mirror/drone-cli
1
0
Fork 0
mirror of https://github.com/drone/drone-cli.git synced 2026-01-17 08:21:34 +01:00
Code Issues
5c01c6a228
drone-cli/vendor/github.com/drone/drone-exec/yaml/secure/secure.go
Brad Rydzewski 60ef31182f cli now working with 0.4 woohoo
2015-10-24 17:06:46 -07:00

82 lines
2.1 KiB
Go
Raw Blame History

package secure
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"github.com/square/go-jose"
"gopkg.in/yaml.v2"
)
type Secure struct {
Checksum string `yaml:"checksum"`
Environment MapEqualSlice `yaml:"environment"`
}
// Parse parses and returns the secure section of the
// yaml file as plaintext parameters.
func Parse(in, privKey string) (*Secure, error) {
// unarmshal the private key from PEM
rsaPrivKey, err := decodePrivateKey(privKey)
if err != nil {
return nil, err
}
// decrypt the Yaml file
plain, err := decrypt(in, rsaPrivKey)
if err != nil {
return nil, err
}
// unmarshal the yaml
out := &Secure{}
err = yaml.Unmarshal(plain, out)
return out, err
}
// decrypt decrypts a JOSE string and returns the
// plaintext value.
func decrypt(secret string, privKey *rsa.PrivateKey) ([]byte, error) {
object, err := jose.ParseEncrypted(secret)
if err != nil {
return nil, err
}
return object.Decrypt(privKey)
}
// decodePrivateKey is a helper function that unmarshals a PEM
// bytes to an RSA Private Key
func decodePrivateKey(privateKey string) (*rsa.PrivateKey, error) {
derBlock, _ := pem.Decode([]byte(privateKey))
return x509.ParsePKCS1PrivateKey(derBlock.Bytes)
}
// encodePrivateKey is a helper function that marshals an RSA
// Private Key to a PEM encoded file.
func encodePrivateKey(privkey *rsa.PrivateKey) string {
privateKeyMarshaled := x509.MarshalPKCS1PrivateKey(privkey)
privateKeyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Headers: nil, Bytes: privateKeyMarshaled})
return string(privateKeyPEM)
}
// encrypt encrypts a plaintext variable using JOSE with
// RSA_OAEP and A128GCM algorithms.
func encrypt(text string, pubKey *rsa.PublicKey) (string, error) {
var encrypted string
var plaintext = []byte(text)
// Creates a new encrypter using defaults
encrypter, err := jose.NewEncrypter(jose.RSA_OAEP, jose.A128GCM, pubKey)
if err != nil {
return encrypted, err
}
// Encrypts the plaintext value and serializes
// as a JOSE string.
object, err := encrypter.Encrypt(plaintext)
if err != nil {
return encrypted, err
}
return object.CompactSerialize()
}
View Git Blame Copy Permalink