diff options
Diffstat (limited to 'vendor/github.com/xordataexchange/crypt')
9 files changed, 592 insertions, 0 deletions
diff --git a/vendor/github.com/xordataexchange/crypt/backend/LICENSE b/vendor/github.com/xordataexchange/crypt/backend/LICENSE new file mode 100644 index 00000000..43846317 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/backend/LICENSE @@ -0,0 +1,9 @@ +The MIT License (MIT) + +Copyright (c) 2014 XOR Data Exchange, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/xordataexchange/crypt/backend/backend.go b/vendor/github.com/xordataexchange/crypt/backend/backend.go new file mode 100644 index 00000000..bfe894dc --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/backend/backend.go @@ -0,0 +1,32 @@ +// Package backend provides the K/V store interface for crypt backends. +package backend + +// Response represents a response from a backend store. +type Response struct { + Value []byte + Error error +} + +// KVPair holds both a key and value when reading a list. +type KVPair struct { + Key string + Value []byte +} + +type KVPairs []*KVPair + +// A Store is a K/V store backend that retrieves and sets, and monitors +// data in a K/V store. +type Store interface { + // Get retrieves a value from a K/V store for the provided key. + Get(key string) ([]byte, error) + + // List retrieves all keys and values under a provided key. + List(key string) (KVPairs, error) + + // Set sets the provided key to value. + Set(key string, value []byte) error + + // Watch monitors a K/V store for changes to key. + Watch(key string, stop chan bool) <-chan *Response +} diff --git a/vendor/github.com/xordataexchange/crypt/backend/consul/consul.go b/vendor/github.com/xordataexchange/crypt/backend/consul/consul.go new file mode 100644 index 00000000..cf85ed53 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/backend/consul/consul.go @@ -0,0 +1,87 @@ +package consul + +import ( + "fmt" + "strings" + "time" + + "github.com/xordataexchange/crypt/backend" + + "github.com/armon/consul-api" +) + +type Client struct { + client *consulapi.KV + waitIndex uint64 +} + +func New(machines []string) (*Client, error) { + conf := consulapi.DefaultConfig() + if len(machines) > 0 { + conf.Address = machines[0] + } + client, err := consulapi.NewClient(conf) + if err != nil { + return nil, err + } + return &Client{client.KV(), 0}, nil +} + +func (c *Client) Get(key string) ([]byte, error) { + kv, _, err := c.client.Get(key, nil) + if err != nil { + return nil, err + } + if kv == nil { + return nil, fmt.Errorf("Key ( %s ) was not found.", key) + } + return kv.Value, nil +} + +func (c *Client) List(key string) (backend.KVPairs, error) { + pairs, _, err := c.client.List(key, nil) + if err != nil { + return nil, err + } + if err != nil { + return nil, err + } + ret := make(backend.KVPairs, len(pairs), len(pairs)) + for i, kv := range pairs { + ret[i] = &backend.KVPair{Key: kv.Key, Value: kv.Value} + } + return ret, nil +} + +func (c *Client) Set(key string, value []byte) error { + key = strings.TrimPrefix(key, "/") + kv := &consulapi.KVPair{ + Key: key, + Value: value, + } + _, err := c.client.Put(kv, nil) + return err +} + +func (c *Client) Watch(key string, stop chan bool) <-chan *backend.Response { + respChan := make(chan *backend.Response, 0) + go func() { + for { + opts := consulapi.QueryOptions{ + WaitIndex: c.waitIndex, + } + keypair, meta, err := c.client.Get(key, &opts) + if keypair == nil && err == nil { + err = fmt.Errorf("Key ( %s ) was not found.", key) + } + if err != nil { + respChan <- &backend.Response{nil, err} + time.Sleep(time.Second * 5) + continue + } + c.waitIndex = meta.LastIndex + respChan <- &backend.Response{keypair.Value, nil} + } + }() + return respChan +} diff --git a/vendor/github.com/xordataexchange/crypt/backend/etcd/etcd.go b/vendor/github.com/xordataexchange/crypt/backend/etcd/etcd.go new file mode 100644 index 00000000..18f35510 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/backend/etcd/etcd.go @@ -0,0 +1,116 @@ +package etcd + +import ( + "context" + "errors" + "fmt" + "time" + + "github.com/xordataexchange/crypt/backend" + + goetcd "github.com/coreos/etcd/client" +) + +type Client struct { + client goetcd.Client + keysAPI goetcd.KeysAPI + waitIndex uint64 +} + +func New(machines []string) (*Client, error) { + newClient, err := goetcd.New(goetcd.Config{ + Endpoints: machines, + }) + if