本文整理汇总了Golang中github.com/jlmucb/cloudproxy/go/tao.Parent函数的典型用法代码示例。如果您正苦于以下问题:Golang Parent函数的具体用法?Golang Parent怎么用?Golang Parent使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Parent函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: main
func main() {
options.Parse()
if *options.String["config"] != "" && !*options.Bool["init"] {
err := options.Load(*options.String["config"])
options.FailIf(err, "Can't load configuration")
}
fmt.Println("Cloudproxy HTTPS Server")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: no host Tao available")
}
self, err := tao.Parent().GetTaoName()
options.FailIf(err, "Can't get Tao name")
// TODO(kwalsh) extend tao name with operating mode and policy
addr := net.JoinHostPort(*options.String["host"], *options.String["port"])
cpath := *options.String["config"]
kdir := *options.String["keys"]
if kdir == "" && cpath != "" {
kdir = path.Dir(cpath)
} else if kdir == "" {
options.Fail(nil, "Option -keys or -config is required")
}
docs := *options.String["docs"]
if docs == "" && cpath != "" {
docs = path.Join(path.Dir(cpath), "docs")
} else if docs == "" {
options.Fail(nil, "Option -keys or -config is required")
}
var keys *tao.Keys
if *options.Bool["init"] {
keys = taoca.GenerateKeys(name, addr, kdir)
} else {
keys = taoca.LoadKeys(kdir)
}
fmt.Printf("Configuration file: %s\n", cpath)
if *options.Bool["init"] && cpath != "" {
err := options.Save(cpath, "HTTPS server configuration", "persistent")
options.FailIf(err, "Can't save configuration")
}
http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool})
http.Handle("/prin/", https.ManifestHandler{"/prin/", self.String()})
http.Handle("/", http.FileServer(https.LoggingFilesystem{http.Dir(docs)}))
fmt.Printf("Listening at %s using HTTPS\n", addr)
err = tao.ListenAndServeTLS(addr, keys)
options.FailIf(err, "can't listen and serve")
fmt.Println("Server Done")
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:57,代码来源:https_server.go
示例2: InitializeSealedSymmetricKeys
func InitializeSealedSymmetricKeys(filePath string, t tao.Tao, keysize int) (
[]byte, error) {
// Make up symmetric key and save sealed version.
log.Printf("InitializeSealedSymmetricKeys\n")
unsealed, err := tao.Parent().GetRandomBytes(keysize)
if err != nil {
return nil, errors.New("Can't get random bytes")
}
sealed, err := tao.Parent().Seal(unsealed, tao.SealPolicyDefault)
if err != nil {
return nil, errors.New("Can't seal random bytes")
}
ioutil.WriteFile(path.Join(filePath, "sealedsymmetricKey"), sealed, os.ModePerm)
return unsealed, nil
}
开发者ID:tmroeder,项目名称:cloudproxy,代码行数:16,代码来源:taosupport.go
示例3: doClient
func doClient(domain *tao.Domain) {
network := "tcp"
keys, err := tao.NewTemporaryTaoDelegatedKeys(tao.Signing, nil, tao.Parent())
options.FailIf(err, "client: couldn't generate temporary Tao keys")
g := domain.Guard
if *ca != "" {
na, err := tao.RequestTruncatedAttestation(network, *ca, keys, domain.Keys.VerifyingKey)
options.FailIf(err, "client: couldn't get a truncated attestation from %s: %s\n", *ca)
keys.Delegation = na
// If we're using a CA, then use a custom guard that accepts only
// programs that have talked to the CA.
g, err = newTempCAGuard(domain.Keys.VerifyingKey)
options.FailIf(err, "client: couldn't set up a new guard")
}
pingGood := 0
pingFail := 0
for i := 0; i < *pingCount || *pingCount < 0; i++ { // negative means forever
if doRequest(g, domain, keys) {
pingGood++
} else {
pingFail++
}
fmt.Printf("client: made %d connections, finished %d ok, %d bad pings\n", i+1, pingGood, pingFail)
}
}
开发者ID:kevinawalsh,项目名称:cloudproxy,代码行数:29,代码来源:demo_client.go
示例4: SigningKeyFromBlob
// Obtain a signing private key (usually a Program Key) from a sealed blob.
