SoftHSMv2
Overview
SoftHSMv2 is a purely software-based implementation of PKCS#11. Because it is software it is not as secure as a physical HSM but it is very useful to explore the world of PKCS#11 and how it can be used with a Ziti-enabled client.
In this quickstart you will see the commands used to work with SoftHSMv2 and ziti. Since this is a quickstart limited context will be provided for each step. When appropriate there will be a small amount of context included to aid in understanding of what is happening and why.
caution
This quickstart intended audience is for more technically savvy individuals. You will need to be familiar with the command line interface of your operating system.
Prerequisites
- SoftHSMv2 is downloaded and installed in a known location
- OpenSC is installed and
pkcs11-toolis either on the PATH or at a known location - ziti and ziti-tunnel are both on the path.
Let's Do This - SoftHSMv2
Here's the list of steps we'll accomplish in this quickstart:
- Establish a bunch of environment variables to make it easy to copy/paste the other commands. You'll want to look at these environment variables. They need to be setup properly. If you have problems with this guide it is almost certainly because you have an environment variable setup incorrectly. Double check them.
- Make a directory and generate a configuration file for SoftHSM
- Use the Ziti CLI to:
- create two identities - one demonstrating an RSA key, one EC
- enroll the identities
- create a test service
- create test router/service policies
- Use the pkcs11-tool provided by OpenSC to interact with SoftHSM to:
- initialize the SoftHSM driver
- create a key
- Use
ziti-tunnelto enroll the identities using SoftHSM - Use
ziti-tunnelin proxy mode to verify things are working and traffic is flowing over the Ziti Network
Establish Environment Variables
Open a command line and establish the following environment variables.
- Linux/MacOS
- Windows
# the name of the ziti controller you're logging into
export ZITI_CTRL=local-edge-controller
# the location of the certificate(s) to use to validate the controller
export ZITI_CTRL_CERT=/path/to/controller.cert
export ZITI_USER=myUserName
export ZITI_PWD=myPassword
# a name for the configuration
export HSM_NAME=softhsm_demo
# the path to the root of the softhsm config files
export HSM_ROOT=/home/cd/.softhsm
# path to the softhsm2 library
export PKCS11_MODULE=/usr/local/lib/softhsm/libsofthsm2.so
# the id of the key - you probably want to leave these alone unless you know better
export HSM_ID1=01
export HSM_ID2=02
# the pins used when accessing the pkcs11 api
export HSM_SOPIN=1111
export HSM_PIN=2222
export RSA_ID=${HSM_NAME}${HSM_ID1}_rsa
export EC_ID=${HSM_NAME}${HSM_ID2}_ec
# location for the config file and tokens to be placed
export HSM_DEST=${HSM_ROOT}/${HSM_NAME}
export HSM_LABEL=${HSM_NAME}-label
export SOFTHSM2_CONF=${HSM_DEST}/softhsm.config
export HSM_TOKENS_DIR="${HSM_DEST}/tokens/"
# make an alias for ease
alias p='pkcs11-tool --module $PKCS11_MODULE'
Ensure you use the correct dll. If you use an x86 dll with x64 binaries you'll get an error.
REM the name of the ziti controller you're logging into
SET ZITI_CTRL=local-edge-controller
REM the location of the certificate(s) to use to validate the controller
SET ZITI_CTRL_CERT=c:\path\to\controller.cert
SET ZITI_USER=myUserName
SET ZITI_PWD=myPassword
REM a name for the configuration
SET HSM_NAME=softhsm_demo
REM the path to the root of the softhsm config files
SET HSM_ROOT=c:\path\to\softhsm
REM path to the softhsm2 library
SET PKCS11_MODULE=%HSM_ROOT%\lib\softhsm2.dll
--- or ---
SET PKCS11_MODULE=%HSM_ROOT%\lib\softhsm2-x64.dll
REM the id of the key - you probably want to leave these alone unless you know better
SET HSM_ID1=01
SET HSM_ID2=02
SET RSA_ID=%HSM_NAME%%HSM_ID1%_rsa
SET EC_ID=%HSM_NAME%%HSM_ID2%_ec
REM the pins used when accessing the pkcs11 api
SET HSM_SOPIN=1111
SET HSM_PIN=2222
SET HSM_DEST=%HSM_ROOT%\%HSM_NAME%
SET HSM_LABEL=%HSM_NAME%-label
SET SOFTHSM2_CONF=%HSM_DEST%\softhsm.config
SET HSM_TOKENS_DIR=%HSM_DEST%\tokens\
REM make an alias for ease
doskey p="c:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-tool.exe" --module %PKCS11_MODULE% $*
Make Directories and Generate Config Files
- Linux/MacOS
- Windows
cd ${HSM_ROOT}
rm -rf ${HSM_NAME}
mkdir -p ${HSM_TOKENS_DIR}
cd ${HSM_NAME}
# Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}
cat > ${SOFTHSM2_CONF} <<HERE
# SoftHSM v2 configuration file
directories.tokendir = ${HSM_TOKENS_DIR}
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = INFO
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
HERE
cd /d %HSM_ROOT%
rmdir /s /q %HSM_NAME%
mkdir %HSM_TOKENS_DIR%
cd /d %HSM_NAME%
# Create a text file at %SOFTHSM2_CONF% with these contents but make sure you replace the tokendir entry with %HSM_TOKENS_DIR%
echo ^
# SoftHSM v2 configuration file ^
directories.tokendir = %HSM_TOKENS_DIR% ^
objectstore.backend = file ^
# ERROR, WARNING, INFO, DEBUG ^
log.level = INFO ^
# If CKF_REMOVABLE_DEVICE flag should be set ^
slots.removable = false ^
# Enable and disable PKCS#11 mechanisms using slots.mechanisms. ^
slots.mechanisms = ALL > %SOFTHSM2_CONF%
Use the Ziti CLI
- Linux/MacOS
- Windows
ziti edge login $ZITI_CTRL:1280 -u $ZITI_USER -p $ZITI_PWD
# create a new identity and output the jwt to a known location
ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"
# create a second new identity and output the jwt to a known location
ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"
ziti edge login %ZITI_CTRL%:1280 -u %ZITI_USER% -p %ZITI_PWD%
REM create a new identity and output the jwt to a known location
ziti edge create identity device "%RSA_ID%" -o "%HSM_DEST%\%RSA_ID%.jwt"
REM create a second new identity and output the jwt to a known location
ziti edge create identity device "%EC_ID%" -o "%HSM_DEST%\%EC_ID%.jwt"
Use pkcs11-tool to Setup SoftHSMv2
- Linux/MacOS
- Windows
p --init-token --label "ziti-test-token" --so-pin $HSM_SOPIN
# create a couple of keys - one rsa and one ec
p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decrypt
p --init-token --label "ziti-test-token" --so-pin %HSM_SOPIN%
p --init-pin --pin "%HSM_PIN%" --so-pin %HSM_SOPIN%
REM create a couple of keys - one rsa and one ec
p -p "%HSM_PIN%" -k --key-type rsa:2048 --id "%HSM_ID1%" --label ziti-rsa-key --usage-sign --usage-decrypt
p -p "%HSM_PIN%" -k --key-type EC:prime256v1 --id "%HSM_ID2%" --label ziti-ecdsa-key --usage-sign --usage-decrypt
Use ziti-tunnel to Enroll the Identities
- Linux/MacOS
- Windows
ziti-tunnel enroll -j "${HSM_DEST}/${RSA_ID}.jwt" -k "pkcs11://${PKCS11_MODULE}?id=${HSM_ID1}&pin=${HSM_PIN}" -v
ziti-tunnel enroll -j "${HSM_DEST}/${EC_ID}.jwt" -k "pkcs11://${PKCS11_MODULE}?id=${HSM_ID2}&pin=${HSM_PIN}" -v
ziti-tunnel enroll -j "%HSM_DEST%\%RSA_ID%.jwt" -k "pkcs11://%PKCS11_MODULE%?id=%HSM_ID1%&pin=%HSM_PIN%" -v
ziti-tunnel enroll -j "%HSM_DEST%\%EC_ID%.jwt" -k "pkcs11://%PKCS11_MODULE%?id=%HSM_ID2%&pin=%HSM_PIN%" -v
Use ziti-tunnel to Verify Things Work
- Linux/MacOS
- Windows
# if you only have a single edge router this command will work without the need for copy/paste
EDGE_ROUTER_ID=$(ziti edge list edge-routers | cut -d " " -f2)
