-
Notifications
You must be signed in to change notification settings - Fork 390
/
utils.go
108 lines (92 loc) · 2.3 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package identity
import (
"io/ioutil"
"os"
"path/filepath"
"github.com/zeebo/errs"
"storj.io/storj/internal/fpath"
)
// TLSFilesStatus is the status of keys
type TLSFilesStatus int
// Four possible outcomes for four files
const (
NoCertNoKey = TLSFilesStatus(iota)
CertNoKey
NoCertKey
CertKey
)
var (
// ErrZeroBytes is returned for zero slice
ErrZeroBytes = errs.New("byte slice was unexpectedly empty")
)
// writeChainData writes data to path ensuring permissions are appropriate for a cert
func writeChainData(path string, data []byte) error {
err := writeFile(path, 0744, 0644, data)
if err != nil {
return errs.New("unable to write certificate to \"%s\": %v", path, err)
}
return nil
}
// writeKeyData writes data to path ensuring permissions are appropriate for a cert
func writeKeyData(path string, data []byte) error {
err := writeFile(path, 0700, 0600, data)
if err != nil {
return errs.New("unable to write key to \"%s\": %v", path, err)
}
return nil
}
// writeFile writes to path, creating directories and files with the necessary permissions
func writeFile(path string, dirmode, filemode os.FileMode, data []byte) error {
if err := os.MkdirAll(filepath.Dir(path), dirmode); err != nil {
return errs.Wrap(err)
}
if writable, err := fpath.IsWritable(filepath.Dir(path)); !writable || err != nil {
return errs.Wrap(errs.New("%s is not a writeable directory: %s\n", path, err))
}
if err := ioutil.WriteFile(path, data, filemode); err != nil {
return errs.Wrap(err)
}
return nil
}
func statTLSFiles(certPath, keyPath string) (status TLSFilesStatus, err error) {
hasKey := true
hasCert := true
_, err = os.Stat(certPath)
if err != nil {
if os.IsNotExist(err) {
hasCert = false
} else {
return NoCertNoKey, err
}
}
_, err = os.Stat(keyPath)
if err != nil {
if os.IsNotExist(err) {
hasKey = false
} else {
return NoCertNoKey, err
}
}
switch {
case hasCert && hasKey:
return CertKey, nil
case hasCert:
return CertNoKey, nil
case hasKey:
return NoCertKey, nil
}
return NoCertNoKey, nil
}
func (t TLSFilesStatus) String() string {
switch t {
case CertKey:
return "certificate and key"
case CertNoKey:
return "certificate"
case NoCertKey:
return "key"
}
return ""
}