Beispiel #1
0
func CreateCrypto(c *cli.Context) (*secure.AesGCM, error) {
	keyPath := c.String("key-path")

	if keyPath == "" {
		usr, err := user.Current()
		if err != nil {
			fmt.Println(err.Error())
		}
		keyPath = usr.HomeDir + "/.rss/key"
	}

	key, err := ioutil.ReadFile(keyPath)
	if err != nil {
		fmt.Printf("Unable to read key file: %s\n%s\n", keyPath, err.Error())
		return nil, err
	}

	key = bytes.Trim(key, "\n")
	secretPbkdf := secure.NewPbkdf2(key, 16)
	crypto, err := secure.NewAesGCM(secretPbkdf)
	if err != nil {
		fmt.Printf("Error creating crypto: %s\n", err)
		return nil, err
	}
	return crypto, nil
}
Beispiel #2
0
func CreateCrypto(c *cli.Context) (*secure.AesGCM, error) {
	keyPath := c.String("key-path")

	if keyPath == "" {
		usr, err := user.Current()
		if err != nil {
			fmt.Println(err.Error())
		}
		keyPath = usr.HomeDir + "/.rss/key"
	}

	key, err := ioutil.ReadFile(keyPath)
	if err != nil {
		fmt.Printf("Unable to read key file: %s\n%s\n", keyPath, err.Error())
		return nil, err
	}

	secretDecoded, err := base64.StdEncoding.DecodeString(string(key))
	if err != nil {
		fmt.Printf("Error decoding key: %s\n", err)
		return nil, err
	}

	crypto, err := secure.NewAesGCM(secretDecoded)
	if err != nil {
		fmt.Printf("Error creating crypto: %s\n", err)
		return nil, err
	}
	return crypto, nil
}
Beispiel #3
0
func createCrypto(logger lager.Logger, secret string) *secure.AesGCM {
	// generate secure encryption key using key derivation function (pbkdf2)
	secretPbkdf2 := secure.NewPbkdf2([]byte(secret), 16)
	crypto, err := secure.NewAesGCM(secretPbkdf2)
	if err != nil {
		logger.Fatal("error-creating-route-service-crypto", err)
	}
	return crypto
}
Beispiel #4
0
func createCrypto(logger *steno.Logger, secret string) *secure.AesGCM {
	// generate secure encryption key using key derivation function (pbkdf2)
	secretPbkdf2 := secure.NewPbkdf2([]byte(secret), 16)
	crypto, err := secure.NewAesGCM(secretPbkdf2)
	if err != nil {
		logger.Errorf("Error creating route service crypto: %s\n", err)
		os.Exit(1)
	}
	return crypto
}
Beispiel #5
0
func createCrypto(secret string, logger *steno.Logger) *secure.AesGCM {
	secretDecoded, err := base64.StdEncoding.DecodeString(secret)
	if err != nil {
		logger.Errorf("Error decoding route service secret: %s\n", err)
		os.Exit(1)
	}

	crypto, err := secure.NewAesGCM(secretDecoded)
	if err != nil {
		logger.Errorf("Error creating route service crypto: %s\n", err)
		os.Exit(1)
	}
	return crypto
}
	accessLogFile *test_util.FakeFile
	crypto        secure.Crypto
	logger        lager.Logger
	cryptoPrev    secure.Crypto
)

func TestProxy(t *testing.T) {
	RegisterFailHandler(Fail)
	RunSpecs(t, "Proxy Suite")
}

var _ = BeforeEach(func() {
	logger = lagertest.NewTestLogger("test")
	var err error

	crypto, err = secure.NewAesGCM([]byte("ABCDEFGHIJKLMNOP"))
	Expect(err).NotTo(HaveOccurred())

	cryptoPrev = nil

	conf = config.DefaultConfig()
	conf.TraceKey = "my_trace_key"
	conf.EndpointTimeout = 500 * time.Millisecond
})

var _ = JustBeforeEach(func() {
	var err error
	mbus := fakeyagnats.Connect()
	r = registry.NewRouteRegistry(logger, conf, mbus, new(fakes.FakeRouteRegistryReporter))

	fakeEmitter := fake.NewFakeEventEmitter("fake")
Beispiel #7
0
		server := &http.Server{Handler: routeServiceHandler}
		go func() {
			err := server.Serve(tlsListener)
			Expect(err).ToNot(HaveOccurred())
		}()
	})

	BeforeEach(func() {
		conf.RouteServiceEnabled = true
		forwardedUrl = "http://my_host.com/resource+9-9_9?query=123&query$2=345#page1..5"

		routeServiceHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			metadataHeader := r.Header.Get(route_service.RouteServiceMetadata)
			signatureHeader := r.Header.Get(route_service.RouteServiceSignature)

			crypto, err := secure.NewAesGCM([]byte(cryptoKey))
			Expect(err).ToNot(HaveOccurred())
			_, err = route_service.SignatureFromHeaders(signatureHeader, metadataHeader, crypto)

			Expect(err).ToNot(HaveOccurred())
			Expect(r.Header.Get("X-CF-ApplicationID")).To(Equal(""))

			// validate client request header
			Expect(r.Header.Get("X-CF-Forwarded-Url")).To(Equal(forwardedUrl))

			w.Write([]byte("My Special Snowflake Route Service\n"))
		})

		crypto, err := secure.NewAesGCM([]byte(cryptoKey))
		Expect(err).ToNot(HaveOccurred())
Beispiel #8
0
	. "github.com/onsi/gomega"
)

var _ = Describe("Crypto", func() {

	var (
		aesGcm secure.Crypto
		key    []byte
	)

	BeforeEach(func() {
		var err error
		// valid key size
		key = []byte("super-secret-key")
		Expect(err).ToNot(HaveOccurred())
		aesGcm, err = secure.NewAesGCM(key)
		Expect(err).ToNot(HaveOccurred())
	})

	Describe("NewPbkdf2", func() {

		Context("when a plaintext secret is provided", func() {

			Context("when password length is less than desired key len", func() {
				It("generates an encryption key of desired ken length", func() {
					k := secure.NewPbkdf2([]byte(""), 16)
					Expect(k).To(HaveLen(16))

					k = secure.NewPbkdf2([]byte("short-key"), 16)
					Expect(k).To(HaveLen(16))