// metaDiscoverPubKeyLocations discovers the locations of public keys through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
app, err := discovery.NewAppFromString(prefix)
if err != nil {
return nil, err
}
hostHeaders := config.ResolveAuthPerHost(m.AuthPerHost)
insecure := discovery.InsecureNone
if m.InsecureAllowHTTP {
insecure = insecure | discovery.InsecureHttp
}
if m.InsecureSkipTLSCheck {
insecure = insecure | discovery.InsecureTls
}
ep, attempts, err := discovery.DiscoverPublicKeys(*app, hostHeaders, insecure)
if err != nil {
return nil, err
}
if m.Debug {
for _, a := range attempts {
log.PrintE(fmt.Sprintf("meta tag 'ac-discovery-pubkeys' not found on %s", a.Prefix), a.Error)
}
}
return ep.Keys, nil
}
func OpenPubKey(location string) (types.ACIdentifier, *os.File, error) {
if app := tryAppFromString(location); app != nil {
// Proper ACIdentifier given, let's do the discovery
// TODO: hostHeaders, insecure
if pks, _, err := discovery.DiscoverPublicKeys(*app, nil, 0); err != nil {
return app.Name, nil, err
} else {
// We assume multiple returned keys are alternatives, not
// multiple different valid keychains.
var err error
for _, keyurl := range pks {
if keyf, er1 := OpenLocation(keyurl); er1 != nil {
err = multierror.Append(err, er1)
} else {
return app.Name, keyf, nil
}
}
// All keys erred
return app.Name, nil, err
}
} else {
// Not an ACIdentifier, let's open as raw location
f, err := OpenLocation(location)
return "", f, err
}
}
func runDiscover(args []string) (exit int) {
if len(args) < 1 {
stderr("discover: at least one name required")
}
for _, name := range args {
app, err := discovery.NewAppFromString(name)
if app.Labels["os"] == "" {
app.Labels["os"] = runtime.GOOS
}
if app.Labels["arch"] == "" {
app.Labels["arch"] = runtime.GOARCH
}
if err != nil {
stderr("%s: %s", name, err)
return 1
}
insecure := discovery.InsecureNone
if transportFlags.Insecure {
insecure = discovery.InsecureTLS | discovery.InsecureHTTP
}
eps, attempts, err := discovery.DiscoverACIEndpoints(*app, nil, insecure)
if err != nil {
stderr("error fetching endpoints for %s: %s", name, err)
return 1
}
for _, a := range attempts {
fmt.Printf("discover endpoints walk: prefix: %s error: %v\n", a.Prefix, a.Error)
}
publicKeys, attempts, err := discovery.DiscoverPublicKeys(*app, nil, insecure)
if err != nil {
stderr("error fetching public keys for %s: %s", name, err)
return 1
}
for _, a := range attempts {
fmt.Printf("discover public keys walk: prefix: %s error: %v\n", a.Prefix, a.Error)
}
type discoveryData struct {
ACIEndpoints []discovery.ACIEndpoint
PublicKeys []string
}
if outputJson {
dd := discoveryData{ACIEndpoints: eps, PublicKeys: publicKeys}
jsonBytes, err := json.MarshalIndent(dd, "", " ")
if err != nil {
stderr("error generating JSON: %s", err)
return 1
}
fmt.Println(string(jsonBytes))
} else {
for _, aciEndpoint := range eps {
fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
}
if len(publicKeys) > 0 {
fmt.Println("PublicKeys: " + strings.Join(publicKeys, ","))
}
}
}
return
}