Untitled

package main

import (
	"bufio"
	"bytes"
	"context"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"log"
	"math/big"
	"os"
	"time"

	v0 "github.com/signalsciences/sigsci/cloudwaf/proto/provisioning/v0"
	"github.com/signalsciences/sigsci/lib/service/cloudwafprovisioning"
	"github.com/signalsciences/sigsci/lib/slog"
)

func main() {
	logger := slog.NewRootLogger("cloudwaf_provisioning", "main", os.Stderr)
	cwpsSRVName := "127.0.0.1:50053"

	conn, err := cloudwafprovisioning.InsecureInitialize(cwpsSRVName)
	if err != nil {
		log.Printf("CWPS.Initialize error=%v", err)
	}
	if err != nil {
		logger.Error(err).Log("Could not initialize app")
		os.Exit(1)
	}
	defer conn.Close()

	client, err := cloudwafprovisioning.ProvideClient(conn, "us-west-2")
	if err != nil {
		logger.Error(err).Log("Could not provide client")
		os.Exit(1)
	}
	uploadCert(client, logger)
	listCerts(client, logger)
	//deleteCert(client, logger)
	//listCerts(client, logger)

}

func genTestPEMs(cert *x509.Certificate) []byte {
	return pem.EncodeToMemory(&pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert.Raw,
	})
}

func genTestCertWithPrivKey(host string) *x509.Certificate {
	return genTestCert(host, genTestPrivKey())
}

func genTestPrivKey() *rsa.PrivateKey {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		panic(err)
	}
	return key
}

func genTestCert(host string, key *rsa.PrivateKey) *x509.Certificate {
	template := &x509.Certificate{
		Subject: pkix.Name{
			Organization: []string{"Acme Co"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().Add(1 * time.Minute),
		SerialNumber:          big.NewInt(46546),
		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		BasicConstraintsValid: true,
		IsCA:                  true,
		DNSNames:              []string{host},
	}

	cert, err := x509.CreateCertificate(
		rand.Reader,
		template,
		template,
		&key.PublicKey,
		key,
	)
	if err != nil {
		panic(err)
	}

	c, err := x509.ParseCertificate(cert)
	if err != nil {
		panic(err)
	}

	return c
}

func deleteCert(client v0.ProvisioningClient, logger slog.Slogger) {
	// try deleting certs
	resp, err := client.DeleteCert(context.Background(), &v0.DeleteCertRequest{
		SiteDetails: &v0.Site{
			SiteId: "5d65b268241972c9e2058a0f",
			CorpId: "000000000000000000000002",
		},
		FingerPrint: "SOME FINGERPRINT HERE",
	})
	if err != nil {
		logger.Logf("ERR=%#v", err)
	}
	logger.Logf("DELETE RESP: %#v", resp)
}

func uploadCert(client v0.ProvisioningClient, logger slog.Slogger) {
	// try uploading certs
	intermediateCertPEM := genTestPEMs(genTestCertWithPrivKey("foo.com"))
	privateKey := genTestPrivKey()
	certPem := genTestPEMs(genTestCert("foo.com", privateKey))
	var b bytes.Buffer
	test := bufio.NewWriter(&b)
	block := &pem.Block{
		Type:  "PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
	}
	err := pem.Encode(test, block)
	if err != nil {
		logger.Logf("ERR=%#v", err)
	}

	resp1, err := client.UploadCert(context.Background(), &v0.UploadCertRequest{
		SiteDetails: &v0.Site{
			SiteId:   "5d65b268241972c9e2058a0f",
			CorpId:   "000000000000000000000002",
			CorpName: "foo.com",
		},
		Cert: &v0.UnsafeInternalOnlyCert{
			Hostname:             "foo.com",
			CertPem:              certPem,
			IntermediateCertsPem: intermediateCertPEM,
			PrivateKeyPem:        b.Bytes(),
		},
	})
	if err != nil {
		logger.Logf("ERR=%v", err)
	}
	logger.Logf("RESP 1: %v", resp1)
}

func listCerts(client v0.ProvisioningClient, logger slog.Slogger) {
	// try listing certs
	resp2, err := client.ListCerts(context.Background(), &v0.ListCertsRequest{
		SiteDetails: &v0.Site{
			SiteId: "5d65b268241972c9e2058a0f",
			CorpId: "000000000000000000000002",
		},
		// Hostname: "bar.com",
	})
	if err != nil {
		logger.Logf("ERR=%#v", err)
	}
	logger.Logf("LIST RESP: %v", resp2)
}