88 lines
2.7 KiB
Go
88 lines
2.7 KiB
Go
// Copyright 2016 Circonus, Inc. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package checkmgr
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/json"
|
|
"fmt"
|
|
)
|
|
|
|
// Default Circonus CA certificate
|
|
var circonusCA = []byte(`-----BEGIN CERTIFICATE-----
|
|
MIID4zCCA0ygAwIBAgIJAMelf8skwVWPMA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
|
|
VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxETAPBgNVBAcTCENvbHVtYmlhMRcw
|
|
FQYDVQQKEw5DaXJjb251cywgSW5jLjERMA8GA1UECxMIQ2lyY29udXMxJzAlBgNV
|
|
BAMTHkNpcmNvbnVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJ
|
|
ARYPY2FAY2lyY29udXMubmV0MB4XDTA5MTIyMzE5MTcwNloXDTE5MTIyMTE5MTcw
|
|
NlowgagxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMI
|
|
Q29sdW1iaWExFzAVBgNVBAoTDkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJj
|
|
b251czEnMCUGA1UEAxMeQ2lyY29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4w
|
|
HAYJKoZIhvcNAQkBFg9jYUBjaXJjb251cy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD
|
|
gY0AMIGJAoGBAKz2X0/0vJJ4ad1roehFyxUXHdkjJA9msEKwT2ojummdUB3kK5z6
|
|
PDzDL9/c65eFYWqrQWVWZSLQK1D+v9xJThCe93v6QkSJa7GZkCq9dxClXVtBmZH3
|
|
hNIZZKVC6JMA9dpRjBmlFgNuIdN7q5aJsv8VZHH+QrAyr9aQmhDJAmk1AgMBAAGj
|
|
ggERMIIBDTAdBgNVHQ4EFgQUyNTsgZHSkhhDJ5i+6IFlPzKYxsUwgd0GA1UdIwSB
|
|
1TCB0oAUyNTsgZHSkhhDJ5i+6IFlPzKYxsWhga6kgaswgagxCzAJBgNVBAYTAlVT
|
|
MREwDwYDVQQIEwhNYXJ5bGFuZDERMA8GA1UEBxMIQ29sdW1iaWExFzAVBgNVBAoT
|
|
DkNpcmNvbnVzLCBJbmMuMREwDwYDVQQLEwhDaXJjb251czEnMCUGA1UEAxMeQ2ly
|
|
Y29udXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9jYUBj
|
|
aXJjb251cy5uZXSCCQDHpX/LJMFVjzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
|
|
BQUAA4GBAAHBtl15BwbSyq0dMEBpEdQYhHianU/rvOMe57digBmox7ZkPEbB/baE
|
|
sYJysziA2raOtRxVRtcxuZSMij2RiJDsLxzIp1H60Xhr8lmf7qF6Y+sZl7V36KZb
|
|
n2ezaOoRtsQl9dhqEMe8zgL76p9YZ5E69Al0mgiifTteyNjjMuIW
|
|
-----END CERTIFICATE-----`)
|
|
|
|
// CACert contains cert returned from Circonus API
|
|
type CACert struct {
|
|
Contents string `json:"contents"`
|
|
}
|
|
|
|
// loadCACert loads the CA cert for the broker designated by the submission url
|
|
func (cm *CheckManager) loadCACert() {
|
|
if cm.certPool != nil {
|
|
return
|
|
}
|
|
|
|
cm.certPool = x509.NewCertPool()
|
|
|
|
cert, err := cm.fetchCert()
|
|
if err != nil {
|
|
if cm.Debug {
|
|
cm.Log.Printf("[DEBUG] Unable to fetch ca.crt, using default. %+v\n", err)
|
|
}
|
|
}
|
|
|
|
if cert == nil {
|
|
cert = circonusCA
|
|
}
|
|
|
|
cm.certPool.AppendCertsFromPEM(cert)
|
|
}
|
|
|
|
// fetchCert fetches CA certificate using Circonus API
|
|
func (cm *CheckManager) fetchCert() ([]byte, error) {
|
|
if !cm.enabled {
|
|
return circonusCA, nil
|
|
}
|
|
|
|
response, err := cm.apih.Get("/pki/ca.crt")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cadata := new(CACert)
|
|
err = json.Unmarshal(response, cadata)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cadata.Contents == "" {
|
|
return nil, fmt.Errorf("[ERROR] Unable to find ca cert %+v", cadata)
|
|
}
|
|
|
|
return []byte(cadata.Contents), nil
|
|
}
|