Permalink
Browse files

Automate server and client configuration setup

  • Loading branch information...
1 parent b42ed90 commit def5c8b643c212af6ad223fe0acd285f65e34bdd @cesarghali cesarghali committed Oct 19, 2016
View
@@ -9,14 +9,14 @@ ETCD_INITIAL_CLUSTER="infra1=http://127.0.0.1:12380,infra2=http://127.0.0.1:2238
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster-1
ETCD_LOG_PACKAGE_LEVELS="*=WARNING"
-LISTEN_IP="localhost" # To listen on all IPs, use empty string.
-DB="testdata/tree-db.sqlite3"
-KEY="testdata/server.key"
-CERT="testdata/server.crt"
-VRF_PRIV="testdata/vrf-key.pem"
-VRF_PUB="testdata/vrf-pubkey.pem"
-SIGN_KEY="testdata/p256-key.pem"
CTLOG="http://107.178.246.112"
-DOMAIN="example.com"
SIGN_PERIOD_SEC=5
-GOOGLE_APPLICATION_CREDENTIALS="testdata/service_key.json"
+GOOGLE_APPLICATION_CREDENTIALS="service_key.json"
+DOMAIN="example.com"
+DB="genfiles/key-transparency-db.sqlite3"
+LISTEN_IP="localhost" # To listen on all IPs, use empty string.
+KEY="genfiles/server.key"
+CERT="genfiles/server.crt"
+VRF_PRIV="genfiles/vrf-key.pem"
+VRF_PUB="genfiles/vrf-pubkey.pem"
+SIGN_KEY="genfiles/p256-key.pem"
View
@@ -7,8 +7,5 @@ key-transparency-signer
key-transparency-client
infra*.etcd
-testdata/*.pem
-testdata/*.json
-testdata/*.sqlite3
-testdata/server.*
+genfiles/*
.key-transparency-scts.dat
@@ -1,8 +1,8 @@
ct-key: "../certificate-transparency/test/testdata/ct-server-key-public.pem"
ct-url: "http://107.178.246.112"
vrf: "testdata/vrf-pubkey.pem"
-domain: "example.com"
kt-key: "testdata/server.crt"
kt-sig: "testdata/p256-pubkey.pem"
+domain: "example.com"
kt-url: "localhost:5003"
-client-secret: "testdata/client_secret.json"
+client-secret: "client_secret.json"
View
@@ -12,9 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: etcd --name infra1 --listen-client-urls $LISTEN1 --advertise-client-urls $LISTEN1 --listen-peer-urls $PEER1 --initial-advertise-peer-urls $PEER1 --enable-pprof
+etcd1: etcd --name infra1 --listen-client-urls $LISTEN1 --advertise-client-urls $LISTEN1 --listen-peer-urls $PEER1 --initial-advertise-peer-urls $PEER1 --enable-pprof
etcd2: etcd --name infra2 --listen-client-urls $LISTEN2 --advertise-client-urls $LISTEN2 --listen-peer-urls $PEER2 --initial-advertise-peer-urls $PEER2 --enable-pprof
etcd3: etcd --name infra3 --listen-client-urls $LISTEN3 --advertise-client-urls $LISTEN3 --listen-peer-urls $PEER3 --initial-advertise-peer-urls $PEER3 --enable-pprof
-web: ./key-transparency-server --addr=$LISTEN_IP:$PORT --key=$KEY --cert=$CERT --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --vrf=$VRF_PRIV
-sign: ./key-transparency-signer --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --period=$SIGN_PERIOD_SEC --key=$SIGN_KEY
+frontend: ./key-transparency-server --addr=$LISTEN_IP:$PORT --key=$KEY --cert=$CERT --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --vrf=$VRF_PRIV
+backend: ./key-transparency-signer --domain=$DOMAIN --db=$DB --maplog=$CTLOG --etcd=$LISTEN --period=$SIGN_PERIOD_SEC --key=$SIGN_KEY
@@ -13,13 +13,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-# Package authentication implements authentication mechanisms.
