diff options
author | Kiran <kiran.k.kamineni@intel.com> | 2018-02-05 14:04:32 -0800 |
---|---|---|
committer | Kiran <kiran.k.kamineni@intel.com> | 2018-02-05 14:19:57 -0800 |
commit | 53b6f4630af634272ed60d582f9bb29205c6ff17 (patch) | |
tree | 45f879bbdd86b9d47aa5a3527fcb32b4f68a961b /sms-service/src | |
parent | 611e20c99b004e5fd64e456986c172d80f34f125 (diff) |
Initial Project Structure
Includes a directory stucture for all the current components
The implemented code establishes a mTLS connection to client
and serves a GET status request
Other requests and handlers will come in future patches
Issue-ID: AAF-102
Change-Id: Ib3bca066586d23330b10550f83772ab11aacabc7
Signed-off-by: Kiran <kiran.k.kamineni@intel.com>
Diffstat (limited to 'sms-service/src')
-rw-r--r-- | sms-service/src/sms/Gopkg.lock | 134 | ||||
-rw-r--r-- | sms-service/src/sms/Gopkg.toml | 29 | ||||
-rw-r--r-- | sms-service/src/sms/auth/auth.go | 51 | ||||
-rw-r--r-- | sms-service/src/sms/backend/backend.go | 47 | ||||
-rw-r--r-- | sms-service/src/sms/backend/vault/vault.go | 56 | ||||
-rw-r--r-- | sms-service/src/sms/config/config.go | 52 | ||||
-rw-r--r-- | sms-service/src/sms/handler/handler.go | 105 | ||||
-rw-r--r-- | sms-service/src/sms/sms.go | 47 | ||||
-rw-r--r-- | sms-service/src/sms/smsconfig.json | 7 |
9 files changed, 528 insertions, 0 deletions
diff --git a/sms-service/src/sms/Gopkg.lock b/sms-service/src/sms/Gopkg.lock new file mode 100644 index 0000000..da2fafd --- /dev/null +++ b/sms-service/src/sms/Gopkg.lock @@ -0,0 +1,134 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + name = "github.com/fatih/structs" + packages = ["."] + revision = "a720dfa8df582c51dee1b36feabb906bde1588bd" + version = "v1.0" + +[[projects]] + branch = "master" + name = "github.com/golang/snappy" + packages = ["."] + revision = "553a641470496b2327abcac10b36396bd98e45c9" + +[[projects]] + name = "github.com/gorilla/context" + packages = ["."] + revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a" + version = "v1.1" + +[[projects]] + name = "github.com/gorilla/mux" + packages = ["."] + revision = "53c1911da2b537f792e7cafcb446b05ffe33b996" + version = "v1.6.1" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/errwrap" + packages = ["."] + revision = "7554cd9344cec97297fa6649b055a8c98c2a1e55" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/go-cleanhttp" + packages = ["."] + revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/go-multierror" + packages = ["."] + revision = "b7773ae218740a7be65057fc60b366a49b538a44" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/go-rootcerts" + packages = ["."] + revision = "6bb64b370b90e7ef1fa532be9e591a81c3493e00" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/hcl" + packages = [ + ".", + "hcl/ast", + "hcl/parser", + "hcl/scanner", + "hcl/strconv", + "hcl/token", + "json/parser", + "json/scanner", + "json/token" + ] + revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8" + +[[projects]] + name = "github.com/hashicorp/vault" + packages = [ + "api", + "helper/compressutil", + "helper/jsonutil", + "helper/parseutil" + ] + revision = "5acd6a21d5a69ab49d0f7c0bf540123a9b2c696d" + version = "v0.9.3" + +[[projects]] + branch = "master" + name = "github.com/mitchellh/go-homedir" + packages = ["."] + revision = "b8bc1bf767474819792c23f32d8286a45736f1c6" + +[[projects]] + branch = "master" + name = "github.com/mitchellh/mapstructure" + packages = ["."] + revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff" + +[[projects]] + branch = "master" + name = "github.com/sethgrid/pester" + packages = ["."] + revision = "760f8913c0483b776294e1bee43f1d687527127b" + +[[projects]] + branch = "master" + name = "golang.org/x/net" + packages = [ + "http2", + "http2/hpack", + "idna", + "lex/httplex" + ] + revision = "0ed95abb35c445290478a5348a7b38bb154135fd" + +[[projects]] + branch = "master" + name = "golang.org/x/text" + packages = [ + "collate", + "collate/build", + "internal/colltab", + "internal/gen", + "internal/tag", + "internal/triegen", + "internal/ucd", + "language", + "secure/bidirule", + "transform", + "unicode/bidi", + "unicode/cldr", + "unicode/norm", + "unicode/rangetable" + ] + revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + