github.com/xmidt-org/webpa-common@v1.11.9/secure/tools/cmd/keyserver/main.go

github.com/xmidt-org/webpa-common@v1.11.9/secure/tools/cmd/keyserver/main.go (about)

     1  package main
     2  
     3  import (
     4  	"flag"
     5  	"fmt"
     6  	"github.com/gorilla/mux"
     7  	"github.com/gorilla/schema"
     8  	"log"
     9  	"net/http"
    10  	"os"
    11  )
    12  
    13  type RouteBuilder struct {
    14  	Issuer      string
    15  	InfoLogger  *log.Logger
    16  	ErrorLogger *log.Logger
    17  	KeyStore    *KeyStore
    18  }
    19  
    20  func (rb RouteBuilder) Build(router *mux.Router) {
    21  	keyHandler := KeyHandler{
    22  		BasicHandler{
    23  			keyStore:    rb.KeyStore,
    24  			infoLogger:  rb.InfoLogger,
    25  			errorLogger: rb.ErrorLogger,
    26  		},
    27  	}
    28  
    29  	keysRouter := router.Methods("GET").Subrouter()
    30  
    31  	keysRouter.HandleFunc("/keys", keyHandler.ListKeys)
    32  	rb.InfoLogger.Println("GET /keys returns a list of the identifiers of available keys")
    33  
    34  	keysRouter.HandleFunc(fmt.Sprintf("/keys/{%s}", KeyIDVariableName), keyHandler.GetKey)
    35  	rb.InfoLogger.Println("GET /keys/{kid} returns the public key associated with the given key identifier.  There is no way to look up the associated private key.")
    36  
    37  	issueHandler := IssueHandler{
    38  		BasicHandler: BasicHandler{
    39  			keyStore:    rb.KeyStore,
    40  			infoLogger:  rb.InfoLogger,
    41  			errorLogger: rb.ErrorLogger,
    42  		},
    43  		decoder: schema.NewDecoder(),
    44  		issuer:  rb.Issuer,
    45  	}
    46  
    47  	issueRouter := router.
    48  		Path("/jws").
    49  		Queries(KeyIDVariableName, "").
    50  		Subrouter()
    51  
    52  	issueRouter.Methods("GET").
    53  		HandlerFunc(issueHandler.SimpleIssue)
    54  	rb.InfoLogger.Println("GET /jws?kid={kid} generates a JWT signed with the associated private key.  Additional URL parameters are interpreted as reserved claims, e.g. exp")
    55  
    56  	issueRouter.Methods("PUT", "POST").
    57  		Headers("Content-Type", "application/json").
    58  		HandlerFunc(issueHandler.IssueUsingBody)
    59  	rb.InfoLogger.Println("PUT/POST /jws generates a JWT signed with the associated private key.  Additional URL parmaeters are interpreted as reserved claims, e.g. exp")
    60  }
    61  
    62  func main() {
    63  	infoLogger := log.New(os.Stdout, "[INFO]  ", log.LstdFlags|log.LUTC)
    64  	errorLogger := log.New(os.Stderr, "[ERROR] ", log.LstdFlags|log.LUTC)
    65  
    66  	var configurationFileName string
    67  	flag.StringVar(&configurationFileName, "f", "", "the required configuration file")
    68  	flag.Parse()
    69  
    70  	configuration, err := ParseConfiguration(configurationFileName)
    71  	if err != nil {
    72  		errorLogger.Fatalf("Unable to parse configuration file: %s\n", err)
    73  	}
    74  
    75  	keyStore, err := NewKeyStore(infoLogger, configuration)
    76  	if err != nil {
    77  		errorLogger.Fatalf("Unable to initialize key store: %s\n", err)
    78  	}
    79  
    80  	infoLogger.Printf("Initialized key store with %d keys: %s\n", keyStore.Len(), keyStore.KeyIDs())
    81  
    82  	issuer := configuration.Issuer
    83  	if len(issuer) == 0 {
    84  		issuer = DefaultIssuer
    85  	}
    86  
    87  	router := mux.NewRouter()
    88  	RouteBuilder{
    89  		Issuer:      issuer,
    90  		ErrorLogger: errorLogger,
    91  		InfoLogger:  infoLogger,
    92  		KeyStore:    keyStore,
    93  	}.Build(router)
    94  
    95  	bindAddress := configuration.BindAddress
    96  	if len(bindAddress) == 0 {
    97  		bindAddress = DefaultBindAddress
    98  	}
    99  
   100  	server := &http.Server{
   101  		Addr:     bindAddress,
   102  		Handler:  router,
   103  		ErrorLog: errorLogger,
   104  	}
   105  
   106  	infoLogger.Printf("Listening on %s\n", bindAddress)
   107  	log.Fatalln(server.ListenAndServe())
   108  }