From b50f172bdb93015c9de478fd0492475b2085150e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Oliveirinha?= Date: Wed, 16 Nov 2022 12:05:09 +0000 Subject: [PATCH] Revert "TUN-6935: Cloudflared should use APIToken instead of serviceKey" This reverts commit 1c6316c1c94f3ad5676827f758bd812670b62845. --- certutil/certutil.go | 62 +++++++++++--- certutil/certutil_test.go | 38 ++++++--- ...ken.pem => test-argo-tunnel-cert-json.pem} | 5 +- ...ert-json.pem => test-argo-tunnel-cert.pem} | 5 +- certutil/test-cert-no-key.pem | 33 +++++++ certutil/test-cert-two-certificates.pem | 85 +++++++++++++++++++ certutil/test-cert-unknown-block.pem | 4 +- certutil/test-cert.pem | 61 +++++++++++++ cfapi/base_client.go | 2 +- cmd/cloudflared/tunnel/subcommand_context.go | 2 +- 10 files changed, 264 insertions(+), 33 deletions(-) rename certutil/{test-cert-no-token.pem => test-argo-tunnel-cert-json.pem} (96%) rename certutil/{test-cloudflare-tunnel-cert-json.pem => test-argo-tunnel-cert.pem} (94%) create mode 100644 certutil/test-cert-no-key.pem create mode 100644 certutil/test-cert-two-certificates.pem create mode 100644 certutil/test-cert.pem diff --git a/certutil/certutil.go b/certutil/certutil.go index 951926bb..0e90ed4b 100644 --- a/certutil/certutil.go +++ b/certutil/certutil.go @@ -1,21 +1,25 @@ package certutil import ( + "crypto/x509" "encoding/json" "encoding/pem" "fmt" + "strings" ) type namedTunnelToken struct { - ZoneID string `json:"zoneID"` - AccountID string `json:"accountID"` - APIToken string `json:"apiToken"` + ZoneID string `json:"zoneID"` + AccountID string `json:"accountID"` + ServiceKey string `json:"serviceKey"` } type OriginCert struct { - ZoneID string - APIToken string - AccountID string + PrivateKey interface{} + Cert *x509.Certificate + ZoneID string + ServiceKey string + AccountID string } func DecodeOriginCert(blocks []byte) (*OriginCert, error) { @@ -29,11 +33,29 @@ func DecodeOriginCert(blocks []byte) (*OriginCert, error) { break } switch block.Type { - case "PRIVATE KEY", "CERTIFICATE": - // this is for legacy purposes. - break - case "ARGO TUNNEL TOKEN": - if originCert.ZoneID != "" || originCert.APIToken != "" { + case "PRIVATE KEY": + if originCert.PrivateKey != nil { + return nil, fmt.Errorf("Found multiple private key in the certificate") + } + // RSA private key + privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + return nil, fmt.Errorf("Cannot parse private key") + } + originCert.PrivateKey = privateKey + case "CERTIFICATE": + if originCert.Cert != nil { + return nil, fmt.Errorf("Found multiple certificates in the certificate") + } + cert, err := x509.ParseCertificates(block.Bytes) + if err != nil { + return nil, fmt.Errorf("Cannot parse certificate") + } else if len(cert) > 1 { + return nil, fmt.Errorf("Found multiple certificates in the certificate") + } + originCert.Cert = cert[0] + case "WARP TOKEN", "ARGO TUNNEL TOKEN": + if originCert.ZoneID != "" || originCert.ServiceKey != "" { return nil, fmt.Errorf("Found multiple tokens in the certificate") } // The token is a string, @@ -41,8 +63,18 @@ func DecodeOriginCert(blocks []byte) (*OriginCert, error) { ntt := namedTunnelToken{} if err := json.Unmarshal(block.Bytes, &ntt); err == nil { originCert.ZoneID = ntt.ZoneID - originCert.APIToken = ntt.APIToken + originCert.ServiceKey = ntt.ServiceKey originCert.AccountID = ntt.AccountID + } else { + // Try the older format, where the zoneID and service key are separated by + // a new line character + token := string(block.Bytes) + s := strings.Split(token, "\n") + if len(s) != 2 { + return nil, fmt.Errorf("Cannot parse token") + } + originCert.ZoneID = s[0] + originCert.ServiceKey = s[1] } default: return nil, fmt.Errorf("Unknown block %s in the certificate", block.Type) @@ -50,7 +82,11 @@ func DecodeOriginCert(blocks []byte) (*OriginCert, error) { block, rest = pem.Decode(rest) } - if originCert.ZoneID == "" || originCert.APIToken == "" { + if originCert.PrivateKey == nil { + return nil, fmt.Errorf("Missing private key in the certificate") + } else if originCert.Cert == nil { + return nil, fmt.Errorf("Missing certificate in the certificate") + } else if originCert.ZoneID == "" || originCert.ServiceKey == "" { return nil, fmt.Errorf("Missing token in the certificate") } diff --git a/certutil/certutil_test.go b/certutil/certutil_test.go index e48ffcf3..26b13f5d 100644 --- a/certutil/certutil_test.go +++ b/certutil/certutil_test.go @@ -13,33 +13,49 @@ func TestLoadOriginCert(t *testing.T) { assert.Equal(t, fmt.Errorf("Cannot decode empty certificate"), err) assert.Nil(t, cert) - blocks, err := ioutil.ReadFile("test-cert-unknown-block.pem") + blocks, err := ioutil.ReadFile("test-cert-no-key.pem") + assert.Nil(t, err) + cert, err = DecodeOriginCert(blocks) + assert.Equal(t, fmt.Errorf("Missing private key in the certificate"), err) + assert.Nil(t, cert) + + blocks, err = ioutil.ReadFile("test-cert-two-certificates.pem") + assert.Nil(t, err) + cert, err = DecodeOriginCert(blocks) + assert.Equal(t, fmt.Errorf("Found