本文整理汇总了Golang中github.com/jlmucb/cloudproxy/go/tao.LoadDomain函数的典型用法代码示例。如果您正苦于以下问题:Golang LoadDomain函数的具体用法?Golang LoadDomain怎么用?Golang LoadDomain使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了LoadDomain函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: NewRouterContext
// NewRouterContext generates new keys, loads a local domain configuration from
// path and binds an anonymous listener socket to addr on network
// network. A delegation is requested from the Tao t which is nominally
// the parent of this hosted program.
func NewRouterContext(path, network, addr string, batchSize int, timeout time.Duration,
t tao.Tao) (hp *RouterContext, err error) {
hp = new(RouterContext)
hp.network = network
hp.timeout = timeout
// Generate keys and get attestation from parent.
if hp.keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing|tao.Crypting, nil, t); err != nil {
return nil, err
}
// Load domain from local configuration.
if hp.domain, err = tao.LoadDomain(path, nil); err != nil {
return nil, err
}
// Bind address to socket.
if hp.proxyListener, err = tao.Listen(network, addr, hp.keys, nil, nil, nil); err != nil {
return nil, err
}
// Instantiate the queues.
hp.sendQueue = NewQueue(network, batchSize, timeout)
hp.replyQueue = NewQueue(network, batchSize, timeout)
hp.killQueue = make(chan bool)
hp.killQueueErrorHandler = make(chan bool)
go hp.sendQueue.DoQueue(hp.killQueue)
go hp.replyQueue.DoQueue(hp.killQueue)
go hp.sendQueue.DoQueueErrorHandler(hp.replyQueue, hp.killQueueErrorHandler)
go hp.replyQueue.DoQueueErrorHandlerLog("reply queue", hp.killQueueErrorHandler)
return hp, nil
}示例2: main
func main() {
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if err != nil {
glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
return
}
sock, err := net.Listen(*network, *addr)
if err != nil {
glog.Exit("Couldn't bind socket to address:", err)
return
}
fmt.Println("tcca: accepting connections")
for {
conn, err := sock.Accept()
if err != nil {
glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
return
}
go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
}
}示例3: main
func main() {
flag.Parse()
// Check to see if we are running in Docker mode with linked containers.
// If so, then there will be an environment variable SERVER_PORT that
// will contain a value of the form tcp://<ip>:<port>
serverEnvVar := os.Getenv("SERVER_PORT")
if serverEnvVar == "" {
serverAddr = net.JoinHostPort(*serverHost, *serverPort)
} else {
serverAddr = strings.TrimPrefix(serverEnvVar, "tcp://")
if serverAddr == serverEnvVar {
options.Usage("client: invalid SERVER_PORT environment variable value '%s'\n", serverEnvVar)
}
}
switch *demoAuth {
case "tcp", "tls", "tao":
default:
options.Usage("unrecognized authentication mode: %s\n", *demoAuth)
}
fmt.Println("Go Tao Demo Client")
if tao.Parent() == nil {
options.Fail(nil, "can't continue: No host Tao available")
}
domain, err := tao.LoadDomain(configPath(), nil)
options.FailIf(err, "error: couldn't load the tao domain from %s\n", configPath())
doClient(domain)
fmt.Println("Client Done")
}示例4: main
func main() {
network := flag.String("network", "tcp", "The network to use for connections")
addr := flag.String("addr", "localhost:8124", "The address to listen on")
domainPass := flag.String("password", "nopassword", "The domain password for the policy key")
configPath := flag.String("config", "tao.config", "The Tao domain config")
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if err != nil {
log.Fatalf("keynegoserver: Couldn't load the config path %s: %s\n", *configPath, err)
}
// Set up temporary keys for the connection, since the only thing that
// matters to the remote client is that they receive a correctly-signed new
// attestation from the policy key.
