### Install sqlx Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/jmoiron/sqlx/README.md Install the sqlx library using go get. ```bash go get github.com/jmoiron/sqlx ``` -------------------------------- ### Install sentry-go SDK Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/README.md Install the sentry-go SDK using go get. This command fetches the latest version of the library. ```console go get github.com/getsentry/sentry-go ``` -------------------------------- ### Install raven-go Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/MIGRATION.md Use go get to install the raven-go package. ```go go get github.com/getsentry/raven-go ``` -------------------------------- ### Install mkbundle Utility Source: https://github.com/cloudflare/cfssl/blob/master/README.md Installs the mkbundle utility using the go get command. This utility is used to build root and intermediate certificate bundles. ```bash go get github.com/cloudflare/cfssl/cmd/mkbundle ``` -------------------------------- ### Install go-sqlite3 Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/mattn/go-sqlite3/README.md Install the go-sqlite3 package using the go get command. Ensure CGO_ENABLED is set to 1 and a gcc compiler is available. ```bash go get github.com/mattn/go-sqlite3 ``` -------------------------------- ### Install pq Driver Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/lib/pq/README.md Use this command to install the pq PostgreSQL driver for your Go project. ```go go get github.com/lib/pq ``` -------------------------------- ### Install Go-MySQL-Driver Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md Install the Go-MySQL-Driver using the go tool. Ensure Git is installed and in your system's PATH. ```bash go get -u github.com/go-sql-driver/mysql ``` -------------------------------- ### Install sentry-go Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/MIGRATION.md Use go get to install the sentry-go package with a specific version. ```go go get github.com/getsentry/sentry-go@v0.0.1 ``` -------------------------------- ### Install CFSSL Utilities Source: https://github.com/cloudflare/cfssl/blob/master/README.md Installs all CFSSL utility programs, including `cfssl`, `cfssljson`, and `mkbundle`, using `go install`. Requires a working Go 1.20+ installation. ```bash go install github.com/cloudflare/cfssl/cmd/...@latest ``` -------------------------------- ### CFSSL Authentication Key Setup Source: https://github.com/cloudflare/cfssl/blob/master/doc/transport.txt Example of setting up the authentication key for a CFSSL transport via an environment variable. ```bash $ TRANSPORT_CA_AUTH_KEY="000102030405060708" ./some-program ``` -------------------------------- ### Install Go Tools Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/google/certificate-transparency-go/README.md Installs tools written in Go using the tools.go file and go.mod. This is a prerequisite for regenerating code. ```bash go install "./tools/tools.go" ``` -------------------------------- ### Install esc Source: https://github.com/cloudflare/cfssl/blob/master/cli/serve/README.md Installs the 'esc' tool, which is used to compile static files into Go source code. ```bash go install github.com/mjibson/esc ``` -------------------------------- ### Install tomll CLI Tool Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/pelletier/go-toml/README.md Install the 'tomll' command-line tool for linting TOML files. ```bash go install github.com/pelletier/go-toml/cmd/tomll tomll --help ``` -------------------------------- ### Build CFSSL from Source Source: https://github.com/cloudflare/cfssl/blob/master/README.md Clone the repository, navigate to the directory, and run `make` to build. `make install` places the binaries in the `bin` folder. ```bash git clone git@github.com:cloudflare/cfssl.git cd cfssl make make install ``` -------------------------------- ### Initialize procfs and Get Stat Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/prometheus/procfs/README.md Initializes the proc filesystem mount point and retrieves CPU statistics. Use this to get basic system-wide CPU metrics. ```go fs, err := procfs.NewFS("/proc") stats, err := fs.Stat() ``` -------------------------------- ### HTTP File Server with Whitelisting Source: https://github.com/cloudflare/cfssl/blob/master/whitelist/README.md This example demonstrates setting up an HTTP file server with layered whitelisting. It uses a basic host-based whitelist for general access and an admin whitelist to control modifications to the user whitelist, restricting changes to localhost. ```go package main import ( "encoding/json" "flag" "fmt" "log" "net" "net/http" "github.com/cloudflare/cfssl/whitelist" ) var wl = whitelist.NewBasic() func addIP(w http.ResponseWriter, r *http.Request) { addr := r.FormValue("ip") ip := net.ParseIP(addr) wl.Add(ip) log.Printf("request to add %s to the whitelist", addr) w.Write([]byte(fmt.Sprintf("Added %s to whitelist.