func SigningKeyFromBlob(t tao.Tao, sealedKeyBlob []byte, programCert []byte) (*tao.Keys, error) {
// Recover public key from blob
k := &tao.Keys{}
cert, err := x509.ParseCertificate(programCert)
if err != nil {
return nil, err
}
/*
k.Delegation = new(tao.Attestation)
err = proto.Unmarshal(delegateBlob, k.Delegation)
if err != nil {
return nil, err
}
*/
signingKeyBlob, policy, err := tao.Parent().Unseal(sealedKeyBlob)
if err != nil {
return nil, err
}
if policy != tao.SealPolicyDefault {
return nil, err
}
k.SigningKey, err = tao.UnmarshalSignerDER(signingKeyBlob)
k.Cert = cert
k.Cert.Raw = programCert
return k, err
}
开发者ID:tmroeder,项目名称:cloudproxy,代码行数:32,代码来源:taosupport.go
示例5: main
func main() {
flag.Parse()
timeout, err := time.ParseDuration(*timeoutDuration)
if err != nil {
glog.Fatalf("router: failed to parse timeout duration: %s", err)
}
hp, err := mixnet.NewRouterContext(*configPath, *routerNetwork, *routerAddr, *batchSize,
timeout, &x509Identity, tao.Parent())
if err != nil {
glog.Fatalf("failed to configure router: %s", err)
}
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGKILL)
go func() {
sig := <-sigs
hp.Close()
glog.Infof("router: closing on signal: %s", sig)
signo := int(sig.(syscall.Signal))
os.Exit(0x80 + signo)
}()
if err := serveMixnetProxies(hp); err != nil {
glog.Errorf("router: error while serving: %s", err)
}
glog.Flush()
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:29,代码来源:mixnet_router.go
示例6: main
func main() {
flag.Parse()
// Check to see if we are running in Docker mode with linked containers.
// If so, then there will be an environment variable SERVER_PORT that
// will contain a value of the form tcp://<ip>:<port>
serverEnvVar := os.Getenv("SERVER_PORT")
if serverEnvVar == "" {
serverAddr = net.JoinHostPort(*serverHost, *serverPort)
} else {
serverAddr = strings.TrimPrefix(serverEnvVar, "tcp://")
if serverAddr == serverEnvVar {
options.Usage("client: invalid SERVER_PORT environment variable value '%s'\n", serverEnvVar)
}
}
switch *demoAuth {
case "tcp", "tls", "tao":
default:
options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
}
fmt.Println("Go Tao Demo Client")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: No host Tao available")
}
domain, err := tao.LoadDomain(configPath(), nil)
options.FailIf(err, "error: couldn't load the tao domain from %s\n", configPath())
doClient(domain)
fmt.Println("Client Done")
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:34,代码来源:demo_client.go
示例7: Connect
// Connect opens a connection to the server, if not already connected. If keys
// are provided, they will be used to connect. Otherwise, if running under a
// Tao, new Tao-delegated keys will be created to authenticate to the rendezvous
// server.
func (s *Server) Connect(keys *tao.Keys) error {
if s.conn != nil {
return nil
}
var err error
if keys == nil && tao.Parent() != nil {
keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing, nil, tao.Parent())
if err != nil {
return err
}
}
addr := net.JoinHostPort(s.Host, s.Port)
conn, err := tao.Dial("tcp", addr, nil /* guard */, nil /* verifier */, keys, nil)
if err != nil {
return err
}
s.conn = conn
return nil
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:23,代码来源:rendezvous.go
示例8: LoadKeys
// LoadKeys loads and https key and cert from a directory. This is meant to be
// called from user-facing apps.
