Collect common values in config file

ca/certificate-authority.go

@@ -35,8 +35,6 @@ type Config struct {
 	DBDriver     string
 	DBName       string
 	SerialPrefix int
-	// Path to a PEM-encoded copy of the issuer certificate.
-	IssuerCert string
 	// This field is only allowed if TestMode is true, indicating that we are
 	// signing with a local key. In production we will use an HSM and this
 	// IssuerKey must be empty (and TestMode must be false). PEM-encoded private
@@ -71,7 +69,7 @@ type CertificateAuthorityImpl struct {
 // using CFSSL's authenticated signature scheme.  A CA created in this way
 // issues for a single profile on the remote signer, which is indicated
 // by name in this constructor.
-func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config) (*CertificateAuthorityImpl, error) {
+func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config, IssuerCert string) (*CertificateAuthorityImpl, error) {
 	var ca *CertificateAuthorityImpl
 	var err error
 	logger := blog.GetAuditLogger()
@@ -100,7 +98,7 @@ func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config
 		return nil, err
 	}
 
-	issuer, err := loadIssuer(config.IssuerCert)
+	issuer, err := loadIssuer(IssuerCert)
 	if err != nil {
 		return nil, err
 	}

ca/certificate-authority_test.go

@@ -383,7 +383,6 @@ func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthori
 		AuthKey:      authKey,
 		Profile:      profileName,
 		SerialPrefix: 17,
-		IssuerCert:   "../test/test-ca.pem",
 		IssuerKey:    "../test/test-ca.key",
 		TestMode:     true,
 		Expiry:       "8760h",
@@ -395,13 +394,13 @@ func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthori
 func TestFailNoSerial(t *testing.T) {
 	cadb, _, caConfig := setup(t)
 	caConfig.SerialPrefix = 0
-	_, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	_, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertError(t, err, "CA should have failed with no SerialPrefix")
 }
 
 func TestRevoke(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -428,7 +427,7 @@ func TestRevoke(t *testing.T) {
 
 func TestIssueCertificate(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -503,7 +502,7 @@ func TestIssueCertificate(t *testing.T) {
 
 func TestRejectNoName(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -518,7 +517,7 @@ func TestRejectNoName(t *testing.T) {
 
 func TestRejectTooManyNames(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -531,7 +530,7 @@ func TestRejectTooManyNames(t *testing.T) {
 
 func TestDeduplication(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -559,7 +558,7 @@ func TestDeduplication(t *testing.T) {
 
 func TestRejectValidityTooLong(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -579,7 +578,7 @@ func TestRejectValidityTooLong(t *testing.T) {
 
 func TestShortKey(t *testing.T) {
 	cadb, storageAuthority, caConfig := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig)
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile)
 	ca.SA = storageAuthority
 
 	csrDER, err := ioutil.ReadFile("shortkey-csr.der")

cmd/boulder-ca/main.go

@@ -38,7 +38,7 @@ func main() {
 			cmd.FailOnError(err, "Failed to create CA tables")
 		}
 
-		cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
+		cai, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
 		cmd.FailOnError(err, "Failed to create CA impl")
 
 		go cmd.ProfileCmd("CA", stats)

cmd/boulder-ra/main.go

@@ -32,7 +32,7 @@ func main() {
 		blog.SetAuditLogger(auditlogger)
 
 		rai := ra.NewRegistrationAuthorityImpl()
-		rai.AuthzBase = c.WFE.BaseURL + wfe.AuthzPath
+		rai.AuthzBase = c.Common.BaseURL + wfe.AuthzPath
 
 		go cmd.ProfileCmd("RA", stats)
 

cmd/boulder-wfe/main.go

@@ -85,8 +85,8 @@ func main() {
 		wfe.Stats = stats
 		wfe.SubscriberAgreementURL = c.SubscriberAgreementURL
 
-		wfe.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert)
+		wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
 
 		go cmd.ProfileCmd("WFE", stats)
 
@@ -107,7 +107,7 @@ func main() {
 		}()
 