inputs-digest = "04ef42d3e34fec943a6bbcbde4a3caea30a3ca59d53faf7c99aa63094bea4e8f" + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/sms-service/src/sms/Gopkg.toml b/sms-service/src/sms/Gopkg.toml new file mode 100644 index 0000000..af2ce87 --- /dev/null +++ b/sms-service/src/sms/Gopkg.toml @@ -0,0 +1,29 @@ +# Gopkg.toml example +# +# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" + + +[[constraint]] + name = "github.com/gorilla/mux" + version = "1.6.1" + +[[constraint]] + name = "github.com/hashicorp/vault" + version = "0.9.3" diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go new file mode 100644 index 0000000..690fe62 --- /dev/null +++ b/sms-service/src/sms/auth/auth.go @@ -0,0 +1,51 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package auth + +import ( + "crypto/tls" + "crypto/x509" + "io/ioutil" + "log" +) + +var tlsConfig *tls.Config + +// GetTLSConfig initializes a tlsConfig using the CA's certificate +// This config is then used to enable the server for mutual TLS +func GetTLSConfig(caCertFile string) *tls.Config { + // Initialize tlsConfig once + if tlsConfig == nil { + caCert, err := ioutil.ReadFile(caCertFile) + + if err != nil { + log.Fatal("Error reading CA Certificate") + log.Fatal(err) + } + + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + tlsConfig = &tls.Config{ + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + tlsConfig.BuildNameToCertificate() + } + return tlsConfig +} diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go new file mode 100644 index 0000000..ceb28a4 --- /dev/null +++ b/sms-service/src/sms/backend/backend.go @@ -0,0 +1,47 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package backend + +import ( + vaultwrap "sms/backend/vault" +) + +// SecretDomain struct that will be passed around between http handler +// and code that interfaces with vault +type SecretDomain struct { + ID int + Name string + MountPoint string +} + +// SecretBackend interface that will be implemented for various secret backends +type SecretBackend interface { + Init() + + GetStatus() bool +} + +// InitSecretBackend returns an interface implementation +func InitSecretBackend() SecretBackend { + backendImpl := &vaultwrap.Vault{} + backendImpl.Init() + return backendImpl +} + +// LoginBackend Interface that will be implemented for various login backends +type LoginBackend interface { +} diff --git a/sms-service/src/sms/backend/vault/vault.go b/sms-service/src/sms/backend/vault/vault.go new file mode 100644 index 0000000..37cb19a --- /dev/null +++ b/sms-service/src/sms/backend/vault/vault.go @@ -0,0 +1,56 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package vault + +import ( + "fmt" + "log" + + vaultapi "github.com/hashicorp/vault/api" + smsConfig "sms/config" +) + +// Vault is the main Struct used in Backend to initialize the struct +type Vault struct { + vaultClient *vaultapi.Client +} + +// Init will initialize the vault connection +// TODO: Check to see if we need to wait for vault to be running +func (v *Vault) Init() { + vaultCFG := vaultapi.DefaultConfig() + vaultCFG.Address = smsConfig.SMSConfig.VaultAddress + + client, err := vaultapi.NewClient(vaultCFG) + if err != nil { + log.Fatal(err) + } + + v.vaultClient = client +} + +// GetStatus returns the current seal status of vault +func (v *Vault) GetStatus() bool { + sys := v.vaultClient.Sys() + fmt.Println(v.vaultClient.Address()) + sealStatus, err := sys.SealStatus() + if err != nil { + log.Fatal(err) + } + + return sealStatus.Sealed +} diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go new file mode 100644 index 0000000..d958e15 --- /dev/null +++ b/sms-service/src/sms/config/config.go @@ -0,0 +1,52 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package config + +import ( + "encoding/json" + "log" + "os" +) + +type SMSConfiguration struct { + CAFile string `json:"cafile"` + ServerCert string `json:"servercert"` + ServerKey string `json:"serverkey"` + + VaultAddress string `json:"vaultaddress"` +} + +// SMSConfig is the structure