Add authenticated CFSSL example.

Add configurations to demonstrate the case where the remote CFSSL
requires authentication.

transport/example/README.md

@@ -31,7 +31,8 @@ config.
 ## Running the server
 
 The server expects a `server.json` in the same directory containing
-the configuration. One is provided in the server source:
+the configuration. One is provided in the server source, or it may be
+overridden using the `-f` command line flag.
 
 ```
 $ basename $(pwd)
@@ -59,7 +60,8 @@ At this point, the clients can start talking to the server.
 At this point, clients just connect and send a few messages, ensuring
 the server acknowledges the messages. The client also expects a
 `client.json` configuration in the same directory; once is provided in
-the source directory.
+the source directory, or it may be overridden using the `-f` command
+line flag.
 
 ```
 $ basename $(pwd)
@@ -77,3 +79,14 @@ OK
 $
 ```
 
+## Auth Examples
+
+The CA, server, and client ship with a `_auth.json` configuration file
+that will use an authenticated CFSSL. The commands change to:
+
+```
+$ cfssl serve -ca ca.pem -ca-key ca-key.pem -config config_auth.json
+$ go run server.go -a 127.0.0.1:9876 -f server_auth.json
+$ go run client.go -f client_auth.json
+```
+

transport/example/config_auth.json

@@ -0,0 +1,37 @@
+{
+    "auth_keys": {
+        "client": {
+            "type": "standard",
+            "key": "52abb3ac91971bb72bce17e7a289cd04476490b19e0d8eb7810dc42d4ac16c41"
+        },
+        "server": {
+            "type": "standard",
+            "key": "4f4f26686209f672e0ec7b19cbbc8b6d94fdd12cc0b20326f9005d5f234e6e3e"
+        }
+    },
+    "signing": {
+        "default": {
+            "expiry": "168h"
+        },
+        "profiles": {
+            "client": {
+                "auth_key": "client",
+                "expiry": "1h",
+                "usages": [
+                    "signing",
+                    "key encipherment",
+                    "client auth"
+                ]
+            },
+            "server": {
+                "auth_key": "server",
+                "expiry": "8760h",
+                "usages": [
+                    "signing",
+                    "key encipherment",
+                    "server auth"
+                ]
+            }
+        }
+    }
+}

transport/example/maclient/client.json

@@ -9,7 +9,7 @@
 	    "certificate": "client.pem"
 	},
 	"cfssl": {
-	    "profile": "maclient",
+	    "profile": "client",
 	    "remote": "127.0.0.1:8888"
 	}
     },

transport/example/maclient/client_auth.json

@@ -0,0 +1,30 @@
+{
+    "request": {
+	"CN": "test client",
+	"hosts": ["127.0.0.1"]
+    },
+    "profiles": {
+	"paths": {
+	    "private_key": "client.key",
+	    "certificate": "client.pem"
+	},
+	"cfssl": {
+	    "profile": "client",
+	    "remote": "127.0.0.1:8888",
+	    "auth-type": "standard",
+	    "auth-key": "52abb3ac91971bb72bce17e7a289cd04476490b19e0d8eb7810dc42d4ac16c41"
+	}
+    },
+    "roots": [
+	{
+	    "type": "system"
+	},
+	{
+	    "type": "cfssl",
+            "metadata": {
+		"host": "127.0.0.1:8888",
+		"profile": "server"
+	    }
+	}
+    ]
+}

transport/example/maserver/server_auth.json

@@ -0,0 +1,28 @@
+{
+    "request": {
+	"CN": "test server",
+	"hosts": ["127.0.0.1"]
+    },
+    "profiles": {
+	"paths": {
+	    "private_key": "server.key",
+	    "certificate": "server.pem"
+	},
+	"cfssl": {
+	    "profile": "server",
+	    "remote": "127.0.0.1:8888",
+	    "auth-type": "standard",
+	    "auth-key": "4f4f26686209f672e0ec7b19cbbc8b6d94fdd12cc0b20326f9005d5f234e6e3e"
+	}
+    },
+    "roots": [{
+	    "type": "system"
+    }],
+    "client_roots": [{
+	    "type": "cfssl",
+            "metadata": {
+		"host": "127.0.0.1:8888",
+		"profile": "client"
+	    }
+    }]
+}