# IF the above command doesn't work - run this command and get the id from the first edge-router.
# ziti edge list edge-routers
# then use the id returned from the above command and put it into a variable for use in a moment
# EDGE_ROUTER_ID={insert the 'id' from above - example: 64d4967b-5474-4f06-8548-5700ed7bfa80}
# remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000
ziti edge delete config wttrconfig
ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
# recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
# send a request to wttr.in to retrieve a weather forecast
ziti edge delete service wttr.ziti
ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig
# start one or both proxies
ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
# use a browser - or curl to verify the ziti tunneler is listening locally and the traffic has flowed over the ziti network
curl -H "Host: wttr.in" http://localhost:8000
curl -H "Host: wttr.in" http://localhost:9000
REM these two commands can't be copied and pasted - you need to get the result of the first command and use it in the next
REM run this command and get the id from the first edge-router.
ziti edge list edge-routers
REM use the id returned from the above command and put it into a variable for use in a moment
SET EDGE_ROUTER_ID={insert the 'id' from above - example: 64d4967b-5474-4f06-8548-5700ed7bfa80}
REM remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000
ziti edge delete config wttrconfig
ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
REM recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
REM send a request to wttr.in to retrieve a weather forecast
ziti edge delete service wttr.ziti
ziti edge create service wttr.ziti "%EDGE_ROUTER_ID%" tcp://wttr.in:80 --configs wttrconfig
REM start one or both proxies - use ctrl-break or ctrl-pause to terminate these processes
start /b ziti-tunnel proxy -i "%HSM_DEST%/%RSA_ID%.json" wttr.ziti:8000 -v
start /b ziti-tunnel proxy -i "%HSM_DEST%/%EC_ID%.json" wttr.ziti:9000 -v
REM use a browser - or curl to verify the ziti tunneler is listening locally and the traffic has flowed over the ziti network
curl -H "Host: wttr.in" http://localhost:8000 > "%HSM_DEST%\example_%RSA_ID%.txt"
curl -H "Host: wttr.in" http://localhost:9000 > "%HSM_DEST%\example_%EC_ID%.txt"
REM show the results in the console
type "%HSM_DEST%\example_%RSA_ID%.txt"
type "%HSM_DEST%\example_%EC_ID%.txt"
REM ctrl-break or ctrl-pause to kill the tunnelers
Putting It All Together
Above we've only shown the commands that need to run and not what the output of those commands would look like. Here we'll see all the commands put together along with all the output from the commands. This section is long - you are warned! Also note that this content is subject to change. If the output you see is not identical it's because the software has changed since this information was captured. File an issue if you'd like to see it updated.
Sample Output
The tabs to the right contain example output from running all the commands in sequence. If you want to see what the output would likely look like click one of the tabs to the right. Reminder - it's a lot of commands and a lot of output! :)
- Linux/MacOS
- Windows
cd@sg1 ~/.softhsm/softhsm_demo
$ # the name of the ziti controller you're logging into
cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_CTRL=local-edge-controller
cd@sg1 ~/.softhsm/softhsm_demo
$ # the location of the certificate(s) to use to validate the controller
cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_CTRL_CERT=/path/to/controller.cert
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_USER=myUserName
cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_PWD=myPassword
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # a name for the configuration
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_NAME=softhsm_demo
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # the path to the root of the softhsm config files
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ROOT=/home/cd/.softhsm
cd@sg1 ~/.softhsm/softhsm_demo
$ # location for the config file and tokens to be placed
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_DEST=${HSM_ROOT}/${HSM_NAME}
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # path to the softhsm2 library
cd@sg1 ~/.softhsm/softhsm_demo
$ export PKCS11_MODULE=/usr/local/lib/softhsm/libsofthsm2.so
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # the id of the key - you probably want to leave these alone unless you know better
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ID1=01
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ID2=02
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # the pins used when accessing the pkcs11 api
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_SOPIN=1111
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_PIN=2222
cd@sg1 ~/.softhsm/softhsm_demo
$ export RSA_ID=${HSM_NAME}${HSM_ID1}_rsa
cd@sg1 ~/.softhsm/softhsm_demo
$ export EC_ID=${HSM_NAME}${HSM_ID2}_ec
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_DEST=${HSM_ROOT}/${HSM_NAME}
cd@sg1 ~/.softhsm/softhsm_demo
$ export SOFTHSM2_CONF=${HSM_DEST}/softhsm.config
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_LABEL=${HSM_NAME}-label
cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_TOKENS_DIR="${HSM_DEST}/tokens/"
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # make an alias for ease
cd@sg1 ~/.softhsm/softhsm_demo
$ alias p='pkcs11-tool --module $PKCS11_MODULE'
cd@sg1 ~/.softhsm/softhsm_demo
$ cd ${HSM_ROOT}
cd@sg1 ~/.softhsm
$
cd@sg1 ~/.softhsm
$ rm -rf ${HSM_NAME}
mkdir -p ${HSM_TOKENS_DIR}
cd ${HSM_NAME}
# Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}
cat > ${SOFTHSM2_CONF} <<HERE
# SoftHSM v2 configuration file
directories.tokendir = ${HSM_TOKENS_DIR}
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = INFO
cd@sg1 ~/.softhsm
$ mkdir -p ${HSM_TOKENS_DIR}
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
cd@sg1 ~/.softhsm
$
cd@sg1 ~/.softhsm
$ cd ${HSM_NAME}
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}
cd@sg1 ~/.softhsm/softhsm_demo
$ cat > ${SOFTHSM2_CONF} <<HERE
> # SoftHSM v2 configuration file
>
> directories.tokendir = ${HSM_TOKENS_DIR}
> objectstore.backend = file
>
> # ERROR, WARNING, INFO, DEBUG
> log.level = INFO
>
> # If CKF_REMOVABLE_DEVICE flag should be set
> slots.removable = false
>
> # Enable and disable PKCS#11 mechanisms using slots.mechanisms.
