Beispiel #1
0
// loadValidateKeyByName loads a key by filename and strores it in the struct
// The function is threadsafe and panics if the key file is invalid
func loadValidateKeyByName(filenames []string) {
	var tempKeys []*fernet.Key

	keyPaths := util.GetPaths(filenames)

	for _, path := range keyPaths {

		log.Debugf("Attempting to load validation key from %s", path)
		b, err := ioutil.ReadFile(path)

		if err != nil {
			log.Errorf("Could not open a key file %s", path)
		} else {
			k, err := fernet.DecodeKey(string(b))

			if err != nil {
				log.Errorf("Could not parse a key from %s", path)
			} else {
				log.Debugf("Successfully loaded validation key from %s", path)
				tempKeys = append(tempKeys, k)
			}
		}

	}
	if len(tempKeys) == 0 {
		panic("Could not read any validation keys")
	}
	// Store only after we are sure loading was good
	validateLock.Lock()
	defer validateLock.Unlock()
	keys = tempKeys
}
Beispiel #2
0
// Authenticate implements the Provider interface authenticating a user against a
// password file. None of this is intended for prodcution use.
func (p *PwdProvider) Authenticate(user string, challenge string) bool {
	salt := util.GetConfig().Authn.PwdProvider.Salt
	pwdFilePath := util.GetPaths([]string{util.GetConfig().Authn.PwdProvider.PwdFileName})[0]
	log.Debugf("Reading passwords from %s", pwdFilePath)
	file, err := os.Open(pwdFilePath)

	if err != nil {
		panic(err)
	}

	defer file.Close()

	s := bufio.NewScanner(file)
	for s.Scan() {
		u, p := getUnP(s.Text())
		log.Debugf("Validating %s against %s and %s", user, u, p)
		if u == user {
			pwd, err := base64.StdEncoding.DecodeString(p)
			if err != nil {
				log.Debugf("Base64 decode failed for user %s", user)
				return false
			}
			r := bcrypt.CompareHashAndPassword(pwd, []byte(salt+challenge))
			if r == nil {
				log.Debugf("Authenticated user %s", user)
				return true
			}
		}
	}
	log.Debugf("User %s not found", user)

	return false
}
Beispiel #3
0
// loadMintKeyByName loads a key by filename and strores it in the struct
// The function is threadsafe and panics if the key file is invalid
func LoadMintKeyByName(filename string) {

	keyPath := util.GetPaths([]string{filename})[0]

	log.Debugf("Attempting to load mint key from %s", keyPath)
	b, err := ioutil.ReadFile(keyPath)

	if err != nil {
		panic(err)
	}

	k, err := fernet.DecodeKey(string(b))

	if err != nil {
		panic(err)
	}

	log.Debugf("Successfully loaded mint key from %s", keyPath)
	// Store only after we are sure loading was good
	mintLock.Lock()
	defer mintLock.Unlock()
	key = k
}