};
# check context string
- if ($data->{context} =~ /^(https|ssh|smtp|ike)$/) {
+ if ($data->{context} =~ /^(https|ssh|smtp|ike|postgresql|imaps|imap|submission)$/) {
$data->{context} = $1;
} else {
msvalog('error', "invalid context: %s\n", $data->{context});
- $ret->{message} = sprintf("Invalid context: %s", $data->{context});
+ $ret->{message} = sprintf("Invalid/unknown context: %s", $data->{context});
return $status,$ret;
}
msvalog('verbose', "context: %s\n", $data->{context});
# checkout peer string
- if ($data->{peer} =~ /^($RE{net}{domain})$/) {
- $data->{peer} = $1;
+ # old-style just passed a string as a peer, rather than
+ # peer: { name: 'whatever', 'type': 'client' }
+ $data->{peer} = { name => $data->{peer} }
+ if (ref($data->{peer}) ne 'HASH');
+
+ if ($data->{peer}->{name} =~ /^($RE{net}{domain})$/) {
+ $data->{peer}->{name} = $1;
} else {
- msvalog('error', "invalid peer string: %s\n", $data->{peer});
- $ret->{message} = sprintf("Invalid peer string: %s", $data->{peer});
+ msvalog('error', "invalid peer name string: %s\n", $data->{peer}->{name});
+ $ret->{message} = sprintf("Invalid peer name string: %s", $data->{peer}->{name});
return $status,$ret;
}
- msvalog('verbose', "peer: %s\n", $data->{peer});
+ if (defined($data->{peer}->{type})) {
+ if ($data->{peer}->{type} =~ /^(client|server|peer)$/) {
+ $data->{peer}->{type} = $1;
+ } else {
+ msvalog('error', "invalid peer type string: %s\n", $data->{peer}->{type});
+ $ret->{message} = sprintf("Invalid peer type string: %s", $data->{peer}->{type});
+ return $status,$ret;
+ }
+ }
+
+ msvalog('verbose', "peer: %s\n", $data->{peer}->{name});
# generate uid string
- my $uid = $data->{context}.'://'.$data->{peer};
+ my $prefix = $data->{context}.'://';
+ if (defined $data->{peer}->{type} &&
+ $data->{peer}->{type} eq 'client' &&
+ # ike and smtp clients are effectively other servers, so we'll
+ # exclude them:
+ $data->{context} !~ /^(ike|smtp)$/) {
+ $prefix = '';
+ }
+ my $uid = $prefix.$data->{peer}->{name};
msvalog('verbose', "user ID: %s\n", $uid);
# check pkc type
my $self = shift;
my $context = shift;
my $peer = shift;
+ my $peertype = shift;
my $pkctype = shift;
my $pkcdata = shift;
- my $apd = $self->create_apd($context, $peer, $pkctype, $pkcdata);
+ my $apd = $self->create_apd($context, $peer, $peertype, $pkctype, $pkcdata);
my $apdjson = to_json($apd);
my $self = shift;
my $context = shift;
my $peer = shift;
+ my $peertype = shift;
my $pkctype = shift;
my $pkcdata = shift;
$self->log('error', "unknown pkc type '%s'.\n", $pkctype);
};
- return {
- context => $context,
- peer => $peer,
- pkc => {
- type => $pkctype,
- data => $transformed_data,
- },
- };
+ my $ret = {
+ context => $context,
+ peer => { name => $peer},
+ pkc => {
+ type => $pkctype,
+ data => $transformed_data,
+ },
+ };
+ $ret->{peer}->{type} = $peertype
+ if (defined $peertype);
+
+ return $ret;
};
my $context = shift;
my $peer = shift;
my $pkctype = shift;
+my $peertype = shift;
# load raw pkc data from stdin
my $pkcdata = do {
log_level => $ENV{MSVA_LOG_LEVEL},
);
-my ($status,$ret) = $client->query_agent($context,$peer,$pkctype,$pkcdata);
+my ($status,$ret) = $client->query_agent($context,$peer,$peertype,$pkctype,$pkcdata);
$client->log('info', "status: %s\n", $status);
if (defined $ret) {
=head1 SYNOPSIS
-msva-query-agent CONTEXT PEER PKC_TYPE < /path/to/public_key_carrier
+msva-query-agent CONTEXT PEER PKC_TYPE [PEERTYPE] < /path/to/public_key_carrier
=head1 ABSTRACT
for the specified purpose. The agent's return message (if any) is
emitted on stdout.
-Three command-line arguments are all required, supplied in order, as
-follows:
+The first three command-line arguments are all required, supplied in
+order, as follows:
=over 4
=back
+The fourth argument is optional:
+
+= over 4
+
+=item PEERTYPE
+
+The type of peer we are inquiring about (e.g. 'client', 'server')
+
+=back
+
=head1 RETURN CODE
If the certificate is valid for the requested peer in the given
projects / monkeysphere-validation-agent.git / commitdiff