> slots.mechanisms = ALL
> HERE
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge login $ZITI_CTRL:1280 -u $ZITI_USER -p $ZITI_PWD
# create a new identity and output the jwt to a known location
ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"
# create a second new identity and output the jwt to a known location
ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"Token: 28da1089-1636-4e6b-b5c7-96edc8d6162f
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # create a new identity and output the jwt to a known location
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"
dbf953bc-a987-4a89-a93d-0d6dac13150f
Enrollment expires at 2020-02-23T13:31:35.306053182Z
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # create a second new identity and output the jwt to a known location
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"
cfffe40d-b859-4a5a-ab4f-c9621a57ec85
Enrollment expires at 2020-02-23T13:31:36.676560457Z
cd@sg1 ~/.softhsm/softhsm_demo
$ p --init-token --label "ziti-test-token" --so-pin $HSM_SOPIN
# create a couple of keys - one rsa and one ec
p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decryptUsing slot 0 with a present token (0x0)
Token successfully initialized
cd@sg1 ~/.softhsm/softhsm_demo
$ p --init-pin --pin $HSM_PIN --so-pin $HSM_SOPIN
Using slot 0 with a present token (0x7f834e53)
User PIN successfully initialized
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # create a couple of keys - one rsa and one ec
cd@sg1 ~/.softhsm/softhsm_demo
$ p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x7f834e53)
Key pair generated:
Private Key Object; RSA
label: ziti-rsa-key
ID: 01
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: ziti-rsa-key
ID: 01
Usage: encrypt, verify, wrap
cd@sg1 ~/.softhsm/softhsm_demo
$ p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x7f834e53)
Key pair generated:
Private Key Object; EC
label: ziti-ecdsa-key
ID: 02
Usage: decrypt, sign, unwrap
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441046f9ae0bbc3cbe62e6bbad50ad673add3ba1ee5a07f5391893df956c53d67c62b727ca1004fe9b44027e8e1f1605a602946257b1b1d20ba00342cec85c13a0462
EC_PARAMS: 06082a8648ce3d030107
label: ziti-ecdsa-key
ID: 02
Usage: encrypt, verify, wrap
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel enroll -j "${HSM_DEST}/${RSA_ID}.jwt" -k "pkcs11:///${PKCS11_MODULE}?id=${HSM_ID1}&pin=${HSM_PIN}" -v
DEBU[0000] jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NDY5NSwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6IjIzOTNjNDgwLTc0NGMtNDc3OS05NjU3LWNhOTdlMzUzOWQ0ZiIsInN1YiI6ImRiZjk1M2JjLWE5ODctNGE4OS1hOTNkLTBkNmRhYzEzMTUwZiJ9.OucLqJYgvGO0zov3ADI4oM0i0CASfpD6GUUAck5cBKVJqUN8jsdHe272CwnR7TH1w7uUNr5zPDJnwklVRQ0kzgxqFe9lGqNOxKtYecr-oI50K-J_OShPu_LkJ8dpmUk-OEzc1mq29KsIVu9GLUI43FLYD7SWFZZFsYk6iB8H4PPRrUNZucTcApgNNHljlwl8n-my5N3STqazJf7YUIHOh-OiW8rJFXZYf5gri_B6uDGQo-ZcMOISWCTRjPxe2boHK0ymrUanbe_i9vHbOQRIik7J6xOEA2-Vu-QW9WY4bEvl0_LChdV4YBG09EtWsJndl1AIsD0AP0fCjgD6FifAbpmiZx_YoqOM-KCbN9Vts9_FobNfT0rt9s7RzcHImj22jxEQtSNVbrjnulPwzhBM2PnOKrHJtq8KGgsGlC-aC1pUkiRS-eMHDOshDUFk16p56UXm9QS4d1rPmCQ8yksgEdeurRydmBKCr2tr1v9hC7gSxY1sOBF-b9k7HBGuinomuyeF6CRRMRYMiYz26suZXvP70ufJ5Z2h6hYqvIIGtpk_MxMuVl8r9iylWq3P7oqbDo74g3p3OSFwRUDm5llBuZKJUzQXYE3435NdpHeStKu4K2VYvGGCxpWe950ONrAGzwSYtYdOVvkgGxBreO3RNiQN427XD9yZw66pXXqIRV0
INFO[0000] using engine : pkcs11
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] no cas provided in caPool. using system provided cas
DEBU[0000] fetching certificates from server
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
enrolled successfully. identity file written to: /home/cd/.softhsm/softhsm_demo/softhsm_demo01_rsa.json
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel enroll -j "${HSM_DEST}/${EC_ID}.jwt" -k "pkcs11:///${PKCS11_MODULE}?id=${HSM_ID2}&pin=${HSM_PIN}" -v
DEBU[0000] jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NDY5NiwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6ImJlZTJlY2U3LTE4ZTAtNGQ3Zi04NmRlLTU4NmM5MTAyNDY3YiIsInN1YiI6ImNmZmZlNDBkLWI4NTktNGE1YS1hYjRmLWM5NjIxYTU3ZWM4NSJ9.nRCE-_osr6rdVUcfyR-irvAWitCSK0pm7WaG0hOC0-O22SFs8tYw7uKvbGmNkFoVsUYK4y6A4X77Q6JPNPDIzwWl1TO788B4UiJNh6x5jFEKMawzzPbq-wGq0PLstLsULOryxRtIMdHRYaCrxspC9mIZTrIWe85iPPjirOJ0Pgq0-Li2hZmBtlFOh8zTzYGmXVQtKhA-obIDSa12Nrt6gpgpNl1Ob_EXWWkwC5rcdm4yKpiKx7wYjxBRKc4ZLODmNahe69KiG5XD9A5I5o6YWQDs-pgl3Op44U9Kk94fGSZPcgzkPUC8NaX1eWgYh6RCMs3uSp6TMi8bRisPCOW770K3CxPpCS1fKg9rpyPninFShjRMvsbf999ldWh3YKmLJXvtinQF3szbmCsVaTI4-NxlkhLcdL2Qo6ivLz_kddNfzmDFcOEcLerR0D_Ugt0mPi0RidgkX0J00uXqd1SqYyI3b68KyVd5U3hIoL8NRQ1gAluky0jSe-xj5vfTgxYiJNZlUqCA4DvGdXl98NiWu40eHEz5ksKePbB_LVCmcMW3mPNdQjmDw4fdKvfZs0FdqgOcBGzbfQznpt3UV1pgL7Kdl6EfZppP1FNjqaxHyiEqkdINY0X5k33CDV4IVuS0ZDbOuQHInfG2ggLLS_vykC37w5iJe19ECSMWd_JzgQc
INFO[0000] using engine : pkcs11
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil> context=pkcs11
WARN[0000] failed to get mechanism info [1044] context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
DEBU[0000] no cas provided in caPool. using system provided cas
DEBU[0000] fetching certificates from server
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil> context=pkcs11
WARN[0000] failed to get mechanism info [1044] context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
enrolled successfully. identity file written to: /home/cd/.softhsm/softhsm_demo/softhsm_demo02_ec.json
cd@sg1 ~/.softhsm/softhsm_demo
$ # run this command and get the id from the first edge-router.
