示例#1
0
文件: vault.go 项目: hdonnay/vaultd
func loadKey() (box.PrivateKey, error) {
	var err error
	var raw []byte
	i, err := os.Stat(keyFile)
	if err != nil {
		os.MkdirAll(confPath, 0700)
		log.Fatalf("Couldn't find Private key, looked for %s\n", keyFile)
	}

	raw = make([]byte, i.Size())

	f, err := os.Open(keyFile)
	if err != nil {
		return nil, err
	}
	if _, err = io.ReadFull(f, raw); err != nil {
		return nil, err
	}

	//if !box.KeyIsSuitable(raw) {
	//	phrase := getPassphrase("Passphrase: ")
	//	if !secretbox.KeyIsSuitable(phrase) {
	//		return nil, &internalError{E_BADKEY}
	//	}

	//	ret, ok := secretbox.Open(raw, secretbox.Key(phrase))
	//	if !ok {
	//		return nil, &internalError{E_BADKEY}
	//	}

	//	if !box.KeyIsSuitable(ret) {
	//		return nil, &internalError{E_BADKEY}
	//	}
	//	return box.PrivateKey(ret), nil
	//} else {
	stdout.Printf("This key is unencrypted!\nEncrypt this key with: '%s encrypt'\n", os.Args[0])
	return box.PrivateKey(raw), nil
	//}
}
示例#2
0
文件: vaultd.go 项目: hdonnay/vaultd
func init() {
	var err error
	var dbver string

	var boxPrivFile, boxPubFile string

	flag.IntVar(&port, "port", 8080, "Port to listen on")
	flag.StringVar(&bind, "bind", "localhost", "Address to bind on")
	flag.BoolVar(&forceInsecure, "forceInsecure", false, "Force insecure (non-HTTPS) listening")
	flag.StringVar(&dsn, "dsn", "host=/var/run/postgresql sslmode=disable", "postgres connection dsn")
	flag.StringVar(&caCert, "ca", "ca.pem", "CA cert (used for client certificates)")
	flag.StringVar(&httpsCert, "cert", "cert.pem", "TLS cert for HTTP server")
	flag.StringVar(&httpsKey, "key", "cert.key", "Key for TLS cert for HTTP server")
	flag.StringVar(&boxPrivFile, "priv", "priv.der", "Server private key (for signing")
	flag.StringVar(&boxPubFile, "pub", "pub.der", "Server public key (for signing")
	flag.Parse()

	glog.Info("Initializing")

	_, privErr := os.Stat(boxPrivFile)
	_, pubErr := os.Stat(boxPubFile)

	switch {
	case privErr != nil && pubErr != nil:
		pr, pu, ok := box.GenerateKey()
		if !ok {
			glog.Fatal("Error generating key")
		}
		boxPriv = pr
		boxPub = pu
		ioutil.WriteFile(boxPrivFile, []byte(pr), 0600)
		ioutil.WriteFile(boxPubFile, []byte(pu), 0600)
	case privErr != nil || pubErr != nil:
		glog.Fatal("Only one file of the public/private keypair exists.")
	default:
		t, err := ioutil.ReadFile(boxPrivFile)
		if err != nil {
			glog.Fatalf("Error opening keyfile: %v\n", err)
		}
		boxPriv = box.PrivateKey(t)

		t, err = ioutil.ReadFile(boxPubFile)
		if err != nil {
			glog.Fatalf("Error opening keyfile: %v\n", err)
		}
		boxPub = box.PublicKey(t)
	}
	if glog.V(1) {
		glog.Infof("Loaded signing key: %x (length %d)\n", boxPub, len(boxPub))
	}

	db, err = sql.Open("postgres", dsn)
	if err != nil {
		glog.Fatalf("Database open error: %s\n", err)
	}
	if err = db.Ping(); err != nil {
		glog.Fatalf("Database connection error: %s\n", err)
	}
	err = db.QueryRow("SELECT version();").Scan(&dbver)
	if glog.V(1) {
		glog.Infof("DB reports version: %s\n", dbver)
	}

	err = dbInit(db)
	if err != nil {
		glog.Fatal(err)
	}
}