func LoadKeys(kdir string) *tao.Keys {
// TODO(kwalsh) merge x509 load/save code into keys.go
keys, err := tao.LoadOnDiskTaoSealedKeys(tao.Signing, tao.Parent(), kdir, tao.SealPolicyDefault)
options.FailIf(err, "can't load tao-sealed HTTPS/TLS keys")
chain := keys.CertChain("default")
verbose.Printf("Using existing certfificate chain of length %d:\n", len(chain))
for i, cert := range chain {
verbose.Printf(" Cert[%d] Subject: %s\n", i, x509txt.RDNString(cert.Subject))
}
return keys
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:15,代码来源:ca.go
示例9: main
func main() {
options.Parse()
if *options.String["config"] != "" && !*options.Bool["init"] {
err := options.Load(*options.String["config"])
options.FailIf(err, "Can't load configuration")
}
fmt.Println("Cloudproxy HTTPS Netlog Viewer")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: no host Tao available")
}
// TODO(kwalsh) extend tao name with operating mode and policy
addr := net.JoinHostPort(*options.String["host"], *options.String["port"])
cpath := *options.String["config"]
kdir := *options.String["keys"]
if kdir == "" && cpath != "" {
kdir = path.Dir(cpath)
} else if kdir == "" {
options.Fail(nil, "Option -keys or -config is required")
}
var keys *tao.Keys
if *options.Bool["init"] {
keys = taoca.GenerateKeys(name, addr, kdir)
} else {
keys = taoca.LoadKeys(kdir)
}
fmt.Printf("Configuration file: %s\n", cpath)
if *options.Bool["init"] && cpath != "" {
err := options.Save(cpath, "Cloudproxy HTTPS netlog viewer configuration", "persistent")
options.FailIf(err, "Can't save configuration")
}
http.Handle("/cert/", https.CertificateHandler{keys.CertificatePool})
http.Handle("/index.html", http.RedirectHandler("/", 301))
http.HandleFunc("/", netlog_show)
fmt.Printf("Listening at %s using HTTPS\n", addr)
err := tao.ListenAndServeTLS(addr, keys)
options.FailIf(err, "can't listen and serve")
fmt.Println("Server Done")
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:48,代码来源:netlog_https.go
示例10: main
func main() {
options.Parse()
fmt.Println("Cloudproxy Networked Logging Service")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: No host Tao available")
}
addr := *options.String["addr"]
// TODO(kwalsh) perhaps extend our tao name with current config options
err := tao.NewOpenServer(tao.ConnHandlerFunc(doResponse)).ListenAndServe(addr)
options.FailIf(err, "netlog: server died")
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:16,代码来源:netlog_server.go
示例11: Connect
// Connect establishes a connection to a netlog server, if necessary. This will
// be called automatically by Log() and Entries().
func (srv *Server) Connect() error {
if srv.Conn != nil {
return nil
}
keys, err := tao.NewTemporaryTaoDelegatedKeys(tao.Signing, nil, tao.Parent())
if err != nil {
return err
}
conn, err := tao.Dial("tcp", srv.Addr, srv.Guard, srv.DomainKey, keys, nil)
if err != nil {
return err
}
srv.Conn = conn
return nil
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:20,代码来源:netlog.go
示例12: main
func main() {
verbose.Set(true)
options.Parse()
if *options.String["config"] != "" && !*options.Bool["init"] {
err := options.Load(*options.String["config"])
options.FailIf(err, "Can't load configuration")
}
if *options.Bool["init"] {
cpath := *options.String["config"]
if cpath == "" {
options.Fail(nil, "Option -init requires option -config")
}
fmt.Println("Initializing configuration file: " + cpath)
err := options.Save(cpath, "Tao rendezvous configuration", "persistent")
options.FailIf(err, "Can't save configuration")
}
fmt.Println("Cloudproxy Rendezvous Service")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: no host Tao available")
}
allowAnon = *options.Bool["anon"]
manualMode = *options.Bool["manual"]
fcfsMode = *options.Bool["fcfs"]
addr := *options.String["addr"]
netlog.Log("rendezvous: init")
netlog.Log("rendezvous: allow anon? %v", allowAnon)
netlog.Log("rendezvous: manual? %v", manualMode)
netlog.Log("rendezvous: fcfs? %v", fcfsMode)
netlog.Log("rendezvous: addr = %v", addr)
// TODO(kwalsh) extend tao name with operating mode and policy
err := tao.NewOpenServer(tao.ConnHandlerFunc(doResponses)).ListenAndServe(addr)
options.FailIf(err, "server died")
netlog.Log("rendezvous: done")
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:43,代码来源:rendezvous_server.go
示例13: main
func main() {
flag.Parse()
serverAddr = net.JoinHostPort(*serverHost, *serverPort)
switch *demoAuth {
case "tcp", "tls", "tao":
default:
options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
return
}
fmt.Println("Go Tao Demo Server")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: No host Tao available")
}
doServer()
fmt.Println("Server Done")
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:19,代码来源:demo_server.go
示例14: GenerateKeys
// GenerateKeys initializes a new tls key, confirms certificate details with the
// user, obtains a signed certificate from the default ca, and stores the
// resulting keys and certificates in kdir. This is meant to be called from
// user-facing apps.
