summaryrefslogtreecommitdiffstats
path: root/sms-service/src
diff options
context:
space:
mode:
authorKiran <kiran.k.kamineni@intel.com>2018-02-05 14:04:32 -0800
committerKiran <kiran.k.kamineni@intel.com>2018-02-05 14:19:57 -0800
commit53b6f4630af634272ed60d582f9bb29205c6ff17 (patch)
tree45f879bbdd86b9d47aa5a3527fcb32b4f68a961b /sms-service/src
parent611e20c99b004e5fd64e456986c172d80f34f125 (diff)
Initial Project Structure
Includes a directory stucture for all the current components The implemented code establishes a mTLS connection to client and serves a GET status request Other requests and handlers will come in future patches Issue-ID: AAF-102 Change-Id: Ib3bca066586d23330b10550f83772ab11aacabc7 Signed-off-by: Kiran <kiran.k.kamineni@intel.com>
Diffstat (limited to 'sms-service/src')
-rw-r--r--sms-service/src/sms/Gopkg.lock134
-rw-r--r--sms-service/src/sms/Gopkg.toml29
-rw-r--r--sms-service/src/sms/auth/auth.go51
-rw-r--r--sms-service/src/sms/backend/backend.go47
-rw-r--r--sms-service/src/sms/backend/vault/vault.go56
-rw-r--r--sms-service/src/sms/config/config.go52
-rw-r--r--sms-service/src/sms/handler/handler.go105
-rw-r--r--sms-service/src/sms/sms.go47
-rw-r--r--sms-service/src/sms/smsconfig.json7
9 files changed, 528 insertions, 0 deletions
diff --git a/sms-service/src/sms/Gopkg.lock b/sms-service/src/sms/Gopkg.lock
new file mode 100644
index 0000000..da2fafd
--- /dev/null
+++ b/sms-service/src/sms/Gopkg.lock
@@ -0,0 +1,134 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+ name = "github.com/fatih/structs"
+ packages = ["."]
+ revision = "a720dfa8df582c51dee1b36feabb906bde1588bd"
+ version = "v1.0"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/golang/snappy"
+ packages = ["."]
+ revision = "553a641470496b2327abcac10b36396bd98e45c9"
+
+[[projects]]
+ name = "github.com/gorilla/context"
+ packages = ["."]
+ revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a"
+ version = "v1.1"
+
+[[projects]]
+ name = "github.com/gorilla/mux"
+ packages = ["."]
+ revision = "53c1911da2b537f792e7cafcb446b05ffe33b996"
+ version = "v1.6.1"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/hashicorp/errwrap"
+ packages = ["."]
+ revision = "7554cd9344cec97297fa6649b055a8c98c2a1e55"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/hashicorp/go-cleanhttp"
+ packages = ["."]
+ revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/hashicorp/go-multierror"
+ packages = ["."]
+ revision = "b7773ae218740a7be65057fc60b366a49b538a44"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/hashicorp/go-rootcerts"
+ packages = ["."]
+ revision = "6bb64b370b90e7ef1fa532be9e591a81c3493e00"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/hashicorp/hcl"
+ packages = [
+ ".",
+ "hcl/ast",
+ "hcl/parser",
+ "hcl/scanner",
+ "hcl/strconv",
+ "hcl/token",
+ "json/parser",
+ "json/scanner",
+ "json/token"
+ ]
+ revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8"
+
+[[projects]]
+ name = "github.com/hashicorp/vault"
+ packages = [
+ "api",
+ "helper/compressutil",
+ "helper/jsonutil",
+ "helper/parseutil"
+ ]
+ revision = "5acd6a21d5a69ab49d0f7c0bf540123a9b2c696d"
+ version = "v0.9.3"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/mitchellh/go-homedir"
+ packages = ["."]
+ revision = "b8bc1bf767474819792c23f32d8286a45736f1c6"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/mitchellh/mapstructure"
+ packages = ["."]
+ revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff"
+
+[[projects]]
+ branch = "master"
+ name = "github.com/sethgrid/pester"
+ packages = ["."]
