open-consul/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/cert.go

// Copyright 2016 Circonus, Inc. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package checkmgr

import (
	"crypto/x509"
	"encoding/json"
	"errors"
	"fmt"
)

// Default Circonus CA certificate
var circonusCA = []byte(`-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAMelf8skwVWPMA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxETAPBgNVBAcTCENvbHVtYmlhMRcw
FQYDVQQKEw5DaXJjb251cywgSW5jLjERMA8GA1UECxMIQ2lyY29udXMxJzAlBgNV
BAMTHkNpcmNvbnVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJ
ARYPY2FAY2lyY29udXMubmV0MB4XDTA5MTIyMzE5MTcwNloXDTE5MTIyMTE5MTcw
NlowgagxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMI
Q29sdW1iaWExFzAVBgNVBAoTDkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJj
b251czEnMCUGA1UEAxMeQ2lyY29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4w
HAYJKoZIhvcNAQkBFg9jYUBjaXJjb251cy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAKz2X0/0vJJ4ad1roehFyxUXHdkjJA9msEKwT2ojummdUB3kK5z6
PDzDL9/c65eFYWqrQWVWZSLQK1D+v9xJThCe93v6QkSJa7GZkCq9dxClXVtBmZH3
hNIZZKVC6JMA9dpRjBmlFgNuIdN7q5aJsv8VZHH+QrAyr9aQmhDJAmk1AgMBAAGj
ggERMIIBDTAdBgNVHQ4EFgQUyNTsgZHSkhhDJ5i+6IFlPzKYxsUwgd0GA1UdIwSB
1TCB0oAUyNTsgZHSkhhDJ5i+6IFlPzKYxsWhga6kgaswgagxCzAJBgNVBAYTAlVT
MREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMIQ29sdW1iaWExFzAVBgNVBAoT
DkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJjb251czEnMCUGA1UEAxMeQ2ly
Y29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9jYUBj
aXJjb251cy5uZXSCCQDHpX/LJMFVjzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBAAHBtl15BwbSyq0dMEBpEdQYhHianU/rvOMe57digBmox7ZkPEbB/baE
sYJysziA2raOtRxVRtcxuZSMij2RiJDsLxzIp1H60Xhr8lmf7qF6Y+sZl7V36KZb
n2ezaOoRtsQl9dhqEMe8zgL76p9YZ5E69Al0mgiifTteyNjjMuIW
-----END CERTIFICATE-----`)

// CACert contains cert returned from Circonus API
type CACert struct {
	Contents string `json:"contents"`
}

// loadCACert loads the CA cert for the broker designated by the submission url
func (cm *CheckManager) loadCACert() error {
	if cm.certPool != nil {
		return nil
	}

	cm.certPool = x509.NewCertPool()

	var cert []byte
	var err error

	if cm.enabled {
		// only attempt to retrieve broker CA cert if
		// the check is being managed.
		cert, err = cm.fetchCert()
		if err != nil {
			return err
		}
	}

	if cert == nil {
		cert = circonusCA
	}

	cm.certPool.AppendCertsFromPEM(cert)

	return nil
}

// fetchCert fetches CA certificate using Circonus API
func (cm *CheckManager) fetchCert() ([]byte, error) {
	if !cm.enabled {
		return nil, errors.New("check manager is not enabled")
	}

	response, err := cm.apih.Get("/pki/ca.crt")
	if err != nil {
		return nil, err
	}

	cadata := new(CACert)
	if err := json.Unmarshal(response, cadata); err != nil {
		return nil, err
	}

	if cadata.Contents == "" {
		return nil, fmt.Errorf("[ERROR] Unable to find ca cert %+v", cadata)
	}

	return []byte(cadata.Contents), nil
}
Update circonus-gometrics `vendor circonus-labs/circonus-gometrics` `vendor circonus-labs/circonus-gometrics/api` `vendor circonus-labs/circonus-gometrics/checkmgr` `vendor circonus-labs/circonusllhist` `vendor hashicorp/go-retryablehttp` 2016-11-09 20:30:07 +00:00			`// Copyright 2016 Circonus, Inc. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`package checkmgr`

			`import (`
			`"crypto/x509"`
			`"encoding/json"`
agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00			`"errors"`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`"fmt"`
			`)`

