| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 1 | // Copyright 2015 The Go Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| Kevin Burke | 6809b41 | 2017-01-06 17:45:07 -0800 | [diff] [blame] | 5 | // Package build contains constants for the Go continuous build system. |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 6 | package build |
| 7 | |
| 8 | import ( |
| 9 | "crypto/tls" |
| 10 | "crypto/x509" |
| 11 | "errors" |
| 12 | "fmt" |
| 13 | "net" |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 14 | "strings" |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 15 | ) |
| 16 | |
| 17 | // CoordinatorInstance is either "prod", "staging", or "localhost:<port>". |
| 18 | type CoordinatorInstance string |
| 19 | |
| 20 | const ( |
| 21 | ProdCoordinator CoordinatorInstance = "prod" |
| 22 | StagingCoordinator CoordinatorInstance = "staging" |
| 23 | ) |
| 24 | |
| 25 | func (ci CoordinatorInstance) TLSHostPort() (string, error) { |
| 26 | switch ci { |
| 27 | case ProdCoordinator: |
| 28 | return "farmer.golang.org:443", nil |
| 29 | case StagingCoordinator: |
| Chris Manghane | 108bdf6 | 2015-10-19 13:19:48 -0700 | [diff] [blame] | 30 | // TODO(cmang): make this project dependent. |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 31 | return "104.154.113.235:443", nil |
| 32 | } |
| 33 | if ci == "" { |
| 34 | return "", errors.New("build: coordinator instance is empty") |
| 35 | } |
| 36 | if _, _, err := net.SplitHostPort(string(ci)); err == nil { |
| 37 | return string(ci), nil |
| 38 | } |
| 39 | return net.JoinHostPort(string(ci), "443"), nil |
| 40 | } |
| 41 | |
| 42 | func (ci CoordinatorInstance) TLSDialer() func(network, addr string) (net.Conn, error) { |
| Brad Fitzpatrick | 57a3624 | 2017-04-06 17:16:50 +0000 | [diff] [blame] | 43 | if ci == "prod" { |
| 44 | // TODO(bradfitz): once the staging coordinator has a |
| 45 | // DNS name and LetsEncrypt, delete this whole method? |
| 46 | return nil // uses default http.Transport.DialTLS dialer |
| 47 | } |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 48 | caPool := x509.NewCertPool() |
| 49 | tlsConf := &tls.Config{ |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 50 | ServerName: "go", // fixed name; see build.go |
| 51 | RootCAs: caPool, |
| 52 | InsecureSkipVerify: ci.isDev(), |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 53 | } |
| 54 | var err error |
| 55 | ca := ci.CACert() |
| 56 | if ci == "" { |
| 57 | tlsConf.InsecureSkipVerify = true // in localhost dev mode |
| 58 | } else { |
| 59 | if !caPool.AppendCertsFromPEM([]byte(ca)) { |
| 60 | err = fmt.Errorf("Failed to load client's TLS cert for instance %q", string(ci)) |
| 61 | } |
| 62 | } |
| 63 | return func(network, addr string) (net.Conn, error) { |
| 64 | if err != nil { |
| 65 | // sticky error from AppendCertsFromPEM |
| 66 | return nil, err |
| 67 | } |
