mirror of
https://github.com/Luzifer/envrun.git
synced 2024-11-14 00:52:42 +00:00
67 lines
1.5 KiB
Go
67 lines
1.5 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
|
|
"golang.org/x/crypto/openpgp"
|
|
"golang.org/x/crypto/openpgp/armor"
|
|
|
|
openssl "github.com/Luzifer/go-openssl"
|
|
)
|
|
|
|
type decryptMethod func(body []byte, passphrase string) ([]byte, error)
|
|
|
|
func decryptMethodFromName(name string) (decryptMethod, error) {
|
|
switch name {
|
|
|
|
case "gpg-symmetric":
|
|
return decryptGPGSymmetric, nil
|
|
|
|
case "openssl-md5":
|
|
return decryptOpenSSL(openssl.DigestMD5Sum), nil
|
|
|
|
case "openssl-sha256":
|
|
return decryptOpenSSL(openssl.DigestSHA256Sum), nil
|
|
|
|
default:
|
|
return nil, fmt.Errorf("Decrypt method %q not found", name)
|
|
}
|
|
}
|
|
|
|
func decryptGPGSymmetric(body []byte, passphrase string) ([]byte, error) {
|
|
var msgReader io.Reader
|
|
|
|
block, err := armor.Decode(bytes.NewReader(body))
|
|
switch err {
|
|
case nil:
|
|
msgReader = block.Body
|
|
case io.EOF:
|
|
msgReader = bytes.NewReader(body)
|
|
default:
|
|
return nil, fmt.Errorf("Unable to read armor: %s", err)
|
|
}
|
|
|
|
var passwordRetry bool
|
|
md, err := openpgp.ReadMessage(msgReader, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
|
|
if passwordRetry {
|
|
return nil, fmt.Errorf("Wrong passphrase supplied")
|
|
}
|
|
|
|
passwordRetry = true
|
|
return []byte(passphrase), nil
|
|
}, nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Unable to decrypt message: %s", err)
|
|
}
|
|
|
|
return ioutil.ReadAll(md.UnverifiedBody)
|
|
}
|
|
|
|
func decryptOpenSSL(kdf openssl.DigestFunc) decryptMethod {
|
|
return func(body []byte, passphrase string) ([]byte, error) {
|
|
return openssl.New().DecryptBytes(cfg.Password, body, kdf)
|
|
}
|
|
}
|