|
|
|
@ -19,9 +19,10 @@ package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"flag"
|
|
|
|
|
"log"
|
|
|
|
|
"os"
|
|
|
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
|
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/config"
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/health"
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/hsm"
|
|
|
|
@ -42,19 +43,21 @@ const (
|
|
|
|
|
func main() {
|
|
|
|
|
var (
|
|
|
|
|
showVersion, setupMode, verbose bool
|
|
|
|
|
signerConfigFile string
|
|
|
|
|
infoLog, errorLog *log.Logger
|
|
|
|
|
signerConfigFile, logLevel string
|
|
|
|
|
logger *logrus.Logger
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
infoLog = log.New(os.Stdout, "INFO ", log.Ldate|log.Lmicroseconds|log.LUTC)
|
|
|
|
|
errorLog = log.New(os.Stderr, "ERROR ", log.Ldate|log.Lmicroseconds|log.LUTC)
|
|
|
|
|
logger = logrus.New()
|
|
|
|
|
logger.SetOutput(os.Stdout)
|
|
|
|
|
logger.SetLevel(logrus.InfoLevel)
|
|
|
|
|
|
|
|
|
|
infoLog.Printf("cacert-gosigner %s (%s) - built %s\n", version, commit, date)
|
|
|
|
|
logger.Infof("cacert-gosigner %s (%s) - built %s\n", version, commit, date)
|
|
|
|
|
|
|
|
|
|
flag.StringVar(&signerConfigFile, "config", defaultSignerConfigFile, "signer configuration file")
|
|
|
|
|
flag.BoolVar(&showVersion, "version", false, "show version")
|
|
|
|
|
flag.BoolVar(&setupMode, "setup", false, "setup mode")
|
|
|
|
|
flag.BoolVar(&verbose, "verbose", false, "verbose output")
|
|
|
|
|
flag.StringVar(&logLevel, "loglevel", "INFO", "log level")
|
|
|
|
|
|
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
|
@ -62,9 +65,16 @@ func main() {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
caConfig := LoadConfig(signerConfigFile, errorLog)
|
|
|
|
|
parsedLevel, err := logrus.ParseLevel(logLevel)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Fatalf("could not parse log level: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logger.SetLevel(parsedLevel)
|
|
|
|
|
|
|
|
|
|
caConfig := LoadConfig(signerConfigFile, logger)
|
|
|
|
|
|
|
|
|
|
access := initializeHSM(caConfig, setupMode, verbose, infoLog, errorLog)
|
|
|
|
|
access := initializeHSM(caConfig, setupMode, verbose, logger)
|
|
|
|
|
|
|
|
|
|
if setupMode {
|
|
|
|
|
return
|
|
|
|
@ -72,32 +82,32 @@ func main() {
|
|
|
|
|
|
|
|
|
|
healthHandler := health.New(version, access)
|
|
|
|
|
|
|
|
|
|
proto, err := protocol.New(infoLog, errorLog, protocol.RegisterHealthHandler(healthHandler))
|
|
|
|
|
proto, err := protocol.New(logger, protocol.RegisterHealthHandler(healthHandler))
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not setup protocol handler: %v", err)
|
|
|
|
|
logger.Fatalf("could not setup protocol handler: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
serialHandler, err := seriallink.New(caConfig.GetSerial(), proto)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not setup serial link handler: %v", err)
|
|
|
|
|
logger.Fatalf("could not setup serial link handler: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
defer func() { _ = serialHandler.Close() }()
|
|
|
|
|
|
|
|
|
|
if err = serialHandler.Run(); err != nil {
|
|
|
|
|
errorLog.Fatalf("error in serial handler: %v", err)
|
|
|
|
|
logger.Fatalf("error in serial handler: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
infoLog.Print("setup complete, starting signer operation")
|
|
|
|
|
logger.Infof("setup complete, starting signer operation")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func initializeHSM(caConfig *config.SignerConfig, setupMode, verbose bool, infoLog, errorLog *log.Logger) *hsm.Access {
|
|
|
|
|
func initializeHSM(caConfig *config.SignerConfig, setupMode, verbose bool, logger *logrus.Logger) *hsm.Access {
|
|
|
|
|
opts := make([]hsm.ConfigOption, 0)
|
|
|
|
|
|
|
|
|
|
opts = append(opts, hsm.CaConfigOption(caConfig))
|
|
|
|
|
|
|
|
|
|
if setupMode {
|
|
|
|
|
infoLog.Print("running in setup mode")
|
|
|
|
|
logger.Infof("running in setup mode")
|
|
|
|
|
|
|
|
|
|
opts = append(opts, hsm.SetupModeOption())
|
|
|
|
|
}
|
|
|
|
@ -106,28 +116,28 @@ func initializeHSM(caConfig *config.SignerConfig, setupMode, verbose bool, infoL
|
|
|
|
|
opts = append(opts, hsm.VerboseLoggingOption())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
access, err := hsm.NewAccess(infoLog, opts...)
|
|
|
|
|
access, err := hsm.NewAccess(logger, opts...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not setup HSM access: %v", err)
|
|
|
|
|
logger.Fatalf("could not setup HSM access: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = access.EnsureCAKeysAndCertificates()
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not ensure CA keys and certificates exist: %v", err)
|
|
|
|
|
logger.Fatalf("could not ensure CA keys and certificates exist: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return access
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func LoadConfig(signerConfigFile string, errorLog *log.Logger) *config.SignerConfig {
|
|
|
|
|
func LoadConfig(signerConfigFile string, logger *logrus.Logger) *config.SignerConfig {
|
|
|
|
|
configFile, err := os.Open(signerConfigFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not open signer configuration file %s: %v", signerConfigFile, err)
|
|
|
|
|
logger.Fatalf("could not open signer configuration file %s: %v", signerConfigFile, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
caConfig, err := config.LoadConfiguration(configFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorLog.Fatalf("could not load CA hierarchy: %v", err)
|
|
|
|
|
logger.Fatalf("could not load CA hierarchy: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return caConfig
|
|
|
|
|