Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(610)

Side by Side Diff: environs/bootstrap.go

Issue 6847091: environs: move Bootstrap from juju
Patch Set: environs: move Bootstrap from juju Created 5 years, 1 month ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « cmd/juju/bootstrap.go ('k') | environs/bootstrap_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 package juju 1 package environs
2 2
3 import ( 3 import (
4 "bytes" 4 "bytes"
5 "crypto/rand" 5 "crypto/rand"
6 "crypto/rsa" 6 "crypto/rsa"
7 "crypto/sha1" 7 "crypto/sha1"
8 "crypto/tls" 8 "crypto/tls"
9 "crypto/x509" 9 "crypto/x509"
10 "crypto/x509/pkix" 10 "crypto/x509/pkix"
11 "encoding/pem" 11 "encoding/pem"
12 "fmt" 12 "fmt"
13 "io/ioutil" 13 "io/ioutil"
14 "launchpad.net/juju-core/environs"
15 "launchpad.net/juju-core/log" 14 "launchpad.net/juju-core/log"
16 "math/big" 15 "math/big"
17 "os" 16 "os"
18 "path/filepath" 17 "path/filepath"
19 "time" 18 "time"
20 ) 19 )
21 20
22 // Bootstrap bootstraps the given environment. The CA certificate and 21 // Bootstrap bootstraps the given environment. The CA certificate and
23 // private key in PEM format can be given in caPEM; if this is nil, 22 // private key in PEM format can be given in caPEM; if this is nil,
24 // they are read from $HOME/.juju/<environ-name>.pem, or generated and 23 // they are read from $HOME/.juju/<environ-name>.pem, or generated and
25 // written there if the file does not exist. If uploadTools is true, 24 // written there if the file does not exist. If uploadTools is true,
26 // the current version of the juju tools will be uploaded, as documented 25 // the current version of the juju tools will be uploaded, as documented
27 // in environs.Environ.Bootstrap. 26 // in Environ.Bootstrap.
28 func Bootstrap(environ environs.Environ, uploadTools bool, caPEM []byte) error { 27 func Bootstrap(environ Environ, uploadTools bool, caPEM []byte) error {
29 if caPEM == nil { 28 if caPEM == nil {
30 var err error 29 var err error
31 caPEM, err = generateCACert(environ.Name()) 30 caPEM, err = generateCACert(environ.Name())
32 if err != nil { 31 if err != nil {
33 return fmt.Errorf("cannot generate CA certificate: %v", err) 32 return fmt.Errorf("cannot generate CA certificate: %v", err)
34 } 33 }
35 } 34 }
36 caCert, caKey, err := parseCAPEM(caPEM, true) 35 caCert, caKey, err := parseCAPEM(caPEM, true)
37 if err != nil { 36 if err != nil {
38 return fmt.Errorf("bad CA PEM: %v", err) 37 return fmt.Errorf("bad CA PEM: %v", err)
(...skipping 28 matching lines...) Expand all
67 // TODO quote the environment name when we start using 66 // TODO quote the environment name when we start using
68 // Go version 1.1. See Go issue 3791. 67 // Go version 1.1. See Go issue 3791.
69 CommonName: fmt.Sprintf("juju-generated CA for environ ment %s", envName), 68 CommonName: fmt.Sprintf("juju-generated CA for environ ment %s", envName),
70 Organization: []string{"juju"}, 69 Organization: []string{"juju"},
71 }, 70 },
72 NotBefore: now.UTC().Add(-5 * time.Minute), 71 NotBefore: now.UTC().Add(-5 * time.Minute),
73 NotAfter: now.UTC().AddDate(10, 0, 0), // 10 years hence. 72 NotAfter: now.UTC().AddDate(10, 0, 0), // 10 years hence.
74 SubjectKeyId: bigIntHash(priv.N), 73 SubjectKeyId: bigIntHash(priv.N),
75 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUs ageDigitalSignature | x509.KeyUsageCertSign, 74 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUs ageDigitalSignature | x509.KeyUsageCertSign,
76 BasicConstraintsValid: true, 75 BasicConstraintsValid: true,
77 » » IsCA: true, 76 » » IsCA: true,
78 » » MaxPathLen: 0, // Disallow delegation for now. 77 » » MaxPathLen: 0, // Disallow delegation for now.
gz 2012/11/23 17:25:35 go fmt is weird.
79 } 78 }
80 certDER, err := x509.CreateCertificate(rand.Reader, template, template, &priv.PublicKey, priv) 79 certDER, err := x509.CreateCertificate(rand.Reader, template, template, &priv.PublicKey, priv)
81 if err != nil { 80 if err != nil {
82 return nil, fmt.Errorf("canot create certificate: %v", err) 81 return nil, fmt.Errorf("canot create certificate: %v", err)
83 } 82 }
84 var b bytes.Buffer 83 var b bytes.Buffer
85 pem.Encode(&b, &pem.Block{ 84 pem.Encode(&b, &pem.Block{
86 Type: "CERTIFICATE", 85 Type: "CERTIFICATE",
87 Bytes: certDER, 86 Bytes: certDER,
88 }) 87 })
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
184 tlsCert, err := tls.X509KeyPair(pem.EncodeToMemory(certBlock), pem.Encod eToMemory(keyBlock)) 183 tlsCert, err := tls.X509KeyPair(pem.EncodeToMemory(certBlock), pem.Encod eToMemory(keyBlock))
185 if err != nil { 184 if err != nil {
186 return nil, nil, err 185 return nil, nil, err
187 } 186 }
188 priv, ok := tlsCert.PrivateKey.(*rsa.PrivateKey) 187 priv, ok := tlsCert.PrivateKey.(*rsa.PrivateKey)
189 if !ok { 188 if !ok {
190 return nil, nil, fmt.Errorf("CA private key has unexpected type %T", tlsCert.PrivateKey) 189 return nil, nil, fmt.Errorf("CA private key has unexpected type %T", tlsCert.PrivateKey)
191 } 190 }
192 return cert, priv, nil 191 return cert, priv, nil
193 } 192 }
OLDNEW
« no previous file with comments | « cmd/juju/bootstrap.go ('k') | environs/bootstrap_test.go » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 204d58d