\n", addr))) } func delIP(w http.ResponseWriter, r *http.Request) { addr := r.FormValue("ip") ip := net.ParseIP(addr) wl.Remove(ip) log.Printf("request to remove %s from the whitelist", addr) w.Write([]byte(fmt.Sprintf("Removed %s from whitelist.\n", ip))) } func dumpWhitelist(w http.ResponseWriter, r *http.Request) { out, err := json.Marshal(wl) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } else { w.Write(out) } } type handler struct { h func(http.ResponseWriter, *http.Request) } func newHandler(h func(w http.ResponseWriter, r *http.Request)) http.Handler { return &handler{h: h} } func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { h.h(w, r) } func main() { root := flag.String("root", "files/", "file server root") flag.Parse() fileServer := http.StripPrefix("/files/", http.FileServer(http.Dir(*root))) wl.Add(net.IP{127, 0, 0, 1}) adminWL := whitelist.NewBasic() adminWL.Add(net.IP{127, 0, 0, 1}) adminWL.Add(net.ParseIP("::1")) protFiles, err := whitelist.NewHandler(fileServer, nil, wl) if err != nil { log.Fatalf("%v", err) } addHandler, err := whitelist.NewHandlerFunc(addIP, nil, adminWL) if err != nil { log.Fatalf("%v", err) } delHandler, err := whitelist.NewHandlerFunc(delIP, nil, adminWL) if err != nil { log.Fatalf("%v", err) } dumpHandler, err := whitelist.NewHandlerFunc(dumpWhitelist, nil, adminWL) if err != nil { log.Fatalf("%v", err) } http.Handle("/files/", protFiles) http.Handle("/add", addHandler) http.Handle("/del", delHandler) http.Handle("/dump", dumpHandler) log.Println("Serving files on :8080") log.Fatal(http.ListenAndServe(":8080", nil)) } ``` -------------------------------- ### Install jsontoml CLI Tool Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/pelletier/go-toml/README.md Install the 'jsontoml' command-line tool to convert JSON files to TOML. ```bash go install github.com/pelletier/go-toml/cmd/jsontoml jsontoml --help ``` -------------------------------- ### Coexisting with glog Example Source: https://github.com/cloudflare/cfssl/blob/master/vendor/k8s.io/klog/v2/README.md Demonstrates how to initialize and synchronize flags from the global flag.CommandLine FlagSet when using klog alongside glog. It also shows how to redirect all logs to stderr. ```Go package main import ( "flag" "os" "testing" "k8s.io/klog/v2" ) func TestCoexistGlog(t *testing.T) { // Initialize klog flags. klog.InitFlags(nil) // Initialize glog flags. // Note: glog flags are not exported, so we have to use reflection to get them. // This is not a recommended practice for production code. // For more details, see https://github.com/kubernetes/klog/blob/master/examples/coexist_glog/coexist_glog.go flag.Set("logtostderr", "true") // Set klog to log to stderr as well. klog.SetOutput(os.Stderr) // Use klog and glog. klog.Info("This is a klog message.") // glog.Info("This is a glog message.") // glog is not imported here, so this would not compile. // You can also use klog.Flush() to ensure all logs are written before exiting. klog.Flush() } ``` -------------------------------- ### Install Goose Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Installs the goose database migration tool. This is a prerequisite for managing database schemas. ```bash go get bitbucket.org/liamstask/goose/cmd/goose ``` -------------------------------- ### Build and run CFSSL Source: https://github.com/cloudflare/cfssl/blob/master/cli/serve/README.md Builds the CFSSL application and then runs the 'serve' command to start the server, which will now include the compiled static files. ```bash go build ./cmd/cfssl/... ./cfssl serve ``` -------------------------------- ### Minimal CFSSL Configuration Example Source: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt A basic CFSSL configuration file demonstrating the structure for signing profiles, authentication keys, and remotes. ```json { "signing": { "profiles": { "CA": { "usages": ["cert sign"], "expiry": "720h", "auth_key": "ca-auth", "remote": "localhost" }, "email": { "usages": ["s/mime"], "expiry": "720h" } }, "default": { "usages": ["digital signature", "email