| 68 | if network != "tcp" { |
| 69 | return nil, fmt.Errorf("unsupported network %q", network) |
| 70 | } |
| 71 | tcpConn, err := net.Dial("tcp", addr) |
| 72 | if err != nil { |
| 73 | return nil, err |
| 74 | } |
| 75 | conn := tls.Client(tcpConn, tlsConf) |
| 76 | if err := conn.Handshake(); err != nil { |
| 77 | return nil, fmt.Errorf("failed to handshake with coordinator: %v", err) |
| 78 | } |
| 79 | return conn, nil |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | // CACert returns the public certificate of the CA used to sign |
| 84 | // this coordinator instance's certificate. |
| 85 | func (ci CoordinatorInstance) CACert() string { |
| 86 | if ci == ProdCoordinator { |
| 87 | return ProdCoordinatorCA |
| 88 | } else if ci == StagingCoordinator { |
| 89 | return StagingCoordinatorCA |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 90 | } else if ci.isDev() { |
| 91 | return DevCoordinatorCA |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 92 | } |
| 93 | return "" |
| 94 | } |
| 95 | |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 96 | func (ci CoordinatorInstance) isDev() bool { |
| 97 | return strings.HasPrefix(string(ci), "localhost") |
| 98 | } |
| 99 | |
| Brad Fitzpatrick | 7b6d1b1 | 2015-07-05 16:22:16 -0700 | [diff] [blame] | 100 | /* |
| 101 | Certificate authority and the coordinator SSL key were created with: |
| 102 | |
| 103 | openssl genrsa -out ca_key.pem 2048 |
| 104 | openssl req -x509 -new -key ca_key.pem -out ca_cert.pem -days 1068 -subj /CN="go" |
| 105 | openssl genrsa -out key.pem 2048 |
| 106 | openssl req -new -out cert_req.pem -key key.pem -subj /CN="go" |
| 107 | openssl x509 -req -in cert_req.pem -out cert.pem -CAkey ca_key.pem -CA ca_cert.pem -days 730 -CAcreateserial -CAserial serial |
| 108 | */ |
| 109 | |
| 110 | // ProdCoordinatorCA is the production CA cert for farmer.golang.org. |
| 111 | const ProdCoordinatorCA = `-----BEGIN CERTIFICATE----- |
| 112 | MIIDCzCCAfOgAwIBAgIJANl4KOv9Cj4UMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV |
| 113 | BAMTAmdvMB4XDTE1MDQwNTIwMTE0OFoXDTE4MDMwODIwMTE0OFowDTELMAkGA1UE |
| 114 | AxMCZ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ/oLb+ksvNScl |
| 115 | zIweMGv2ZWRdWW3o9vWIMpOhkiYuBOZjp7zvs89OuKNdC1ylJs3ENnNtD8QOG1Ze |
| 116 | kM3s6MTjCLVZUX4218HAenGifaunTNfbW1/q/tTnZh4Kri00vgq9jFtYnlqFLYhT |
| 117 | PlmDMdpgOY4ligc/1bSPWVsI7CKCbh3fAz67m++opVE0M7LFp8bhkyFv/dnhZFxo |
| 118 | s9ei3ZKFLjYJdZUNRMZ+HcqBzXMQR7HeCOD2pZ1yoHJw1b3Ebe4YOcQCHq4moW7W |
| 119 | DavISKSXl7DKZYX1QlFUmEMkl5aMIEHUJ0oI2wnL9+u5s1NU2/k8sSxbH7Y/cKio |
| 120 | cFPwuMt7AgMBAAGjbjBsMB0GA1UdDgQWBBS5f/j+8YL9B8THnoAXIhQty3vDZjA9 |
| 121 | BgNVHSMENjA0gBS5f/j+8YL9B8THnoAXIhQty3vDZqERpA8wDTELMAkGA1UEAxMC |
| 122 | Z2+CCQDZeCjr/Qo+FDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBU |
| 123 | EOOl2ChJyxFg8b4OrG/EC0HMxic2CakRsj6GWQlAwNU8+3o2u2+zYqKhuREDazsZ |