func GenerateKeys(name *pkix.Name, addr, kdir string) *tao.Keys {
host, _, err := net.SplitHostPort(addr)
options.FailIf(err, "bad address: %s", addr)
name.CommonName = host
if ConfirmNames {
fmt.Printf(""+
"Initializing fresh HTTP/TLS server key. Provide the following information,\n"+
"to be include in a CA-signed x509 certificate. Leave the response blank to\n"+
"accept the default value.\n\n"+
"The key and certificates will be stored in:\n %s\n\n", kdir)
name = ConfirmName(name)
}
keys, err := tao.InitOnDiskTaoSealedKeys(tao.Signing, name, tao.Parent(), kdir, tao.SealPolicyDefault)
options.FailIf(err, "can't create tao-sealed HTTPS/TLS keys")
csr := NewCertificateSigningRequest(keys.VerifyingKey, name)
SubmitAndInstall(keys, csr)
return keys
}
开发者ID:kevinawalsh,项目名称:taoca,代码行数:26,代码来源:ca.go
示例15: doClient
func doClient(domain *tao.Domain) {
network := "tcp"
keys, err := tao.NewTemporaryTaoDelegatedKeys(tao.Signing, tao.Parent())
options.FailIf(err, "client: couldn't generate temporary Tao keys")
// TODO(tmroeder): fix the name
cert, err := keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
options.FailIf(err, "client: couldn't create a self-signed X.509 cert")
// TODO(kwalsh) keys should save cert on disk if keys are on disk
keys.Cert = cert
g := domain.Guard
if *ca != "" {
na, err := tao.RequestTruncatedAttestation(network, *ca, keys, domain.Keys.VerifyingKey)
options.FailIf(err, "client: couldn't get a truncated attestation from %s: %s\n", *ca)
keys.Delegation = na
// If we're using a CA, then use a custom guard that accepts only
// programs that have talked to the CA.
g, err = newTempCAGuard(domain.Keys.VerifyingKey)
options.FailIf(err, "client: couldn't set up a new guard")
}
pingGood := 0
pingFail := 0
for i := 0; i < *pingCount || *pingCount < 0; i++ { // negative means forever
if doRequest(g, domain, keys) {
pingGood++
} else {
pingFail++
}
fmt.Printf("client: made %d connections, finished %d ok, %d bad pings\n", i+1, pingGood, pingFail)
}
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:37,代码来源:demo_client.go
示例16: main
func main() {
verbose.Set(true)
options.Parse()
profiling.ProfilePath = *options.String["profile"]
if !verbose.Enabled {
taoca.ConfirmNames = false
}
if *options.String["config"] != "" && !*options.Bool["init"] {
err := options.Load(*options.String["config"])
options.FailIf(err, "Can't load configuration")
}
fmt.Println("https/tls Certificate Authority")
manualMode = *options.Bool["manual"]
learnMode = *options.Bool["learn"]
if !manualMode && tao.Parent() == nil {
options.Fail(nil, "can't continue: automatic mode, but no host Tao available")
}
if *options.Bool["root"] == (*options.String["subsidiary"] != "") {
options.Usage("must supply exactly one of -root or -subsidiary options")
}
host := *options.String["host"]
port := *options.String["port"]
addr := net.JoinHostPort(host, port)
// TODO(kwalsh) extend tao name with operating mode and policy
cpath := *options.String["config"]
kdir := *options.String["keys"]
if kdir == "" && cpath != "" {
kdir = path.Dir(cpath)
} else if kdir == "" {
options.Fail(nil, "Option -keys or -config is required")
}
ppath := path.Join(kdir, "policy")
var err error
if *options.Bool["init"] {
if cpath != "" {
err := options.Save(cpath, "HTTPS/TLS certificate authority configuration", "persistent")
options.FailIf(err, "Can't save configuration")
}
fmt.Println("" +
"Initializing fresh HTTP/TLS CA signing key. Provide the following information,\n" +
