cleanup

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2024-06-25 17:14:47 -04:00 · 2017-12-14 14:41:31 -05:00 · 2017-12-14 14:41:31 -05:00 · d69fce34a7
parent 74ab433f76
commit d69fce34a7
5 changed files with 1 additions and 291 deletions
--- a/config/openssl-ca.cnf
+++ b/config/openssl-ca.cnf
@ -1,85 +0,0 @@
-HOME            = /etc/docker/ssl
-RANDFILE        = $ENV::HOME/.rnd
-
-####################################################################
-[ ca ]
-default_ca  = CA_default        # The default ca section
-
-[ CA_default ]
-
-default_days    = 365          # how long to certify for
-default_crl_days= 30            # how long before next CRL
-default_md  = sha256        # use public key default MD
-preserve    = no            # keep passed DN ordering
-
-x509_extensions = ca_extensions     # The extensions to add to the cert
-
-email_in_dn = no            # Don't concat the email in the DN
-copy_extensions = copy          # Required to copy SANs from CSR to cert
-
-base_dir    = /etc/docker/ssl
-certificate = $base_dir/ca.pem  # The CA certifcate
-private_key = $base_dir/cakey.pem   # The CA private key
-new_certs_dir   = $base_dir     # Location for new certs after signing
-database    = $base_dir/index.txt   # Database index file
-serial      = $base_dir/serial.txt  # The current serial number
-
-unique_subject  = no            # Set to 'no' to allow creation of
-                                # several certificates with same subject.
-
-####################################################################
-[ req ]
-default_bits        = 4096
-default_keyfile     = $HOME/cakey.pem
-distinguished_name  = ca_distinguished_name
-x509_extensions     = ca_extensions
-string_mask         = utf8only
-
-####################################################################
-[ ca_distinguished_name ]
-countryName             = Country Name (2 letter code)
-countryName_default     = US
-
-stateOrProvinceName         = State or Province Name (full name)
-stateOrProvinceName_default = New York
-
-localityName                = Locality Name (eg, city)
-localityName_default        = New York City
-
-organizationName            = Organization Name (eg, company)
-organizationName_default    = Contained.AF
-
-organizationalUnitName          = Organizational Unit (eg, division)
-organizationalUnitName_default  = Tupperware Hackers
-
-commonName              = Common Name (e.g. server FQDN or YOUR name)
-commonName_default      = Contained.AF CA
-
-emailAddress                = Email Address
-emailAddress_default        = no-reply@contained.af
-
-####################################################################
-[ ca_extensions ]
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always, issuer
-basicConstraints = critical, CA:true
-keyUsage = keyCertSign, cRLSign
-
-####################################################################
-[ signing_policy ]
-countryName     = optional
-stateOrProvinceName = optional
-localityName        = optional
-organizationName    = optional
-organizationalUnitName  = optional
-commonName      = supplied
-emailAddress        = optional
-
-####################################################################
-[ signing_req ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-basicConstraints = CA:FALSE
-keyUsage = digitalSignature, keyEncipherment
--- a/config/openssl-client.cnf
+++ b/config/openssl-client.cnf
@ -1,49 +0,0 @@
-HOME            = /etc/docker/ssl
-RANDFILE        = $ENV::HOME/.rnd
-
-####################################################################
-[ req ]
-default_bits        = 2048
-default_keyfile     = $HOME/client.key
-distinguished_name  = server_distinguished_name
-req_extensions      = server_req_extensions
-string_mask         = utf8only
-
-####################################################################
-[ server_distinguished_name ]
-countryName             = Country Name (2 letter code)
-countryName_default     = US
-
-stateOrProvinceName         = State or Province Name (full name)
-stateOrProvinceName_default = New York
-
-localityName                = Locality Name (eg, city)
-localityName_default        = New York City
-
-organizationName            = Organization Name (eg, company)
-organizationName_default    = Contained.AF
-
-organizationalUnitName          = Organizational Unit (eg, division)
-organizationalUnitName_default  = Tupperware Hackers
-
-commonName              = Common Name (e.g. server FQDN or YOUR name)
-commonName_default      = Contained.AF CA
-
-emailAddress                = Email Address
-emailAddress_default        = no-reply@contained.af
-
-####################################################################
-[ server_req_extensions ]
-
-subjectKeyIdentifier    = hash
-basicConstraints        = CA:FALSE
-keyUsage                = digitalSignature, keyEncipherment
-extendedKeyUsage 		= clientAuth
-subjectAltName          = @alternate_names
-nsComment               = "OpenSSL Generated Certificate"
-
-####################################################################
-[ alternate_names ]
-
-DNS.1 = localhost
-IP.1 = 127.0.0.1
--- a/config/openssl-server.cnf
+++ b/config/openssl-server.cnf
@ -1,48 +0,0 @@
-HOME            = /etc/docker/ssl
-RANDFILE        = $ENV::HOME/.rnd
-
-####################################################################
-[ req ]
-default_bits        = 2048
-default_keyfile     = $HOME/key.pem
-distinguished_name  = server_distinguished_name
-req_extensions      = server_req_extensions
-string_mask         = utf8only
-
-####################################################################
-[ server_distinguished_name ]
-countryName             = Country Name (2 letter code)
-countryName_default     = US
-
-stateOrProvinceName         = State or Province Name (full name)
-stateOrProvinceName_default = New York
-
-localityName                = Locality Name (eg, city)
-localityName_default        = New York City
-
-organizationName            = Organization Name (eg, company)
-organizationName_default    = Contained.AF
-
-organizationalUnitName          = Organizational Unit (eg, division)
-organizationalUnitName_default  = Tupperware Hackers
-
-commonName              = Common Name (e.g. server FQDN or YOUR name)
-commonName_default      = Contained.AF CA
-
-emailAddress                = Email Address
-emailAddress_default        = no-reply@contained.af
-
-####################################################################
-[ server_req_extensions ]
-
-subjectKeyIdentifier    = hash
-basicConstraints        = CA:FALSE
-keyUsage                = digitalSignature, keyEncipherment
-subjectAltName          = @alternate_names
-nsComment               = "OpenSSL Generated Certificate"
-
-####################################################################
-[ alternate_names ]
-
-DNS.1 = localhost
-IP.1 = 127.0.0.1
--- a/config/setup_certs.sh
+++ b/config/setup_certs.sh
@ -1,65 +0,0 @@
-#!/bin/sh
-
-CONFIGS_DIR=/etc/docker/daemon/config
-CERT_DIR=/etc/docker/ssl
-
-CERT_SUBJ="/C=US/ST=New York/L=New York City/O=Contained.AF/CN=Contained.AF CA"
-
-if [ ! -f  "${CERT_DIR}/ca.pem" ]; then
-	mkdir -p "${CERT_DIR}"
-
-	# create the root CA
-	openssl req -x509 \
-		-config "${CONFIGS_DIR}/openssl-ca.cnf" \
-		-newkey rsa:4096 -sha256 \
-		-subj "${CERT_SUBJ}" \
-		-nodes -out "${CERT_DIR}/ca.pem" -outform PEM
-
-	openssl x509 -noout -text -in "${CERT_DIR}/ca.pem"
-
-	# create the server certificate signing request
-	openssl req \
-		-config "${CONFIGS_DIR}/openssl-server.cnf" \
-		-newkey rsa:2048 -sha256 \
-		-subj "/CN=localhost" \
-		-nodes -out "${CERT_DIR}/server.csr" -outform PEM
-	openssl req -text -noout -verify -in "${CERT_DIR}/server.csr"
-
-	touch "${CERT_DIR}/index.txt"
-	echo 01 > "${CERT_DIR}/serial.txt"
-
-	# create the server cert
-	openssl ca -batch \
-		-config "${CONFIGS_DIR}/openssl-ca.cnf" \
-		-policy signing_policy -extensions signing_req \
-		-out "${CERT_DIR}/cert.pem" -infiles "${CERT_DIR}/server.csr"
-
-	openssl x509 -noout -text -in "${CERT_DIR}/cert.pem"
-
-	# create the client certificate signing request
-	openssl req \
-		-config "${CONFIGS_DIR}/openssl-client.cnf" \
-		-newkey rsa:2048 -sha256 \
-		-subj "/CN=client" \
-		-nodes -out "${CERT_DIR}/client.csr" -outform PEM
-	openssl req -text -noout -verify -in "${CERT_DIR}/client.csr"
-
-	touch "${CERT_DIR}/index.txt"
-	echo 02 > "${CERT_DIR}/serial.txt"
-
-	# create the client cert
-	openssl ca -batch \
-		-config "${CONFIGS_DIR}/openssl-ca.cnf" \
-		-policy signing_policy -extensions signing_req \
-		-out "${CERT_DIR}/client.cert" -infiles "${CERT_DIR}/client.csr"
-
-	openssl x509 -noout -text -in "${CERT_DIR}/client.cert"
-
-
-	# remove the signing requests
-	rm -rf "${CERT_DIR}/client.csr" "${CERT_DIR}/server.csr" "${CERT_DIR}/"*.attr "${CERT_DIR}/"*.old
-
-fi
-
-set -- sh "$(which dind)" "$@"
-exec "$@"
--- a/main_test.go
+++ b/main_test.go
@ -4,16 +4,12 @@ import (
 	"flag"
 	"fmt"
 	"log"
-	"net/http"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"runtime"
 	"testing"

