// metaDiscoverPubKeyLocations discovers the locations of public keys through ACDiscovery by applying prefix as an ACApp func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) { app, err := discovery.NewAppFromString(prefix) if err != nil { return nil, err } hostHeaders := config.ResolveAuthPerHost(m.AuthPerHost) insecure := discovery.InsecureNone if m.InsecureAllowHTTP { insecure = insecure | discovery.InsecureHttp } if m.InsecureSkipTLSCheck { insecure = insecure | discovery.InsecureTls } ep, attempts, err := discovery.DiscoverPublicKeys(*app, hostHeaders, insecure) if err != nil { return nil, err } if m.Debug { for _, a := range attempts { log.PrintE(fmt.Sprintf("meta tag 'ac-discovery-pubkeys' not found on %s", a.Prefix), a.Error) } } return ep.Keys, nil }
func OpenPubKey(location string) (types.ACIdentifier, *os.File, error) { if app := tryAppFromString(location); app != nil { // Proper ACIdentifier given, let's do the discovery // TODO: hostHeaders, insecure if pks, _, err := discovery.DiscoverPublicKeys(*app, nil, 0); err != nil { return app.Name, nil, err } else { // We assume multiple returned keys are alternatives, not // multiple different valid keychains. var err error for _, keyurl := range pks { if keyf, er1 := OpenLocation(keyurl); er1 != nil { err = multierror.Append(err, er1) } else { return app.Name, keyf, nil } } // All keys erred return app.Name, nil, err } } else { // Not an ACIdentifier, let's open as raw location f, err := OpenLocation(location) return "", f, err } }
func runDiscover(args []string) (exit int) { if len(args) < 1 { stderr("discover: at least one name required") } for _, name := range args { app, err := discovery.NewAppFromString(name) if app.Labels["os"] == "" { app.Labels["os"] = runtime.GOOS } if app.Labels["arch"] == "" { app.Labels["arch"] = runtime.GOARCH } if err != nil { stderr("%s: %s", name, err) return 1 } insecure := discovery.InsecureNone if transportFlags.Insecure { insecure = discovery.InsecureTLS | discovery.InsecureHTTP } eps, attempts, err := discovery.DiscoverACIEndpoints(*app, nil, insecure) if err != nil { stderr("error fetching endpoints for %s: %s", name, err) return 1 } for _, a := range attempts { fmt.Printf("discover endpoints walk: prefix: %s error: %v\n", a.Prefix, a.Error) } publicKeys, attempts, err := discovery.DiscoverPublicKeys(*app, nil, insecure) if err != nil { stderr("error fetching public keys for %s: %s", name, err) return 1 } for _, a := range attempts { fmt.Printf("discover public keys walk: prefix: %s error: %v\n", a.Prefix, a.Error) } type discoveryData struct { ACIEndpoints []discovery.ACIEndpoint PublicKeys []string } if outputJson { dd := discoveryData{ACIEndpoints: eps, PublicKeys: publicKeys} jsonBytes, err := json.MarshalIndent(dd, "", " ") if err != nil { stderr("error generating JSON: %s", err) return 1 } fmt.Println(string(jsonBytes)) } else { for _, aciEndpoint := range eps { fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC) } if len(publicKeys) > 0 { fmt.Println("PublicKeys: " + strings.Join(publicKeys, ",")) } } } return }