func loadExample(c *cli.Context, file string) (sops.Tree, error) {
var in []byte
var tree sops.Tree
fileStore := inputStore(c, file)
if _, ok := fileStore.(*json.BinaryStore); ok {
// Get the value under the first key
in = []byte(exampleTree[0].Value.(string))
} else {
var err error
in, err = fileStore.Marshal(exampleTree)
if err != nil {
return tree, err
}
}
branch, _ := fileStore.Unmarshal(in)
tree.Branch = branch
ks, err := getKeySources(c, file)
if err != nil {
return tree, err
}
tree.Metadata.UnencryptedSuffix = c.String("unencrypted-suffix")
tree.Metadata.Version = version
tree.Metadata.KeySources = ks
key, errs := tree.GenerateDataKey()
if len(errs) > 0 {
return tree, cli.NewExitError(fmt.Sprintf("Error encrypting the data key with one or more master keys: %s", errs), exitCouldNotRetrieveKey)
}
tree.Metadata.UpdateMasterKeys(key)
return tree, nil
}
func decrypt(c *cli.Context, tree sops.Tree, outputStore sops.Store) ([]byte, error) {
tree, _, err := decryptTree(tree, c.Bool("ignore-mac"))
if c.String("extract") != "" {
v, err := tree.Branch.Truncate(c.String("extract"))
if err != nil {
return nil, cli.NewExitError(err.Error(), exitInvalidTreePathFormat)
}
if newBranch, ok := v.(sops.TreeBranch); ok {
tree.Branch = newBranch
} else {
bytes, err := sops.ToBytes(v)
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Error dumping tree: %s", err), exitErrorDumpingTree)
}
return bytes, nil
}
}
out, err := outputStore.Marshal(tree.Branch)
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Error dumping file: %s", err), exitErrorDumpingTree)
}
return out, nil
}
func edit(c *cli.Context, file string, fileBytes []byte) ([]byte, error) {
var tree sops.Tree
var stash map[string][]interface{}
var err error
if fileBytes == nil {
tree, err = loadExample(c, file)
} else {
tree, err = loadEncryptedFile(c, inputStore(c, file), fileBytes)
if err != nil {
return nil, err
}
tree, stash, err = decryptTree(tree, c.Bool("ignore-mac"))
if err != nil {
return nil, err
}
}
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not load file: %s", err), exitCouldNotReadInputFile)
}
tmpdir, err := ioutil.TempDir("", "")
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not create temporary directory: %s", err), exitCouldNotWriteOutputFile)
}
defer os.RemoveAll(tmpdir)
tmpfile, err := os.Create(path.Join(tmpdir, path.Base(file)))
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not create temporary file: %s", err), exitCouldNotWriteOutputFile)
}
var out []byte
if c.Bool("show-master-keys") {
out, err = outputStore(c, file).MarshalWithMetadata(tree.Branch, tree.Metadata)
} else {
out, err = outputStore(c, file).Marshal(tree.Branch)
}
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree)
}
_, err = tmpfile.Write(out)
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not write output file: %s", err), exitCouldNotWriteOutputFile)
}
origHash, err := hashFile(tmpfile.Name())
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not hash file: %s", err), exitCouldNotReadInputFile)
}
for {
err = runEditor(tmpfile.Name())
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not run editor: %s", err), exitNoEditorFound)
}
newHash, err := hashFile(tmpfile.Name())
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not hash file: %s", err), exitCouldNotReadInputFile)
}
if bytes.Equal(newHash, origHash) {
return nil, cli.NewExitError("File has not changed, exiting.", exitFileHasNotBeenModified)
}
edited, err := ioutil.ReadFile(tmpfile.Name())
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not read edited file: %s", err), exitCouldNotReadInputFile)
}
newBranch, err := inputStore(c, file).Unmarshal(edited)
if err != nil {
fmt.Printf("Could not load tree: %s\nProbably invalid syntax. Press a key to return to the editor, or Ctrl+C to exit.", err)
bufio.NewReader(os.Stdin).ReadByte()
continue
}
if c.Bool("show-master-keys") {
metadata, err := inputStore(c, file).UnmarshalMetadata(edited)
if err != nil {
fmt.Printf("sops branch is invalid: %s.\nPress a key to return to the editor, or Ctrl+C to exit.", err)
bufio.NewReader(os.Stdin).ReadByte()
continue
}
tree.Metadata = metadata
}
tree.Branch = newBranch
tree.Metadata.Version = version
if tree.Metadata.MasterKeyCount() == 0 {
fmt.Println("No master keys were provided, so sops can't encrypt the file.\nPress a key to return to the editor, or Ctrl+C to exit.")
bufio.NewReader(os.Stdin).ReadByte()
continue
}
break
}
tree, err = encryptTree(tree, stash)
if err != nil {
return nil, err
}
out, err = outputStore(c, file).MarshalWithMetadata(tree.Branch, tree.Metadata)
if err != nil {
return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree)
}
return out, nil
}