multiple certificates in the certificate"), err) + assert.Nil(t, cert) + + blocks, err = ioutil.ReadFile("test-cert-unknown-block.pem") assert.Nil(t, err) cert, err = DecodeOriginCert(blocks) assert.Equal(t, fmt.Errorf("Unknown block RSA PRIVATE KEY in the certificate"), err) assert.Nil(t, cert) -} -func TestJSONArgoTunnelTokenEmpty(t *testing.T) { - cert, err := DecodeOriginCert([]byte{}) - blocks, err := ioutil.ReadFile("test-cert-no-token.pem") + blocks, err = ioutil.ReadFile("test-cert.pem") assert.Nil(t, err) cert, err = DecodeOriginCert(blocks) - assert.Equal(t, fmt.Errorf("Missing token in the certificate"), err) - assert.Nil(t, cert) + assert.Nil(t, err) + assert.NotNil(t, cert) + assert.Equal(t, "7b0a4d77dfb881c1a3b7d61ea9443e19", cert.ZoneID) + key := "v1.0-58bd4f9e28f7b3c28e05a35ff3e80ab4fd9644ef3fece537eb0d12e2e9258217-183442fbb0bbdb3e571558fec9b5589ebd77aafc87498ee3f09f64a4ad79ffe8791edbae08b36c1d8f1d70a8670de56922dff92b15d214a524f4ebfa1958859e-7ce80f79921312a6022c5d25e2d380f82ceaefe3fbdc43dd13b080e3ef1e26f7" + assert.Equal(t, key, cert.ServiceKey) +} + +func TestNewlineArgoTunnelToken(t *testing.T) { + ArgoTunnelTokenTest(t, "test-argo-tunnel-cert.pem") } func TestJSONArgoTunnelToken(t *testing.T) { // The given cert's Argo Tunnel Token was generated by base64 encoding this JSON: // { // "zoneID": "7b0a4d77dfb881c1a3b7d61ea9443e19", - // "apiToken": "test-service-key", + // "serviceKey": "test-service-key", // "accountID": "abcdabcdabcdabcd1234567890abcdef" // } - CloudflareTunnelTokenTest(t, "test-cloudflare-tunnel-cert-json.pem") + ArgoTunnelTokenTest(t, "test-argo-tunnel-cert-json.pem") } -func CloudflareTunnelTokenTest(t *testing.T, path string) { +func ArgoTunnelTokenTest(t *testing.T, path string) { blocks, err := ioutil.ReadFile(path) assert.Nil(t, err) cert, err := DecodeOriginCert(blocks) @@ -47,5 +63,5 @@ func CloudflareTunnelTokenTest(t *testing.T, path string) { assert.NotNil(t, cert) assert.Equal(t, "7b0a4d77dfb881c1a3b7d61ea9443e19", cert.ZoneID) key := "test-service-key" - assert.Equal(t, key, cert.APIToken) + assert.Equal(t, key, cert.ServiceKey) } diff --git a/certutil/test-cert-no-token.pem b/certutil/test-argo-tunnel-cert-json.pem similarity index 96% rename from certutil/test-cert-no-token.pem rename to certutil/test-argo-tunnel-cert-json.pem index f77b3a2d..6755cff4 100644 --- a/certutil/test-cert-no-token.pem +++ b/certutil/test-argo-tunnel-cert-json.pem @@ -51,6 +51,7 @@ K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ x+Yo/cL8fGfVpPt4UM8= -----END CERTIFICATE----- -----BEGIN ARGO TUNNEL TOKEN----- -eyJ6b25lSUQiOiAiN2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkiLCAiYWNjb3VudElE -IjogImFiY2RhYmNkYWJjZGFiY2QxMjM0NTY3ODkwYWJjZGVmIn0= +eyJ6b25lSUQiOiAiN2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkiLCAi +c2VydmljZUtleSI6ICJ0ZXN0LXNlcnZpY2Uta2V5IiwgImFjY291bnRJRCI6ICJh +YmNkYWJjZGFiY2RhYmNkMTIzNDU2Nzg5MGFiY2RlZiJ9 -----END ARGO TUNNEL TOKEN----- diff --git a/certutil/test-cloudflare-tunnel-cert-json.pem b/certutil/test-argo-tunnel-cert.pem similarity index 94% rename from certutil/test-cloudflare-tunnel-cert-json.pem rename to certutil/test-argo-tunnel-cert.pem index cbbaa334..1a3397ac 100644 --- a/certutil/test-cloudflare-tunnel-cert-json.pem +++ b/certutil/test-argo-tunnel-cert.pem @@ -51,7 +51,6 @@ K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ x+Yo/cL8fGfVpPt4UM8= -----END CERTIFICATE----- -----BEGIN ARGO TUNNEL TOKEN----- -eyJ6b25lSUQiOiAiN2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkiLCAiYXBpVG9rZW4i -OiAidGVzdC1zZXJ2aWNlLWtleSIsICJhY2NvdW50SUQiOiAiYWJjZGFiY2RhYmNkYWJjZDEyMzQ1 -Njc4OTBhYmNkZWYifQ== +N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdGVzdC1zZXJ2aWNlLWtl +eQ== -----END ARGO TUNNEL TOKEN----- diff --git a/certutil/test-cert-no-key.pem b/certutil/test-cert-no-key.pem new file mode 100644 index 00000000..aae69fc9 --- /dev/null +++ b/certutil/test-cert-no-key.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw +gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD +VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv +cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p +YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx +MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL +ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln +aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf +GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng +6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx +tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX +PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ +AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl +HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq +zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw +RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs +YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK +YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh +cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj +K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ +x+Yo/cL8fGfVpPt4UM8= +-----END CERTIFICATE----- +-----BEGIN WARP TOKEN----- +N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4 +ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5 +MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4 +NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2 +NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5 +OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz +ZWYxZTI2Zjc= +-----END WARP TOKEN----- diff --git a/certutil/test-cert-two-certificates.pem b/certutil/test-cert-two-certificates.pem new file mode 100644 index 00000000..214e2f8e --- /dev/null +++ b/certutil/test-cert-two-certificates.pem @@ -0,0 +1,85 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3 +sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg +1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt +z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX +6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS +x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja +1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB +IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D +xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy +sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi +2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm +sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX +Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF +AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj +m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE +QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to +P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8 +pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs +G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0 +6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0 +LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan +OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr +W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd +M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR +y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz +uQicoQq3yzeQh20wtrtaXzTNmA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw +gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD +VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv +cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p +YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx +MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL +ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln +aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf +GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng +6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx +tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX +PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ +AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl +HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq +zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw +RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs +YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK +YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh +cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj +K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ +x+Yo/cL8fGfVpPt4UM8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw +gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD +VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv +cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p +YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx +MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL +ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln +aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf +GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng +6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx +tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX +PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ +AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl +HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq +zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw +RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs +YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK +YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh +cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj +K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ +x+Yo/cL8fGfVpPt4UM8= +-----END CERTIFICATE----- +-----BEGIN WARP TOKEN----- +N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4 +ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5 +MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4 +NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2 +NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5 +OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz +ZWYxZTI2Zjc= +-----END WARP TOKEN----- diff --git a/certutil/test-cert-unknown-block.pem b/certutil/test-cert-unknown-block.pem index 4a847eb0..f7180851 100644 --- a/certutil/test-cert-unknown-block.pem +++ b/certutil/test-cert-unknown-block.pem @@ -50,7 +50,7 @@ cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ x+Yo/cL8fGfVpPt4UM8= -----END CERTIFICATE----- ------BEGIN ARGO TUNNEL TOKEN----- +-----BEGIN WARP TOKEN----- N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4 ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5 MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4 @@ -58,7 +58,7 @@ NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2 NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5 OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz ZWYxZTI2Zjc= ------END ARGO TUNNEL TOKEN----- +-----END WARP TOKEN----- -----BEGIN RSA PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3 sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg diff --git a/certutil/test-cert.pem b/certutil/test-cert.pem new file mode 100644 index 00000000..4d1c9f89 --- /dev/null +++ b/certutil/test-cert.pem @@ -0,0 +1,61 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3 +sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg +1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt +z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX +6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS +x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja +1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB +IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D +xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy +sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi +2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm +sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX +Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF +AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj +m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE +QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to +P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8 +pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs +G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0 +6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0 +LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan +OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr +W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd +M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR +y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz +uQicoQq3yzeQh20wtrtaXzTNmA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw +gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD +VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv +cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p +YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx +MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL +ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln +aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf +GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng +6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx +tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX +PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ +AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl +HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq +zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw +RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs +YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK +YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh +cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj +K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+ +x+Yo/cL8fGfVpPt4UM8= +-----END CERTIFICATE----- +-----BEGIN WARP TOKEN----- +N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4 +ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5 +MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4 +NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2 +NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5 +OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz +ZWYxZTI2Zjc= +-----END WARP TOKEN----- diff --git a/cfapi/base_client.go b/cfapi/base_client.go index 92544071..48b349c3 100644 --- a/cfapi/base_client.go +++ b/cfapi/base_client.go @@ -104,7 +104,7 @@ func (r *RESTClient) sendRequest(method string, url url.URL, body interface{}) ( if bodyReader != nil { req.Header.Set("Content-Type", jsonContentType) } - req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", r.authToken)) + req.Header.Add("X-Auth-User-Service-Key", r.authToken) req.Header.Add("Accept", "application/json;version=1") return r.client.Do(req) } diff --git a/cmd/cloudflared/tunnel/subcommand_context.go b/cmd/cloudflared/tunnel/subcommand_context.go index bc65aced..650781e8 100644 --- a/cmd/cloudflared/tunnel/subcommand_context.go +++ b/cmd/cloudflared/tunnel/subcommand_context.go @@ -74,7 +74,7 @@ func (sc *subcommandContext) client() (cfapi.Client, error) { sc.c.String("api-url"), credential.cert.AccountID, credential.cert.ZoneID, - credential.cert.APIToken, + credential.cert.ServiceKey, userAgent, sc.log, )