra*.etcd
testdata/*.pem
testdata/*.json
testdata/*.sqlite3
testdata/server.*
genfiles/*
.key-transparency-scts.dat
View
@@ -1,8 +1,8 @@
ct-key: "../certificate-transparency/test/testdata/ct-server-key-public.pem"
ct-url: "http://107.178.246.112"
vrf: "testdata/vrf-pubkey.pem"
domain: "example.com"
kt-key: "testdata/server.crt"
kt-sig: "testdata/p256-pubkey.pem"
domain: "example.com"
kt-url: "localhost:5003"
client-secret: "testdata/client_secret.json"
client-secret: "client_secret.json"
View
@@ -12,9 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: etcd --name infra1 --listen-client-urls $LISTEN1 --advertise-client-urls $LISTEN1 --listen-peer-urls $PEER1 --initial-advertise-peer-urls $PEER1 --enable-pprof
etcd1: etcd --name infra1 --listen-client-urls $LISTEN1 --advertise-client-urls $LISTEN1 --listen-peer-urls $PEER1 --initial-advertise-peer-urls $PEER1 --enable-pprof
etcd2: etcd --name infra2 --listen-client-urls $LISTEN2 --advertise-client-urls $LISTEN2 --listen-peer-urls $PEER2 --initial-advertise-peer-urls $PEER2 --enable-pprof
etcd3: etcd --name infra3 --listen-client-urls $LISTEN3 --advertise-client-urls $LISTEN3 --listen-peer-urls $PEER3 --initial-advertise-peer-urls $PEER3 --enable-pprof
web: ./key-transparency-server --addr=$LISTEN_IP:$PORT --key=$KEY --cert=$CERT --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --vrf=$VRF_PRIV
sign: ./key-transparency-signer --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --period=$SIGN_PERIOD_SEC --key=$SIGN_KEY
frontend: ./key-transparency-server --addr=$LISTEN_IP:$PORT --key=$KEY --cert=$CERT --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --vrf=$VRF_PRIV
backend: ./key-transparency-signer --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --period=$SIGN_PERIOD_SEC --key=$SIGN_KEY
@@ -13,13 +13,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Package authentication implements authentication mechanisms.
#
# The Transparent Key Server is designed to be used by identity providers -
# IdP in OAuth parlance. OAuth2 Access Tokens may be provided as
# authentication information, which can be resolved to user information and
# associated scopes on the backend.
COMMONNAME=""
ADDRESS=""
@@ -42,6 +35,10 @@ if [[ -n "${ADDRESS}" ]]; then
SANEXT="${SANEXT},IP.2:${ADDRESS}"
fi
# Create output directory.
mkdir -p "${GOPATH}/src/github.com/google/key-transparency/genfiles"
cd "${GOPATH}/src/github.com/google/key-transparency/genfiles"
# Generate TLS keys.
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
@@ -58,11 +55,6 @@ openssl x509 -req -days 365 -in server.csr -signkey server.key \
-out server.crt -extensions SAN \
-extfile <(printf "${SANEXT}")
# Generate signature keys.
openssl ecparam -name prime256v1 -genkey -noout -out p256-key.pem
chmod 600 p256-key.pem
openssl ec -in p256-key.pem -pubout -out p256-pubkey.pem
# Generate VRF keys.
openssl ecparam -name prime256v1 -genkey -noout -out vrf-key.pem
chmod 600 vrf-key.pem
View
@@ -0,0 +1,24 @@
#!/bin/bash
# Copyright 2016 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create output directory.
mkdir -p "${GOPATH}/src/github.com/google/key-transparency/genfiles"
cd "${GOPATH}/src/github.com/google/key-transparency/genfiles"
# Generate signature keys.
openssl ecparam -name prime256v1 -genkey -noout -out p256-key.pem
chmod 600 p256-key.pem
openssl ec -in p256-key.pem -pubout -out p256-pubkey.pem
View
@@ -0,0 +1,70 @@
#!/bin/bash
# Copyright 2016 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
VRFDEFAULT="testdata/vrf-pubkey.pem"
VRF=""
KTKEYDEFAULT="testdata/server.crt"
KTKEY=""
SIGKEYDEFAULT="testdata/p256-pubkey.pem"
SIGKEY=""
DOMAIN=""
KTURL=""
CLIENTSECRET=""
##################################
##### Collecting information #####
##################################
read -p "Key Transparency VRF verification key (default=${VRFDEFAULT}): " VRF
if [[ -z "${VRF}" ]]; then
VRF="${VRFDEFAULT}"
fi
read -p "Key Transparency gRPC/HTTPs certificate (default=${KTKEYDEFAULT}): " KTKEY
if [[ -z "${KTKEY}" ]]; then
KTKEY="${KTKEYDEFAULT}"
fi
read -p "Key Transparency signature verification key (default=${SIGKEYDEFAULT}): " SIGKEY
if [[ -z "${SIGKEY}" ]]; then
SIGKEY="${SIGKEYDEFAULT}"
fi
read -p "Key Transparency domain name: " DOMAIN
read -p "Key Transparency URL and port (url:port): " KTURL
read -p "Path to client secret file: " CLIENTSECRET
#####################
##### Executing #####
#####################
cd "${GOPATH}/src/github.com/google/key-transparency"
# Building binaries.
go build ./cmd/key-transparency-client
# Generate .key-transparency.yaml file.
KTYAML="ct-key: \"../certificate-transparency/test/testdata/ct-server-key-public.pem\"
ct-url: \"http://107.178.246.112\"
vrf: \"${VRF}\"
kt-key: \"${KTKEY}\"
kt-sig: \"${SIGKEY}\"
domain: \"${DOMAIN}\"
kt-url: \"${KTURL}\"
client-secret: \"${CLIENTSECRET}\""
printf "%s\n" "${KTYAML}" > .key-transparency.yaml
Oops, something went wrong.

0 comments on commit def5c8b

Please sign in to comment.