Generate PKI and start server using onboarding.

This commit is contained in:
Mariano Cano 2019-09-11 19:16:08 -07:00
parent bca5dcc326
commit 0efae31a29

View file

@ -18,13 +18,14 @@ import (
"time" "time"
"unicode" "unicode"
"github.com/smallstep/cli/crypto/randutil"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/ca"
"github.com/smallstep/cli/crypto/pki"
"github.com/smallstep/cli/crypto/randutil"
"github.com/smallstep/cli/errs" "github.com/smallstep/cli/errs"
"github.com/smallstep/cli/usage" "github.com/smallstep/cli/usage"
"github.com/smallstep/cli/utils"
"github.com/urfave/cli" "github.com/urfave/cli"
) )
@ -32,6 +33,7 @@ type onboardingConfiguration struct {
Name string `json:"name"` Name string `json:"name"`
DNS string `json:"dns"` DNS string `json:"dns"`
Address string `json:"address"` Address string `json:"address"`
password []byte
} }
type onboardingPayload struct { type onboardingPayload struct {
Fingerprint string `json:"fingerprint"` Fingerprint string `json:"fingerprint"`
@ -307,8 +309,7 @@ func onboardAction(ctx *cli.Context) error {
} }
var config onboardingConfiguration var config onboardingConfiguration
err = json.Unmarshal(body, &config) if err = json.Unmarshal(body, &config); err != nil {
if err != nil {
return errors.Wrap(err, "error unmarshaling response") return errors.Wrap(err, "error unmarshaling response")
} }
@ -316,17 +317,20 @@ func onboardAction(ctx *cli.Context) error {
if err != nil { if err != nil {
return err return err
} }
config.password = []byte(password)
caConfig, fp, err := onboardPKI(config)
if err != nil {
return err
}
fmt.Printf("Connected! Initializing step-ca with the following configuration...\n\n") fmt.Printf("Connected! Initializing step-ca with the following configuration...\n\n")
fmt.Printf("Name: %s\n", config.Name) fmt.Printf("Name: %s\n", config.Name)
fmt.Printf("DNS: %s\n", config.DNS) fmt.Printf("DNS: %s\n", config.DNS)
fmt.Printf("Address: %s\n", config.Address) fmt.Printf("Address: %s\n", config.Address)
fmt.Printf("Provisioner Password: %s\n\n", password) fmt.Printf("Password: %s\n\n", password)
// TODO actually initialize the CA config (automatically add an "admin" JWT provisioner) payload, err := json.Marshal(onboardingPayload{Fingerprint: fp})
// and start listening
// TODO get the root cert fingerprint to post back to the onboarding guide
payload, err := json.Marshal(onboardingPayload{Fingerprint: "foobarbatbaz"})
if err != nil { if err != nil {
return errors.Wrap(err, "error marshalling payload") return errors.Wrap(err, "error marshalling payload")
} }
@ -338,10 +342,61 @@ func onboardAction(ctx *cli.Context) error {
resp.Body.Close() resp.Body.Close()
fmt.Printf("Initialized!\n") fmt.Printf("Initialized!\n")
fmt.Printf("Step CA has been started. Please return to the onboarding guide in your browser to continue.\n") fmt.Printf("Step CA is starting. Please return to the onboarding guide in your browser to continue.\n")
for {
time.Sleep(1 * time.Second) srv, err := ca.New(caConfig, ca.WithPassword(config.password))
if err != nil {
fatal(err)
} }
go ca.StopReloaderHandler(srv)
if err = srv.Run(); err != nil && err != http.ErrServerClosed {
fatal(err)
}
return nil
}
func onboardPKI(config onboardingConfiguration) (*authority.Config, string, error) {
p, err := pki.New(pki.GetPublicPath(), pki.GetSecretsPath(), pki.GetConfigPath())
if err != nil {
return nil, "", err
}
p.SetAddress(config.Address)
p.SetDNSNames([]string{config.DNS})
rootCrt, rootKey, err := p.GenerateRootCertificate(config.Name+" Root CA", config.password)
if err != nil {
return nil, "", err
}
err = p.GenerateIntermediateCertificate(config.Name+" Intermediate CA", rootCrt, rootKey, config.password)
if err != nil {
return nil, "", err
}
// Generate provisioner
p.SetProvisioner("admin")
if err = p.GenerateKeyPairs(config.password); err != nil {
return nil, "", err
}
// Generate and write configuration
caConfig, err := p.GenerateConfig()
if err != nil {
return nil, "", err
}
b, err := json.MarshalIndent(caConfig, "", " ")
if err != nil {
return nil, "", errors.Wrapf(err, "error marshaling %s", p.GetCAConfigPath())
}
if err = utils.WriteFile(p.GetCAConfigPath(), b, 0666); err != nil {
return nil, "", errs.FileError(err, p.GetCAConfigPath())
}
return caConfig, p.GetRootFingerprint(), nil
} }
// fatal writes the passed error on the standard error and exits with the exit // fatal writes the passed error on the standard error and exits with the exit