// JLM: I left this in place but I'm not sure what a TLS connection with a
// self signed Cert buys in terms of security. The security of this protocol should
// not depend on the confidentiality or intergity of the channel. All that said,
// if we do ever distribute a signed keynegoserver cert for this TLS channel, it would
// be good.
keys, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
log.Fatalln("keynegoserver: Couldn't set up temporary keys for the connection:", err)
}
keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
if err != nil {
log.Fatalln("keynegoserver: Couldn't set up a self-signed cert:", err)
}
SerialNumber = int64(time.Now().UnixNano()) / (1000000)
policyKey, err := tao.NewOnDiskPBEKeys(tao.Signing, []byte(*domainPass), "policy_keys", nil)
if err != nil {
log.Fatalln("keynegoserver: Couldn't get policy key:", err)
}
tlsc, err := tao.EncodeTLSCert(keys)
if err != nil {
log.Fatalln("keynegoserver: Couldn't encode a TLS cert:", err)
}
conf := &tls.Config{
RootCAs: x509.NewCertPool(),
Certificates: []tls.Certificate{*tlsc},
InsecureSkipVerify: true,
ClientAuth: tls.RequireAnyClientCert,
}
sock, err := tls.Listen(*network, *addr, conf)
if err != nil {
log.Printf("keynegoserver: error: %s", err)
}
defer sock.Close()
for {
conn, err := sock.Accept()
if err != nil {
log.Fatalln("keynegoserver: couldn't accept a connection:", err)
}
go handleRequest(conn, policyKey, domain.Guard)
}
}示例5: NewRouterContext
// NewRouterContext generates new keys, loads a local domain configuration from
// path and binds an anonymous listener socket to addr on network
// network. A delegation is requested from the Tao t which is nominally
// the parent of this hosted program.
func NewRouterContext(path, network, addr string, batchSize int, timeout time.Duration,
x509Identity *pkix.Name, t tao.Tao) (hp *RouterContext, err error) {
hp = new(RouterContext)
hp.network = network
hp.timeout = timeout
// Generate keys and get attestation from parent.
if hp.keys, err = tao.NewTemporaryTaoDelegatedKeys(tao.Signing|tao.Crypting, t); err != nil {
return nil, err
}
// Create a certificate.
if hp.keys.Cert, err = hp.keys.SigningKey.CreateSelfSignedX509(x509Identity); err != nil {
return nil, err
}
// Load domain from local configuration.
if hp.domain, err = tao.LoadDomain(path, nil); err != nil {
return nil, err
}
// Encode TLS certificate.
cert, err := tao.EncodeTLSCert(hp.keys)
if err != nil {
return nil, err
}
tlsConfig := &tls.Config{
RootCAs: x509.NewCertPool(),
Certificates: []tls.Certificate{*cert},
InsecureSkipVerify: true,
ClientAuth: tls.NoClientCert,
}
// Bind address to socket.
if hp.proxyListener, err = tao.ListenAnonymous(network, addr, tlsConfig,
hp.domain.Guard, hp.domain.Keys.VerifyingKey, hp.keys.Delegation); err != nil {
return nil, err
}
// Instantiate the queues.
hp.sendQueue = NewQueue(network, batchSize, timeout)
hp.replyQueue = NewQueue(network, batchSize, timeout)
hp.killQueue = make(chan bool)
hp.killQueueErrorHandler = make(chan bool)
go hp.sendQueue.DoQueue(hp.killQueue)
go hp.replyQueue.DoQueue(hp.killQueue)
go hp.sendQueue.DoQueueErrorHandler(hp.replyQueue, hp.killQueueErrorHandler)
go hp.replyQueue.DoQueueErrorHandlerLog("reply queue", hp.killQueueErrorHandler)
return hp, nil
}示例6: queryGuard
func queryGuard(query string) {
domain, err := tao.LoadDomain(configPath(), nil)
options.FailIf(err, "Can't load domain")
ok, err := domain.Guard.Query(query)
options.FailIf(err, "Can't process query")
if ok {
fmt.Println("The policy implies the statement.")
} else {
fmt.Println("The policy does not imply the statement")
}
}示例7: getTPMConfig
func getTPMConfig() (string, string, []int) {
domain, err := tao.LoadDomain(configPath(), nil)
options.FailIf(err, "Can't load domain")
tpmPath := domain.Config.GetTpmInfo().GetTpmPath()
aikFile := domain.Config.GetTpmInfo().GetAikPath()
pcrVals := domain.Config.GetTpmInfo().GetPcrs()
var pcrNums []int
for _, s := range strings.Split(pcrVals, ",") {
v, err := strconv.ParseInt(s, 10, 32)
options.FailIf(err, "Can't parse TPM PCR spec")
pcrNums = append(pcrNums, int(v))
}
return tpmPath, aikFile, pcrNums
}示例8: loadDomain
func loadDomain() (*tao.Domain, *x509.CertPool, error) {
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if domain == nil {
log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
*configPath, *domainPass, err)
return nil, nil, err
} else if err != nil {
log.Printf("domainserver: Couldn't load the config path %s: %s\n",
*configPath, err)
return nil, nil, err
}
log.Printf("domainserver: Loaded domain\n")
certPool := x509.NewCertPool()
certPool.AddCert(domain.Keys.Cert)
return domain, certPool, nil
}示例9: NewProxyContext
// NewProxyContext loads a domain from a local configuration.
