-
Notifications
You must be signed in to change notification settings - Fork 0
/
module.go
103 lines (81 loc) · 2.62 KB
/
module.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package orcpersistentkeys
import (
"fmt"
"os"
"github.com/sirupsen/logrus"
"github.com/steinarvk/orc"
"github.com/steinarvk/orclib/lib/orckeys"
canonicalhost "github.com/steinarvk/orclib/module/orc-canonicalhost"
identity "github.com/steinarvk/orclib/module/orc-identity"
orctinkgcpkms "github.com/steinarvk/orclib/module/orc-tinkgcpkms"
)
var (
FakePersistentKeys bool = false
)
type Module struct {
Keys *orckeys.Keys
}
func (m *Module) ModuleName() string {
if FakePersistentKeys {
return "FakePersistentKeys"
}
return "PersistentKeys"
}
var M = &Module{}
func (m *Module) OnRegister(hooks orc.ModuleHooks) {
var keysFilename string
var debugOrcKeysGenerate bool
hooks.OnUse(func(ctx orc.UseContext) {
ctx.Use(orctinkgcpkms.M)
ctx.Use(canonicalhost.M)
if !FakePersistentKeys {
ctx.Flags.StringVar(&keysFilename, "keys_filename", "", "name of file from which to load server keys")
ctx.Flags.BoolVar(&debugOrcKeysGenerate, "debug_generate_keys", false, "(for debugging convenience) generate new server keys that will not be persisted")
}
})
hooks.OnStart(func() error {
if keysFilename != "" && debugOrcKeysGenerate {
return fmt.Errorf("Cannot specify both --debug_generate_keys and --keys_filename")
}
switch {
case FakePersistentKeys:
keys, err := orckeys.Generate(canonicalhost.M.CanonicalHost)
if err != nil {
return fmt.Errorf("Error generating keys (FakePersistentKeys): %v", err)
}
m.Keys = keys
case debugOrcKeysGenerate:
keys, err := orckeys.Generate(canonicalhost.M.CanonicalHost)
if err != nil {
return fmt.Errorf("Error generating keys (--debug_generate_keys): %v", err)
}
logrus.Warningf("--debug_generate_keys: generated new keys, server has no persistent keys")
m.Keys = keys
default:
if keysFilename == "" {
return fmt.Errorf("Missing --keys_filename (or --debug_generate_keys)")
}
f, err := os.Open(keysFilename)
if err != nil {
return fmt.Errorf("unable to open --keys_filename=%q: %v", keysFilename, err)
}
defer f.Close()
keys, err := orckeys.LoadEncrypted(f, "")
if err != nil {
return fmt.Errorf("failed to open --keys_filename=%q: %v", keysFilename, err)
}
if keys.Metadata.Owner != canonicalhost.M.CanonicalHost {
return fmt.Errorf("Loaded keys owned by %q, but canonical host is %q", keys.Metadata.Owner, canonicalhost.M.CanonicalHost)
}
m.Keys = keys
}
if m.Keys == nil {
return fmt.Errorf("Internal error: no server keys were loaded")
}
identity.MutateIdentity(func(claim *identity.IdentityClaim) {
publicKeys := m.Keys.Public()
claim.PublicKeys = &publicKeys
})
return nil
})
}