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge list edge-routers
id: c34734a4-d5de-430b-a5dc-7fa05363b28d name: local-edge-router role attributes: {}
cd@sg1 ~/.softhsm/softhsm_demo
$ EDGE_ROUTER_ID=c34734a4-d5de-430b-a5dc-7fa05363b28d
cd@sg1 ~/.softhsm/softhsm_demo
$ # remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge delete config wttrconfig
ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
# recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
# send a request to wttr.in to retreive a weather forecast
ziti edge delete service wttr.ziti
ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig
# start one or both proxies
ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
384166bd-0781-4189-ae66-6789cc1952b2
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
cd@sg1 ~/.softhsm/softhsm_demo
$ # send a request to wttr.in to retreive a weather forecast
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge delete service wttr.ziti
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig
eb5c5fe8-5781-4760-9962-90ab708027f2
cd@sg1 ~/.softhsm/softhsm_demo
$
cd@sg1 ~/.softhsm/softhsm_demo
$ # start one or both proxies
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[1] 14821
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
[2] 14822
cd@sg1 ~/.softhsm/softhsm_demo
$ [ 0.005] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.007] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.006] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222]} loading key
[ 0.007] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: //usr/local/lib/softhsm/libsofthsm2.so
[ 0.008] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222]} loading key
[ 0.008] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: //usr/local/lib/softhsm/libsofthsm2.so
[ 0.019] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (2139311699)
[ 0.020] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (2139311699)
[ 0.023] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.024] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.023] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.loadECDSApub [pkcs11]: EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil>
[ 0.023] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.getECDSAmechanism [pkcs11]: {error=[pkcs11: 0x70: CKR_MECHANISM_INVALID]} failed to get mechanism info [1044]
[ 0.025] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.024] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.060] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {token=[de50dbc8-a00b-49aa-8fcc-285be8babdb4] id=[25692bf8-6cb1-4133-8b86-575a8ea65f09]} Got api session: {25692bf8-6cb1-4133-8b86-575a8ea65f09 de50dbc8-a00b-49aa-8fcc-285be8babdb4}
[ 0.060] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token de50dbc8-a00b-49aa-8fcc-285be8babdb4
[ 0.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {token=[45eae1d0-8ad0-4428-9900-c328ed9e3d23] id=[b8654830-b9e9-4450-9116-072ab4e8cca5]} Got api session: {b8654830-b9e9-4450-9116-072ab4e8cca5 45eae1d0-8ad0-4428-9900-c328ed9e3d23}
[ 0.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 45eae1d0-8ad0-4428-9900-c328ed9e3d23
[ 0.106] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token de50dbc8-a00b-49aa-8fcc-285be8babdb4
[ 0.113] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 45eae1d0-8ad0-4428-9900-c328ed9e3d23
[ 0.160] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.160] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.160] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.160] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.160] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[eb5c5fe8-5781-4760-9962-90ab708027f2]} requesting session
[ 0.170] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.170] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.170] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[eb5c5fe8-5781-4760-9962-90ab708027f2]} requesting session
[ 0.200] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[a5291ddc-a86e-48c9-975e-662bc3bcb0d7]} acquired network session
[ 0.200] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {service=[wttr.ziti] addr=[0.0.0.0:8000]} service is listening
[ 0.221] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[d4330d93-a6e1-4e48-91e1-cb26520f09d2]} acquired network session
[ 0.222] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.222] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.222] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {service=[wttr.ziti] addr=[0.0.0.0:9000]} service is listening
jobs
[1]- Running ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[2]+ Running ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
cd@sg1 ~/.softhsm/softhsm_demo
$ curl -H "Host: wttr.in" http://localhost:8000
[ 8.289] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
[ 8.302] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
[ 8.302] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{D8nP}]: started
[ 8.305] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{D8nP}]: started
[ 8.306] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 8.306] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 8.544] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{D8nP}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 8.544] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 8.544] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000] dst-local=[:1] dst-remote=[wttr.ziti]} tunnel started
[ 8.545] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {chSeq=[-1] edgeSeq=[1] connId=[1] type=[EdgeDataType]} writing 71 bytes
[ 8.547] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {seq=[1] connId=[1]} handling received EdgeDataType
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8907 bytes
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
Weather report: Laurelton, United States
Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.2 in
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light drizzle │ .-. Light drizzle │ _`/"".-. Moderate or he…│ _`/"".-. Patchy light s…│
│ ( ). 39..41 °F │ ( ). 41..46 °F │ ,\_( ). 33..39 °F │ ,\_( ). 30..+35 °F │
│ (___(__) ↗ 3-5 mph │ (___(__) → 8-10 mph │ /(___(__) → 7-9 mph │ /(___(__) → 6-8 mph │
│ ‘ ‘ ‘ ‘ 3 mi │ ‘ ‘ ‘ ‘ 1 mi │ * * * * 5 mi │ * * * 4 mi │
│ ‘ ‘ ‘ ‘ 0.2 in | 66% │ ‘ ‘ ‘ ‘ 0.0 in | 64% │ * * * * 0.0 in | 29% │ * * * 0.0 in | 57% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Overcast │ Cloudy │ _`/"".-. Patchy snow po…│ \ / Partly cloudy │
│ .--. 8..21 °F │ .--. 12..23 °F │ ,\_( ). 10..21 °F │ _ /"".-. 1..14 °F │
│ .-( ). ↘ 9-12 mph │ .-( ). ↘ 10-11 mph │ /(___(__) ↘ 11-14 mph │ \_( ). ↓ 9-15 mph │
│ (___.__)__) 6 mi │ (___.__)__) 6 mi │ ‘ * ‘ * 6 mi │ /(___(__) 5 mi │
│ 0.0 in | 0% │ 0.0 in | 0% │ * ‘ * ‘ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ Overcast │ Overcast │
│ .-. 14..17 °F │ .-. 19..24 °F │ .--. 21..30 °F │ .--. 17..26 °F │
│ ― ( ) ― → 2 mph │ ― ( ) ― ↑ 3-4 mph │ .-( ). ↑ 9-13 mph │ .-( ). ↑ 8-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ (___.__)__) 6 mi │ (___.__)__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
Follow @igor_chubin for wttr.in updates
[ 9.968] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000]} stopping pipe
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end
cd@sg1 ~/.softhsm/softhsm_demo
