func CreateCrypto(c *cli.Context) (*secure.AesGCM, error) {
keyPath := c.String("key-path")
if keyPath == "" {
usr, err := user.Current()
if err != nil {
fmt.Println(err.Error())
}
keyPath = usr.HomeDir + "/.rss/key"
}
key, err := ioutil.ReadFile(keyPath)
if err != nil {
fmt.Printf("Unable to read key file: %s\n%s\n", keyPath, err.Error())
return nil, err
}
key = bytes.Trim(key, "\n")
secretPbkdf := secure.NewPbkdf2(key, 16)
crypto, err := secure.NewAesGCM(secretPbkdf)
if err != nil {
fmt.Printf("Error creating crypto: %s\n", err)
return nil, err
}
return crypto, nil
}
func createCrypto(logger lager.Logger, secret string) *secure.AesGCM {
// generate secure encryption key using key derivation function (pbkdf2)
secretPbkdf2 := secure.NewPbkdf2([]byte(secret), 16)
crypto, err := secure.NewAesGCM(secretPbkdf2)
if err != nil {
logger.Fatal("error-creating-route-service-crypto", err)
}
return crypto
}
go func() {
err := server.Serve(tlsListener)
Expect(err).ToNot(HaveOccurred())
}()
})
BeforeEach(func() {
conf.RouteServiceEnabled = true
recommendHttps = true
forwardedUrl = "https://my_host.com/resource+9-9_9?query=123&query$2=345#page1..5"
routeServiceHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
metaHeader := r.Header.Get(routeservice.RouteServiceMetadata)
sigHeader := r.Header.Get(routeservice.RouteServiceSignature)
crypto, err := secure.NewAesGCM([]byte(cryptoKey))
Expect(err).ToNot(HaveOccurred())
_, err = header.SignatureFromHeaders(sigHeader, metaHeader, crypto)
Expect(err).ToNot(HaveOccurred())
Expect(r.Header.Get("X-CF-ApplicationID")).To(Equal(""))
// validate client request header
Expect(r.Header.Get("X-CF-Forwarded-Url")).To(Equal(forwardedUrl))
w.Write([]byte("My Special Snowflake Route Service\n"))
})
crypto, err := secure.NewAesGCM([]byte(cryptoKey))
Expect(err).ToNot(HaveOccurred())
. "github.com/onsi/gomega"
)
var _ = Describe("Crypto", func() {
var (
aesGcm secure.Crypto
key []byte
)
BeforeEach(func() {
var err error
// valid key size
key = []byte("super-secret-key")
Expect(err).ToNot(HaveOccurred())
aesGcm, err = secure.NewAesGCM(key)
Expect(err).ToNot(HaveOccurred())
})
Describe("NewPbkdf2", func() {
Context("when a plaintext secret is provided", func() {
Context("when password length is less than desired key len", func() {
It("generates an encryption key of desired ken length", func() {
k := secure.NewPbkdf2([]byte(""), 16)
Expect(k).To(HaveLen(16))
k = secure.NewPbkdf2([]byte("short-key"), 16)
Expect(k).To(HaveLen(16))
cryptoPrev secure.Crypto
caCertPool *x509.CertPool
recommendHttps bool
heartbeatOK int32
)
func TestProxy(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Proxy Suite")
}
var _ = BeforeEach(func() {
logger = lagertest.NewTestLogger("test")
var err error
crypto, err = secure.NewAesGCM([]byte("ABCDEFGHIJKLMNOP"))
Expect(err).NotTo(HaveOccurred())
cryptoPrev = nil
conf = config.DefaultConfig()
conf.TraceKey = "my_trace_key"
conf.EndpointTimeout = 500 * time.Millisecond
fakeReporter = &fakes.FakeProxyReporter{}
})
var _ = JustBeforeEach(func() {
var err error
r = registry.NewRouteRegistry(logger, conf, new(fakes.FakeRouteRegistryReporter))
fakeEmitter := fake.NewFakeEventEmitter("fake")