 		// Set up paths
-		wfe.BaseURL = c.WFE.BaseURL
+		wfe.BaseURL = c.Common.BaseURL
 		wfe.HandlePaths()
 
 		auditlogger.Info(app.VersionString())

cmd/boulder/main.go

@@ -84,7 +84,7 @@ func main() {
 		cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBName)
 		cmd.FailOnError(err, "Failed to create CA database")
 
-		ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA)
+		ca, err := ca.NewCertificateAuthorityImpl(cadb, c.CA, c.Common.IssuerCert)
 		cmd.FailOnError(err, "Unable to create CA")
 
 		if c.SQL.CreateTables {
@@ -101,8 +101,8 @@ func main() {
 		wfei.Stats = stats
 		wfei.SubscriberAgreementURL = c.SubscriberAgreementURL
 
-		wfei.IssuerCert, err = cmd.LoadCert(c.CA.IssuerCert)
+		wfei.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
 
 		ra.CA = ca
 		ra.SA = sa
@@ -111,8 +111,8 @@ func main() {
 		ca.SA = sa
 
 		// Set up paths
-		ra.AuthzBase = c.WFE.BaseURL + wfe.AuthzPath
+		ra.AuthzBase = c.Common.BaseURL + wfe.AuthzPath
-		wfei.BaseURL = c.WFE.BaseURL
+		wfei.BaseURL = c.Common.BaseURL
 		wfei.HandlePaths()
 
 		auditlogger.Info(app.VersionString())

cmd/ocsp-responder/main.go

@@ -121,10 +121,10 @@ func main() {
 		cmd.FailOnError(err, "Could not connect to database")
 
 		// Load the CA's key and hash it
-		caCertDER, err := cmd.LoadCert(c.CA.IssuerCert)
+		caCertDER, err := cmd.LoadCert(c.Common.IssuerCert)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.CA.IssuerCert))
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
 		caCert, err := x509.ParseCertificate(caCertDER)
-		cmd.FailOnError(err, fmt.Sprintf("Couldn't parse cert read from [%s]", c.CA.IssuerCert))
+		cmd.FailOnError(err, fmt.Sprintf("Couldn't parse cert read from [%s]", c.Common.IssuerCert))
 		h := sha1.New()
 		h.Write(caCert.RawSubjectPublicKeyInfo)
 		caKeyHash := h.Sum(nil)

cmd/shell.go

@@ -113,6 +113,12 @@ type Config struct {
 		ResponseLimit   int
 	}
 
+	Common struct {
+		BaseURL string
+		// Path to a PEM-encoded copy of the issuer certificate.
+		IssuerCert string
+	}
+
 	SubscriberAgreementURL string
 }
 

test/boulder-config.json

@@ -31,7 +31,6 @@
   },
 
   "wfe": {
-    "baseURL": "http://localhost:4000",
     "listenAddress": "0.0.0.0:4000"
   },
 
@@ -43,7 +42,6 @@
     "dbDriver": "sqlite3",
     "dbName": ":memory:",
     "testMode": true,
-    "issuerCert": "test/test-ca.pem",
     "_comment": "This should only be present in testMode. In prod use an HSM.",
     "issuerKey": "test/test-ca.key",
     "expiry": "2160h",
@@ -85,5 +83,10 @@
     "password": "password"
   },
 
+  "common": {
+    "baseURL": "http://localhost:4000",
+    "issuerCert": "test/test-ca.pem"
+  },
+
   "subscriberAgreementURL": "https://letsencrypt.org/be-good"
 }

test/boulder-test-config.json

@@ -31,7 +31,6 @@
   },
 
   "wfe": {
-    "baseURL": "http://localhost:4300",
     "listenAddress": "127.0.0.1:4300"
   },
 
@@ -43,7 +42,6 @@
     "dbDriver": "sqlite3",
     "dbName": ":memory:",
     "testMode": true,
-    "issuerCert": "test/test-ca.pem",
     "_comment": "This should only be present in testMode. In prod use an HSM.",
     "issuerKey": "test/test-ca.key",
     "expiry": "2160h",
@@ -67,5 +65,10 @@
     "password": "password"
   },
 
+  "common": {
+    "baseURL": "http://localhost:4300",
+    "issuerCert": "test/test-ca.pem"
+  },
+
   "subscriberAgreementURL": "http://localhost:4300/terms"
 }