protection"], "expiry": "8000h" } }, "auth_keys": { "ca-auth": { "type":"standard", "key":"0123456789ABCDEF0123456789ABCDEF" } }, "remotes": { "localhost": "127.0.0.1:8888" } } ``` -------------------------------- ### Install tomljson CLI Tool Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/pelletier/go-toml/README.md Install the 'tomljson' command-line tool to convert TOML files to JSON. ```bash go install github.com/pelletier/go-toml/cmd/tomljson tomljson --help ``` -------------------------------- ### Full DSN Example Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md A DSN in its most complete form, showing all optional components. ```text username:password@protocol(address)/dbname?param=value ``` -------------------------------- ### Start MySQL DB with Goose Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Initializes and applies database migrations for a MySQL backend using goose. Assumes the database is already created and accessible. ```bash goose -path certdb/mysql up ``` -------------------------------- ### Start PostgreSQL DB with Goose Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Initializes and applies database migrations for a PostgreSQL backend using goose. Assumes the database is already created and accessible. ```bash goose -path certdb/pg up ``` -------------------------------- ### LOAD DATA LOCAL INFILE Support Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md Example of how to enable LOAD DATA LOCAL INFILE support by changing the import path and registering local files. ```go import "github.com/go-sql-driver/mysql" // ... mysql.RegisterLocalFile(filepath) // or // allowAllFiles=true in DSN ``` -------------------------------- ### DSN Format Example Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md Illustrates the common format for a Data Source Name (DSN) used by the driver. ```text [username[:password]@][protocol[(address)]]/dbname[?param1=value1&...¶mN=valueN] ``` -------------------------------- ### Start SQLite DB with Goose Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Initializes and applies database migrations for a SQLite backend using goose. Assumes the database file is accessible. ```bash goose -path certdb/sqlite up ``` -------------------------------- ### CFSSL Remote Signer Configuration Example Source: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt This example demonstrates how to specify a comma-separated list of remote signer hosts and ports. CFSSL will try each server in sequence until one succeeds for forwarding signing requests. ```string "ca1.example.org:8888, ca2.example.org:8888, ca3.example.org:8888" ``` -------------------------------- ### Run Maserver Source: https://github.com/cloudflare/cfssl/blob/master/transport/example/README.md Starts the maserver, which acts as a mutually authenticated server. It requires a server configuration file and listens on the specified address. ```bash $ basename $(pwd) example $ cd maserver/ $ go run server.go -a 127.0.0.1:9876 2015/10/27 14:05:47 [INFO] using client auth 2015/10/27 14:05:47 [DEBUG] transport isn't ready; attempting to refresh keypair 2015/10/27 14:05:47 [DEBUG] key and certificate aren't ready, loading 2015/10/27 14:05:47 [DEBUG] failed to load keypair: open server.key: no such file or directory 2015/10/27 14:05:47 [DEBUG] transport's certificate is out of date (lifespan 0) 2015/10/27 14:05:47 [INFO] encoded CSR 2015/10/27 14:05:47 [DEBUG] requesting certificate from CA 2015/10/27 14:05:47 [DEBUG] giving the certificate to the provider 2015/10/27 14:05:47 [DEBUG] storing the certificate 2015/10/27 14:05:47 [INFO] setting up auto-update 2015/10/27 14:05:47 [INFO] listening on 127.0.0.1:9876 ``` -------------------------------- ### Run Authenticated Maserver Source: https://github.com/cloudflare/cfssl/blob/master/transport/example/README.md Starts the maserver with an authenticated configuration, enabling mutual authentication between the client and server. ```bash $ go run server.go -a 127.0.0.1:9876 -f server_auth.json ``` -------------------------------- ### SQLite DB Configuration Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Example configuration for connecting to a SQLite database using the 'sqlite3' driver. The 'data_source' specifies the database file. ```json {"driver":"sqlite3","data_source":"certs.db"} ``` -------------------------------- ### MySQL DB Configuration Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Example configuration for connecting to a MySQL database using the 'mysql' driver. The 'data_source' includes connection details and a 'parseTime' parameter. ```json {"driver":"mysql","data_source":"user:password@tcp(hostname:3306)/db?parseTime=true"} ``` -------------------------------- ### Initialize blockdevice FS and Get Diskstats Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/prometheus/procfs/README.md Initializes a filesystem object requiring access to both /proc and /sys, then retrieves disk statistics. This is used for block device information. ```go fs, err := blockdevice.NewFS("/proc", "/sys") stats, err := fs.ProcDiskstats() ``` -------------------------------- ### Run CFSSL Server Source: https://github.com/cloudflare/cfssl/blob/master/transport/example/README.md Starts the CFSSL server with specified CA certificate, key, and configuration file. This command sets up the API endpoints for signing certificates. ```bash $ cfssl serve -ca ca.pem -ca-key ca-key.pem -config config.json ... 2015/10/27 14:00:35 [INFO] Setting up '/api/v1/cfssl/sign' endpoint ``` -------------------------------- ### PostgreSQL DB Configuration Source: https://github.com/cloudflare/cfssl/blob/master/certdb/README.md Example configuration for connecting to a PostgreSQL database using the 'postgres' driver. The 'data_source' uses a standard connection string format. ```json {"driver":"postgres","data_source":"postgres://user:password@host/db"} ``` -------------------------------- ### Rebuild Generated Code Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/google/certificate-transparency-go/README.md Runs go generate to find and execute //go:generate comments, rebuilding protocol buffer and mock implementations. Ensure protoc is installed and in your PATH. ```bash go generate -x ./... ``` -------------------------------- ### sentry-go Client Options Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/MIGRATION.md Demonstrates setting various client options for sentry-go initialization. ```go sentry.Init(sentry.ClientOptions{ Dsn: "___PUBLIC_DSN___", DebugWriter: os.Stderr, Debug: true, Environment: "environment", Release: "release", SampleRate: 0.5, // IgnoreErrors: TBD, // IncludePaths: TBD }) ``` -------------------------------- ### Reinstall go-sqlite3 on GCC internal error Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/mattn/go-sqlite3/README.md If 'go get' fails with a GCC internal error, remove the existing download and use 'go install' instead. ```bash go install github.com/mattn/go-sqlite3 ``` -------------------------------- ### Create Root Logger in Main Function Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-logr/logr/README.md Demonstrates how to create the root logger early in an application's lifecycle using a chosen implementation like 'logimpl'. ```go func main() { // ... other setup code ... // Create the "root" logger. We have chosen the "logimpl" implementation, // which takes some initial parameters and returns a logr.Logger. logger := logimpl.New(param1, param2) // ... other setup code ... } ``` -------------------------------- ### Prepare release with craft Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/CONTRIBUTING.md Use the craft tool to prepare a new release version. ```console $ craft prepare X.X.X ``` -------------------------------- ### Running Benchmarks Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/lib/pq/TESTS.md Execute the benchmark suite for the project using the `go test` command with the `-bench .` flag. This will run all defined benchmarks. ```bash go test -bench . ``` -------------------------------- ### Install specific version of sentry-go SDK Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/README.md If using Go Modules, you can specify a version number when installing the sentry-go SDK. ```console go get github.com/getsentry/sentry-go@latest ``` -------------------------------- ### SQLite DSN Example Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/mattn/go-sqlite3/README.md Example of a Data Source Name (DSN) for go-sqlite3, specifying a file-based database with caching and memory mode. ```text file:test.db?cache=shared&mode=memory ``` -------------------------------- ### Revoke Certificate Example Source: https://github.com/cloudflare/cfssl/blob/master/doc/api/endpoint_revoke.txt Example using curl to revoke a certificate by providing its serial number, authority key ID, and reason. ```bash $ curl -d '{"serial": "7961067322630364137", \ "authority_key_id": "a0b1c2d3e4f5", \ "reason": "superseded"}' \ ${CFSSL_HOST}/api/v1/cfssl/revoke ``` -------------------------------- ### Start Certificate Auto-Updater Source: https://github.com/cloudflare/cfssl/blob/master/doc/transport.txt