Пример #1
0
// metaDiscoverPubKeyLocations discovers the locations of public keys through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
	app, err := discovery.NewAppFromString(prefix)
	if err != nil {
		return nil, err
	}

	hostHeaders := config.ResolveAuthPerHost(m.AuthPerHost)
	insecure := discovery.InsecureNone
	if m.InsecureAllowHTTP {
		insecure = insecure | discovery.InsecureHttp
	}
	if m.InsecureSkipTLSCheck {
		insecure = insecure | discovery.InsecureTls
	}
	ep, attempts, err := discovery.DiscoverPublicKeys(*app, hostHeaders, insecure)
	if err != nil {
		return nil, err
	}

	if m.Debug {
		for _, a := range attempts {
			log.PrintE(fmt.Sprintf("meta tag 'ac-discovery-pubkeys' not found on %s", a.Prefix), a.Error)
		}
	}

	return ep.Keys, nil
}
Пример #2
0
func OpenPubKey(location string) (types.ACIdentifier, *os.File, error) {
	if app := tryAppFromString(location); app != nil {
		// Proper ACIdentifier given, let's do the discovery
		// TODO: hostHeaders, insecure
		if pks, _, err := discovery.DiscoverPublicKeys(*app, nil, 0); err != nil {
			return app.Name, nil, err
		} else {
			// We assume multiple returned keys are alternatives, not
			// multiple different valid keychains.
			var err error
			for _, keyurl := range pks {
				if keyf, er1 := OpenLocation(keyurl); er1 != nil {
					err = multierror.Append(err, er1)
				} else {
					return app.Name, keyf, nil
				}
			}
			// All keys erred
			return app.Name, nil, err
		}
	} else {
		// Not an ACIdentifier, let's open as raw location
		f, err := OpenLocation(location)
		return "", f, err
	}
}
Пример #3
0
func runDiscover(args []string) (exit int) {
	if len(args) < 1 {
		stderr("discover: at least one name required")
	}

	for _, name := range args {
		app, err := discovery.NewAppFromString(name)
		if app.Labels["os"] == "" {
			app.Labels["os"] = runtime.GOOS
		}
		if app.Labels["arch"] == "" {
			app.Labels["arch"] = runtime.GOARCH
		}
		if err != nil {
			stderr("%s: %s", name, err)
			return 1
		}
		insecure := discovery.InsecureNone
		if transportFlags.Insecure {
			insecure = discovery.InsecureTLS | discovery.InsecureHTTP
		}
		eps, attempts, err := discovery.DiscoverACIEndpoints(*app, nil, insecure)
		if err != nil {
			stderr("error fetching endpoints for %s: %s", name, err)
			return 1
		}
		for _, a := range attempts {
			fmt.Printf("discover endpoints walk: prefix: %s error: %v\n", a.Prefix, a.Error)
		}
		publicKeys, attempts, err := discovery.DiscoverPublicKeys(*app, nil, insecure)
		if err != nil {
			stderr("error fetching public keys for %s: %s", name, err)
			return 1
		}
		for _, a := range attempts {
			fmt.Printf("discover public keys walk: prefix: %s error: %v\n", a.Prefix, a.Error)
		}

		type discoveryData struct {
			ACIEndpoints []discovery.ACIEndpoint
			PublicKeys   []string
		}

		if outputJson {
			dd := discoveryData{ACIEndpoints: eps, PublicKeys: publicKeys}
			jsonBytes, err := json.MarshalIndent(dd, "", "    ")
			if err != nil {
				stderr("error generating JSON: %s", err)
				return 1
			}
			fmt.Println(string(jsonBytes))
		} else {
			for _, aciEndpoint := range eps {
				fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
			}
			if len(publicKeys) > 0 {
				fmt.Println("PublicKeys: " + strings.Join(publicKeys, ","))
			}
		}
	}

	return
}