Collect common values in config file

2015-06-03 17:41:27 +01:00 · 2015-06-03 17:41:27 +01:00 · 8ad4358d30
parent b20fc4b014
commit 8ad4358d30
10 changed files with 39 additions and 30 deletions
--- a/ca/certificate-authority.go
+++ b/ca/certificate-authority.go
@ -35,8 +35,6 @@ type Config struct {
 	DBDriver     string
 	DBName       string
 	SerialPrefix int
-	// Path to a PEM-encoded copy of the issuer certificate.
-	IssuerCert string
 	// This field is only allowed if TestMode is true, indicating that we are
 	// signing with a local key. In production we will use an HSM and this
 	// IssuerKey must be empty (and TestMode must be false). PEM-encoded private
@ -71,7 +69,7 @@ type CertificateAuthorityImpl struct {
 // using CFSSL's authenticated signature scheme.  A CA created in this way
 // issues for a single profile on the remote signer, which is indicated
 // by name in this constructor.
-func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config) (*CertificateAuthorityImpl, error) {
+func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config, IssuerCert string) (*CertificateAuthorityImpl, error) {
 	var ca *CertificateAuthorityImpl
 	var err error
 	logger := blog.GetAuditLogger()
@ -100,7 +98,7 @@ func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config
 		return nil, err
 	}

-	issuer, err := loadIssuer(config.IssuerCert)
+	issuer, err := loadIssuer(IssuerCert)
 	if err != nil {
 		return nil, err
 	}
--- a/ca/certificate-authority_test.go
+++ b/ca/certificate-authority_test.go
@ -383,7 +383,6 @@ func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthori
 		AuthKey:      authKey,
 		Profile:      profileName,
 		SerialPrefix: 17,
-		IssuerCert:   "../test/test-ca.pem",
 		IssuerKey:    "../test/test-ca.key",
 		TestMode:     true,
 		Expiry:       "8760h",
@ -395,13 +394,13 @@ func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthori
 func TestFailNoSerial(t *testing.T) {
 	cadb, _, caConfig := setup(t)
 	caConfig.SerialPrefix = 0
-	_, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	_, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertError(t, err, "CA should have failed with no SerialPrefix")
 }

 func TestRevoke(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -428,7 +427,7 @@ func TestRevoke(t *testing.T) {

 func TestIssueCertificate(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -503,7 +502,7 @@ func TestIssueCertificate(t *testing.T) {

 func TestRejectNoName(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -518,7 +517,7 @@ func TestRejectNoName(t *testing.T) {

 func TestRejectTooManyNames(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -531,7 +530,7 @@ func TestRejectTooManyNames(t *testing.T) {

 func TestDeduplication(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -559,7 +558,7 @@ func TestDeduplication(t *testing.T) {

 func TestRejectValidityTooLong(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority

@ -579,7 +578,7 @@ func TestRejectValidityTooLong(t *testing.T) {

 func TestShortKey(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	ca.SA = storageAuthority

 	csrDER, err := ioutil.ReadFile("shortkey-csr.der")
--- a/cmd/boulder-ca/main.go
+++ b/cmd/boulder-ca/main.go
@ -38,7 +38,7 @@ func main() {
 			cmd.FailOnError(err, "Failed to create CA tables")
 		}

-		cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
+		cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
 		cmd.FailOnError(err, "Failed to create CA impl")

 		go cmd.ProfileCmd("CA", stats)
--- a/cmd/boulder-ra/main.go
+++ b/cmd/boulder-ra/main.go
@ -32,7 +32,7 @@ func main() {
 		blog.SetAuditLogger(auditlogger)

 		rai := ra.NewRegistrationAuthorityImpl()
-		rai.AuthzBase = c.WFE.BaseURL + wfe.AuthzPath
+		rai.AuthzBase = c.Common.BaseURL + wfe.AuthzPath

 		go cmd.ProfileCmd("RA", stats)

--- a/cmd/boulder-wfe/main.go
+++ b/cmd/boulder-wfe/main.go
@ -85,8 +85,8 @@ func main() {
 		wfe.Stats = stats
 		wfe.SubscriberAgreementURL = c.SubscriberAgreementURL

-		wfe.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))

 		go cmd.ProfileCmd("WFE", stats)

