1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package service
import (
"errors"
"fmt"
"io/ioutil"
"os"
"path"
"strings"
"github.com/jumpserver/koko/pkg/common"
"github.com/jumpserver/koko/pkg/config"
"github.com/jumpserver/koko/pkg/logger"
)
var (
AccessKeyNotFound = errors.New("access key not found")
AccessKeyFileNotFound = errors.New("access key file not found")
AccessKeyInvalid = errors.New("access key not valid")
)
type AccessKey struct {
ID string
Secret string
Path string
Value string
}
func (ak AccessKey) Sign() (string, string) {
date := common.HTTPGMTDate()
signature := common.MakeSignature(ak.Secret, date)
return date, fmt.Sprintf("Sign %s:%s", ak.ID, signature)
}
func (ak *AccessKey) LoadAccessKeyFromStr(key string) error {
if key == "" {
return AccessKeyNotFound
}
keySlice := strings.Split(strings.TrimSpace(key), ":")
if len(keySlice) != 2 {
return AccessKeyInvalid
}
ak.ID = keySlice[0]
ak.Secret = keySlice[1]
return nil
}
func (ak *AccessKey) LoadAccessKeyFromFile(keyPath string) error {
if keyPath == "" {
return AccessKeyNotFound
}
_, err := os.Stat(keyPath)
if err != nil {
return AccessKeyFileNotFound
}
buf, err := ioutil.ReadFile(keyPath)
if err != nil {
msg := fmt.Sprintf("read access key failed: %s", err)
return errors.New(msg)
}
return ak.LoadAccessKeyFromStr(string(buf))
}
func (ak *AccessKey) SaveToFile() error {
keyDir := path.Dir(ak.Path)
if !common.FileExists(keyDir) {
err := os.MkdirAll(keyDir, os.ModePerm)
if err != nil {
return err
}
}
f, err := os.Create(ak.Path)
defer f.Close()
if err != nil {
return err
}
_, err = f.WriteString(fmt.Sprintf("%s:%s", ak.ID, ak.Secret))
if err != nil {
logger.Error(err)
}
return err
}
func (ak *AccessKey) Register(times int) error {
cf := config.GetConf()
name := cf.Name
token := cf.BootstrapToken
comment := "Coco"
res := RegisterTerminal(name, token, comment)
if res.Name != name {
msg := "register access key failed"
logger.Error(msg)
os.Exit(1)
}
ak.ID = res.ServiceAccount.AccessKey.ID
ak.Secret = res.ServiceAccount.AccessKey.Secret
return nil
}
// LoadAccessKey 加载AccessKey用来与 Core Api 交互
func (ak *AccessKey) Load() (err error) {
err = ak.LoadAccessKeyFromStr(ak.Value)
if err == nil {
return
}
err = ak.LoadAccessKeyFromFile(ak.Path)
if err == nil {
return
}
err = ak.Register(10)
if err != nil {
msg := "register access key failed"
logger.Error(msg)
return errors.New(msg)
}
err = ak.SaveToFile()
if err != nil {
msg := fmt.Sprintf("save to access key to file error: %s", err)
logger.Error(msg)
return errors.New(msg)
}
return nil
}