diff options
| author | Shulhan <ms@kilabit.info> | 2023-09-22 02:08:52 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2023-09-22 02:08:52 +0700 |
| commit | 63287a8cd84d461b731014f42d3ef32693f6f206 (patch) | |
| tree | c44df8bef12766ca4ce8377326de5248453e1335 | |
| parent | 63499daa8d8ddbc53507acc2a8630baecf9495b3 (diff) | |
| download | awwan-63287a8cd84d461b731014f42d3ef32693f6f206.tar.xz | |
all: make the private key loaded when Awwan initialized
Instead of loading private key on Encrypt or Decrypt methods, load it
when the Awwan instance created.
| -rw-r--r-- | awwan.go | 37 | ||||
| -rw-r--r-- | awwan_test.go | 47 |
2 files changed, 48 insertions, 36 deletions
@@ -9,8 +9,10 @@ import ( "crypto/rand" "crypto/rsa" "crypto/sha256" + "errors" "fmt" "io" + "io/fs" "log" "os" "path/filepath" @@ -92,21 +94,35 @@ func New(baseDir string) (aww *Awwan, err error) { aww = &Awwan{} + err = aww.init(baseDir) + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + + return aww, nil +} + +func (aww *Awwan) init(baseDir string) (err error) { if len(baseDir) > 0 { baseDir, err = filepath.Abs(baseDir) if err != nil { - return nil, fmt.Errorf("%s: %w", logp, err) + return err } } aww.BaseDir, err = lookupBaseDir(baseDir) if err != nil { - return nil, fmt.Errorf("%s: %w", logp, err) + return err } fmt.Printf("--- BaseDir: %s\n", aww.BaseDir) - return aww, nil + err = aww.loadPrivateKey() + if err != nil { + return err + } + + return nil } // Decrypt the file using private key from file "{{.BaseDir}}/.awwan.key". @@ -125,10 +141,7 @@ func (aww *Awwan) Decrypt(fileVault string) (filePlain string, err error) { } if aww.privateKey == nil { - err = aww.loadPrivateKey() - if err != nil { - return ``, fmt.Errorf(`%s: %w`, logp, err) - } + return ``, fmt.Errorf(`%s: missing private key %s`, logp, defFilePrivateKey) } var ciphertext []byte @@ -167,10 +180,7 @@ func (aww *Awwan) Encrypt(file string) (fileVault string, err error) { var logp = `Encrypt` if aww.privateKey == nil { - err = aww.loadPrivateKey() - if err != nil { - return ``, fmt.Errorf(`%s: %w`, logp, err) - } + return ``, fmt.Errorf(`%s: missing private key %s`, logp, defFilePrivateKey) } var src []byte @@ -440,7 +450,7 @@ func (aww *Awwan) loadSshConfig() (err error) { return nil } -// loadPrivateKey from file "{{.BaseDir}}/.awwan.key". +// loadPrivateKey from file "{{.BaseDir}}/.awwan.key" if its exist. func (aww *Awwan) loadPrivateKey() (err error) { var ( fileKey = filepath.Join(aww.BaseDir, defFilePrivateKey) @@ -451,6 +461,9 @@ func (aww *Awwan) loadPrivateKey() (err error) { pkey, err = libcrypto.LoadPrivateKeyInteractive(aww.termrw, fileKey) if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return nil + } return err } diff --git a/awwan_test.go b/awwan_test.go index a53d27c..64f6ec0 100644 --- a/awwan_test.go +++ b/awwan_test.go @@ -18,14 +18,15 @@ func TestAwwanDecrypt(t *testing.T) { } var cases = []testCase{{ - baseDir: filepath.Join(`testdata`, `decrypt-with-passphrase`), - fileVault: `.awwan.env`, - expError: `Decrypt: invalid extension, expecting .vault, got .env`, + baseDir: filepath.Join(`testdata`, `decrypt-with-passphrase`), + fileVault: `.awwan.env`, + passphrase: "s3cret\r", + expError: `Decrypt: invalid extension, expecting .vault, got .env`, }, { baseDir: filepath.Join(`testdata`, `decrypt-with-passphrase`), fileVault: `.awwan.env.vault`, passphrase: "invalidpassphrase\r", - expError: `Decrypt: LoadPrivateKeyInteractive: x509: decryption password incorrect`, + expError: `LoadPrivateKeyInteractive: x509: decryption password incorrect`, }, { baseDir: filepath.Join(`testdata`, `decrypt-with-passphrase`), fileVault: `.awwan.env.vault`, @@ -41,27 +42,24 @@ func TestAwwanDecrypt(t *testing.T) { mockrw = mock.ReadWriter{} c testCase - aww *Awwan err error filePlain string fileVault string ) for _, c = range cases { + var aww = Awwan{} fileVault = filepath.Join(c.baseDir, c.fileVault) - aww, err = New(c.baseDir) - if err != nil { - t.Fatal(err) - } + // Write the passphrase to standard input to be read + // interactively. + mockrw.BufRead.WriteString(c.passphrase) + aww.termrw = &mockrw - if len(c.passphrase) != 0 { - // Write the passphrase to standard input to be read - // interactively. - mockrw.BufRead.WriteString(c.passphrase) - aww.termrw = &mockrw - } else { - aww.termrw = nil + err = aww.init(c.baseDir) + if err != nil { + test.Assert(t, `Decrypt`, c.expError, err.Error()) + continue } filePlain, err = aww.Decrypt(fileVault) @@ -93,12 +91,12 @@ func TestAwwanEncrypt(t *testing.T) { baseDir: filepath.Join(`testdata`, `encrypt-with-passphrase`), file: `.awwan.env`, passphrase: "invalids3cret\r", - expError: `Encrypt: LoadPrivateKeyInteractive: x509: decryption password incorrect`, + expError: `LoadPrivateKeyInteractive: x509: decryption password incorrect`, }, { baseDir: filepath.Join(`testdata`, `encrypt-without-rsa`), file: `.awwan.env`, passphrase: "s3cret\r", - expError: `Encrypt: the private key type must be RSA, got *ed25519.PrivateKey`, + expError: `the private key type must be RSA, got *ed25519.PrivateKey`, }, { baseDir: filepath.Join(`testdata`, `encrypt-without-passphrase`), file: `.awwan.env`, @@ -108,20 +106,15 @@ func TestAwwanEncrypt(t *testing.T) { mockrw = mock.ReadWriter{} c testCase - aww *Awwan err error filePlain string fileVault string ) for _, c = range cases { + var aww = Awwan{} filePlain = filepath.Join(c.baseDir, c.file) - aww, err = New(c.baseDir) - if err != nil { - t.Fatal(err) - } - if len(c.passphrase) != 0 { // Write the passphrase to standard input to be read // interactively. @@ -131,6 +124,12 @@ func TestAwwanEncrypt(t *testing.T) { aww.termrw = nil } + err = aww.init(c.baseDir) + if err != nil { + test.Assert(t, `Encrypt`, c.expError, err.Error()) + continue + } + fileVault, err = aww.Encrypt(filePlain) if err != nil { test.Assert(t, `Encrypt`, c.expError, err.Error()) |