forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flag.go
139 lines (112 loc) · 3.21 KB
/
flag.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package pgpkeys
import (
"bytes"
"encoding/base64"
"errors"
"fmt"
"os"
"strings"
"github.com/keybase/go-crypto/openpgp"
)
// PubKeyFileFlag implements flag.Value and command.Example to receive exactly
// one PGP or keybase key via a flag.
type PubKeyFileFlag string
func (p *PubKeyFileFlag) String() string { return string(*p) }
func (p *PubKeyFileFlag) Set(val string) error {
if p != nil && *p != "" {
return errors.New("can only be specified once")
}
keys, err := ParsePGPKeys(strings.Split(val, ","))
if err != nil {
return err
}
if len(keys) > 1 {
return errors.New("can only specify one pgp key")
}
*p = PubKeyFileFlag(keys[0])
return nil
}
func (p *PubKeyFileFlag) Example() string { return "keybase:user" }
// PGPPubKeyFiles implements the flag.Value interface and allows parsing and
// reading a list of PGP public key files.
type PubKeyFilesFlag []string
func (p *PubKeyFilesFlag) String() string {
return fmt.Sprint(*p)
}
func (p *PubKeyFilesFlag) Set(val string) error {
if len(*p) > 0 {
return errors.New("can only be specified once")
}
keys, err := ParsePGPKeys(strings.Split(val, ","))
if err != nil {
return err
}
*p = PubKeyFilesFlag(keys)
return nil
}
func (p *PubKeyFilesFlag) Example() string { return "keybase:user1, keybase:user2, ..." }
// ParsePGPKeys takes a list of PGP keys and parses them either using keybase
// or reading them from disk and returns the "expanded" list of pgp keys in
// the same order.
func ParsePGPKeys(keyfiles []string) ([]string, error) {
keys := make([]string, len(keyfiles))
keybaseMap, err := FetchKeybasePubkeys(keyfiles)
if err != nil {
return nil, err
}
for i, keyfile := range keyfiles {
keyfile = strings.TrimSpace(keyfile)
if strings.HasPrefix(keyfile, kbPrefix) {
key, ok := keybaseMap[keyfile]
if !ok || key == "" {
return nil, fmt.Errorf("keybase user %q not found", strings.TrimPrefix(keyfile, kbPrefix))
}
keys[i] = key
continue
}
pgpStr, err := ReadPGPFile(keyfile)
if err != nil {
return nil, err
}
keys[i] = pgpStr
}
return keys, nil
}
// ReadPGPFile reads the given PGP file from disk.
func ReadPGPFile(path string) (string, error) {
if path[0] == '@' {
path = path[1:]
}
f, err := os.Open(path)
if err != nil {
return "", err
}
defer f.Close()
buf := bytes.NewBuffer(nil)
_, err = buf.ReadFrom(f)
if err != nil {
return "", err
}
// First parse as an armored keyring file, if that doesn't work, treat it as a straight binary/b64 string
keyReader := bytes.NewReader(buf.Bytes())
entityList, err := openpgp.ReadArmoredKeyRing(keyReader)
if err == nil {
if len(entityList) != 1 {
return "", fmt.Errorf("more than one key found in file %s", path)
}
if entityList[0] == nil {
return "", fmt.Errorf("primary key was nil for file %s", path)
}
serializedEntity := bytes.NewBuffer(nil)
err = entityList[0].Serialize(serializedEntity)
if err != nil {
return "", fmt.Errorf("error serializing entity for file %s: %s", path, err)
}
return base64.StdEncoding.EncodeToString(serializedEntity.Bytes()), nil
}
_, err = base64.StdEncoding.DecodeString(buf.String())
if err == nil {
return buf.String(), nil
}
return base64.StdEncoding.EncodeToString(buf.Bytes()), nil
}