$ [ 10.969] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 10.969] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 10.969] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-remote=[wttr.ziti] src-local=[:1] dst-local=[127.0.0.1:8000] dst-remote=[127.0.0.1:60053]} stopping pipe
[ 10.969] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000] dst-local=[:1]} tunnel closed: 71 bytes sent; 8907 bytes received
curl -H "Host: wttr.in" http://localhost:9000
[ 14.253] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
[ 14.265] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
[ 14.265] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 14.266] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{DGp7}]: started
[ 14.266] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{DGp7}]: started
[ 14.405] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{DGp7}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 14.405] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058]} tunnel started
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {connId=[1] type=[EdgeDataType] chSeq=[-1] edgeSeq=[1]} writing 71 bytes
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {seq=[1] connId=[1]} handling received EdgeDataType
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8907 bytes
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
Weather report: Laurelton, United States
Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.2 in
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light drizzle │ .-. Light drizzle │ _`/"".-. Moderate or he…│ _`/"".-. Patchy light s…│
│ ( ). 39..41 °F │ ( ). 41..46 °F │ ,\_( ). 33..39 °F │ ,\_( ). 30..+35 °F │
│ (___(__) ↗ 3-5 mph │ (___(__) → 8-10 mph │ /(___(__) → 7-9 mph │ /(___(__) → 6-8 mph │
│ ‘ ‘ ‘ ‘ 3 mi │ ‘ ‘ ‘ ‘ 1 mi │ * * * * 5 mi │ * * * 4 mi │
│ ‘ ‘ ‘ ‘ 0.2 in | 66% │ ‘ ‘ ‘ ‘ 0.0 in | 64% │ * * * * 0.0 in | 29% │ * * * 0.0 in | 57% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Overcast │ Cloudy │ _`/"".-. Patchy snow po…│ \ / Partly cloudy │
│ .--. 8..21 °F │ .--. 12..23 °F │ ,\_( ). 10..21 °F │ _ /"".-. 1..14 °F │
│ .-( ). ↘ 9-12 mph │ .-( ). ↘ 10-11 mph │ /(___(__) ↘ 11-14 mph │ \_( ). ↓ 9-15 mph │
│ (___.__)__) 6 mi │ (___.__)__) 6 mi │ ‘ * ‘ * 6 mi │ /(___(__) 5 mi │
│ 0.0 in | 0% │ 0.0 in | 0% │ * ‘ * ‘ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ Overcast │ Overcast │
│ .-. 14..17 °F │ .-. 19..24 °F │ .--. 21..30 °F │ .--. 17..26 °F │
│ ― ( ) ― → 2 mph │ ― ( ) ― ↑ 3-4 mph │ .-( ). ↑ 9-13 mph │ .-( ). ↑ 8-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ (___.__)__) 6 mi │ (___.__)__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
Follow @igor_chubin for wttr.in updates
[ 14.605] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058]} stopping pipe
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end
cd@sg1 ~/.softhsm/softhsm_demo
$ [ 15.606] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 15.606] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 15.606] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-local=[127.0.0.1:9000] dst-remote=[127.0.0.1:60058] src-remote=[wttr.ziti] src-local=[:1]} stopping pipe
[ 15.606] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058] src-local=[127.0.0.1:9000]} tunnel closed: 71 bytes sent; 8907 bytes received
jobs
[1]- Running ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[2]+ Running ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
cd@sg1 ~/.softhsm/softhsm_demo
$ killall ziti-tunnel
[ 21.732] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.731] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.732] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.731] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: netcat7256
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: wttr.ziti
[ 21.731] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.732] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: netcat7256
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: wttr.ziti
[ 21.731] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.732] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Stop: stopping proxy interceptor
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Stop: stopping proxy interceptor
[1]- Done ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v
[2]+ Done ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v
cd@sg1 ~/.softhsm/softhsm_demo
$ jobs
cd@sg1 ~/.softhsm/softhsm_demo
c:\path\to\softhsm\softhsm_demo>REM the name of the ziti controller you're logging into
c:\path\to\softhsm\softhsm_demo>SET ZITI_CTRL=local-edge-controller
c:\path\to\softhsm\softhsm_demo>REM the location of the certificate(s) to use to validate the controller
c:\path\to\softhsm\softhsm_demo>SET ZITI_CTRL_CERT=c:\path\to\controller.cert
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>SET ZITI_USER=myUserName
c:\path\to\softhsm\softhsm_demo>SET ZITI_PWD=myPassword
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM a name for the configuration
c:\path\to\softhsm\softhsm_demo>SET HSM_NAME=softhsm_demo
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM the path to the root of the softhsm config files
c:\path\to\softhsm\softhsm_demo>SET HSM_ROOT=c:\path\to\softhsm
c:\path\to\softhsm\softhsm_demo>REM path to the softhsm2 library
c:\path\to\softhsm\softhsm_demo>SET PKCS11_MODULE=%HSM_ROOT%\lib\softhsm2.dll
c:\path\to\softhsm\softhsm_demo>--- or ---
'---' is not recognized as an internal or external command,
operable program or batch file.
c:\path\to\softhsm\softhsm_demo>SET PKCS11_MODULE=%HSM_ROOT%\lib\softhsm2-x64.dll
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM the id of the key - you probably want to leave these alone unless you know better
c:\path\to\softhsm\softhsm_demo>SET HSM_ID1=01
c:\path\to\softhsm\softhsm_demo>SET HSM_ID2=02
c:\path\to\softhsm\softhsm_demo>SET RSA_ID=%HSM_NAME%%HSM_ID1%_rsa
c:\path\to\softhsm\softhsm_demo>SET EC_ID=%HSM_NAME%%HSM_ID2%_ec
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM the pins used when accessing the pkcs11 api
c:\path\to\softhsm\softhsm_demo>SET HSM_SOPIN=1111
c:\path\to\softhsm\softhsm_demo>SET HSM_PIN=2222
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>SET HSM_DEST=%HSM_ROOT%\%HSM_NAME%
c:\path\to\softhsm\softhsm_demo>SET HSM_LABEL=%HSM_NAME%-label
c:\path\to\softhsm\softhsm_demo>SET SOFTHSM2_CONF=%HSM_DEST%\softhsm.config
c:\path\to\softhsm\softhsm_demo>SET HSM_TOKENS_DIR=%HSM_DEST%\tokens\
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM make an alias for ease
c:\path\to\softhsm\softhsm_demo>doskey p="c:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-tool.exe" --module %PKCS11_MODULE% $*
c:\path\to\softhsm\softhsm_demo>cd /d %HSM_ROOT%
c:\path\to\softhsm>
c:\path\to\softhsm>rmdir /s /q %HSM_NAME%
c:\path\to\softhsm>mkdir %HSM_TOKENS_DIR%
c:\path\to\softhsm>
c:\path\to\softhsm>cd /d %HSM_NAME%
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo># Create a text file at %SOFTHSM2_CONF% with these contents but make sure you replace the tokendir entry with %HSM_TOKENS_DIR%
'#' is not recognized as an internal or external command,
operable program or batch file.
c:\path\to\softhsm\softhsm_demo>echo ^
More? # SoftHSM v2 configuration file ^
More?
More? directories.tokendir = %HSM_TOKENS_DIR% ^
More?
More? objectstore.backend = file ^
More?
More? # ERROR, WARNING, INFO, DEBUG ^
More?
More? log.level = INFO ^
More?
More? # If CKF_REMOVABLE_DEVICE flag should be set ^
More?
More? slots.removable = false ^
More?
More? # Enable and disable PKCS#11 mechanisms using slots.mechanisms. ^
More?