Starts the certificate auto-update process for a TLS transport. It takes channels for update timestamps and errors. This is typically used for clients. ```go go tr.AutoUpdate(updates, errs) ``` -------------------------------- ### Bundle Certificates from Files Source: https://github.com/cloudflare/cfssl/blob/master/README.md Use this command to create a certificate bundle from specified certificate and key files. The bundle can be built with or without a private key, and supports reading PEM from stdin. ```bash cfssl bundle [-ca-bundle bundle] [-int-bundle bundle] \ [-metadata metadata_file] [-flavor bundle_flavor] \ -cert certificate_file [-key key_file] ``` -------------------------------- ### Start CFSSL API Server Source: https://github.com/cloudflare/cfssl/blob/master/README.md Starts the CFSSL HTTP-based API server. Default address and port are 127.0.0.1:8888. Configure CA certificates, bundles, and remote signing options as needed. ```bash cfssl serve [-address address] [-ca cert] [-ca-bundle bundle] \ [-ca-key key] [-int-bundle bundle] [-int-dir dir] [-port port] \ [-metadata file] [-remote remote_host] [-config config] \ [-responder cert] [-responder-key key] [-db-config db-config] ``` -------------------------------- ### Initialize sentry-go with DSN Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/MIGRATION.md Initialize the sentry-go SDK with the DSN. Handles potential initialization errors. ```go import ( "fmt" "github.com/getsentry/sentry-go" ) func main() { err := sentry.Init(sentry.ClientOptions{ Dsn: "___PUBLIC_DSN___", }) if err != nil { fmt.Printf("Sentry initialization failed: %v\n", err) } } ``` -------------------------------- ### CFSSL Authentication Configuration Example Source: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt This example shows how to configure the 'primary' authenticator using the standard type with a hex-encoded key. Authentication is used to restrict access to signing keys when CFSSL runs as a server. ```json "auth_keys": { "primary": { "type":"standard", "key":"0123456789ABCDEF0123456789ABCDEF" } } ``` -------------------------------- ### Build go-toml Docker Image Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/pelletier/go-toml/README.md Build a custom Docker image for go-toml from the source. ```bash docker build -t go-toml . ``` -------------------------------- ### CFSSL Signing Profile Example: Intermediate CA Source: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt This example defines a signing profile for issuing an intermediate CA certificate with a maximum path length of 1. It includes settings for CA constraints and maximum path length. ```json {"is_ca": true, "max_path_len":1} ``` -------------------------------- ### CFSSL Signing Profile Example: Intermediate CA with Zero Path Length Source: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt This example shows how to configure a signing profile for an intermediate CA certificate with a maximum path length of 0. The 'max_path_len_zero' field is crucial for enforcing this constraint. ```json {"is_ca": true, "max_path_len":0, "max_path_len_zero": true} ``` -------------------------------- ### Minimal DSN Example Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md The simplest valid DSN, consisting only of the database name. ```text /dbname ``` -------------------------------- ### Running Benchmarks for xxhash Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/cespare/xxhash/v2/README.md Commands to run benchmarks for the pure Go and assembly implementations of the Sum64 function. Requires benchstat. ```bash benchstat <(go test -tags purego -benchtime 500ms -count 15 -bench 'Sum64$') benchstat <(go test -benchtime 500ms -count 15 -bench 'Sum64$') ``` -------------------------------- ### Using _loc=auto for Timezone Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/mattn/go-sqlite3/README.md Append `_loc=auto` to the SQLite3 filename to get `time.Time` with the current locale. ```go file:foo.db?