func readDBcert() (cert []byte, err error) {
root := new(secrets.Secret)
shared := new(secrets.Secret)
root.Name = certName
shared.Name = certName
key := new(secrets.Key)
key.Name = certID
priv, err := base64.StdEncoding.DecodeString(certKey)
if err != nil {
return
}
err = database.GetSharedSecret(shared, key)
switch err {
case gorm.ErrRecordNotFound:
err = errors.New("Cert is not shared or does not exist")
return
case nil:
break
default:
return
}
err = database.GetRootSecret(root)
switch err {
case gorm.ErrRecordNotFound:
err = errors.New("Cert does not exist")
return
case nil:
break
default:
return
}
return root.Decrypt(shared, priv)
}
// View downloads a decrypted message
func View(w http.ResponseWriter, r *http.Request) {
api := newAPI(w, r)
defer api.req.Body.Close()
if !api.auth() {
api.error("Unauthorized", 401)
return
}
request, err := api.read()
if err != nil {
log.Debug(err)
api.error("Bad request", 400)
return
}
if name, ok := api.params["messageName"]; ok {
request.Name = name
}
root := new(secrets.Secret)
shared := new(secrets.Secret)
root.Name = request.Name
shared.Name = request.Name
key := new(secrets.Key)
key.Name = api.keyID
err = database.GetSharedSecret(shared, key)
switch err {
case gorm.ErrRecordNotFound:
api.error("Secret does not exist", 404)
return
case nil:
break
default:
log.Error(err)
api.error("Database error", 500)
return
}
err = database.GetRootSecret(root)
switch err {
case gorm.ErrRecordNotFound:
api.error("Secret does not exist", 404)
return
case nil:
break
default:
log.Error(err)
api.error("Database error", 500)
return
}
message, err := root.Decrypt(shared, api.key)
if err != nil {
log.Debug(err)
api.error("Cannot decrypt secret", 500)
return
}
defer secrets.Zero(message)
log.Info("Secret: ", shared.Name, " viewed by: ", key.Name)
viewCount++
api.rawMessage(message, 200)
}