			`// Default Circonus CA certificate`
			var circonusCA = []byte(`-----BEGIN CERTIFICATE-----
			`MIID4zCCA0ygAwIBAgIJAMelf8skwVWPMA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD`
			`VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxETAPBgNVBAcTCENvbHVtYmlhMRcw`
			`FQYDVQQKEw5DaXJjb251cywgSW5jLjERMA8GA1UECxMIQ2lyY29udXMxJzAlBgNV`
			`BAMTHkNpcmNvbnVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJ`
			`ARYPY2FAY2lyY29udXMubmV0MB4XDTA5MTIyMzE5MTcwNloXDTE5MTIyMTE5MTcw`
			`NlowgagxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMI`
			`Q29sdW1iaWExFzAVBgNVBAoTDkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJj`
			`b251czEnMCUGA1UEAxMeQ2lyY29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4w`
			`HAYJKoZIhvcNAQkBFg9jYUBjaXJjb251cy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD`
			`gY0AMIGJAoGBAKz2X0/0vJJ4ad1roehFyxUXHdkjJA9msEKwT2ojummdUB3kK5z6`
			`PDzDL9/c65eFYWqrQWVWZSLQK1D+v9xJThCe93v6QkSJa7GZkCq9dxClXVtBmZH3`
			`hNIZZKVC6JMA9dpRjBmlFgNuIdN7q5aJsv8VZHH+QrAyr9aQmhDJAmk1AgMBAAGj`
			`ggERMIIBDTAdBgNVHQ4EFgQUyNTsgZHSkhhDJ5i+6IFlPzKYxsUwgd0GA1UdIwSB`
			`1TCB0oAUyNTsgZHSkhhDJ5i+6IFlPzKYxsWhga6kgaswgagxCzAJBgNVBAYTAlVT`
			`MREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMIQ29sdW1iaWExFzAVBgNVBAoT`
			`DkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJjb251czEnMCUGA1UEAxMeQ2ly`
			`Y29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9jYUBj`
			`aXJjb251cy5uZXSCCQDHpX/LJMFVjzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB`
			`BQUAA4GBAAHBtl15BwbSyq0dMEBpEdQYhHianU/rvOMe57digBmox7ZkPEbB/baE`
			`sYJysziA2raOtRxVRtcxuZSMij2RiJDsLxzIp1H60Xhr8lmf7qF6Y+sZl7V36KZb`
			`n2ezaOoRtsQl9dhqEMe8zgL76p9YZ5E69Al0mgiifTteyNjjMuIW`
			-----END CERTIFICATE-----`)

			`// CACert contains cert returned from Circonus API`
			`type CACert struct {`
			Contents string `json:"contents"`
			`}`

			`// loadCACert loads the CA cert for the broker designated by the submission url`
agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00			`func (cm *CheckManager) loadCACert() error {`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`if cm.certPool != nil {`
agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00			`return nil`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`}`

			`cm.certPool = x509.NewCertPool()`

agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00			`var cert []byte`
			`var err error`

			`if cm.enabled {`
			`// only attempt to retrieve broker CA cert if`
			`// the check is being managed.`
			`cert, err = cm.fetchCert()`
			`if err != nil {`
			`return err`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`}`
			`}`

			`if cert == nil {`
			`cert = circonusCA`
			`}`

			`cm.certPool.AppendCertsFromPEM(cert)`
agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00
			`return nil`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`}`

			`// fetchCert fetches CA certificate using Circonus API`
			`func (cm *CheckManager) fetchCert() ([]byte, error) {`
			`if !cm.enabled {`
agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 12:50:48 +00:00			`return nil, errors.New("check manager is not enabled")`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`}`

			`response, err := cm.apih.Get("/pki/ca.crt")`
			`if err != nil {`
			`return nil, err`
			`}`

			`cadata := new(CACert)`
Update circonus-gometrics `vendor circonus-labs/circonus-gometrics` `vendor circonus-labs/circonus-gometrics/api` `vendor circonus-labs/circonus-gometrics/checkmgr` `vendor circonus-labs/circonusllhist` `vendor hashicorp/go-retryablehttp` 2016-11-09 20:30:07 +00:00			`if err := json.Unmarshal(response, cadata); err != nil {`
Updates armon/go-metrics and adds Circonus vendored libraries. 2016-07-19 23:40:41 +00:00			`return nil, err`
			`}`

			`if cadata.Contents == "" {`
			`return nil, fmt.Errorf("[ERROR] Unable to find ca cert %+v", cadata)`
			`}`

			`return []byte(cadata.Contents), nil`
			`}`