"to be include in the CA's own x509 certificate. Leave the response blank to\n" +
"accept the default value.\n" +
"\n" +
"Configuration file: " + cpath + "\n" +
"Keys directory: " + kdir + "\n")
var caName *pkix.Name
if taoca.ConfirmNames {
if *options.Bool["root"] {
caName = taoca.ConfirmName(caRootName)
} else {
caName = taoca.ConfirmName(caSubsidiaryName)
}
} else {
if *options.Bool["root"] {
caName = caRootName
} else {
caName = caSubsidiaryName
}
}
if manualMode {
pwd := options.Password("Choose an HTTPS/TLS CA signing key password", "pass")
caKeys, err = tao.InitOnDiskPBEKeys(tao.Signing, pwd, kdir, caName)
tao.ZeroBytes(pwd)
} else {
caKeys, err = tao.InitOnDiskTaoSealedKeys(tao.Signing, caName, tao.Parent(), kdir, tao.SealPolicyDefault)
}
options.FailIf(err, "Can't initialize fresh HTTPS/TLS CA signing key")
if *options.Bool["root"] {
fmt.Printf(""+
"Note: To install this CA's key in the Chrome browser, go to\n"+
" 'Settings', 'Show advanced settings...', 'Manage Certificates...', 'Authorities'\n"+
" then import the following file:\n"+
" %s\n"+
" Select 'Trust this certificate for identifying websites' and/or other\n"+
" options, then click 'OK'\n", caKeys.X509Path("default"))
} else {
csr := taoca.NewCertificateSigningRequest(caKeys.VerifyingKey, caName)
*csr.IsCa = true
srv := *options.String["subsidiary"]
taoca.DefaultServerName = srv
taoca.SubmitAndInstall(caKeys, csr)
}
if !manualMode {
f, err := os.Open(ppath)
if err == nil {
//.........这里部分代码省略.........
开发者ID:kevinawalsh,项目名称:taoca,代码行数:101,代码来源:server.go
示例17: main
func main() {
caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
serverHost := flag.String("host", "localhost", "address for client/server")
serverPort := flag.String("port", "8129", "port for client/server")
rollbackServerPath := flag.String("rollbackserver_files", "rollbackserver_files", "rollbackserver directory")
country := flag.String("country", "US", "The country for the fileclient certificate")
org := flag.String("organization", "Google", "The organization for the fileclient certificate")
flag.Parse()
serverAddr := net.JoinHostPort(*serverHost, *serverPort)
hostDomain, err := tao.LoadDomain(*hostcfg, nil)
if err != nil {
log.Fatalln("rollbackserver: can't load domain:", err)
}
var policyCert []byte
if hostDomain.Keys.Cert != nil {
policyCert = hostDomain.Keys.Cert.Raw
}
if policyCert == nil {
log.Fatalln("rollbackserver: can't retrieve policy cert")
}
parentTao := tao.Parent()
if err := hostDomain.ExtendTaoName(parentTao); err != nil {
log.Fatalln("fileserver: can't extend the Tao with the policy key")
}
e := auth.PrinExt{Name: "rollbackserver_version_1"}
if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
log.Fatalln("rollbackserver: can't extend name")
}
taoName, err := parentTao.GetTaoName()
if err != nil {
return
}
// Create or read the keys for rollbackserver.
rbKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, parentTao, *rollbackServerPath, tao.SealPolicyDefault)
if err != nil {
log.Fatalln("rollbackserver: couldn't set up the Tao-sealed keys:", err)
}
// Set up a temporary cert for communication with keyNegoServer.
rbKeys.Cert, err = rbKeys.SigningKey.CreateSelfSignedX509(tao.NewX509Name(&tao.X509Details{
Country: proto.String(*country),
Organization: proto.String(*org),
CommonName: proto.String(taoName.String()),
}))
if err != nil {
log.Fatalln("rollbackserver: couldn't create a self-signed cert for rollbackserver keys:", err)
}
// Contact keyNegoServer for the certificate.