+ revision = "760f8913c0483b776294e1bee43f1d687527127b"
+
+[[projects]]
+ branch = "master"
+ name = "golang.org/x/net"
+ packages = [
+ "http2",
+ "http2/hpack",
+ "idna",
+ "lex/httplex"
+ ]
+ revision = "0ed95abb35c445290478a5348a7b38bb154135fd"
+
+[[projects]]
+ branch = "master"
+ name = "golang.org/x/text"
+ packages = [
+ "collate",
+ "collate/build",
+ "internal/colltab",
+ "internal/gen",
+ "internal/tag",
+ "internal/triegen",
+ "internal/ucd",
+ "language",
+ "secure/bidirule",
+ "transform",
+ "unicode/bidi",
+ "unicode/cldr",
+ "unicode/norm",
+ "unicode/rangetable"
+ ]
+ revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3"
+
+[solve-meta]
+ analyzer-name = "dep"
+ analyzer-version = 1
+ inputs-digest = "04ef42d3e34fec943a6bbcbde4a3caea30a3ca59d53faf7c99aa63094bea4e8f"
+ solver-name = "gps-cdcl"
+ solver-version = 1
diff --git a/sms-service/src/sms/Gopkg.toml b/sms-service/src/sms/Gopkg.toml
new file mode 100644
index 0000000..af2ce87
--- /dev/null
+++ b/sms-service/src/sms/Gopkg.toml
@@ -0,0 +1,29 @@
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+# name = "github.com/user/project"
+# version = "1.0.0"
+#
+# [[constraint]]
+# name = "github.com/user/project2"
+# branch = "dev"
+# source = "github.com/myfork/project2"
+#
+# [[override]]
+# name = "github.com/x/y"
+# version = "2.4.0"
+
+
+[[constraint]]
+ name = "github.com/gorilla/mux"
+ version = "1.6.1"
+
+[[constraint]]
+ name = "github.com/hashicorp/vault"
+ version = "0.9.3"
diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
new file mode 100644
index 0000000..690fe62
--- /dev/null
+++ b/sms-service/src/sms/auth/auth.go
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "io/ioutil"
+ "log"
+)
+
+var tlsConfig *tls.Config
+
+// GetTLSConfig initializes a tlsConfig using the CA's certificate
+// This config is then used to enable the server for mutual TLS
+func GetTLSConfig(caCertFile string) *tls.Config {
+ // Initialize tlsConfig once
+ if tlsConfig == nil {
+ caCert, err := ioutil.ReadFile(caCertFile)
+
+ if err != nil {
+ log.Fatal("Error reading CA Certificate")
+ log.Fatal(err)
+ }
+
+ caCertPool := x509.NewCertPool()
+ caCertPool.AppendCertsFromPEM(caCert)
+
+ tlsConfig = &tls.Config{
+ ClientAuth: tls.RequireAndVerifyClientCert,
+ ClientCAs: caCertPool,
+ MinVersion: tls.VersionTLS12,
+ }
+ tlsConfig.BuildNameToCertificate()
+ }
+ return tlsConfig
+}
diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go
new file mode 100644
index 0000000..ceb28a4
--- /dev/null
+++ b/sms-service/src/sms/backend/backend.go
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package backend
+
+import (
+ vaultwrap "sms/backend/vault"
+)
+
+// SecretDomain struct that will be passed around between http handler
+// and code that interfaces with vault
+type SecretDomain struct {
+ ID int
+ Name string
+ MountPoint string
+}
+
+// SecretBackend interface that will be implemented for various secret backends
+type SecretBackend interface {
+ Init()
+
+ GetStatus() bool
+}
+
+// InitSecretBackend returns an interface implementation
+func InitSecretBackend() SecretBackend {
+ backendImpl := &vaultwrap.Vault{}
+ backendImpl.Init()
+ return backendImpl
+}
+
+// LoginBackend Interface that will be implemented for various login backends
+type LoginBackend interface {
+}
diff --git a/sms-service/src/sms/backend/vault/vault.go b/sms-service/src/sms/backend/vault/vault.go
new file mode 100644
index 0000000..37cb19a
--- /dev/null
+++ b/sms-service/src/sms/backend/vault/vault.go
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package vault
+
+import (
+ "fmt"
+ "log"
+
+ vaultapi "github.com/hashicorp/vault/api"
+ smsConfig "sms/config"
+)
+
+// Vault is the main Struct used in Backend to initialize the struct
+type Vault struct {
+ vaultClient *vaultapi.Client
+}
+
+// Init will initialize the vault connection
+// TODO: Check to see if we need to wait for vault to be running
+func (v *Vault) Init() {
+ vaultCFG := vaultapi.DefaultConfig()
+ vaultCFG.Address = smsConfig.SMSConfig.VaultAddress
+
+ client, err := vaultapi.NewClient(vaultCFG)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ v.vaultClient = client
+}
+
+// GetStatus returns the current seal status of vault
+func (v *Vault) GetStatus() bool {
+ sys := v.vaultClient.Sys()
+ fmt.Println(v.vaultClient.Address())
+ sealStatus, err := sys.SealStatus()
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ return sealStatus.Sealed
+}
diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go
new file mode 100644
