func loadStore(path string, m secret.ScryptMode) *store.SecretStore {
passphrase, err := util.PassPrompt("Secrets passphrase> ")
if err != nil {
util.Errorf("Failed to read passphrase: %v", err)
return nil
}
var passwords *store.SecretStore
if ok, _ := util.Exists(path); ok {
defer util.Zero(passphrase)
fileData, err := util.ReadFile(path)
if err != nil {
util.Errorf("%v", err)
return nil
}
var ok bool
passwords, ok = store.UnmarshalSecretStore(fileData, passphrase, m)
if !ok {
return nil
}
return passwords
}
util.Errorf("could not find %s", path)
return nil
}
func loadStore(path string) *store.KeyStore {
// If keystore is newly created, we'll want to write it to
// disk before leaving this function.
var flush bool
if exists, _ := util.Exists(path); !exists {
flush = true
}
passphrase, err := util.PassPrompt("keystore passphrase> ")
if err != nil {
util.Errorf("%v", err)
return nil
}
defer util.Zero(passphrase)
keystore, ok := store.LoadKeyStore(path, true)
if !ok {
fmt.Printf("error in LoadKeyStore")
return nil
}
if !keystore.Valid(false) {
fmt.Println("keystore not valid")
return nil
}
if !flush {
if !keystore.Unlock(passphrase) {
return nil
}
return keystore
}
if !keystore.LockWith(passphrase) {
util.Errorf("Failed to set initial passphrase.")
return nil
} else if !keystore.Unlock(passphrase) {
util.Errorf("Flushing keystore failed.")
return nil
}
out, err := keystore.Dump()
if err != nil {
log.Printf("WARNING: failed to dump keystore: %v", err)
return nil
}
err = ioutil.WriteFile(path, out, 0644)
if err != nil {
log.Printf("WARNING: failed to write keystore: %v", err)
}
return keystore
}
func loadStore() {
if ok, failed := util.Exists(storePath); !failed {
log.Fatal("can't access store file")
} else if !ok {
store = map[string]*User{}
return
}
in, err := ioutil.ReadFile(storePath)
dieIfError(err)
err = json.Unmarshal(in, &store)
dieIfError(err)
}
func main() {
baseFile := filepath.Join(os.Getenv("HOME"), ".cukeystore.db")
doCheck := flag.Bool("check", false, "check keystore's integrity'")
doExport := flag.Bool("export", false, "export a verified key")
doImport := flag.Bool("import", false, "import a key")
doArmour := flag.Bool("a", false, "armour output")
doDecrypt := flag.Bool("d", false, "decrypt file")
doEncrypt := flag.Bool("e", false, "encrypt file")
keystorePath := flag.String("f", baseFile, "path to keystore")
doList := flag.Bool("k", false, "list keys")
label := flag.String("l", "self", "label selecting a key")
doRemove := flag.Bool("r", false, "remove named key")
doSign := flag.Bool("s", false, "sign file")
untrustedOK := flag.Bool("u", false, "accept untrusted keys when importing")
doVerify := flag.Bool("v", false, "verify signature")
flag.Parse()
cfg := &config{
Args: flag.Args(),
Label: *label,
Armour: *doArmour,
}
var cmd command
switch {
case *doCheck:
cmd = commandSet["check"]
case *doSign && *doEncrypt:
cfg.Armour = true
cmd = commandSet["cryptsign"]
case *doSign:
cmd = commandSet["sign"]
case *doVerify:
cmd = commandSet["verify"]
case *doEncrypt:
cmd = commandSet["encrypt"]
case *doDecrypt:
cmd = commandSet["decrypt"]
case *doRemove:
cmd = commandSet["remove"]
case *doList:
cmd = commandSet["list"]
case *doExport && *label == "self":
cmd = commandSet["exportself"]
case *doExport:
cmd = commandSet["export"]
case *doImport:
if *untrustedOK {
cmd = commandSet["uimport"]
} else {
cmd = commandSet["import"]
}
default:
util.Errorf("Nothing to do.")
return
}
if flag.NArg() < cmd.RequiredArgc {
util.Errorf("Not enough arguments: want %d, have %d.",
cmd.RequiredArgc, flag.NArg())
util.Errorf("Want: %v", strings.Join(cmd.Args, ", "))
os.Exit(1)
}
ks := loadStore(*keystorePath)
if ks == nil {
util.Errorf("Failed to load keystore.")
os.Exit(1)
}
if *doCheck && ks.ExportKey == nil {
cmd.ShouldWrite = true
}
if cmd.NeedsUnlock {
if !unlockStore(ks) {
os.Exit(1)
}
defer ks.Lock()
}
err := cmd.Run(ks, cfg)
if err != nil {
util.Errorf("Failed: %v", err)
os.Exit(1)
}
shouldWrite := cmd.ShouldWrite
exists, ok := util.Exists(*keystorePath)
if !ok {
util.Errorf("Error checking %s", *keystorePath)
os.Exit(1)
}
shouldWrite = shouldWrite || !exists
if shouldWrite {
ks.Timestamp = time.Now().Unix()
fmt.Println("Writing keystore.")
if !writeStore(ks, *keystorePath) {
os.Exit(1)
}
}
}
