Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
凌波微步_大先生
dashboard
提交
cdae55ef
D
dashboard
项目概览
凌波微步_大先生
/
dashboard
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dashboard
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
GitCode(gitcode.net)2024年7月9日维护升级公告
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
cdae55ef
编写于
1月 29, 2018
作者:
J
Jordan Liggitt
提交者:
Sebastian Florek
1月 29, 2018
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Auto-generate certs in-memory (#2795)
上级
2c7e17ea
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
54 addition
and
24 deletion
+54
-24
src/app/backend/cert/api/types.go
src/app/backend/cert/api/types.go
+6
-2
src/app/backend/cert/ecdsa/creator.go
src/app/backend/cert/ecdsa/creator.go
+13
-12
src/app/backend/cert/manager.go
src/app/backend/cert/manager.go
+13
-5
src/app/backend/dashboard.go
src/app/backend/dashboard.go
+22
-5
未找到文件。
src/app/backend/cert/api/types.go
浏览文件 @
cdae55ef
...
...
@@ -14,6 +14,8 @@
package
api
import
"crypto/tls"
const
(
// Certificate file names that will be generated by Dashboard
DashboardCertName
=
"dashboard.crt"
...
...
@@ -23,8 +25,8 @@ const (
// Manager is responsible for generating and storing self-signed certificates that can be used by Dashboard
// to serve over HTTPS.
type
Manager
interface
{
// Ge
nerateCertificates
generates self-signed certificates.
Ge
nerateCertificates
(
)
// Ge
tCertificates loads existing certificates or
generates self-signed certificates.
Ge
tCertificates
()
(
tls
.
Certificate
,
error
)
}
// Creator is responsible for preparing and generating certificates.
...
...
@@ -35,6 +37,8 @@ type Creator interface {
GenerateCertificate
(
key
interface
{})
[]
byte
// StoreCertificates saves certificates in a given path
StoreCertificates
(
path
string
,
key
interface
{},
certBytes
[]
byte
)
// KeyCertPEMBytes converts the key and cert to PEM format
KeyCertPEMBytes
(
key
interface
{},
certBytes
[]
byte
)
(
keyPEM
[]
byte
,
certPEM
[]
byte
,
err
error
)
// GetKeyFileName returns certificate key file name
GetKeyFileName
()
string
// GetCertFileName returns certificate file name
...
...
src/app/backend/cert/ecdsa/creator.go
浏览文件 @
cdae55ef
...
...
@@ -21,6 +21,7 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"io/ioutil"
"log"
"math/big"
"net"
...
...
@@ -76,26 +77,26 @@ func (self *ecdsaCreator) GenerateCertificate(key interface{}) []byte {
// StoreCertificates implements certificate Creator interface. See Creator for more information.
func
(
self
*
ecdsaCreator
)
StoreCertificates
(
path
string
,
key
interface
{},
certBytes
[]
byte
)
{
ecdsaKey
:=
self
.
getKey
(
key
)
certOut
,
err
:=
os
.
Create
(
path
+
string
(
os
.
PathSeparator
)
+
self
.
GetCertFileName
())
keyPEM
,
certPEM
,
err
:=
self
.
KeyCertPEMBytes
(
key
,
certBytes
)
if
err
!=
nil
{
log
.
Fatalf
(
"[ECDSAManager] Failed to marshal cert/key pair: %v"
,
err
)
}
if
err
:=
ioutil
.
WriteFile
(
path
+
string
(
os
.
PathSeparator
)
+
self
.
GetCertFileName
(),
certPEM
,
os
.
FileMode
(
0644
));
err
!=
nil
{
log
.
Fatalf
(
"[ECDSAManager] Failed to open %s for writing: %s"
,
self
.
GetCertFileName
(),
err
)
}
pem
.
Encode
(
certOut
,
&
pem
.
Block
{
Type
:
"CERTIFICATE"
,
Bytes
:
certBytes
})
certOut
.
Close
()
keyOut
,
err
:=
os
.
OpenFile
(
path
+
string
(
os
.
PathSeparator
)
+
self
.
GetKeyFileName
(),
os
.
O_WRONLY
|
os
.
O_CREATE
|
os
.
O_TRUNC
,
0600
)
if
err
!=
nil
{
if
err
:=
ioutil
.
WriteFile
(
path
+
string
(
os
.
PathSeparator
)
+
self
.
GetKeyFileName
(),
keyPEM
,
os
.
FileMode
(
0600
));
err
!=
nil
{
log
.
Fatalf
(
"[ECDSAManager] Failed to open %s for writing: %s"
,
self
.
GetKeyFileName
(),
err
)
}
}
marshaledKey
,
err
:=
x509
.
MarshalECPrivateKey
(
ecdsaKey
)
func
(
self
*
ecdsaCreator
)
KeyCertPEMBytes
(
key
interface
{},
certBytes
[]
byte
)
([]
byte
,
[]
byte
,
error
)
{
marshaledKey
,
err
:=
x509
.
MarshalECPrivateKey
(
self
.
getKey
(
key
))
if
err
!=
nil
{
log
.
Fatalf
(
"[ECDSAManager] Unable to marshal %s: %v"
,
self
.
GetKeyFileName
(),
err
)
return
nil
,
nil
,
err
}
pem
.
Encode
(
keyOut
,
&
pem
.
Block
{
Type
:
"EC PRIVATE KEY"
,
Bytes
:
marshaledKey
})
keyOut
.
Close
()
keyPEM
:=
pem
.
EncodeToMemory
(
&
pem
.
Block
{
Type
:
"EC PRIVATE KEY"
,
Bytes
:
marshaledKey
})
certPEM
:=
pem
.
EncodeToMemory
(
&
pem
.
