// Validate ensures that config is a valid configuration.
func Validate(c Config) error {
if v, ok := c[IdentityURL].(string); ok {
u, err := url.Parse(v)
if err != nil {
return errors.Annotate(err, "invalid identity URL")
}
if u.Scheme != "https" {
return errors.Errorf("URL needs to be https")
}
}
if v, ok := c[IdentityPublicKey].(string); ok {
var key bakery.PublicKey
if err := key.UnmarshalText([]byte(v)); err != nil {
return errors.Annotate(err, "invalid identity public key")
}
}
caCert, caCertOK := c.CACert()
if !caCertOK {
return errors.Errorf("missing CA certificate")
}
if _, err := cert.ParseCert(caCert); err != nil {
return errors.Annotate(err, "bad CA certificate in configuration")
}
if uuid, ok := c[ControllerUUIDKey].(string); ok && !utils.IsValidUUIDString(uuid) {
return errors.Errorf("controller-uuid: expected UUID, got string(%q)", uuid)
}
return nil
}
// IdentityPublicKey returns the public key of the identity manager.
func (c Config) IdentityPublicKey() *bakery.PublicKey {
key := c.asString(IdentityPublicKey)
if key == "" {
return nil
}
var pubKey bakery.PublicKey
err := pubKey.UnmarshalText([]byte(key))
if err != nil {
// We check if the key string can be unmarshalled into a PublicKey in the
// Validate function, so we really do not expect this to fail.
panic(err)
}
return &pubKey
}
// Validate ensures that config is a valid configuration.
func Validate(c Config) error {
if v, ok := c[IdentityPublicKey].(string); ok {
var key bakery.PublicKey
if err := key.UnmarshalText([]byte(v)); err != nil {
return errors.Annotate(err, "invalid identity public key")
}
}
if v, ok := c[IdentityURL].(string); ok {
u, err := url.Parse(v)
if err != nil {
return errors.Annotate(err, "invalid identity URL")
}
// If we've got an identity public key, we allow an HTTP
// scheme for the identity server because we won't need
// to rely on insecure transport to obtain the public
// key.
if _, ok := c[IdentityPublicKey]; !ok && u.Scheme != "https" {
return errors.Errorf("URL needs to be https when %s not provided", IdentityPublicKey)
}
}
caCert, caCertOK := c.CACert()
if !caCertOK {
return errors.Errorf("missing CA certificate")
}
if _, err := cert.ParseCert(caCert); err != nil {
return errors.Annotate(err, "bad CA certificate in configuration")
}
if uuid, ok := c[ControllerUUIDKey].(string); ok && !utils.IsValidUUIDString(uuid) {
return errors.Errorf("controller-uuid: expected UUID, got string(%q)", uuid)
}
return nil
}