_loc=auto ``` -------------------------------- ### Publish release with craft Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/CONTRIBUTING.md Use the craft tool to publish a prepared release version. ```console $ craft publish X.X.X ``` -------------------------------- ### Get CFSSL Info Source: https://github.com/cloudflare/cfssl/blob/master/doc/api/endpoint_info.txt Retrieves the certificate, usage, and expiry information for a given signer and profile. ```APIDOC ## POST /api/v1/cfssl/info ### Description Retrieves the certificate, usage, and expiry information for a given signer and profile. This endpoint is useful for obtaining details about a specific signing profile within CFSSL. ### Method POST ### Endpoint /api/v1/cfssl/info ### Parameters #### Request Body - **label** (string) - Required - A string specifying the signer. - **profile** (string) - Optional - A string specifying the signing profile for the signer. Signing profile specifies what key usages should be used and how long the expiry should be set. ### Response #### Success Response (200) - **certificate** (string) - A PEM-encoded certificate of the signer. - **usage** (array of strings) - A string array of key usages from the signing profile. - **expiry** (string) - The expiry string from the signing profile. ### Request Example ```json { "label": "primary" } ``` ### Response Example ```json { "errors": [], "messages": [], "result": { "certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB\nVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\ncyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG\nA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\nIFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl\nnodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj\nw7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81\nKAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF\nAAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp\niv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt\n+LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==\n-----END CERTIFICATE-----", "expiry": "8760h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] }, "success": true } ``` ``` -------------------------------- ### Run Maclient Source: https://github.com/cloudflare/cfssl/blob/master/transport/example/README.md Runs the maclient, which connects to the maserver and sends messages. It requires a client configuration file. ```bash $ basename $(pwd) example $ go run client.go 2015/10/27 14:08:34 [DEBUG] transport isn't ready; attempting to refresh keypair 2015/10/27 14:08:34 [DEBUG] key and certificate aren't ready, loading 2015/10/27 14:08:34 [DEBUG] failed to load keypair: open client.key: no such file or directory 2015/10/27 14:08:34 [DEBUG] transport's certificate is out of date (lifespan 0) 2015/10/27 14:08:34 [INFO] encoded CSR 2015/10/27 14:08:34 [DEBUG] requesting certificate from CA 2015/10/27 14:08:34 [DEBUG] giving the certificate to the provider 2015/10/27 14:08:34 [DEBUG] storing the certificate OK $ ``` -------------------------------- ### Basic Database Connection Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md Connect to a MySQL database using the driver and the database/sql package. Essential settings for connection pooling and timeouts are demonstrated. ```go import ( "database/sql" time "time" _ "github.com/go-sql-driver/mysql" ) // ... db, err := sql.Open("mysql", "user:password@/dbname") if err != nil { panic(err) } // See "Important settings" section. db.SetConnMaxLifetime(time.Minute * 3) db.SetMaxOpenConns(10) db.SetMaxIdleConns(10) ``` -------------------------------- ### Provide SSL Certificates with sentry-go Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/MIGRATION.md Configure sentry-go to use custom CA certificates, for example, from gocertifi. ```go package main import ( "log" "github.com/certifi/gocertifi" "github.com/getsentry/sentry-go" ) sentryClientOptions := sentry.ClientOptions{ Dsn: "___PUBLIC_DSN___", } rootCAs, err := gocertifi.CACerts() if err != nil { log.Println("Couldn't load CA Certificates: %v\n", err) } else { sentryClientOptions.CaCerts = rootCAs } sentry.Init(sentryClientOptions) ``` -------------------------------- ### Build go-sqlite3 with Multiple Features Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/mattn/go-sqlite3/README.md Command to build the go-sqlite3 library with multiple features enabled simultaneously using space-delimited Go build tags. ```bash go build -tags "icu json1 fts5 secure_delete" ``` -------------------------------- ### Generate changelog entries Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/getsentry/sentry-go/CONTRIBUTING.md Get a list of Git log entries since the last tag, formatted for the CHANGELOG.md file. ```console $ git log --no-merges --format=%s $(git describe --abbrev=0).. | sed 's/^/- /' ``` -------------------------------- ### Run Authenticated CFSSL Server Source: https://github.com/cloudflare/cfssl/blob/master/transport/example/README.md Starts the CFSSL server using an