Block
{
Type
:
"CERTIFICATE"
,
Bytes
:
certBytes
})
return
keyPEM
,
certPEM
,
nil
}
// GetKeyFileName implements certificate Creator interface. See Creator for more information.
...
...
src/app/backend/cert/manager.go
浏览文件 @
cdae55ef
...
...
@@ -15,6 +15,7 @@
package
cert
import
(
"crypto/tls"
"log"
"os"
...
...
@@ -28,16 +29,23 @@ type Manager struct {
}
// GenerateCertificates implements Manager interface. See Manager for more information.
func
(
self
*
Manager
)
Ge
nerateCertificates
(
)
{
func
(
self
*
Manager
)
Ge
tCertificates
()
(
tls
.
Certificate
,
error
)
{
if
self
.
keyFileExists
()
&&
self
.
certFileExists
()
{
log
.
Println
(
"Certificates already exist. Skipping."
)
return
log
.
Println
(
"Certificates already exist. Returning."
)
return
tls
.
LoadX509KeyPair
(
self
.
path
(
self
.
creator
.
GetCertFileName
()),
self
.
path
(
self
.
creator
.
GetKeyFileName
()),
)
}
key
:=
self
.
creator
.
GenerateKey
()
cert
:=
self
.
creator
.
GenerateCertificate
(
key
)
self
.
creator
.
StoreCertificates
(
self
.
certDir
,
key
,
cert
)
log
.
Println
(
"Successfuly created and stored certificates"
)
log
.
Println
(
"Successfully created certificates"
)
keyPEM
,
certPEM
,
err
:=
self
.
creator
.
KeyCertPEMBytes
(
key
,
cert
)
if
err
!=
nil
{
return
tls
.
Certificate
{},
err
}
return
tls
.
X509KeyPair
(
certPEM
,
keyPEM
)
}
func
(
self
*
Manager
)
keyFileExists
()
bool
{
...
...
src/app/backend/dashboard.go
浏览文件 @
cdae55ef
...
...
@@ -16,6 +16,7 @@ package main
import
(
"crypto/elliptic"
"crypto/tls"
"flag"
"fmt"
"log"
...
...
@@ -121,11 +122,24 @@ func main() {
handleFatalInitError
(
err
)
}
var
servingCerts
[]
tls
.
Certificate
if
args
.
Holder
.
GetAutoGenerateCertificates
()
{
log
.
Println
(
"Auto-generating certificates"
)
certCreator
:=
ecdsa
.
NewECDSACreator
(
args
.
Holder
.
GetKeyFile
(),
args
.
Holder
.
GetCertFile
(),
elliptic
.
P256
())
certManager
:=
cert
.
NewCertManager
(
certCreator
,
args
.
Holder
.
GetDefaultCertDir
())
certManager
.
GenerateCertificates
()
servingCert
,
err
:=
certManager
.
GetCertificates
()
if
err
!=
nil
{
handleFatalInitError
(
err
)
}
servingCerts
=
[]
tls
.
Certificate
{
servingCert
}
}
else
if
args
.
Holder
.
GetCertFile
()
!=
""
&&
args
.
Holder
.
GetKeyFile
()
!=
""
{
certFilePath
:=
args
.
Holder
.
GetDefaultCertDir
()
+
string
(
os
.
PathSeparator
)
+
args
.
Holder
.
GetCertFile
()
keyFilePath
:=
args
.
Holder
.
GetDefaultCertDir
()
+
string
(
os
.
PathSeparator
)
+
args
.
Holder
.
GetKeyFile
()
servingCert
,
err
:=
tls
.
LoadX509KeyPair
(
certFilePath
,
keyFilePath
)
if
err
!=
nil
{
handleFatalInitError
(
err
)
}
servingCerts
=
[]
tls
.
Certificate
{
servingCert
}
}
// Run a HTTP server that serves static public files from './public' and handles API calls.
...
...
@@ -138,12 +152,15 @@ func main() {
http
.
Handle
(
"/metrics"
,
prometheus
.
Handler
())
// Listen for http or https
if
args
.
Holder
.
GetCertFile
()
!=
""
&&
args
.
Holder
.
GetKeyFile
()
!=
""
{
certFilePath
:=
args
.
Holder
.
GetDefaultCertDir
()
+
string
(
os
.
PathSeparator
)
+
args
.
Holder
.
GetCertFile
()
keyFilePath
:=
args
.
Holder
.
GetDefaultCertDir
()
+
string
(
os
.
PathSeparator
)
+
args
.
Holder
.
GetKeyFile
()
if
servingCerts
!=
nil
{
log
.
Printf
(
"Serving securely on HTTPS port: %d"
,
args
.
Holder
.
GetPort
())
secureAddr
:=
fmt
.
Sprintf
(
"%s:%d"
,
args
.
Holder
.
GetBindAddress
(),
args
.
Holder
.
GetPort
())
go
func
()
{
log
.
Fatal
(
http
.
ListenAndServeTLS
(
secureAddr
,
certFilePath
,
keyFilePath
,
nil
))
}()
server
:=
&
http
.
Server
{
Addr
:
secureAddr
,
Handler
:
http
.
DefaultServeMux
,
TLSConfig
:
&
tls
.
Config
{
Certificates
:
servingCerts
},
}
go
func
()
{
log
.
Fatal
(
server
.
ListenAndServeTLS
(
""
,
""
))
}()
}
else
{
log
.
Printf
(
"Serving insecurely on HTTP port: %d"
,
args
.
Holder
.
GetInsecurePort
())
addr
:=
fmt
.
Sprintf
(
"%s:%d"
,
args
.
Holder
.
GetInsecureBindAddress
(),
args
.
Holder
.
GetInsecurePort
())
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录