func NewProxyContext(path, network, addr string, timeout time.Duration) (p *ProxyContext, err error) {
p = new(ProxyContext)
p.network = network
p.timeout = timeout
// Load domain from a local configuration.
if p.domain, err = tao.LoadDomain(path, nil); err != nil {
return nil, err
}
// Initialize a SOCKS server.
if p.listener, err = SocksListen(network, addr); err != nil {
return nil, err
}
return p, nil
}示例10: getTPM2Config
func getTPM2Config() (string, []int) {
domain, err := tao.LoadDomain(configPath(), nil)
options.FailIf(err, "Can't load domain")
// TODO(tmroeder): This ignores the info path, since it ignores the cert
// files.
tpmPath := domain.Config.GetTpm2Info().GetTpm2Device()
pcrVals := domain.Config.GetTpm2Info().GetTpm2Pcrs()
// TODO(tmroeder): This currently ignores the paths to the ek_cert and
// quote_cert, since it creates its own keys.
var pcrNums []int
for _, s := range strings.Split(pcrVals, ",") {
v, err := strconv.ParseInt(s, 10, 32)
options.FailIf(err, "Can't parse TPM PCR spec")
pcrNums = append(pcrNums, int(v))
}
return tpmPath, pcrNums
}示例11: Main
// Main provides the main functionality of linux_host. This is provided as a
// separate function to allow other code to register other Tao implementations
// (with tao.Register) before starting the code.
func Main() {
flag.Usage = help
// Get options before the command verb
flag.Parse()
// Get command verb
cmd := "help"
if flag.NArg() > 0 {
cmd = flag.Arg(0)
}
// Get options after the command verb
if flag.NArg() > 1 {
flag.CommandLine.Parse(flag.Args()[1:])
}
if !*options.Bool["quiet"] {
noise = os.Stdout
}
// Load the domain.
domain, err := tao.LoadDomain(domainConfigPath(), nil)
options.FailIf(err, "Can't load domain")
// Set $TAO_DOMAIN so it will be inherited by hosted programs
os.Unsetenv("TAO_DOMAIN")
err = os.Setenv("TAO_DOMAIN", domainPath())
options.FailIf(err, "Can't set $TAO_DOMAIN")
switch cmd {
case "help":
help()
case "init":
initHost(domain)
case "show":
showHost(domain)
case "start":
startHost(domain)
case "stop", "shutdown":
stopHost(domain)
default:
options.Usage("Unrecognized command: %s", cmd)
}
}示例12: Main
func Main() {
flag.Usage = help
verbose.Set(true)
// Get options before the command verb
flag.Parse()
// Get command verb
cmd := "help"
if flag.NArg() > 0 {
cmd = flag.Arg(0)
}
// Get options after the command verb
if flag.NArg() > 1 {
flag.CommandLine.Parse(flag.Args()[1:])
}
// Load the domain.
cpath := path.Join(apps.TaoDomainPath(), "tao.config")
domain, err := tao.LoadDomain(cpath, nil)
options.FailIf(err, "Can't load domain")
// Set $TAO_DOMAIN so it will be inherited by hosted programs
os.Unsetenv("TAO_DOMAIN")
err = os.Setenv("TAO_DOMAIN", apps.TaoDomainPath())
options.FailIf(err, "Can't set $TAO_DOMAIN")
switch cmd {
case "help":
help()
case "init":
initHost(domain)
case "show":
showHost(domain)
case "start":
startHost(domain)
case "stop", "shutdown":
stopHost(domain)
default:
options.Usage("Unrecognized command: %s", cmd)
}
}示例13: createUserKeys
func createUserKeys() {
// Read the X509Details for this user from a text protobuf file.