that stores the configuration +var SMSConfig *SMSConfiguration + +// ReadConfigFile reads the specified smsConfig file to setup some env variables +func ReadConfigFile(file string) *SMSConfiguration { + if SMSConfig == nil { + f, err := os.Open(file) + if err != nil { + log.Fatalf("Unable to find file %s", file) + } + + decoder := json.NewDecoder(f) + err = decoder.Decode(&SMSConfig) + if err != nil { + log.Fatal(err) + } + } + + return SMSConfig +} diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go new file mode 100644 index 0000000..79b8618 --- /dev/null +++ b/sms-service/src/sms/handler/handler.go @@ -0,0 +1,105 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package handler + +import ( + "encoding/json" + "net/http" + + "sms/backend" + + "github.com/gorilla/mux" +) + +type secretDomainJSON struct { + name string +} + +type secretKeyValue struct { + name string + value string +} + +type secretJSON struct { + name string + values []secretKeyValue +} + +type handler struct { + secretBackend backend.SecretBackend + loginBackend backend.LoginBackend +} + +// GetSecretDomainHandler returns list of secret domains +func (h handler) GetSecretDomainHandler(w http.ResponseWriter, r *http.Request) { + +} + +// CreateSecretDomainHandler creates a secret domain with a name provided +func (h handler) CreateSecretDomainHandler(w http.ResponseWriter, r *http.Request) { + var d secretDomainJSON + + err := json.NewDecoder(r.Body).Decode(&d) + if err != nil { + http.Error(w, err.Error(), 400) + return + } +} + +// DeleteSecretDomainHandler deletes a secret domain with the ID provided +func (h handler) DeleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) { + +} + +// struct that tracks various status items for SMS and backend +type status struct { + Seal bool `json:"sealstatus"` +} + +// StatusHandler returns information related to SMS and SMS backend services +func (h handler) StatusHandler(w http.ResponseWriter, r *http.Request) { + s := h.secretBackend.GetStatus() + status := status{Seal: s} + err := json.NewEncoder(w).Encode(status) + if err != nil { + http.Error(w, err.Error(), 400) + return + } +} + +// LoginHandler handles login via password and username +func (h handler) LoginHandler(w http.ResponseWriter, r *http.Request) { + +} + +// CreateRouter returns an http.Handler for the registered URLs +func CreateRouter(b backend.SecretBackend) http.Handler { + h := handler{secretBackend: b} + + // Create a new mux to handle URL endpoints + router := mux.NewRouter() + + router.HandleFunc("/v1/sms/login", h.LoginHandler).Methods("POST") + + router.HandleFunc("/v1/sms/status", h.StatusHandler).Methods("GET") + + router.HandleFunc("/v1/sms/domain", h.GetSecretDomainHandler).Methods("GET") + router.HandleFunc("/v1/sms/domain", h.CreateSecretDomainHandler).Methods("POST") + router.HandleFunc("/v1/sms/domain/{domName}", h.DeleteSecretDomainHandler).Methods("DELETE") + + return router +} diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go new file mode 100644 index 0000000..8fdf399 --- /dev/null +++ b/sms-service/src/sms/sms.go @@ -0,0 +1,47 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "log" + "net/http" + + smsauth "sms/auth" + smsbackend "sms/backend" + smsconfig "sms/config" + smshandler "sms/handler" +) + +func main() { + // Read Configuration File + smsConf := smsconfig.ReadConfigFile("smsconfig.json") + + backendImpl := smsbackend.InitSecretBackend() + httpRouter := smshandler.CreateRouter(backendImpl) + + // TODO: Use CA certificate from AAF + tlsConfig := smsauth.GetTLSConfig(smsConf.CAFile) + + httpServer := &http.Server{ + Handler: httpRouter, + Addr: ":10443", + TLSConfig: tlsConfig, + } + + err := httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey) + log.Fatal(err) +} diff --git a/sms-service/src/sms/smsconfig.json b/sms-service/src/sms/smsconfig.json new file mode 100644 index 0000000..ddb89d3 --- /dev/null +++ b/sms-service/src/sms/smsconfig.json @@ -0,0 +1,7 @@ +{ + "cafile": "auth/selfsignedca.pem", + "servercert": "auth/server_cat.cert", + "serverkey": "auth/server.key", + + "vaultaddress": "http://localhost:8200" +} |