index 0000000..d958e15
--- /dev/null
+++ b/sms-service/src/sms/config/config.go
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package config
+
+import (
+ "encoding/json"
+ "log"
+ "os"
+)
+
+type SMSConfiguration struct {
+ CAFile string `json:"cafile"`
+ ServerCert string `json:"servercert"`
+ ServerKey string `json:"serverkey"`
+
+ VaultAddress string `json:"vaultaddress"`
+}
+
+// SMSConfig is the structure that stores the configuration
+var SMSConfig *SMSConfiguration
+
+// ReadConfigFile reads the specified smsConfig file to setup some env variables
+func ReadConfigFile(file string) *SMSConfiguration {
+ if SMSConfig == nil {
+ f, err := os.Open(file)
+ if err != nil {
+ log.Fatalf("Unable to find file %s", file)
+ }
+
+ decoder := json.NewDecoder(f)
+ err = decoder.Decode(&SMSConfig)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+
+ return SMSConfig
+}
diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go
new file mode 100644
index 0000000..79b8618
--- /dev/null
+++ b/sms-service/src/sms/handler/handler.go
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package handler
+
+import (
+ "encoding/json"
+ "net/http"
+
+ "sms/backend"
+
+ "github.com/gorilla/mux"
+)
+
+type secretDomainJSON struct {
+ name string
+}
+
+type secretKeyValue struct {
+ name string
+ value string
+}
+
+type secretJSON struct {
+ name string
+ values []secretKeyValue
+}
+
+type handler struct {
+ secretBackend backend.SecretBackend
+ loginBackend backend.LoginBackend
+}
+
+// GetSecretDomainHandler returns list of secret domains
+func (h handler) GetSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
+
+}
+
+// CreateSecretDomainHandler creates a secret domain with a name provided
+func (h handler) CreateSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
+ var d secretDomainJSON
+
+ err := json.NewDecoder(r.Body).Decode(&d)
+ if err != nil {
+ http.Error(w, err.Error(), 400)
+ return
+ }
+}
+
+// DeleteSecretDomainHandler deletes a secret domain with the ID provided
+func (h handler) DeleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
+
+}
+
+// struct that tracks various status items for SMS and backend
+type status struct {
+ Seal bool `json:"sealstatus"`
+}
+
+// StatusHandler returns information related to SMS and SMS backend services
+func (h handler) StatusHandler(w http.ResponseWriter, r *http.Request) {
+ s := h.secretBackend.GetStatus()
+ status := status{Seal: s}
+ err := json.NewEncoder(w).Encode(status)
+ if err != nil {
+ http.Error(w, err.Error(), 400)
+ return
+ }
+}
+
+// LoginHandler handles login via password and username
+func (h handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
+
+}
+
+// CreateRouter returns an http.Handler for the registered URLs
+func CreateRouter(b backend.SecretBackend) http.Handler {
+ h := handler{secretBackend: b}
+
+ // Create a new mux to handle URL endpoints
+ router := mux.NewRouter()
+
+ router.HandleFunc("/v1/sms/login", h.LoginHandler).Methods("POST")
+
+ router.HandleFunc("/v1/sms/status", h.StatusHandler).Methods("GET")
+
+ router.HandleFunc("/v1/sms/domain", h.GetSecretDomainHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain", h.CreateSecretDomainHandler).Methods("POST")
+ router.HandleFunc("/v1/sms/domain/{domName}", h.DeleteSecretDomainHandler).Methods("DELETE")
+
+ return router
+}
diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go
new file mode 100644
index 0000000..8fdf399
--- /dev/null
+++ b/sms-service/src/sms/sms.go
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+ "log"
+ "net/http"
+
+ smsauth "sms/auth"
+ smsbackend "sms/backend"
+ smsconfig "sms/config"
+ smshandler "sms/handler"
+)
+
+func main() {
+ // Read Configuration File
+ smsConf := smsconfig.ReadConfigFile("smsconfig.json")
+
+ backendImpl := smsbackend.InitSecretBackend()
+ httpRouter := smshandler.CreateRouter(backendImpl)
+
+ // TODO: Use CA certificate from AAF
+ tlsConfig := smsauth.GetTLSConfig(smsConf.CAFile)
+
+ httpServer := &http.Server{
+ Handler: httpRouter,
+ Addr: ":10443",
+ TLSConfig: tlsConfig,
+ }
+
+ err := httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey)
+ log.Fatal(err)
+}
diff --git a/sms-service/src/sms/smsconfig.json b/sms-service/src/sms/smsconfig.json
new file mode 100644
index 0000000..ddb89d3
--- /dev/null
+++ b/sms-service/src/sms/smsconfig.json
@@ -0,0 +1,7 @@
+{
+ "cafile": "auth/selfsignedca.pem",
+ "servercert": "auth/server_cat.cert",
+ "serverkey": "auth/server.key",
+
+ "vaultaddress": "http://localhost:8200"
+}