filetoken.go

Documentation: github.com/sassoftware/relic/token/filetoken

     1  //
     2  // Copyright (c) SAS Institute Inc.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  //
    16  
    17  package filetoken
    18  
    19  import (
    20  	"crypto"
    21  	"crypto/x509"
    22  	"errors"
    23  	"fmt"
    24  	"io"
    25  	"io/ioutil"
    26  	"sync"
    27  
    28  	"github.com/sassoftware/relic/config"
    29  	"github.com/sassoftware/relic/lib/certloader"
    30  	"github.com/sassoftware/relic/lib/passprompt"
    31  	"github.com/sassoftware/relic/token"
    32  )
    33  
    34  func init() {
    35  	token.Openers["file"] = Open
    36  }
    37  
    38  type fileToken struct {
    39  	config    *config.Config
    40  	tokenConf *config.TokenConfig
    41  	prompt    passprompt.PasswordGetter
    42  	mu        sync.Mutex
    43  }
    44  
    45  type fileKey struct {
    46  	keyConf *config.KeyConfig
    47  	signer  crypto.Signer
    48  }
    49  
    50  func Open(conf *config.Config, tokenName string, prompt passprompt.PasswordGetter) (token.Token, error) {
    51  	tconf, err := conf.GetToken(tokenName)
    52  	if err != nil {
    53  		return nil, err
    54  	}
    55  	return &fileToken{
    56  		config:    conf,
    57  		tokenConf: tconf,
    58  		prompt:    prompt,
    59  	}, nil
    60  }
    61  
    62  func (tok *fileToken) Ping() error {
    63  	return nil
    64  }
    65  
    66  func (tok *fileToken) Close() error {
    67  	return nil
    68  }
    69  
    70  func (tok *fileToken) Config() *config.TokenConfig {
    71  	return tok.tokenConf
    72  }
    73  
    74  func (tok *fileToken) ListKeys(opts token.ListOptions) error {
    75  	return errors.New("not implemented for tokens of type \"file\"")
    76  }
    77  
    78  func (tok *fileToken) GetKey(keyName string) (token.Key, error) {
    79  	keyConf, err := tok.config.GetKey(keyName)
    80  	if err != nil {
    81  		return nil, err
    82  	}
    83  	if keyConf.KeyFile == "" {
    84  		return nil, fmt.Errorf("key \"%s\" needs a KeyFile setting", keyName)
    85  	}
    86  	blob, err := ioutil.ReadFile(keyConf.KeyFile)
    87  	if err != nil {
    88  		return nil, err
    89  	}
    90  	/* TODO: keyring support
    91  	loginFunc := func(pin string) (bool, error) {
    92  	keyringUser := fmt.Sprintf("%s.%s", tok.tokenConf.Name(), keyName)
    93  	if savedPass != "" {
    94  		tok.mu.Lock()
    95  		defer tok.mu.Unlock()
    96  		if err := token.Login(tok.tokenConf, tok.prompt, loginFunc, keyringUser, ""); err != nil {
    97  			return nil, err
    98  		}
    99  	}
   100  	*/
   101  	privateKey, err := certloader.ParseAnyPrivateKey(blob, tok.prompt)
   102  	if err != nil {
   103  		return nil, err
   104  	}
   105  	return &fileKey{
   106  		keyConf: keyConf,
   107  		signer:  privateKey.(crypto.Signer),
   108  	}, nil
   109  }
   110  
   111  func (key *fileKey) Public() crypto.PublicKey {
   112  	return key.signer.Public()
   113  }
   114  
   115  func (key *fileKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
   116  	return key.signer.Sign(rand, digest, opts)
   117  }
   118  
   119  func (key *fileKey) Config() *config.KeyConfig {
   120  	return key.keyConf
   121  }
   122  
   123  func (key *fileKey) GetID() []byte {
   124  	return nil
   125  }
   126  
   127  func (tok *fileToken) Import(keyName string, privKey crypto.PrivateKey) (token.Key, error) {
   128  	return nil, errors.New("function not implemented for tokens of type \"file\"")
   129  }
   130  
   131  func (tok *fileToken) ImportCertificate(cert *x509.Certificate, labelBase string) error {
   132  	return errors.New("function not implemented for tokens of type \"file\"")
   133  }
   134  
   135  func (tok *fileToken) Generate(keyName string, keyType token.KeyType, bits uint) (token.Key, error) {
   136  	// TODO - probably useful
   137  	return nil, errors.New("function not implemented for tokens of type \"file\"")
   138  }
   139  
   140  func (key *fileKey) ImportCertificate(cert *x509.Certificate) error {
   141  	return errors.New("function not implemented for tokens of type \"file\"")
   142  }
   143
View as plain text