More? slots.mechanisms = ALL > %SOFTHSM2_CONF%
c:\path\to\softhsm\softhsm_demo>ziti edge login %ZITI_CTRL%:1280 -u %ZITI_USER% -p %ZITI_PWD%
Token: c6f4d504-6095-4118-8f13-3c787821963f
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM create a new identity and output the jwt to a known location
c:\path\to\softhsm\softhsm_demo>ziti edge create identity device "%RSA_ID%" -o "%HSM_DEST%\%RSA_ID%.jwt"
a625ee46-b799-4e9f-a92c-59a579cb9756
Enrollment expires at 2020-02-23T14:22:08.902166003Z
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM create a second new identity and output the jwt to a known location
c:\path\to\softhsm\softhsm_demo>ziti edge create identity device "%EC_ID%" -o "%HSM_DEST%\%EC_ID%.jwt"
08889f51-1639-4cd0-9c18-ffcc5e315f3e
Enrollment expires at 2020-02-23T14:22:09.634832703Z
c:\path\to\softhsm\softhsm_demo>p --init-token --label "ziti-test-token" --so-pin %HSM_SOPIN%
Using slot 0 with a present token (0x0)
Token successfully initialized
c:\path\to\softhsm\softhsm_demo>p --init-pin --pin "%HSM_PIN%" --so-pin %HSM_SOPIN%
Using slot 0 with a present token (0x1af2a063)
User PIN successfully initialized
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM create a couple of keys - one rsa and one ec
c:\path\to\softhsm\softhsm_demo>p -p "%HSM_PIN%" -k --key-type rsa:2048 --id "%HSM_ID1%" --label ziti-rsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x1af2a063)
Key pair generated:
Private Key Object; RSA
label: ziti-rsa-key
ID: 01
Usage: decrypt, sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Public Key Object; RSA 2048 bits
label: ziti-rsa-key
ID: 01
Usage: encrypt, verify, wrap
Access: local
c:\path\to\softhsm\softhsm_demo>p -p "%HSM_PIN%" -k --key-type EC:prime256v1 --id "%HSM_ID2%" --label ziti-ecdsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x1af2a063)
Key pair generated:
Private Key Object; EC
label: ziti-ecdsa-key
ID: 02
Usage: decrypt, sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410419240eaf1e7628c94dbb3ab46f0b4c5b3fe8bab8227b67ed9bdea6d107547c16ac401437f674c73986697cc2c0e4ae0416775ee8ec0b65f1fe6c935acdc4b35a
EC_PARAMS: 06082a8648ce3d030107
label: ziti-ecdsa-key
ID: 02
Usage: encrypt, verify, wrap
Access: local
c:\path\to\softhsm\softhsm_demo>ziti-tunnel enroll -j "%HSM_DEST%\%RSA_ID%.jwt" -k "pkcs11://%PKCS11_MODULE%?id=%HSM_ID1%&pin=%HSM_PIN%" -v
time="2020-02-13T09:22:18-05:00" level=debug msg="jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NzcyOCwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6IjQwZjE5Y2VhLWFjYWYtNDQyMy1iNzhjLWI2NjU4MDA0NGI2MSIsInN1YiI6ImE2MjVlZTQ2LWI3OTktNGU5Zi1hOTJjLTU5YTU3OWNiOTc1NiJ9.LkziWbgKeJtZ6f5dd169K32Gq86-6ly13v7iHn7Zj_ITFudxXzLa2dl3JonBRg6hNW8ghiPNZ7JpcSkRiaN8npKUHAnsZfr1kPE-NR-eJmUTqM88UhznQJOKyAZzA-dLxRfsRgmU9ESLVsAQEE4wefPz8AlsXWGYK9oWx-X0SEwu4TgjCWP1jEd7pQJXw5ZXIBYLZMG0buIFaKgskH-inpK7BF2LZc9ENr6nj4W4X_tm7kbzGdQ-ofzlhJMBHFz2w_qQXDqXiYWf59Wrszd9-3y0rbvykmc9L8G3B1YlICKyD6mhaPt4fLquZEOwsyeOgH9BLJhX9I33nfYZe_mQf4jzhw5U13K1VKaL-JGwfXntwrKMUJhB62NDMLNALMDqc4hK3BKp1wdZT5YL2Y91J2lLa50mg0OG9ASvkmh7dW3FhDFntl9UnSuPmVJExfMJJCXwe0DgbLcg0TugUuioJ9iCrAZ2tTsLoXDIqLj4zqDhe2nCXdTGgqGpa2ftqNWsUxJmZM2V8ll8Mb2tcuNu0WHcpZ1nH9iXuNHWRsLyowIZB0NJoIvYRlHzlPiSjJxZlNdMSh2jm6tZ7_sAyw_cIAU20yJ3KSGE2PT9bCgkISiYEZ2V5Q3cyGIi0OMP7IqZ5vomqHhkF41C4LIH7A4NKCWMztTwt-WOIndGX5yB1GA"
time="2020-02-13T09:22:18-05:00" level=info msg="using engine : pkcs11\n"
time="2020-02-13T09:22:18-05:00" level=debug msg="loading key" context=pkcs11 url="pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=01&pin=2222"
time="2020-02-13T09:22:18-05:00" level=info msg="using driver: c:\\path\\to\\softhsm\\lib\\softhsm2-x64.dll" context=pkcs11
time="2020-02-13T09:22:18-05:00" level=warning msg="slot not specified, using first slot reported by the driver (452108387)" context=pkcs11
time="2020-02-13T09:22:18-05:00" level=debug msg="found signing mechanism" context=pkcs11 sign mechanism=0
time="2020-02-13T09:22:18-05:00" level=debug msg="no cas provided in caPool. using system provided cas"
time="2020-02-13T09:22:18-05:00" level=debug msg="fetching certificates from server"
time="2020-02-13T09:22:18-05:00" level=debug msg="loading key" context=pkcs11 url="pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=01&pin=2222"
time="2020-02-13T09:22:18-05:00" level=info msg="using driver: c:\\path\\to\\softhsm\\lib\\softhsm2-x64.dll" context=pkcs11
time="2020-02-13T09:22:18-05:00" level=warning msg="slot not specified, using first slot reported by the driver (452108387)" context=pkcs11
time="2020-02-13T09:22:18-05:00" level=debug msg="found signing mechanism" context=pkcs11 sign mechanism=0
enrolled successfully. identity file written to: c:\path\to\softhsm\softhsm_demo\softhsm_demo01_rsa.json
c:\path\to\softhsm\softhsm_demo>ziti-tunnel enroll -j "%HSM_DEST%\%EC_ID%.jwt" -k "pkcs11://%PKCS11_MODULE%?id=%HSM_ID2%&pin=%HSM_PIN%" -v
time="2020-02-13T09:22:19-05:00" level=debug msg="jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NzcyOSwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6ImU0NDhlMGVjLTk4Y2ItNDBjMC05MmE4LWE2YjMyZDJlY2UwMCIsInN1YiI6IjA4ODg5ZjUxLTE2MzktNGNkMC05YzE4LWZmY2M1ZTMxNWYzZSJ9.HHlGcNPh1E83SG3ncCzIPLpav4fRZ44eAeq9Igr24CHT3TCJXXooFNVY5LYtTJ3ydsE6RVPn3UCrP_72CK4Y8Bc-OHDxtPsl0wQwH90tYIz68d2Br0D8kBjjLnYNfsQS0w4t9GEdnNLD8WfjIF8V1croBksrA0jyDiZFak67tKwohzftmm7bNNibA2KvNFVSa_ZaD1lT-SR5xEHaTkR4LpBhPSN9HeR6TAj0c0LsFgFAm_4LrX14r3eufCxxj0TIEHPvxqa_dMJq3TuUFQQPvSIStnXKd9i4gTnFhFdxeZ4J4R94IT6UdzAVD1lIBA9tta7XrMgKpG7Yl8OX60rh3je4S73WAff4kZg6gFpL2RckHuCGdn4AoAXPJoFqBerQ3xybAVNW913fxtw942juVBhjb4Ex2LzZylkRrQmJ3xV5s3-MuW8-1-2N1lK5u1JK_sulrCx5trrvFb99z2INnNh0baVFq_7-3KozVsE0RNiXGc5dAjhNFWJWXT9H6PhIzzJ-0l84ZQaloxon1b70LnoVPC8g2z-Psvv8-Pc2JIlg5K4DLIXsagD4n4S1Fh8aqAyduF5Sc7ddVQ20-8Fz8iIZXNEGvNa9KwuHVzrk3UZJ3cB7Q1oWDshHPcMd7B4AtyV4z9U4qUP7syyAYkGYrMT_F26uNmIb0s2eW6xDf68"
time="2020-02-13T09:22:19-05:00" level=info msg="using engine : pkcs11\n"
time="2020-02-13T09:22:19-05:00" level=debug msg="loading key" context=pkcs11 url="pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=02&pin=2222"
time="2020-02-13T09:22:19-05:00" level=info msg="using driver: c:\\path\\to\\softhsm\\lib\\softhsm2-x64.dll" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=warning msg="slot not specified, using first slot reported by the driver (452108387)" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=debug msg="found signing mechanism" context=pkcs11 sign mechanism=0
time="2020-02-13T09:22:19-05:00" level=debug msg="EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil>" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=warning msg="failed to get mechanism info [1044]" context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
time="2020-02-13T09:22:19-05:00" level=debug msg="no cas provided in caPool. using system provided cas"
time="2020-02-13T09:22:19-05:00" level=debug msg="fetching certificates from server"
time="2020-02-13T09:22:19-05:00" level=debug msg="loading key" context=pkcs11 url="pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=02&pin=2222"