authenticated configuration. This is used when mutual authentication is required for the CA. ```bash $ cfssl serve -ca ca.pem -ca-key ca-key.pem -config config_auth.json ``` -------------------------------- ### Default Protocol and Host Connection Source: https://github.com/cloudflare/cfssl/blob/master/vendor/github.com/go-sql-driver/mysql/README.md Connect using the default protocol (TCP) and host (localhost:3306) without preselecting a database. ```text user:password@tcp/dbname?charset=utf8mb4,utf8&sys_var=esc%40ped ``` ```text user:password@/dbname ``` -------------------------------- ### Server Accept and Serve Client Source: https://github.com/cloudflare/cfssl/blob/master/doc/transport.txt Continuously accepts incoming client connections on a listener, logs the connection, and serves each client in a new goroutine. Includes error handling for accept operations. ```go for { conn, err := l.Accept() if err != nil { log.Printf("connection failed: %s", err) continue } log.Printf("connection from %s", conn.RemoteAddr()) go serveClient(conn) } ``` -------------------------------- ### Server Listen for Connections Source: https://github.com/cloudflare/cfssl/blob/master/doc/transport.txt Sets up a listener on a given address using a configured TLS transport. This is the server-side equivalent of Dial for accepting incoming connections. ```go l, err := transport.Listen(address, tr) if err != nil { loglFatalf("error setting up listener: %s", err) } ``` -------------------------------- ### Get Certificate Information Source: https://github.com/cloudflare/cfssl/blob/master/doc/api/endpoint_certinfo.txt Submit a certificate in PEM format to the certinfo endpoint to retrieve its details, including not_before and not_after dates. ```APIDOC ## Get Certificate Information ### Description Retrieves detailed information about a given certificate, including its validity period. ### Method POST ### Endpoint /api/v1/cfssl/certinfo ### Parameters #### Request Body - **certificate** (string) - Required - The certificate in PEM format. ### Request Example ```json { "certificate": "-----BEGIN CERTIFICATE-----\nMIIHFDCCBfygAwIBAgIQXu3lLLTt9p4yFCuxChTXSTANBgkqhkiG9w0BAQUFADCB\njjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV\nBAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew\nHhcNMTUwMTA1MDAwMDAwWhcNMTUxMjMxMjM1OTU5WjCCARwxEDAOBgNVBAUTBzQ3\nMTA4NzUxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\nYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJV\nUzEOMAwGA1UEERMFOTQxMDcxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh\nbmNpc2NvMRkwFwYDVQQJExA2NjUgVGhpcmQgU3RyZWV0MRkwFwYDVQQKExBDbG91\nZGFsYXJlLCBJbmMuMRwwGgYDVQQLExNDbG91ZEZsYXJlIFNlY3VyaXR5MSMwIQYD\nVQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAN6yBr75KxUUNMatmcL/Ki8K3Z2kmBMq5k+9G2fyViq7\nEB+Rst+RYCDIOwOf9Fb5q82yMC/CLIu3a9hd+tfITcJ2VhlLYRU9XZPVyZ53yVD8\n67bviNsdKtM1WM40FuK/SG92MLiCPGWD+LkpcxzD5nPZxGuLZhkPjBXpVNiwWZyX\nASD7cKQSZ5Kngc1iANkrxUYL253yq2sqI2pvDjedp/BuTF8V5zUxRlyeUQfuZfEZ\nZsS6VGyHKO2KfrJrDOz7XjBx0bcliYW3bZi/VcxP+Q1kOXLOdtiLEZMbuL9oVHXC\ni7FKGwZIAgvxxupLQuIdQI9+GLSpCrSiQJwk4TOqqOECAwEAAaOCAtswggLXMB8G\nA1UdIwQYMBaAFIhEUf9QKmleLYj0IbrZDPLOy+p8MB0GA1UdDgQWBBTJ4NAMUXb3\nNbMVJu2NtfC7ll2rujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV\nHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIx\nAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9D\nUFMwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N\nT0RPRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGEBggrBgEF\nBQcBAQR4MHYwTgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP\nTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEF\nBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMC0GA1UdEQQmMCSCDmNsb3Vk\nZmxhcmUuY29tghJ3d3cuY2xvdWRmbGFyZS5jb20wggEDBgorBgEEAdZ5AgQCBIH0\nBIHxAO8AdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUq6JZ63\nAAAEAwBGMEQCIDnMUQTV5uhtg3wo4WudmHrLsRGAPxgKahZ2qAheT2nJAiBXTr30\neD/Edkl+klFUUYJIN8ntqy1nOgw1cFGDSMcw+wB2AKS5CZC0GFgUh7sTosxncAo8\nNZgE+RvfuON3zQ7IDdwQAAABSrolns0AAAQDAEcwRQIhAOt2rMbzsavA074rVKZ6\nT+OYR0zL2HX6GjI4+ItnguYRAiA9It+jwuBjW2tocmYNAOgzBzuNNdgBtmqMwkLf\neXRojzANBgkqhkiG9w0BAQUFAAOCAQEAXl5mVmhHA6WcjPhmTMoHGvPCdsGVBWe0\nFr85yjuQsVSKCsZDD3ec01MnNyxwxf6GYFMxysv4j6rC9zlo55fecljtIrPSuftZ\nO4Uvo2a36b5s6sGBqfKQPQbjdbdJvw8yymLHMU25Df3ZZcj0T8bQZKjIZRv5IiDL\nSUlwyxhiiorMrqCPTyiniCXJvfdaFBUWdw37QZWNHyvVap7vUTXQpsHGkt+KL+0w\nC4/mhoakAMd8n+//pBDtHBWqsnxA7/S6vM9zP0+xRR8vHUsDGj28Ito8839WP18u\nfQrczSznX7YbZjCk++r5GpSCFAsBBh5ZmU9bu9XnzAZ2hlkKec/8HA==\n-----END CERTIFICATE----- ```