letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make it easier to start a test config.

This commit is contained in:
Jacob Hoffman-Andrews 2015-04-09 18:26:40 -07:00
parent d3c47b7d62
commit e9302f2288
7 changed files with 167 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
log/audit-logger.go
View File

@ -46,18 +46,56 @@ func NewAuditLogger(log *syslog.Writer) (*AuditLogger, error) {
// Audit sends a NOTICE-severity message that is prefixed with the
// audit tag, for special handling at the upstream system logger.
func (log *AuditLogger) Audit(msg string) (err error) {
fmt.Println(msg)
err = log.Notice(fmt.Sprintf("%s %s", auditTag, msg))
return
}
// Audit can format an error for auditing; it does so at ERR level.
func (log *AuditLogger) AuditErr(msg error) (err error) {
fmt.Println(msg)
err = log.Err(fmt.Sprintf("%s %s", auditTag, msg))
return
}
// Warning formats an error for the Warn level.
func (log *AuditLogger) WarningErr(msg error) (err error) {
fmt.Println(msg)
err = log.Warning(fmt.Sprintf("%s", msg))
return
}
func (log *AuditLogger) Alert(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Alert(msg)
}
func (log *AuditLogger) Crit(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Crit(msg)
}
func (log *AuditLogger) Debug(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Debug(msg)
}
func (log *AuditLogger) Emerg(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Emerg(msg)
}
func (log *AuditLogger) Err(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Err(msg)
}
func (log *AuditLogger) Info(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Info(msg)
}
func (log *AuditLogger) Warning(msg string) (err error) {
fmt.Println(msg)
return log.Writer.Warning(msg)
}

0
test/example-config.json → test/boulder-config.json
View File

53
test/cfssl-config.json Normal file
View File

@ -0,0 +1,53 @@
{
"auth_keys": {
"ee": {
"type": "standard",
"key": "79999d86250c367a2b517a1ae7d409c1"
},
"ocsp": {
"type": "standard",
"key": "492bd5ad51b572429fb0a831473f4d09"
}
},
"signing": {
"profiles": {
"ee": {
"usages": [
"digital signature",
"key encipherment",
"server auth"
],
"backdate": "1h",
"is_ca": false,
"issuer_urls": [
"http://int-x1.letsencrypt.org/cert"
],
"ocsp_url": "http://int-x1.letsencrypt.org/ocsp",
"crl_url": "http://int-x1.letsencrypt.org/crl",
"policies": [
"1.3.6.1.4.1.44947.1.1.1",
"2.23.140.1.2.1"
],
"expiry": "8760h",
"auth_key": "ee"
},
"ocsp": {
"usages": [
"digital signature",
"ocsp signing"
],
"is_ca": false,
"expiry": "8760h",
"auth_key": "ocsp",
"ocsp_no_check": true
}
},
"default": {
"usages": [
"digital signature"
],
"expiry": "8760h",
"auth_key": "ee"
}
}
}

48
test/js/README.md
View File

@ -2,32 +2,40 @@
The node.js scripts in this directory provide a simple end-to-end test of Boulder. (Using some pieces from [node-acme](https://github.com/letsencrypt/node-acme/)) To run:
```
# Install dependencies
> npm install
npm install
# Make a test key and cert.
openssl req -newkey rsa:2048 -x509 -days 3650 \
-subj /CN='happy hacker fake CA' -nodes -out ca.pem -keyout ca.key
# Start cfssl with signing parameters
# (These are the default parameters to use a Yubikey.)
# For use without a Yubikey:
cfssl serve -port 9000 -ca=ca.pem -ca-key=ca.key
# With a Yubikey:
# (You'll need to make your own key, cert, and policy.)
> go install -tags pkcs11 github.com/cloudflare/cfssl/cmd/cfssl
> cfssl serve -port 9000 -ca ca.cert.pem \
-pkcs11-module "/Library/OpenSC/lib/opensc-pkcs11.so" \
-pkcs11-token "Yubico Yubik NEO CCID" \
-pkcs11-pin 123456 \
-pkcs11-label "PIV AUTH key" \
-config policy.json
go install -tags pkcs11 github.com/cloudflare/cfssl/cmd/cfssl
cfssl serve -port 9000 -ca ca.cert.pem \
-pkcs11-module "/Library/OpenSC/lib/opensc-pkcs11.so" \
-pkcs11-token "Yubico Yubik NEO CCID" \
-pkcs11-pin 123456 \
-pkcs11-label "PIV AUTH key" \
-config policy.json
# Start boulder
# (Change CFSSL parameters to match your setup.)
> go install github.com/letsencrypt/boulder
> boulder-start --cfssl localhost:9000 \
--cfsslProfile ee \
--cfsslAuthKey 79999d86250c367a2b517a1ae7d409c1 \
monolithic
go install github.com/letsencrypt/boulder/cmd/boulder
boulder --config test/example-config.json
# Client side
> mkdir -p .well-known/acme-challenge/
> node demo.js
> mv -- *.txt .well-known/acme-challenge/ # In a different window
> python -m SimpleHTTPServer 5001 # In yet another window
```
mkdir -p .well-known/acme-challenge/
node test.js
mv -- *.txt .well-known/acme-challenge/ # In a different window
python -m SimpleHTTPServer 5001 # In yet another window

2
test/js/test.js
View File

@ -369,7 +369,7 @@ function ensureValidation(resp) {
console.log();
getCertificate();
} else if (authz.status == "invalid") {
console.log("The CA was unable to validate the file you provisioned.");
console.log("The CA was unable to validate the file you provisioned:" + authz);
return;
} else {
console.log("The CA returned an authorization in an unexpected state");

28
test/test-ca.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3
F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9
r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS
zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5
8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP
kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w
5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud
WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr
LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699
BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp
ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp
IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY
8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx
9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm
gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr
Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5
aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF
uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP
UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV
/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB
rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw
Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB
7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy
fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p
SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc
tsDWUHoXPZj/YciXZLq3fPuXyw==
-----END PRIVATE KEY-----

19
test/test-ca.pem Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDETCCAfmgAwIBAgIJAJzxkS6o1QkIMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
BAMMFGhhcHB5IGhhY2tlciBmYWtlIENBMB4XDTE1MDQwNzIzNTAzOFoXDTI1MDQw
NDIzNTAzOFowHzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCkd5mgXFErJ3F2M0E9dw+Ta/md5i
8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9r9tSQcL8VM6WUOM8
tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHSzUYtNKNeFI6Glamj
7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p58QkP4LHLShVLXDa8
BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aPkE/cefmP+1xOfUuD
HOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w5qxSPTarAgMBAAGj
UDBOMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAfBgNVHSMEGDAWgBT7
eE8S+WAVgyyfF380GbMuNupBiTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQAd9Da+Zv+TjMv7NTAmliqnWHY6d3UxEZN3hFEJ58IQVHbBZVZdW7zhRktB
vR05Kweac0HJeK91TKmzvXl21IXLvh0gcNLU/uweD3no/snfdB4OoFompljThmgl
zBqiqWoKBJQrLCA8w5UB+ReomRYd/EYXF/6TAfzm6hr//Xt5mPiUHPdvYt75lMAo
vRxLSbF8TSQ6b7BYxISWjPgFASNNqJNHEItWsmQMtAjjwzb9cs01XH9pChVAWn9L
oeMKa+SlHSYrWG93+EcrIH/dGU76uNOiaDzBSKvaehG53h25MHuO1anNICJvZovW
rFo4Uv1EnkKJm3vJFe50eJGhEKlx
-----END CERTIFICATE-----