diff --git a/cmd/reseeder.go b/cmd/reseeder.go index ddfe8ac..3bced5c 100644 --- a/cmd/reseeder.go +++ b/cmd/reseeder.go @@ -21,10 +21,22 @@ func NewReseedCommand() cli.Command { Name: "signer", Usage: "Your su3 signing ID (ex. something@mail.i2p)", }, + cli.StringFlag{ + Name: "key", + Usage: "Path to your su3 signing private key", + }, cli.StringFlag{ Name: "netdb", Usage: "Path to NetDB directory containing routerInfos", }, + cli.StringFlag{ + Name: "tlsCert", + Usage: "Path to a TLS certificate", + }, + cli.StringFlag{ + Name: "tlsKey", + Usage: "Path to a TLS private key", + }, cli.StringFlag{ Name: "ip", Value: "0.0.0.0", @@ -35,19 +47,6 @@ func NewReseedCommand() cli.Command { Value: "8080", Usage: "Port to listen on", }, - cli.StringFlag{ - Name: "tlsCert", - Usage: "Path to TLS certificate", - }, - cli.StringFlag{ - Name: "tlsKey", - Usage: "Path to TLS private key", - }, - cli.StringFlag{ - Name: "keyFile", - Value: "reseed_private.pem", - Usage: "Path to your su3 signing private key", - }, cli.IntFlag{ Name: "numRi", Value: 75, @@ -55,7 +54,8 @@ func NewReseedCommand() cli.Command { }, cli.IntFlag{ Name: "numSu3", - Usage: "Number of su3 files to build", + Value: 0, + Usage: "Number of su3 files to build (0 = automatic based on size of netdb)", }, cli.StringFlag{ Name: "interval", @@ -64,6 +64,7 @@ func NewReseedCommand() cli.Command { }, cli.StringFlag{ Name: "prefix", + Value: "", Usage: "Prefix path for the HTTP(S) server. (ex. /netdb)", }, cli.BoolFlag{ @@ -88,18 +89,30 @@ func reseedAction(c *cli.Context) { return } + // @todo: prompt to generate a new key + signerKey := c.String("key") + if signerKey == "" { + fmt.Println("--key is required") + return + } + reloadIntvl, err := time.ParseDuration(c.String("interval")) if nil != err { - log.Fatalf("'%s' is not a valid time interval.\n", reloadIntvl) + fmt.Printf("'%s' is not a valid time interval.\n", reloadIntvl) + return } + // @todo: prompt to generate a new key + tlsKey := c.String("tlsKey") + tlsCert := c.String("tlsCert") + // use all cores cpus := runtime.NumCPU() runtime.GOMAXPROCS(cpus) log.Printf("Using %d CPU cores.\n", cpus) // load our signing privKey - privKey, err := loadPrivateKey(c.String("keyfile")) + privKey, err := loadPrivateKey(signerKey) if nil != err { log.Fatalln(err) } @@ -121,13 +134,11 @@ func reseedAction(c *cli.Context) { server.Reseeder = reseeder server.Addr = net.JoinHostPort(c.String("ip"), c.String("port")) - // @todo check if tls cert exists, prompt to generate a new one if not - - log.Printf("Server listening on %s\n", server.Addr) - - if c.String("tlsCert") != "" && c.String("tlsKey") != "" { - log.Fatalln(server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey"))) + if tlsCert != "" && tlsKey != "" { + log.Printf("HTTPS server started on %s\n", server.Addr) + log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey)) } else { + log.Printf("HTTP server started on %s\n", server.Addr) log.Fatalln(server.ListenAndServe()) } } diff --git a/main.go b/main.go index 3594cc2..a1abb9c 100644 --- a/main.go +++ b/main.go @@ -15,10 +15,10 @@ func main() { app.Flags = []cli.Flag{} app.Commands = []cli.Command{ cmd.NewReseedCommand(), - cmd.NewSu3VerifyCommand(), + // cmd.NewSu3VerifyCommand(), cmd.NewKeygenCommand(), - cmd.NewSu3Command(), - cmd.NewSu3VerifyPublicCommand(), + // cmd.NewSu3Command(), + // cmd.NewSu3VerifyPublicCommand(), } if err := app.Run(os.Args); err != nil { diff --git a/reseed/server.go b/reseed/server.go index 4d9776d..728c41f 100644 --- a/reseed/server.go +++ b/reseed/server.go @@ -24,7 +24,10 @@ type Server struct { } func NewServer(prefix string, trustProxy bool) *Server { - config := &tls.Config{MinVersion: tls.VersionTLS10} + config := &tls.Config{ + MinVersion: tls.VersionTLS10, + PreferServerCipherSuites: true, + } h := &http.Server{TLSConfig: config} server := Server{h, nil}