github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/simple_http_server/server.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/simple_http_server/server.go (about)

     1  // Copyright (c) 2016, Google, Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //     http://www.apache.org/licenses/LICENSE-2.0
     7  // Unless required by applicable law or agreed to in writing, software
     8  // distributed under the License is distributed on an "AS IS" BASIS,
     9  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    10  // See the License for the specific language governing permissions and
    11  // limitations under the License.
    12  
    13  // This is a simple example of a server that uses Tao.
    14  
    15  package main
    16  
    17  import (
    18  	"encoding/hex"
    19  	"flag"
    20  	"fmt"
    21  	"io"
    22  	"io/ioutil"
    23  	"log"
    24  	"net"
    25  	"net/http"
    26  	"os"
    27  	"os/signal"
    28  	"path"
    29  	"syscall"
    30  
    31  	"github.com/jlmucb/cloudproxy/go/tao"
    32  )
    33  
    34  var (
    35  	cfg        = flag.String("domain_config", "./tao.config", "path to simple tao configuration")
    36  	serverPath = flag.String("path", "./simple_http_server", "path to Server files")
    37  	secretName = flag.String("secret", "secret", "file name of the secret")
    38  	serverHost = flag.String("host", "localhost", "address for client/server")
    39  	serverPort = flag.String("port", "8123", "port for client/server")
    40  )
    41  
    42  // Basic Tao Server. For this example, we assume all connections are *not*
    43  // Tao connections (i.e., not TLS), so we don't have any certs or secret key
    44  // To adapt this code to use TLS with certs and keys, look at how taosupport.go
    45  // and simpleserver.go in simpleexample does this.
    46  type TaoServer struct {
    47  	// Program name.
    48  	TaoName string
    49  
    50  	// A secret value stored in the server.
    51  	Secret []byte
    52  
    53  	// Path for program to read and write files.
    54  	ProgramFilePath *string
    55  
    56  	// HTTP listener
    57  	listener net.Listener
    58  }
    59  
    60  func NewTaoServer() *TaoServer {
    61  	// Load domain info for this domain.
    62  	domain, err := tao.LoadDomain(*cfg, nil)
    63  	if err != nil {
    64  		log.Fatal("Could not load domain:", err)
    65  	}
    66  
    67  	// Extend tao name with policy key
    68  	err = domain.ExtendTaoName(tao.Parent())
    69  	if err != nil {
    70  		log.Fatal("Could not extend name:", err)
    71  	}
    72  
    73  	// Retrieve extended name.
    74  	taoName, err := tao.Parent().GetTaoName()
    75  	if err != nil {
    76  		log.Fatal("Could not get extended name:", err)
    77  	}
    78  
    79  	var secret []byte
    80  	if _, err = os.Stat(path.Join(*serverPath, *secretName)); os.IsNotExist(err) {
    81  		fmt.Println("Generating new secret..")
    82  		// Secret has not been created yet. Create one
    83  		secret, err = tao.Parent().GetRandomBytes(64)
    84  		if err != nil {
    85  			log.Fatal("Could not generate secret:", err)
    86  		}
    87  		sealed, err := tao.Parent().Seal(secret, tao.SealPolicyDefault)
    88  		if err != nil {
    89  			log.Fatal("Could not seal secret:", err)
    90  		}
    91  		err = ioutil.WriteFile(path.Join(*serverPath, *secretName), sealed, os.ModePerm)
    92  		if err != nil {
    93  			log.Fatal("Could not write out sealed secret:", err)
    94  		}
    95  	} else {
    96  		fmt.Println("Reading old secret..")
    97  		sealed, err := ioutil.ReadFile(path.Join(*serverPath, *secretName))
    98  		if err != nil {
    99  			log.Fatal("Could not read sealed secret:", err)
   100  		}
   101  		secret, _, err = tao.Parent().Unseal(sealed)
   102  	}
   103  
   104  	t := &TaoServer{
   105  		TaoName:         taoName.String(),
   106  		Secret:          secret,
   107  		ProgramFilePath: serverPath,
   108  	}
   109  	return t
   110  }
   111  
   112  // Testing server, in case you want to test just http without any Tao.
   113  func NewNonTaoServer() *TaoServer {
   114  	t := &TaoServer{
   115  		TaoName:         "NonTao",
   116  		Secret:          []byte("TaoSecret"),
   117  		ProgramFilePath: serverPath,
   118  	}
   119  	return t
   120  }
   121  
   122  func (s *TaoServer) secretPage(w http.ResponseWriter, r *http.Request) {
   123  	io.WriteString(w, "My secret:"+hex.EncodeToString(s.Secret))
   124  	//io.WriteString(w, string(s.Secret))
   125  }
   126  
   127  func main() {
   128  	flag.Parse()
   129  
   130  	//server := NewNonTaoServer()
   131  	server := NewTaoServer()
   132  
   133  	mux := http.NewServeMux()
   134  	mux.HandleFunc("/", server.secretPage)
   135  
   136  	// To use this example as TLS server, use tao.ListenAnonymous
   137  	var err error
   138  	server.listener, err = net.Listen("tcp", ":"+*serverPort)
   139  	if err != nil {
   140  		log.Fatal(err)
   141  	}
   142  
   143  	httpServer := http.Server{
   144  		Addr:    ":" + *serverPort,
   145  		Handler: mux,
   146  	}
   147  
   148  	kill := make(chan os.Signal, 1)
   149  	signal.Notify(kill, syscall.SIGINT, syscall.SIGTERM)
   150  	fmt.Println("Starting simple http server..")
   151  	go httpServer.Serve(server.listener)
   152  	<-kill
   153  	fmt.Println("Shutting down http server..")
   154  }