if err := fileproxy.EstablishCert("tcp", *caAddr, rbKeys, hostDomain.Keys.VerifyingKey); err != nil {
log.Fatalf("rollbackserver: couldn't establish a cert signed by the policy key: %s", err)
}
// The symmetric keys aren't used by the rollback server.
progPolicy := fileproxy.NewProgramPolicy(policyCert, taoName.String(), rbKeys, nil, rbKeys.Cert.Raw)
m := fileproxy.NewRollbackMaster(taoName.String())
if err := serve(serverAddr, taoName.String(), policyCert, rbKeys, progPolicy, m); err != nil {
log.Fatalf("rollbackserver: server error: %s\n", err)
}
log.Println("rollbackserver: done")
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:68,代码来源:rollbackserver.go
示例18: main
func main() {
caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
serverHost := flag.String("host", "localhost", "address for client/server")
serverPort := flag.String("port", "8123", "port for client/server")
fileServerPath := flag.String("fileserver_files", "fileserver_files/", "fileserver directory")
fileServerFilePath := flag.String("stored_files", "fileserver_files/stored_files/", "fileserver directory")
country := flag.String("country", "US", "The country for the fileclient certificate")
org := flag.String("organization", "Google", "The organization for the fileclient certificate")
flag.Parse()
serverAddr := net.JoinHostPort(*serverHost, *serverPort)
hostDomain, err := tao.LoadDomain(*hostcfg, nil)
if err != nil {
log.Fatalln("fileserver: can't LoadDomain")
}
var policyCert []byte
if hostDomain.Keys.Cert != nil {
policyCert = hostDomain.Keys.Cert.Raw
}
if policyCert == nil {
log.Fatalln("fileserver: can't retrieve policy cert")
}
parentTao := tao.Parent()
if err := hostDomain.ExtendTaoName(parentTao); err != nil {
log.Fatalln("fileserver: can't extend the Tao with the policy key")
}
e := auth.PrinExt{Name: "fileserver_version_1"}
if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
log.Fatalln("fileserver: couldn't extend the Tao name")
}
taoName, err := parentTao.GetTaoName()
if err != nil {
log.Fatalln("fileserver: couldn't get tao name")
}
// Create or read the keys for fileclient.
fsKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, parentTao, *fileServerPath, tao.SealPolicyDefault)
if err != nil {
log.Fatalln("fileserver: couldn't set up the Tao-sealed keys:", err)
}
// Set up a temporary cert for communication with keyNegoServer.
fsKeys.Cert, err = fsKeys.SigningKey.CreateSelfSignedX509(tao.NewX509Name(&tao.X509Details{
Country: proto.String(*country),
Organization: proto.String(*org),
CommonName: proto.String(taoName.String()),
}))
if err != nil {
log.Fatalln("fileserver: couldn't create a self-signed cert for fileclient keys:", err)
}
// Contact keyNegoServer for the certificate.
if err := fileproxy.EstablishCert("tcp", *caAddr, fsKeys, hostDomain.Keys.VerifyingKey); err != nil {
log.Fatalf("fileserver: couldn't establish a cert signed by the policy key: %s", err)
}
symKeysPath := path.Join(*fileServerPath, "sealedEncKeys")
symKeys, err := fsKeys.NewSecret(symKeysPath, fileproxy.SymmetricKeySize)
if err != nil {
log.Fatalln("fileserver: couldn't get the file encryption keys")
}
tao.ZeroBytes(symKeys)
progPolicy := fileproxy.NewProgramPolicy(policyCert, taoName.String(), fsKeys, symKeys, fsKeys.Cert.Raw)
// Set up the file storage path if it doesn't exist.
