84 lines
2.5 KiB
Go
84 lines
2.5 KiB
Go
|
package checkmgr
|
||
|
|
||
|
import (
|
||
|
"crypto/x509"
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
)
|
||
|
|
||
|
// Default Circonus CA certificate
|
||
|
var circonusCA = []byte(`-----BEGIN CERTIFICATE-----
|
||
|
MIID4zCCA0ygAwIBAgIJAMelf8skwVWPMA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
|
||
|
VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxETAPBgNVBAcTCENvbHVtYmlhMRcw
|
||
|
FQYDVQQKEw5DaXJjb251cywgSW5jLjERMA8GA1UECxMIQ2lyY29udXMxJzAlBgNV
|
||
|
BAMTHkNpcmNvbnVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJ
|
||
|
ARYPY2FAY2lyY29udXMubmV0MB4XDTA5MTIyMzE5MTcwNloXDTE5MTIyMTE5MTcw
|
||
|
NlowgagxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMI
|
||
|
Q29sdW1iaWExFzAVBgNVBAoTDkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJj
|
||
|
b251czEnMCUGA1UEAxMeQ2lyY29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4w
|
||
|
HAYJKoZIhvcNAQkBFg9jYUBjaXJjb251cy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
|
||
|
gY0AMIGJAoGBAKz2X0/0vJJ4ad1roehFyxUXHdkjJA9msEKwT2ojummdUB3kK5z6
|
||
|
PDzDL9/c65eFYWqrQWVWZSLQK1D+v9xJThCe93v6QkSJa7GZkCq9dxClXVtBmZH3
|
||
|
hNIZZKVC6JMA9dpRjBmlFgNuIdN7q5aJsv8VZHH+QrAyr9aQmhDJAmk1AgMBAAGj
|
||
|
ggERMIIBDTAdBgNVHQ4EFgQUyNTsgZHSkhhDJ5i+6IFlPzKYxsUwgd0GA1UdIwSB
|
||
|
1TCB0oAUyNTsgZHSkhhDJ5i+6IFlPzKYxsWhga6kgaswgagxCzAJBgNVBAYTAlVT
|
||
|
MREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMIQ29sdW1iaWExFzAVBgNVBAoT
|
||
|
DkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJjb251czEnMCUGA1UEAxMeQ2ly
|
||
|
Y29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9jYUBj
|
||
|
aXJjb251cy5uZXSCCQDHpX/LJMFVjzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
|
||
|
BQUAA4GBAAHBtl15BwbSyq0dMEBpEdQYhHianU/rvOMe57digBmox7ZkPEbB/baE
|
||
|
sYJysziA2raOtRxVRtcxuZSMij2RiJDsLxzIp1H60Xhr8lmf7qF6Y+sZl7V36KZb
|
||
|
n2ezaOoRtsQl9dhqEMe8zgL76p9YZ5E69Al0mgiifTteyNjjMuIW
|
||
|
-----END CERTIFICATE-----`)
|
||
|
|
||
|
// CACert contains cert returned from Circonus API
|
||
|
type CACert struct {
|
||
|
Contents string `json:"contents"`
|
||
|
}
|
||
|
|
||
|
// loadCACert loads the CA cert for the broker designated by the submission url
|
||
|
func (cm *CheckManager) loadCACert() {
|
||
|
if cm.certPool != nil {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
cm.certPool = x509.NewCertPool()
|
||
|
|
||
|
cert, err := cm.fetchCert()
|
||
|
if err != nil {
|
||
|
if cm.Debug {
|
||
|
cm.Log.Printf("[DEBUG] Unable to fetch ca.crt, using default. %+v\n", err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if cert == nil {
|
||
|
cert = circonusCA
|
||
|
}
|
||
|
|
||
|
cm.certPool.AppendCertsFromPEM(cert)
|
||
|
}
|
||
|
|
||
|
// fetchCert fetches CA certificate using Circonus API
|
||
|
func (cm *CheckManager) fetchCert() ([]byte, error) {
|
||
|
if !cm.enabled {
|
||
|
return circonusCA, nil
|
||
|
}
|
||
|
|
||
|
response, err := cm.apih.Get("/pki/ca.crt")
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
cadata := new(CACert)
|
||
|
err = json.Unmarshal(response, cadata)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
if cadata.Contents == "" {
|
||
|
return nil, fmt.Errorf("[ERROR] Unable to find ca cert %+v", cadata)
|
||
|
}
|
||
|
|
||
|
return []byte(cadata.Contents), nil
|
||
|
}
|