| 81 | } |
| 82 | |
| 83 | func decodeOriginCert(blocks []byte) (*OriginCert, error) { |
| 84 | if len(blocks) == 0 { |
| 85 | return nil, fmt.Errorf("cannot decode empty certificate") |
| 86 | } |
| 87 | originCert := OriginCert{} |
| 88 | block, rest := pem.Decode(blocks) |
| 89 | for block != nil { |
| 90 | switch block.Type { |
| 91 | case "PRIVATE KEY", "CERTIFICATE": |
| 92 | // this is for legacy purposes. |
| 93 | case "ARGO TUNNEL TOKEN": |
| 94 | if originCert.ZoneID != "" || originCert.APIToken != "" { |
| 95 | return nil, fmt.Errorf("found multiple tokens in the certificate") |
| 96 | } |
| 97 | // The token is a string, |
| 98 | // Try the newer JSON format |
| 99 | _ = json.Unmarshal(block.Bytes, &originCert) |
| 100 | default: |
| 101 | return nil, fmt.Errorf("unknown block %s in the certificate", block.Type) |
| 102 | } |
| 103 | block, rest = pem.Decode(rest) |
| 104 | } |
| 105 | |
| 106 | if originCert.ZoneID == "" || originCert.APIToken == "" { |
| 107 | return nil, fmt.Errorf("missing token in the certificate") |
| 108 | } |
| 109 | |
| 110 | return &originCert, nil |
| 111 | } |
| 112 | |
| 113 | func readOriginCert(originCertPath string) ([]byte, error) { |
| 114 | originCert, err := os.ReadFile(originCertPath) |