| 124 | 1+0f54iU4TXPgPLiOVLQT8AOM6BDDeZfugAopAf0QaIXW5AmM5hnkhW035aXZgx9 |
| 125 | rYageMGnnkK2H7E7WlcFbGcPjZtbpZyFnGoAvxcUfOzdnm/LLuvFg6YWf1ynXsNI |
| 126 | aOx5LNVDhzcQlHZ26ueOLoyIpTQxqvo+hwmIOVDLlZ9bz2BS6FevFjsciJmcDL8N |
| 127 | cmY1/5cC/4NzpnN95cvZxp3FX8Ka7YFun03ubjXzXttoeyrxP2WFXuc2D2hkTJPE |
| 128 | Co9z2+Nue1JHG9JcDaeW |
| 129 | -----END CERTIFICATE-----` |
| 130 | |
| 131 | // StagingCoordinatorCA is the cert used on GCE for the |
| 132 | // go-dashboard-dev project. |
| 133 | const StagingCoordinatorCA = `-----BEGIN CERTIFICATE----- |
| 134 | MIIC7TCCAdWgAwIBAgIJAOfawne6V7F1MA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV |
| 135 | BAMMAmdvMB4XDTE1MDcwNjE5MTAyMloXDTE4MDYwODE5MTAyMlowDTELMAkGA1UE |
| 136 | AwwCZ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBnRAfwDXJzRDf |
| 137 | RBolwbQHi/iQ8h70FuQCYKNpjTQWjmWX+8zT7f0C+6q3hEqaEt6gL8Ch9sTiDxOj |
| 138 | MeaczdXVUGGvtKMB/e4CLrpswfTZNR9Fx0BbtdcdyyNAgobphcR81CgzQgokr7FS |
| 139 | M6E1HsjxqBUwCQGZWnkjVxPSd2VnS7Lnz1+DCSPqAboIXyIwQXnu+OjecnrB6/Fp |
| 140 | WOUI0Z5PgEh8vBKhPNptCeX5o8Cl1NVdmvMw2nGIxo6M0swbzDrELfJ1LD9UtGiE |
| 141 | 4a2dTttqGYGF0KtBUM3VsX93zPjHix6h9YEzU9zffCOZWIizAXOGMPe/jwPAdAeM |
| 142 | FCxJJzkfAgMBAAGjUDBOMB0GA1UdDgQWBBQGMc6uZVoT12xX2BJUESJXz1KgXzAf |
| 143 | BgNVHSMEGDAWgBQGMc6uZVoT12xX2BJUESJXz1KgXzAMBgNVHRMEBTADAQH/MA0G |
| 144 | CSqGSIb3DQEBCwUAA4IBAQCmx74P6MVgl+atDFiMxhLiDp7CiLMZXrnmgBVz9VQ6 |
| 145 | NwDbN/kHXDCeJr1D175T7mQVEkTS4dDDP6LqCNdyP1o+xzJQd7J87jSMlWyDUtG6 |
| 146 | Wa2n03q1mzEb6fveFs3c08mXPMZ20LE2ApMbFJUhKStuBaQFN601S/ixS37kiefZ |
| 147 | c2G8sF0KryoHCIlNaCSG+OdztoBg7HJ3XLPN6uO10jf9Dk+iY1QdbYN98WWljL/A |
| 148 | QJOrbUZeZsUJ0KnxVMNN0CgB6T0DE9qzewoiNknieXtq2vl/Nxa1AD+qAzWck/bb |
| 149 | yHd17CDY55cj4fworr/PayJuB7JJOrLk68yx2eUlK0Np |
| 150 | -----END CERTIFICATE-----` |
| Andrew Gerrand | f8b4a13 | 2015-07-15 11:13:21 +1000 | [diff] [blame] | 151 | |
| 152 | // DevCoordinatorCA is the cert used by the coordinator and buildlet in |
| 153 | // development mode. (Not to be confused with the staging "dev" instance |
| 154 | // under GCE project "go-dashboard-dev") |
| 155 | const DevCoordinatorCA = `-----BEGIN CERTIFICATE----- |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 156 | MIICljCCAX4CCQDN22+A+3+WjjANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJn |
| 157 | bzAeFw0xNTA3MTUwMzIzMDhaFw0xNzA3MTQwMzIzMDhaMA0xCzAJBgNVBAMTAmdv |
| 158 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj8cK93O6klUVcAn3eC1 |
| 159 | za5khnTe/dLPaErrVcymJvdFKEedzNOA6aI9eB2F21KafKcQCaMR+aWBuWzHf4cR |
| 160 | p39oQwIi3h1rCpTCq4tMJB2cXarl3ygj5U/VcFLwPcHl0EYFMxHEF4MM2qiPQvpr |
| 161 | 5mt/DTwFtkg+Wb3gHylDqtaOqHwta/wTFfGoI03P2OXRgi8a0UkgPpVXlaiamqfb |
| 162 | kpId7cRLUPp+dJWvvvbHtkSkIo1k+z3UAluHEhF5j5jBqTQM9A+7otFMkO5QUjJS |
| 163 | 9E25/cQuaPOnu+xqkxnPPXkABIHvnmLK3pxPJ2CaEFPVpzqe+98Bmqxi3ll9vMUS |