@ -107,7 +107,7 @@ func main() {
 		}()

 		// Set up paths
-		wfe.BaseURL = c.WFE.BaseURL
+		wfe.BaseURL = c.Common.BaseURL
 		wfe.HandlePaths()

 		auditlogger.Info(app.VersionString())
--- a/cmd/boulder/main.go
+++ b/cmd/boulder/main.go
@ -84,7 +84,7 @@ func main() {
 		cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
 		cmd.FailOnError(err, "Failed to create CA database")

-		ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
+		ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
 		cmd.FailOnError(err, "Unable to create CA")

 		if c.SQL.CreateTables {
@ -101,8 +101,8 @@ func main() {
 		wfei.Stats = stats
 		wfei.SubscriberAgreementURL = c.SubscriberAgreementURL

-		wfei.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		wfei.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))

 		ra.CA = ca
 		ra.SA = sa
@ -111,8 +111,8 @@ func main() {
 		ca.SA = sa

 		// Set up paths
-		ra.AuthzBase = c.WFE.BaseURL + wfe.AuthzPath
-		wfei.BaseURL = c.WFE.BaseURL
+		ra.AuthzBase = c.Common.BaseURL + wfe.AuthzPath
+		wfei.BaseURL = c.Common.BaseURL
 		wfei.HandlePaths()

 		auditlogger.Info(app.VersionString())
--- a/cmd/ocsp-responder/main.go
+++ b/cmd/ocsp-responder/main.go
@ -121,10 +121,10 @@ func main() {
 		cmd.FailOnError(err, "Could not connect to database")

 		// Load the CA's key and hash it
-		caCertDER, err := cmd.LoadCert(c.CA.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		caCertDER, err := cmd.LoadCert(c.Common.IssuerCert)
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
 		caCert, err := x509.ParseCertificate(caCertDER)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't parse cert read from [%s]", c.CA.IssuerCert))
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't parse cert read from [%s]", c.Common.IssuerCert))
 		h := sha1.New()
 		h.Write(caCert.RawSubjectPublicKeyInfo)
 		caKeyHash := h.Sum(nil)
--- a/cmd/shell.go
+++ b/cmd/shell.go
@ -113,6 +113,12 @@ type Config struct {
 		ResponseLimit   int
 	}

+	Common struct {
+		BaseURL string
+		// Path to a PEM-encoded copy of the issuer certificate.
+		IssuerCert string
+	}
+
 	SubscriberAgreementURL string
 }

--- a/test/boulder-config.json
+++ b/test/boulder-config.json
@ -31,7 +31,6 @@
  },

  "wfe": {
-    "baseURL": "http://localhost:4000",
    "listenAddress": "0.0.0.0:4000"
  },

@ -43,7 +42,6 @@
    "dbDriver": "sqlite3",
    "dbName": ":memory:",
    "testMode": true,
-    "issuerCert": "test/test-ca.pem",
    "_comment": "This should only be present in testMode. In prod use an HSM.",
    "issuerKey": "test/test-ca.key",
    "expiry": "2160h",
@ -85,5 +83,10 @@
    "password": "password"
  },

+  "common": {
+    "baseURL": "http://localhost:4000",
+    "issuerCert": "test/test-ca.pem"
+  },
+
  "subscriberAgreementURL": "https://letsencrypt.org/be-good"
 }
--- a/test/boulder-test-config.json
+++ b/test/boulder-test-config.json
@ -31,7 +31,6 @@
  },

  "wfe": {
-    "baseURL": "http://localhost:4300",
    "listenAddress": "127.0.0.1:4300"
  },

@ -43,7 +42,6 @@
    "dbDriver": "sqlite3",
    "dbName": ":memory:",
    "testMode": true,
-    "issuerCert": "test/test-ca.pem",
    "_comment": "This should only be present in testMode. In prod use an HSM.",
    "issuerKey": "test/test-ca.key",
    "expiry": "2160h",
@ -67,5 +65,10 @@
    "password": "password"
  },

+  "common": {
+    "baseURL": "http://localhost:4300",
+    "issuerCert": "test/test-ca.pem"
+  },
+
  "subscriberAgreementURL": "http://localhost:4300/terms"
 }