-
Notifications
You must be signed in to change notification settings - Fork 79
/
file.go
72 lines (64 loc) · 1.68 KB
/
file.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package secrets
import (
"crypto/rsa"
"crypto/tls"
"io/ioutil"
jwt "github.com/dgrijalva/jwt-go"
)
type FileSystemSecretsConfig struct {
PrivateKey string `split_words:"true" default:"teresa.rsa"`
PublicKey string `split_words:"true" default:"teresa.rsa.pub"`
TLSCert string `envconfig:"tls_cert" default:"server.cert"`
TLSKey string `envconfig:"tls_key" default:"server.key"`
}
type FileSystemSecrets struct {
privateKey *rsa.PrivateKey
publicKey *rsa.PublicKey
tlsCert *tls.Certificate
tlsCertPath string
tlsKeyPath string
privateKeyPath string
publicKeypath string
}
func (f *FileSystemSecrets) PrivateKey() (*rsa.PrivateKey, error) {
if f.privateKey != nil {
return f.privateKey, nil
}
b, err := ioutil.ReadFile(f.privateKeyPath)
if err != nil {
return nil, err
}
f.privateKey, err = jwt.ParseRSAPrivateKeyFromPEM(b)
return f.privateKey, err
}
func (f *FileSystemSecrets) PublicKey() (*rsa.PublicKey, error) {
if f.publicKey != nil {
return f.publicKey, nil
}
b, err := ioutil.ReadFile(f.publicKeypath)
if err != nil {
return nil, err
}
f.publicKey, err = jwt.ParseRSAPublicKeyFromPEM(b)
return f.publicKey, err
}
func (f *FileSystemSecrets) TLSCertificate() (*tls.Certificate, error) {
if f.tlsCert != nil {
return f.tlsCert, nil
}
cert, err := tls.LoadX509KeyPair(f.tlsCertPath, f.tlsKeyPath)
if err != nil {
return nil, err
}
f.tlsCert = &cert
return f.tlsCert, nil
}
func NewFileSystemSecrets(conf *FileSystemSecretsConfig) (Secrets, error) {
s := &FileSystemSecrets{
privateKeyPath: conf.PrivateKey,
publicKeypath: conf.PublicKey,
tlsCertPath: conf.TLSCert,
tlsKeyPath: conf.TLSKey,
}
return s, nil
}