| 164 | dwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA/ZZdBMuJUwzitfrcIF3Jtx+ujuNkw |
| 165 | Jc7eCKATu/ylyfS/ORBk+9GjTRlRDomngz4SojuqR+au92sU4OrLnuEE1hK18TBy |
| 166 | FIiU7CFBG1qj08Ijb812SYAxNr7uKCPfYfM9qbhBLEvQyHrTi9exEey27yWZxy9C |
| 167 | H123Rv8mpI8rGa39k5M9tqtPfXXRChHhXHaU5B0jpk0NWXTDsTTJxqDZqS3NiUPS |
| 168 | I2cBKSy6qTfqEwvxAmcu0tDWzDo2N4Ol1yUy6des7hOHuS9mO5W4qk5D6Yr58+H/ |
| 169 | hdFnZur+fHY+hgulEWZjcg1JMzEDhiIYGUbXJrErRIRhxnCksus3tkWD |
| Andrew Gerrand | f8b4a13 | 2015-07-15 11:13:21 +1000 | [diff] [blame] | 170 | -----END CERTIFICATE-----` |
| 171 | |
| 172 | // DevCoordinatorKey is the key used by the coordinator and buildlet in |
| 173 | // development mode. (Not to be confused with the staging "dev" instance |
| 174 | // under GCE project "go-dashboard-dev") |
| 175 | const DevCoordinatorKey = `-----BEGIN RSA PRIVATE KEY----- |
| Andrew Gerrand | 34287c5 | 2015-07-15 15:44:01 +1000 | [diff] [blame] | 176 | MIIEogIBAAKCAQEAlj8cK93O6klUVcAn3eC1za5khnTe/dLPaErrVcymJvdFKEed |
| 177 | zNOA6aI9eB2F21KafKcQCaMR+aWBuWzHf4cRp39oQwIi3h1rCpTCq4tMJB2cXarl |
| 178 | 3ygj5U/VcFLwPcHl0EYFMxHEF4MM2qiPQvpr5mt/DTwFtkg+Wb3gHylDqtaOqHwt |
| 179 | a/wTFfGoI03P2OXRgi8a0UkgPpVXlaiamqfbkpId7cRLUPp+dJWvvvbHtkSkIo1k |
| 180 | +z3UAluHEhF5j5jBqTQM9A+7otFMkO5QUjJS9E25/cQuaPOnu+xqkxnPPXkABIHv |
| 181 | nmLK3pxPJ2CaEFPVpzqe+98Bmqxi3ll9vMUSdwIDAQABAoIBAADPLDasRi4K4RJp |
| 182 | K43NZQ1LkC0NOhpB5W4ZYTUgGhEBqfSylg4BYaNghVY9SnhI9J4RREvY/gLLOmym |
| 183 | QljUgGrXi9c4jrmFjQsMjBPidzGGm04B2qUeETtt96dYOwUKI1PA3MxOnzDFOu9+ |
| 184 | ku74bFZcY93NYfZ+Yx+WnztrvHqSFSvEVIqbY6y1JamZQg4MhypoflCPbSdQAn83 |
| 185 | eG+9eU4tlpisv84iNQ65BDg+OYpVu8DOe+qXcfmcynn75YBSBaPk0Y5dhYoyWs9P |
| 186 | UxLaxwX01Y/YAtsdx9N9XZ4Pjaji0y4tmZmu/O328fk/Ytul26MJtNNNDsyPmidQ |
| 187 | wLJf0UkCgYEAxCpyyzzOeIUxKJzb4FZDCkepEp3SNLsh0L7D9vH28nxWhfr0y+IM |
| 188 | ncME8xCxhwAhNkn3ksnSSV1eyoyhw0O/IY2jBeZdfp/Wn98W+Q2WRxUwt/aOpVx+ |
| 189 | RBuokq021yisam2+wCxyhTcVNnhNPGhyrhNaC7JqYvd6mWyBLbT7brsCgYEAxBMR |
| 190 | IyLmVCZGZOBt1ee+LkFMN00I5S0IVVxbGbdCpStXUK/XIIPzinGxadF7zP8vsZ/Y |
| 191 | vdUOTa9PWJrsGMSUwkDx4TWGy1uIFhf/rLaTbrGHPQD96WjS+7mCIkkd6fvKXEt/ |
| 192 | 5rfbhYHoUdX56CWMGSYfCvEQd8CjIIerVzDAdXUCgYBSTRzseA6IMhl12JnHfWmT |
| 193 | Ho2o6d4PkZOWaPL+4HWjNtd2Ttv1zllMt02UTSSuZzeH93CPfW1kqm/iuy4DJqFC |
| 194 | CpKjHwuK3LTHTmntA+5Q1GskQ6WFa1Duckw/fbzMeJwd6v1k00EY8wtLVx3QgmHa |
| 195 | 9vOIhMptyzb8t7Fa49u5kQKBgGygc5oXt6tfGRjCDZe4L/DIVEU+9HKjJD7GT+JL |
| 196 | WSzQeitFf9WPxNkqa7PITuIfbnjlqdphsu7u9PKNwcdnAVMtT9QJJ4h6SUaUPR2e |
| 197 | eMeWquntJr6tSFYVTDdacqwyxsWjPlS//2pTsjXEahNm2dsE96XEL+9oVfersg04 |
| 198 | ASgRAoGAH5kbPiadxpk+escKawGcnvCeE1ipJIJ7TzewtN2B5IbnDkzt7F415Mxj |
| 199 | KCPN0NJXQ5vfURRbbXgP2g6dS6WEQMtpaxo0M4v14kRPK9VhlqrUNvtWoBh4fcgv |
| 200 | Jg5yzK4PwNJehAbCb1sVnsI96joHe685u8c8BcuJVE5LMX8ujFE= |
| Andrew Gerrand | f8b4a13 | 2015-07-15 11:13:21 +1000 | [diff] [blame] | 201 | -----END RSA PRIVATE KEY-----` |