time="2020-02-13T09:22:19-05:00" level=info msg="using driver: c:\\path\\to\\softhsm\\lib\\softhsm2-x64.dll" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=warning msg="slot not specified, using first slot reported by the driver (452108387)" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=debug msg="found signing mechanism" context=pkcs11 sign mechanism=0
time="2020-02-13T09:22:19-05:00" level=debug msg="EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil>" context=pkcs11
time="2020-02-13T09:22:19-05:00" level=warning msg="failed to get mechanism info [1044]" context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
enrolled successfully. identity file written to: c:\path\to\softhsm\softhsm_demo\softhsm_demo02_ec.json
c:\path\to\softhsm\softhsm_demo>REM run this command and get the id from the first edge-router.
c:\path\to\softhsm\softhsm_demo>ziti edge list edge-routers
id: 727f0074-9011-4b79-955b-a6a9e3bb67b1 name: local-edge-router role attributes: {}
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM use the id returned from the above command and put it into a variable for use in a momment
c:\path\to\softhsm\softhsm_demo>SET EDGE_ROUTER_ID=727f0074-9011-4b79-955b-a6a9e3bb67b1
c:\path\to\softhsm\softhsm_demo>REM remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000
c:\path\to\softhsm\softhsm_demo>ziti edge delete config wttrconfig
c:\path\to\softhsm\softhsm_demo>ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
7e73d98c-e44f-4360-9a48-6d1c812f0a75
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>REM recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
c:\path\to\softhsm\softhsm_demo>REM send a request to wttr.in to retreive a weather forecast
c:\path\to\softhsm\softhsm_demo>ziti edge delete service wttr.ziti
c:\path\to\softhsm\softhsm_demo>ziti edge create service wttr.ziti "%EDGE_ROUTER_ID%" tcp://wttr.in:80 --configs wttrconfig
04ccec0c-3329-4f8f-8942-9dbd378bb15e
c:\path\to\softhsm\softhsm_demo>REM start one or both proxies - use ctrl-break or ctrl-pause to terminate these processes
c:\path\to\softhsm\softhsm_demo>start /b ziti-tunnel proxy -i "%HSM_DEST%/%RSA_ID%.json" wttr.ziti:8000 -v
c:\path\to\softhsm\softhsm_demo>[ 0.026] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.027] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=01&pin=2222]} loading key
[ 0.028] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: c:\path\to\softhsm\lib\softhsm2-x64.dll
[ 0.036] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (452108387)
[ 0.043] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.044] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.079] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {id=[087afe19-9c8b-40f4-88c9-962d9e04f1b8] token=[28c9472d-8540-413d-9f8e-532139dfbdcb]} Got api session: {087afe19-9c8b-40f4-88c9-962d9e04f1b8 28c9472d-8540-413d-9f8e-532139dfbdcb}
[ 0.080] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 28c9472d-8540-413d-9f8e-532139dfbdcb
[ 0.124] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 28c9472d-8540-413d-9f8e-532139dfbdcb
[ 0.166] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.166] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.167] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.169] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.169] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[04ccec0c-3329-4f8f-8942-9dbd378bb15e]} requesting session
[ 0.203] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[4b9096a5-4bef-4296-813d-252aebe7ebe6]} acquired network session
[ 0.203] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {service=[wttr.ziti] addr=[0.0.0.0:8000]} service is listening
start /b ziti-tunnel proxy -i "%HSM_DEST%/%EC_ID%.json" wttr.ziti:9000 -v
c:\path\to\softhsm\softhsm_demo>[ 0.017] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.017] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11://c:%5Cpath%5Cto%5Csofthsm%5Clib%5Csofthsm2-x64.dll?id=02&pin=2222]} loading key
[ 0.018] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: c:\path\to\softhsm\lib\softhsm2-x64.dll
[ 0.026] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (452108387)
[ 0.034] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.034] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.loadECDSApub [pkcs11]: EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil>
[ 0.035] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.getECDSAmechanism [pkcs11]: {error=[pkcs11: 0x70: CKR_MECHANISM_INVALID]} failed to get mechanism info [1044]
[ 0.037] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.074] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {token=[68289015-5910-464f-8c1f-4870c28cfbb1] id=[32d29510-6285-4cff-80b3-a9630ffef388]} Got api session: {32d29510-6285-4cff-80b3-a9630ffef388 68289015-5910-464f-8c1f-4870c28cfbb1}
[ 0.074] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 68289015-5910-464f-8c1f-4870c28cfbb1
[ 0.123] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 68289015-5910-464f-8c1f-4870c28cfbb1
[ 0.162] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.163] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.164] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[04ccec0c-3329-4f8f-8942-9dbd378bb15e]} requesting session
[ 0.204] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[d09009a6-a2b2-405b-8125-8f9c021ff8de]} acquired network session
[ 0.204] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.206] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.207] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {addr=[0.0.0.0:9000] service=[wttr.ziti]} service is listening
c:\path\to\softhsm\softhsm_demo>curl -H "Host: wttr.in" http://localhost:8000 > "%HSM_DEST%\example_%RSA_ID%.txt"
[ 14.743] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Spee[ 14.758] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
d[ 14.758] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 14.759] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 14.759] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 14.760] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{PpLP}]: started
[ 14.760] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 14.761] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 14.761] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{PpLP}]: started
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[ 14.874] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{PpLP}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 14.874] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 14.875] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:62125] src-local=[127.0.0.1:8000]} tunnel started
[ 14.878] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {edgeSeq=[1] connId=[1] type=[EdgeDataType] chSeq=[-1]} writing 71 bytes
[ 14.879] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
[ 15.057] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {connId=[1] seq=[1]} handling received EdgeDataType
[ 15.057] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8964 bytes
[ 15.058] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