-	"github.com/docker/docker/api"
 	"github.com/docker/docker/client"
-	"github.com/docker/go-connections/tlsconfig"
 	"github.com/jessfraz/reg/testutils"
 )

@ -61,7 +57,7 @@ func TestMain(m *testing.M) {
 	defer os.Remove("testreg" + exeSuffix)

 	// create the docker client
-	dcli, err := newEnvDockerClient()
+	dcli, err := client.NewEnvClient()
 	if err != nil {
 		panic(fmt.Errorf("could not connect to docker: %v", err))
 	}
@ -113,42 +109,3 @@ alpine              latest
 		t.Fatalf("expected: %s\ngot: %s", expected, out)
 	}
 }
-
-func newEnvDockerClient() (*client.Client, error) {
-	var hc *http.Client
-
-	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
-		options := tlsconfig.Options{
-			CAFile:             filepath.Join(dockerCertPath, "cacert.pem"),
-			CertFile:           filepath.Join(dockerCertPath, "server.cert"),
-			KeyFile:            filepath.Join(dockerCertPath, "server.key"),
-			InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
-		}
-		tlsc, err := tlsconfig.Client(options)
-		if err != nil {
-			return nil, err
-		}
-
-		hc = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: tlsc,
-			},
-			CheckRedirect: client.CheckRedirect,
-		}
-	}
-
-	host := os.Getenv("DOCKER_HOST")
-	if host == "" {
-		host = client.DefaultDockerHost
-	}
-	version := os.Getenv("DOCKER_API_VERSION")
-	if version == "" {
-		version = api.DefaultVersion
-	}
-
-	cli, err := client.NewClient(host, version, hc, nil)
-	if err != nil {
-		return cli, err
-	}
-	return cli, nil
-}