userKeyDetails := *options.String["user_key_details"]
xdb, err := ioutil.ReadFile(userKeyDetails)
options.FailIf(err, "Can't read user details")
var xd tao.X509Details
err = proto.UnmarshalText(string(xdb), &xd)
options.FailIf(err, "Can't parse user details: %s", userKeyDetails)
upwd := getKey("user password", "user_pass")
pwd := getKey("domain policy key password", "pass")
domain, err := tao.LoadDomain(configPath(), pwd)
options.FailIf(err, "Can't load domain")
policyKey := domain.Keys
subjectName := tao.NewX509Name(&xd)
userKeyPath := *options.String["user_key_path"]
_, err = tao.NewSignedOnDiskPBEKeys(tao.Signing, upwd, userKeyPath, subjectName, int(xd.GetSerialNumber()), policyKey)
options.FailIf(err, "Can't create user signing key")
}示例14: main
func main() {
flag.Parse()
domain, err := tao.LoadDomain(*configPath, []byte(*domainPass))
if err != nil {
glog.Exitf("Couldn't load the config path %s: %s\n", *configPath, err)
return
}
// Set up temporary keys for the connection, since the only thing that
// matters to the remote client is that they receive a correctly-signed new
// attestation from the policy key.
keys, err := tao.NewTemporaryKeys(tao.Signing)
if err != nil {
glog.Exit("Couldn't set up temporary keys for the connection:", err)
return
}
keys.Cert, err = keys.SigningKey.CreateSelfSignedX509(&pkix.Name{
Organization: []string{"Google Tao Demo"}})
if err != nil {
glog.Exit("Couldn't set up a self-signed cert:", err)
return
}
sock, err := net.Listen(*network, *addr)
if err != nil {
glog.Exit("Couldn't bind socket to address:", err)
return
}
fmt.Println("tcca: accepting connections")
for {
conn, err := sock.Accept()
if err != nil {
glog.Exitf("Couldn't accept a connection on %s: %s", *addr, err)
return
}
go tao.HandleCARequest(conn, domain.Keys.SigningKey, domain.Guard)
}
}示例15: managePolicy
func managePolicy() {
// Handle queries first
if query := *options.String["query"]; query != "" {
queryGuard(query)
return
}
// Load domain
pwd := getKey("domain policy key password", "pass")
domain, err := tao.LoadDomain(configPath(), pwd)
options.FailIf(err, "Can't load domain")
// Clear all the policy stored by the Guard.
if *options.Bool["clear"] {
domain.Guard.Clear()
err := domain.Save()
options.FailIf(err, "Can't save domain")
}
// Add permissions
if canExecute := *options.String["canexecute"]; canExecute != "" {
host := template().GetHostName()
addExecute(canExecute, host, domain)
}
if add := *options.String["add"]; add != "" {
fmt.Fprintf(noise, "Adding policy rule: %s\n", add)
err := domain.Guard.AddRule(add)
options.FailIf(err, "Can't add rule to domain")
err = domain.Save()
options.FailIf(err, "Can't save domain")
}
if *options.Bool["add_programs"] {
host := template().GetHostName()
addProgramRules(host, domain)
}
if *options.Bool["add_containers"] {
host := template().GetHostName()
addContainerRules(host, domain)
}
if domain.Config.DomainInfo.GetGuardType() == "Datalog" {
if *options.Bool["add_vms"] {
addVMRules(domain)
}
if *options.Bool["add_linux_host"] {
addLinuxHostRules(domain)
}
if *options.Bool["add_host"] {
host := template().GetHostName()
addHostRules(host, domain)
}
if *options.Bool["add_guard"] {
addGuardRules(domain)
}
if *options.Bool["add_tpm"] {
addTPMRules(domain)
}
if *options.Bool["add_tpm2"] {
addTPM2Rules(domain)
}
}
// Retract permissions
if retract := *options.String["retract"]; retract != "" {
fmt.Fprintf(noise, "Retracting policy rule: %s\n", retract)
err := domain.Guard.RetractRule(retract)
options.FailIf(err, "Can't retract rule from domain")
err = domain.Save()
options.FailIf(err, "Can't save domain")
}
if retractCanExecute := *options.String["retractcanexecute"]; retractCanExecute != "" {
host := template().GetHostName()
retractExecute(retractCanExecute, host, domain)
}
// Print the policy after all commands are executed.
if *options.Bool["show"] {
fmt.Print(domain.Guard.String())
}
}