if _, err := os.Stat(*fileServerFilePath); err != nil {
if err := os.MkdirAll(*fileServerFilePath, 0700); err != nil {
log.Fatalln("fileserver: couldn't create a file storage directory:", err)
}
}
if err := serve(serverAddr, *fileServerFilePath, policyCert, fsKeys, progPolicy); err != nil {
log.Fatalln("fileserver: couldn't serve connections:", err)
}
log.Printf("fileserver: done\n")
}
开发者ID:William-J-Earl,项目名称:cloudproxy,代码行数:83,代码来源:fileserver.go
示例19: main
func main() {
caAddr := flag.String("caAddr", "localhost:8124", "The address of the CA for setting up a certificate signed by the policy key")
hostcfg := flag.String("hostconfig", "tao.config", "path to host tao configuration")
serverHost := flag.String("host", "localhost", "address for client/server")
serverPort := flag.String("port", "8123", "port for client/server")
rollbackServerHost := flag.String("rollbackhost", "localhost", "address for rollback client/server")
rollbackServerPort := flag.String("rollbackport", "8129", "port for client/server")
fileClientPassword := flag.String("password", "BogusPass", "A password for unlocking the user certificates")
fileClientPath := flag.String("fileclient_files", "fileclient_files", "fileclient directory")
fileClientFilePath := flag.String("stored_files", "fileclient_files/stored_files", "fileclient file directory")
testFile := flag.String("test_file", "originalTestFile", "test file")
fileClientKeyPath := flag.String("usercreds", "usercreds", "user keys and certs")
country := flag.String("country", "US", "The country for the fileclient certificate")
org := flag.String("organization", "Google", "The organization for the fileclient certificate")
flag.Parse()
serverAddr := net.JoinHostPort(*serverHost, *serverPort)
hostDomain, err := tao.LoadDomain(*hostcfg, nil)
if err != nil {
log.Fatalln("fileclient: Can't load domain")
}
var derPolicyCert []byte
if hostDomain.Keys.Cert["default"] != nil {
derPolicyCert = hostDomain.Keys.Cert["default"].Raw
}
if derPolicyCert == nil {
log.Fatalln("fileclient: Can't retrieve policy cert")
}
parentTao := tao.Parent()
if err := hostDomain.ExtendTaoName(parentTao); err != nil {
log.Fatalln("fileclient: can't extend the Tao with the policy key")
}
e := auth.PrinExt{Name: "fileclient_version_1"}
if err = parentTao.ExtendTaoName(auth.SubPrin{e}); err != nil {
log.Fatalln("fileclient: couldn't extend the tao name with the policy key")
}
taoName, err := parentTao.GetTaoName()
if err != nil {
log.Fatalln("fileclient: Can't get tao name")
}
// Create or read the keys for fileclient.
// Set up a temporary cert for communication with keyNegoServer.
// TODO(kwalsh) This may no longer be needed. Is there a significance to
// this cert?
name := tao.NewX509Name(&tao.X509Details{
Country: proto.String(*country),
Organization: proto.String(*org),
CommonName: proto.String(taoName.String()),
})
fcKeys, err := tao.NewOnDiskTaoSealedKeys(tao.Signing|tao.Crypting, name, parentTao, *fileClientPath, tao.SealPolicyDefault)
if err != nil {
log.Fatalln("fileclient: couldn't set up the Tao-sealed keys:", err)
}
if err != nil {
log.Fatalln("fileclient: couldn't create a self-signed cert for fileclient keys:", err)
}
// Contact keyNegoServer for the certificate.
if err := fileproxy.EstablishCert("tcp", *caAddr, fcKeys, hostDomain.Keys.VerifyingKey); err != nil {
log.Fatalf("fileclient: couldn't establish a cert signed by the policy key: %s", err)
}
// Get the policy cert and set up TLS.
conf, err := fcKeys.TLSClientConfig(hostDomain.Keys.Cert["default"])
if err != nil {
log.Fatalln("fileclient, encode error: ", err)
}
conn, err := tls.Dial("tcp", serverAddr, conf)
if err != nil {
log.Fatalln("fileclient: can't establish channel: ", err)
}
ms := util.NewMessageStream(conn)
// Before doing any tests, create a simple file to send to the server.
testContents := `
This is a simple file to test
It has some new lines
And it doesn't have very much content.
