Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main
- import (
- "bufio"
- "bytes"
- "context"
- "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/pem"
- "log"
- "math/big"
- "os"
- "time"
- v0 "github.com/signalsciences/sigsci/cloudwaf/proto/provisioning/v0"
- "github.com/signalsciences/sigsci/lib/service/cloudwafprovisioning"
- "github.com/signalsciences/sigsci/lib/slog"
- )
- func main() {
- logger := slog.NewRootLogger("cloudwaf_provisioning", "main", os.Stderr)
- cwpsSRVName := "127.0.0.1:50053"
- conn, err := cloudwafprovisioning.InsecureInitialize(cwpsSRVName)
- if err != nil {
- log.Printf("CWPS.Initialize error=%v", err)
- }
- if err != nil {
- logger.Error(err).Log("Could not initialize app")
- os.Exit(1)
- }
- defer conn.Close()
- client, err := cloudwafprovisioning.ProvideClient(conn, "us-west-2")
- if err != nil {
- logger.Error(err).Log("Could not provide client")
- os.Exit(1)
- }
- uploadCert(client, logger)
- listCerts(client, logger)
- //deleteCert(client, logger)
- //listCerts(client, logger)
- }
- func genTestPEMs(cert *x509.Certificate) []byte {
- return pem.EncodeToMemory(&pem.Block{
- Type: "CERTIFICATE",
- Bytes: cert.Raw,
- })
- }
- func genTestCertWithPrivKey(host string) *x509.Certificate {
- return genTestCert(host, genTestPrivKey())
- }
- func genTestPrivKey() *rsa.PrivateKey {
- key, err := rsa.GenerateKey(rand.Reader, 2048)
- if err != nil {
- panic(err)
- }
- return key
- }
- func genTestCert(host string, key *rsa.PrivateKey) *x509.Certificate {
- template := &x509.Certificate{
- Subject: pkix.Name{
- Organization: []string{"Acme Co"},
- },
- NotBefore: time.Now(),
- NotAfter: time.Now().Add(1 * time.Minute),
- SerialNumber: big.NewInt(46546),
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
- BasicConstraintsValid: true,
- IsCA: true,
- DNSNames: []string{host},
- }
- cert, err := x509.CreateCertificate(
- rand.Reader,
- template,
- template,
- &key.PublicKey,
- key,
- )
- if err != nil {
- panic(err)
- }
- c, err := x509.ParseCertificate(cert)
- if err != nil {
- panic(err)
- }
- return c
- }
- func deleteCert(client v0.ProvisioningClient, logger slog.Slogger) {
- // try deleting certs
- resp, err := client.DeleteCert(context.Background(), &v0.DeleteCertRequest{
- SiteDetails: &v0.Site{
- SiteId: "5d65b268241972c9e2058a0f",
- CorpId: "000000000000000000000002",
- },
- FingerPrint: "SOME FINGERPRINT HERE",
- })
- if err != nil {
- logger.Logf("ERR=%#v", err)
- }
- logger.Logf("DELETE RESP: %#v", resp)
- }
- func uploadCert(client v0.ProvisioningClient, logger slog.Slogger) {
- // try uploading certs
- intermediateCertPEM := genTestPEMs(genTestCertWithPrivKey("foo.com"))
- privateKey := genTestPrivKey()
- certPem := genTestPEMs(genTestCert("foo.com", privateKey))
- var b bytes.Buffer
- test := bufio.NewWriter(&b)
- block := &pem.Block{
- Type: "PRIVATE KEY",
- Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
- }
- err := pem.Encode(test, block)
- if err != nil {
- logger.Logf("ERR=%#v", err)
- }
- resp1, err := client.UploadCert(context.Background(), &v0.UploadCertRequest{
- SiteDetails: &v0.Site{
- SiteId: "5d65b268241972c9e2058a0f",
- CorpId: "000000000000000000000002",
- CorpName: "foo.com",
- },
- Cert: &v0.UnsafeInternalOnlyCert{
- Hostname: "foo.com",
- CertPem: certPem,
- IntermediateCertsPem: intermediateCertPEM,
- PrivateKeyPem: b.Bytes(),
- },
- })
- if err != nil {
- logger.Logf("ERR=%v", err)
- }
- logger.Logf("RESP 1: %v", resp1)
- }
- func listCerts(client v0.ProvisioningClient, logger slog.Slogger) {
- // try listing certs
- resp2, err := client.ListCerts(context.Background(), &v0.ListCertsRequest{
- SiteDetails: &v0.Site{
- SiteId: "5d65b268241972c9e2058a0f",
- CorpId: "000000000000000000000002",
- },
- // Hostname: "bar.com",
- })
- if err != nil {
- logger.Logf("ERR=%#v", err)
- }
- logger.Logf("LIST RESP: %v", resp2)
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement