forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flag.go
97 lines (81 loc) · 2.19 KB
/
flag.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package pgpkeys
import (
"bytes"
"encoding/base64"
"errors"
"fmt"
"os"
"strings"
"golang.org/x/crypto/openpgp"
)
// PGPPubKeyFiles implements the flag.Value interface and allows
// parsing and reading a list of pgp public key files
type PubKeyFilesFlag []string
func (p *PubKeyFilesFlag) String() string {
return fmt.Sprint(*p)
}
func (p *PubKeyFilesFlag) Set(value string) error {
if len(*p) > 0 {
return errors.New("pgp-keys can only be specified once")
}
splitValues := strings.Split(value, ",")
keybaseMap, err := FetchKeybasePubkeys(splitValues)
if err != nil {
return err
}
// Now go through the actual flag, and substitute in resolved keybase
// entries where appropriate
for _, keyfile := range splitValues {
if strings.HasPrefix(keyfile, kbPrefix) {
key := keybaseMap[keyfile]
if key == "" {
return fmt.Errorf("key for keybase user %s was not found in the map", strings.TrimPrefix(keyfile, kbPrefix))
}
*p = append(*p, key)
continue
}
pgpStr, err := ReadPGPFile(keyfile)
if err != nil {
return err
}
*p = append(*p, pgpStr)
}
return nil
}
func ReadPGPFile(path string) (string, error) {
if path[0] == '@' {
path = path[1:]
}
f, err := os.Open(path)
if err != nil {
return "", err
}
defer f.Close()
buf := bytes.NewBuffer(nil)
_, err = buf.ReadFrom(f)
if err != nil {
return "", err
}
// First parse as an armored keyring file, if that doesn't work, treat it as a straight binary/b64 string
keyReader := bytes.NewReader(buf.Bytes())
entityList, err := openpgp.ReadArmoredKeyRing(keyReader)
if err == nil {
if len(entityList) != 1 {
return "", fmt.Errorf("more than one key found in file %s", path)
}
if entityList[0] == nil {
return "", fmt.Errorf("primary key was nil for file %s", path)
}
serializedEntity := bytes.NewBuffer(nil)
err = entityList[0].Serialize(serializedEntity)
if err != nil {
return "", fmt.Errorf("error serializing entity for file %s: %s", path, err)
}
return base64.StdEncoding.EncodeToString(serializedEntity.Bytes()), nil
}
_, err = base64.StdEncoding.DecodeString(buf.String())
if err == nil {
return buf.String(), nil
}
return base64.StdEncoding.EncodeToString(buf.Bytes()), nil
}