`
if _, err := os.Stat(*fileClientFilePath); err != nil {
if err := os.MkdirAll(*fileClientFilePath, 0700); err != nil {
log.Fatalf("fileclient: couldn't create the file storage path %s: %s", *fileClientFilePath, err)
}
}
sentFileName := *testFile
sentFilePath := path.Join(*fileClientFilePath, sentFileName)
if err := ioutil.WriteFile(sentFilePath, []byte(testContents), 0600); err != nil {
log.Fatalf("fileclient: couldn't create a test file at %s: %s", sentFilePath, err)
}
// Authenticate user principal(s).
if _, err := os.Stat(*fileClientKeyPath); err != nil {
log.Fatalf("fileclient: couldn't get user credentials from %s: %s\n", *fileClientKeyPath, err)
//.........这里部分代码省略.........
开发者ID:kevinawalsh,项目名称:cloudproxy,代码行数:101,代码来源:fileclient.go
示例20: TaoParadigm
// Load domain info for the domain and establish Clouproxy keys and properties.
// This handles reading in existing (sealed) Cloudproxy keys and properties, or,
// if this is the first call (or a call after state has been erased), this also
// handles initialization of keys and certificates including interaction with the
// domain signing service and storage of new sealed keys and certificates.
// If TaoParadigm completes without error, programObject contains all the
// Cloudproxy information needed throughout the calling program execution
// ensures that this information is sealed and stored for subsequent invocations.
func TaoParadigm(cfg *string, filePath *string,
programObject *TaoProgramData) error {
// Load domain info for this domain.
simpleDomain, err := tao.LoadDomain(*cfg, nil)
if err != nil {
return errors.New("TaoParadigm: Can't load domain")
}
// Get policy cert.
if simpleDomain.Keys.Cert == nil {
return errors.New("TaoParadigm: Can't retrieve policy cert")
}
derPolicyCert := simpleDomain.Keys.Cert.Raw
if derPolicyCert == nil {
return errors.New("TaoParadigm: Can't retrieve der encoded policy cert")
}
// Extend tao name with policy key
simpleDomain.ExtendTaoName(tao.Parent())
// Retrieve extended name.
taoName, err := tao.Parent().GetTaoName()
if err != nil {
return errors.New("TaoParadigm: Can't extend Tao Principal name")
}
log.Printf("TaoParadigm: my name is %s\n", taoName)
// Get my keys and certificates.
sealedSymmetricKey, sealedProgramKey, programCert, certChain, err :=
LoadProgramKeys(*filePath)
if err != nil {
return errors.New("TaoParadigm: Can't retrieve existing key material")
}
// Unseal my symmetric keys, or initialize them.
var symKeys []byte
var policy string
if sealedSymmetricKey != nil {
symKeys, policy, err = tao.Parent().Unseal(sealedSymmetricKey)
if err != nil || policy != tao.SealPolicyDefault {
return errors.New("TaoParadigm: can't unseal symmetric keys")
}
} else {
symKeys, err = InitializeSealedSymmetricKeys(*filePath, tao.Parent(),
SizeofSymmetricKeys)
if err != nil {
return errors.New("TaoParadigm: InitializeSealedSymmetricKeys error")
}
}
log.Printf("Unsealed symmetric keys\n")
// Get my Program private key if present or initialize it.
var programKey *tao.Keys
if sealedProgramKey != nil {
programKey, err = SigningKeyFromBlob(tao.Parent(), sealedProgramKey, programCert)
if err != nil {
return errors.New("TaoParadigm: SigningKeyFromBlob error")
}
} else {
// Get Program key.
programKey, programCert, certChain, err = InitializeSealedProgramKey(
*filePath, tao.Parent(), *simpleDomain)
if err != nil || programKey == nil {
return errors.New("TaoParadigm: InitializeSealedSigningKey error")
}
}
log.Printf("TaoParadigm: Retrieved Signing key\n")
// Initialize Program policy object.
ok := programObject.FillTaoProgramData(derPolicyCert, taoName.String(),
*programKey, symKeys, programCert, certChain, filePath)
if !ok {
return errors.New("TaoParadigm: Can't initialize TaoProgramData")
}
return nil
}
开发者ID:tmroeder,项目名称:cloudproxy,代码行数:85,代码来源:taosupport.go
注:本文中的github.com/jlmucb/cloudproxy/go/tao.Parent函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论