100 8799 100 8799 0 0 28111 0 --:--:-- --:--:-- --:--:-- 28111
[ 15.067] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-remote=[127.0.0.1:62125] src-local=[127.0.0.1:8000] dst-local=[:1] dst-remote=[wttr.ziti]} stopping pipe
[ 15.067] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 15.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 15.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 15.070] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end
c:\path\to\softhsm\softhsm_demo>[ 16.070] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 16.070] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 16.071] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-remote=[127.0.0.1:62125] src-remote=[wttr.ziti] src-local=[:1] dst-local=[127.0.0.1:8000]} stopping pipe
[ 16.072] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-remote=[wttr.ziti] src-remote=[127.0.0.1:62125] src-local=[127.0.0.1:8000] dst-local=[:1]} tunnel closed: 71 bytes sent; 8964 bytes received
c:\path\to\softhsm\softhsm_demo> curl -H "Host: wttr.in" http://localhost:9000 > "%HSM_DEST%\example_%EC_ID%.txt"
[ 18.776] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
% Total % Received % Xferd Average Speed Time Time Time Current
[ 18.785] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
[ 18.785] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 18.786] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 18.786] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 18.787] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 18.787] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{15kP}]: started
[ 18.789] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 18.789] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{15kP}]: started
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[ 18.902] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{15kP}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 18.903] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 18.904] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-remote=[127.0.0.1:62130] src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti]} tunnel started
[ 18.905] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {type=[EdgeDataType] chSeq=[-1] edgeSeq=[1] connId=[1]} writing 71 bytes
[ 18.906] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[ 19.334] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {seq=[1] connId=[1]} handling received EdgeDataType
[ 19.335] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8964 bytes
[ 19.336] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
100 8799 100 8799 0 0 15628 0 --:--:-- --:--:-- --:--:-- 15628
[ 19.344] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-remote=[127.0.0.1:62130] src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti]} stopping pipe
[ 19.344] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 19.345] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 19.347] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 19.349] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end
c:\path\to\softhsm\softhsm_demo>
c:\path\to\softhsm\softhsm_demo>[ 20.345] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 20.345] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 20.347] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-remote=[127.0.0.1:62130] src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti]} tunnel closed: 71 bytes sent; 8964 bytes received
[ 20.349] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-local=[127.0.0.1:9000] dst-remote=[127.0.0.1:62130] src-remote=[wttr.ziti] src-local=[:1]} stopping pipe
tpye "%HSM_DEST%\example_%RSA_ID%.txt"
'tpye' is not recognized as an internal or external command,
operable program or batch file.
c:\path\to\softhsm\softhsm_demo>type "%HSM_DEST%\example_%RSA_ID%.txt"
Weather report: Laurelton, United States
Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.0 in
┌─────────────┐
┌────────────────��─────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light rain │ .-. Light rain │ _`/"".-. Moderate or he…│ \ / Partly cloudy │
│ ( ). 35..37 °F │ ( ). 39..41 °F │ ,\_( ). 32..39 °F │ _ /"".-. 26..+33 °F │
│ (___(__) ↑ 4-6 mph │ (___(__) ↗ 5-6 mph │ /(___(__) → 8-10 mph │ \_( ). → 9-14 mph │
│ ‘ ‘ ‘ ‘ 5 mi │ ‘ ‘ ‘ ‘ 5 mi │ * * * * 5 mi │ /(___(__) 4 mi │
│ ‘ ‘ ‘ ‘ 0.1 in | 79% │ ‘ ‘ ‘ ‘ 0.0 in | 80% │ * * * * 0.0 in | 25% │ 0.0 in | 51% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼─────────────────────────────��┼──────────────────────────────┤
│ \ / Partly cloudy │ \ / Sunny │ \ / Partly cloudy │ \ / Clear │
│ _ /"".-. 3..17 °F │ .-. 6..19 °F │ _ /"".-. 8..19 °F │ .-. 5..14 °F │
│ \_( ). ↘ 11-13 mph │ ― ( ) ― ↘ 11-13 mph │ \_( ). ↗ 9-12 mph │ ― ( ) ― ↓ 7-11 mph │
│ /(___(__) 6 mi │ `-’ 6 mi │ /(___(__) 6 mi │ `-’ 6 mi │
│ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ / \ 0.0 in | 0% │
└───────────────────��──────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├────────────���─────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ \ / Partly cloudy │ \ / Partly cloudy │
│ .-. 12..17 °F │ .-. 17..24 °F │ _ /"".-. 21..30 °F │ _ /"".-. 15..24 °F │
│ ― ( ) ― ↑ 3-4 mph │ ― ( ) ― ↑ 6-7 mph │ \_( ). ↑ 8-13 mph │ \_( ). ↑ 7-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ /(___(__) 6 mi │ /(___(__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
Follow @igor_chubin for wttr.in updates
c:\path\to\softhsm\softhsm_demo>type "%HSM_DEST%\example_%EC_ID%.txt"
Weather report: Laurelton, United States
Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.0 in
┌─────────────┐
┌────────────────��─────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light rain │ .-. Light rain │ _`/"".-. Moderate or he…│ \ / Partly cloudy │
│ ( ). 35..37 °F │ ( ). 39..41 °F │ ,\_( ). 32..39 °F │ _ /"".-. 26..+33 °F │
│ (___(__) ↑ 4-6 mph │ (___(__) ↗ 5-6 mph │ /(___(__) → 8-10 mph │ \_( ). → 9-14 mph │
│ ‘ ‘ ‘ ‘ 5 mi │ ‘ ‘ ‘ ‘ 5 mi │ * * * * 5 mi │ /(___(__) 4 mi │
│ ‘ ‘ ‘ ‘ 0.1 in | 79% │ ‘ ‘ ‘ ‘ 0.0 in | 80% │ * * * * 0.0 in | 25% │ 0.0 in | 51% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼─────────────────────────────��┼──────────────────────────────┤
│ \ / Partly cloudy │ \ / Sunny │ \ / Partly cloudy │ \ / Clear │
│ _ /"".-. 3..17 °F │ .-. 6..19 °F │ _ /"".-. 8..19 °F │ .-. 5..14 °F │
│ \_( ). ↘ 11-13 mph │ ― ( ) ― ↘ 11-13 mph │ \_( ). ↗ 9-12 mph │ ― ( ) ― ↓ 7-11 mph │
│ /(___(__) 6 mi │ `-’ 6 mi │ /(___(__) 6 mi │ `-’ 6 mi │
│ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ / \ 0.0 in | 0% │
└───────────────────��──────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├────────────���─────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ \ / Partly cloudy │ \ / Partly cloudy │
│ .-. 12..17 °F │ .-. 17..24 °F │ _ /"".-. 21..30 °F │ _ /"".-. 15..24 °F │
│ ― ( ) ― ↑ 3-4 mph │ ― ( ) ― ↑ 6-7 mph │ \_( ). ↑ 8-13 mph │ \_( ). ↑ 7-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ /(___(__) 6 mi │ /(___(__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
Follow @igor_chubin for wttr.in updates
c:\path\to\softhsm\softhsm_demo>