예제 #1
0
파일: objs.go 프로젝트: hdonnay/vaultd
// This function is always used to actually return a User record.
// Other methods look up the id from the relevant bit of information and then call this.
func GetUser(id int64) (*User, error) {
	var err error
	var name string
	var key []byte
	var creation time.Time
	var admin bool
	err = q["getUser"].QueryRow(id).Scan(&name, &key, &creation, &admin)
	if err != nil {
		return nil, err
	}
	k := box.PublicKey(key)
	//return &User{id, name, der.(*box.PublicKey), creation, admin}, nil
	return &User{id, name, k, creation, admin}, nil
}
예제 #2
0
파일: vault.go 프로젝트: hdonnay/vaultd
func fetchServerKey() (box.PublicKey, error) {
	var key *bytes.Buffer = new(bytes.Buffer)
	resp, err := http.Get(api["key"].String())
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()
	if resp.ContentLength <= 0 {
		log.Fatal("key ContentLength <= 0")
	}
	// TODO: error check
	io.Copy(key, resp.Body)

	return box.PublicKey(key.Bytes()), nil
}
예제 #3
0
파일: vaultd.go 프로젝트: hdonnay/vaultd
func init() {
	var err error
	var dbver string

	var boxPrivFile, boxPubFile string

	flag.IntVar(&port, "port", 8080, "Port to listen on")
	flag.StringVar(&bind, "bind", "localhost", "Address to bind on")
	flag.BoolVar(&forceInsecure, "forceInsecure", false, "Force insecure (non-HTTPS) listening")
	flag.StringVar(&dsn, "dsn", "host=/var/run/postgresql sslmode=disable", "postgres connection dsn")
	flag.StringVar(&caCert, "ca", "ca.pem", "CA cert (used for client certificates)")
	flag.StringVar(&httpsCert, "cert", "cert.pem", "TLS cert for HTTP server")
	flag.StringVar(&httpsKey, "key", "cert.key", "Key for TLS cert for HTTP server")
	flag.StringVar(&boxPrivFile, "priv", "priv.der", "Server private key (for signing")
	flag.StringVar(&boxPubFile, "pub", "pub.der", "Server public key (for signing")
	flag.Parse()

	glog.Info("Initializing")

	_, privErr := os.Stat(boxPrivFile)
	_, pubErr := os.Stat(boxPubFile)

	switch {
	case privErr != nil && pubErr != nil:
		pr, pu, ok := box.GenerateKey()
		if !ok {
			glog.Fatal("Error generating key")
		}
		boxPriv = pr
		boxPub = pu
		ioutil.WriteFile(boxPrivFile, []byte(pr), 0600)
		ioutil.WriteFile(boxPubFile, []byte(pu), 0600)
	case privErr != nil || pubErr != nil:
		glog.Fatal("Only one file of the public/private keypair exists.")
	default:
		t, err := ioutil.ReadFile(boxPrivFile)
		if err != nil {
			glog.Fatalf("Error opening keyfile: %v\n", err)
		}
		boxPriv = box.PrivateKey(t)

		t, err = ioutil.ReadFile(boxPubFile)
		if err != nil {
			glog.Fatalf("Error opening keyfile: %v\n", err)
		}
		boxPub = box.PublicKey(t)
	}
	if glog.V(1) {
		glog.Infof("Loaded signing key: %x (length %d)\n", boxPub, len(boxPub))
	}

	db, err = sql.Open("postgres", dsn)
	if err != nil {
		glog.Fatalf("Database open error: %s\n", err)
	}
	if err = db.Ping(); err != nil {
		glog.Fatalf("Database connection error: %s\n", err)
	}
	err = db.QueryRow("SELECT version();").Scan(&dbver)
	if glog.V(1) {
		glog.Infof("DB reports version: %s\n", dbver)
	}

	err = dbInit(db)
	if err != nil {
		glog.Fatal(err)
	}
}