-#
-# The Transparent Key Server is designed to be used by identity providers -
-# IdP in OAuth parlance. OAuth2 Access Tokens may be provided as
-# authentication information, which can be resolved to user information and
-# associated scopes on the backend.
COMMONNAME=""
ADDRESS=""
@@ -42,6 +35,10 @@ if [[ -n "${ADDRESS}" ]]; then
SANEXT="${SANEXT},IP.2:${ADDRESS}"
fi
+# Create output directory.
+mkdir -p "${GOPATH}/src/github.com/google/key-transparency/genfiles"
+cd "${GOPATH}/src/github.com/google/key-transparency/genfiles"
+
# Generate TLS keys.
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
@@ -58,11 +55,6 @@ openssl x509 -req -days 365 -in server.csr -signkey server.key \
-out server.crt -extensions SAN \
-extfile <(printf "${SANEXT}")
-# Generate signature keys.
-openssl ecparam -name prime256v1 -genkey -noout -out p256-key.pem
-chmod 600 p256-key.pem
-openssl ec -in p256-key.pem -pubout -out p256-pubkey.pem
-
# Generate VRF keys.
openssl ecparam -name prime256v1 -genkey -noout -out vrf-key.pem
chmod 600 vrf-key.pem
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Create output directory.
+mkdir -p "${GOPATH}/src/github.com/google/key-transparency/genfiles"
+cd "${GOPATH}/src/github.com/google/key-transparency/genfiles"
+
+# Generate signature keys.
+openssl ecparam -name prime256v1 -genkey -noout -out p256-key.pem
+chmod 600 p256-key.pem
+openssl ec -in p256-key.pem -pubout -out p256-pubkey.pem
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+VRFDEFAULT="testdata/vrf-pubkey.pem"
+VRF=""
+KTKEYDEFAULT="testdata/server.crt"
+KTKEY=""
+SIGKEYDEFAULT="testdata/p256-pubkey.pem"
+SIGKEY=""
+DOMAIN=""
+KTURL=""
+CLIENTSECRET=""
+
+##################################
+##### Collecting information #####
+##################################
+
+read -p "Key Transparency VRF verification key (default=${VRFDEFAULT}): " VRF
+if [[ -z "${VRF}" ]]; then
+ VRF="${VRFDEFAULT}"
+fi
+
+read -p "Key Transparency gRPC/HTTPs certificate (default=${KTKEYDEFAULT}): " KTKEY
+if [[ -z "${KTKEY}" ]]; then
+ KTKEY="${KTKEYDEFAULT}"
+fi
+
+read -p "Key Transparency signature verification key (default=${SIGKEYDEFAULT}): " SIGKEY
+if [[ -z "${SIGKEY}" ]]; then
+ SIGKEY="${SIGKEYDEFAULT}"
+fi
+
+read -p "Key Transparency domain name: " DOMAIN
+read -p "Key Transparency URL and port (url:port): " KTURL
+read -p "Path to client secret file: " CLIENTSECRET
+
+
+#####################
+##### Executing #####
+#####################
+
+cd "${GOPATH}/src/github.com/google/key-transparency"
+
+# Building binaries.
+go build ./cmd/key-transparency-client
+
+# Generate .key-transparency.yaml file.
+KTYAML="ct-key: \"../certificate-transparency/test/testdata/ct-server-key-public.pem\"
+ct-url: \"http://107.178.246.112\"
+vrf: \"${VRF}\"
+kt-key: \"${KTKEY}\"
+kt-sig: \"${SIGKEY}\"
+domain: \"${DOMAIN}\"
+kt-url: \"${KTURL}\"
+client-secret: \"${CLIENTSECRET}\""
+
+printf "%s\n" "${KTYAML}" > .key-transparency.yaml
Oops, something went wrong.

0 comments on commit def5c8b

Please sign in to comment.