From dcb3280c98c9134393f069334731202029bbc5dd Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Fri, 1 Jun 2018 17:53:24 +0200
Subject: [PATCH] Prepare addition of more encryption methods

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 .gitignore    |  1 +
 decryption.go | 24 ++++++++++++++++++++++++
 main.go       | 49 +++++++++++++++++++++++++++++++------------------
 3 files changed, 56 insertions(+), 18 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 decryption.go

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a0511b1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+envrun
diff --git a/decryption.go b/decryption.go
new file mode 100644
index 0000000..9bbb051
--- /dev/null
+++ b/decryption.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"fmt"
+
+	openssl "github.com/Luzifer/go-openssl"
+)
+
+type decryptMethod func(body []byte, passphrase string) ([]byte, error)
+
+func decryptMethodFromName(name string) (decryptMethod, error) {
+	switch name {
+
+	case "openssl-md5":
+		return decryptOpenSSLMD5, nil
+
+	default:
+		return nil, fmt.Errorf("Decrypt method %q not found", name)
+	}
+}
+
+func decryptOpenSSLMD5(body []byte, passphrase string) ([]byte, error) {
+	return openssl.New().DecryptString(cfg.Password, string(body))
+}
diff --git a/main.go b/main.go
index 633d77f..047942c 100644
--- a/main.go
+++ b/main.go
@@ -7,20 +7,20 @@ import (
 	"os/exec"
 	"strings"
 
-	openssl "github.com/Luzifer/go-openssl"
 	"github.com/Luzifer/rconfig"
 	log "github.com/sirupsen/logrus"
 )
 
 var (
 	cfg = struct {
-		EnvFile        string `flag:"env-file" default:".env" description:"Location of the environment file"`
-		Silent         bool   `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
-		CleanEnv       bool   `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
-		LogLevel       string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
-		Password       string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
-		PasswordFile   string `flag:"password-file" default:"" description:"Read encryption key from file"`
-		VersionAndExit bool   `flag:"version" default:"false" description:"Prints current version and exits"`
+		CleanEnv         bool   `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
+		EncryptionMethod string `flag:"encryption" default:"openssl-md5" description:"Encryption method used for encrypted env-file (Available: openssl-md5)"`
+		EnvFile          string `flag:"env-file" default:".env" description:"Location of the environment file"`
+		LogLevel         string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
+		PasswordFile     string `flag:"password-file" default:"" description:"Read encryption key from file"`
+		Password         string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
+		Silent           bool   `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
+		VersionAndExit   bool   `flag:"version" default:"false" description:"Prints current version and exits"`
 	}{}
 
 	version = "dev"
@@ -70,11 +70,6 @@ func envMapToList(envMap map[string]string) []string {
 }
 
 func main() {
-	body, err := ioutil.ReadFile(cfg.EnvFile)
-	if err != nil {
-		log.WithError(err).Fatal("Could not read env-file")
-	}
-
 	if cfg.Password == "" && cfg.PasswordFile != "" {
 		if _, err := os.Stat(cfg.PasswordFile); err == nil {
 			data, err := ioutil.ReadFile(cfg.PasswordFile)
@@ -85,10 +80,14 @@ func main() {
 		}
 	}
 
-	if cfg.Password != "" {
-		if body, err = openssl.New().DecryptString(cfg.Password, string(body)); err != nil {
-			log.WithError(err).Fatal("Could not decrypt env-file")
-		}
+	dec, err := decryptMethodFromName(cfg.EncryptionMethod)
+	if err != nil {
+		log.WithError(err).Fatal("Could not load decrypt method")
+	}
+
+	pairs, err := loadEnvFromFile(cfg.EnvFile, cfg.Password, dec)
+	if err != nil {
+		log.WithError(err).Fatal("Could not load env file")
 	}
 
 	var childenv = envListToMap(os.Environ())
@@ -96,7 +95,6 @@ func main() {
 		childenv = map[string]string{}
 	}
 
-	pairs := envListToMap(strings.Split(string(body), "\n"))
 	for k, v := range pairs {
 		childenv[k] = v
 	}
@@ -121,3 +119,18 @@ func main() {
 		os.Exit(2)
 	}
 }
+
+func loadEnvFromFile(filename, passphrase string, decrypt decryptMethod) (map[string]string, error) {
+	body, err := ioutil.ReadFile(cfg.EnvFile)
+	if err != nil {
+		return nil, fmt.Errorf("Could not read env-file: %s", err)
+	}
+
+	if passphrase != "" {
+		if body, err = decrypt(body, passphrase); err != nil {
+			return nil, fmt.Errorf("Could not decrypt env-file: %s", err)
+		}
+	}
+
+	return envListToMap(strings.Split(string(body), "\n")), nil
+}