err != nil { + return nil, fmt.Errorf("creating new etcd client for crypt.backend.Client: %v", err) + } + keysAPI := goetcd.NewKeysAPI(newClient) + return &Client{client: newClient, keysAPI: keysAPI, waitIndex: 0}, nil +} + +func (c *Client) Get(key string) ([]byte, error) { + return c.GetWithContext(context.TODO(), key) +} + +func (c *Client) GetWithContext(ctx context.Context, key string) ([]byte, error) { + resp, err := c.keysAPI.Get(ctx, key, nil) + if err != nil { + return nil, err + } + return []byte(resp.Node.Value), nil +} + +func addKVPairs(node *goetcd.Node, list backend.KVPairs) backend.KVPairs { + if node.Dir { + for _, n := range node.Nodes { + list = addKVPairs(n, list) + } + return list + } + return append(list, &backend.KVPair{Key: node.Key, Value: []byte(node.Value)}) +} + +func (c *Client) List(key string) (backend.KVPairs, error) { + return c.ListWithContext(context.TODO(), key) +} + +func (c *Client) ListWithContext(ctx context.Context, key string) (backend.KVPairs, error) { + resp, err := c.keysAPI.Get(ctx, key, nil) + if err != nil { + return nil, err + } + if !resp.Node.Dir { + return nil, errors.New("key is not a directory") + } + list := addKVPairs(resp.Node, nil) + return list, nil +} + +func (c *Client) Set(key string, value []byte) error { + return c.SetWithContext(context.TODO(), key, value) +} + +func (c *Client) SetWithContext(ctx context.Context, key string, value []byte) error { + _, err := c.keysAPI.Set(ctx, key, string(value), nil) + return err +} + +func (c *Client) Watch(key string, stop chan bool) <-chan *backend.Response { + return c.WatchWithContext(context.Background(), key, stop) +} + +func (c *Client) WatchWithContext(ctx context.Context, key string, stop chan bool) <-chan *backend.Response { + respChan := make(chan *backend.Response, 0) + go func() { + watcher := c.keysAPI.Watcher(key, nil) + ctx, cancel := context.WithCancel(ctx) + go func() { + <-stop + cancel() + }() + for { + var resp *goetcd.Response + var err error + // if c.waitIndex == 0 { + // resp, err = c.client.Get(key, false, false) + // if err != nil { + // respChan <- &backend.Response{nil, err} + // time.Sleep(time.Second * 5) + // continue + // } + // c.waitIndex = resp.EtcdIndex + // respChan <- &backend.Response{[]byte(resp.Node.Value), nil} + // } + // resp, err = c.client.Watch(key, c.waitIndex+1, false, nil, stop) + resp, err = watcher.Next(ctx) + if err != nil { + respChan <- &backend.Response{nil, err} + time.Sleep(time.Second * 5) + continue + } + c.waitIndex = resp.Node.ModifiedIndex + respChan <- &backend.Response{[]byte(resp.Node.Value), nil} + } + }() + return respChan +} diff --git a/vendor/github.com/xordataexchange/crypt/backend/mock/mock.go b/vendor/github.com/xordataexchange/crypt/backend/mock/mock.go new file mode 100644 index 00000000..68a9b1c7 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/backend/mock/mock.go @@ -0,0 +1,61 @@ +package mock + +import ( + "errors" + "path" + "strings" + "time" + + "github.com/xordataexchange/crypt/backend" +) + +var mockedStore map[string][]byte + +type Client struct{} + +func New(machines []string) (*Client, error) { + if mockedStore == nil { + mockedStore = make(map[string][]byte, 2) + } + return &Client{}, nil +} + +func (c *Client) Get(key string) ([]byte, error) { + if v, ok := mockedStore[key]; ok { + return v, nil + } + err := errors.New("Could not find key: " + key) + return nil, err +} + +func (c *Client) List(key string) (backend.KVPairs, error) { + var list backend.KVPairs + dir := path.Clean(key) + "/" + for k, v := range mockedStore { + if strings.HasPrefix(k, dir) { + list = append(list, &backend.KVPair{Key: k, Value: v}) + } + } + return list, nil +} + +func (c *Client) Set(key string, value []byte) error { + mockedStore[key] = value + return nil +} + +func (c *Client) Watch(key string, stop chan bool) <-chan *backend.Response { + respChan := make(chan *backend.Response, 0) + go func() { + for { + b, err := c.Get(key) + if err != nil { + respChan <- &backend.Response{nil, err} + time.Sleep(time.Second * 5) + continue + } + respChan <- &backend.Response{b, nil} + } + }() + return respChan +} diff --git a/vendor/github.com/xordataexchange/crypt/config/LICENSE b/vendor/github.com/xordataexchange/crypt/config/LICENSE new file mode 100644 index 00000000..43846317 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/config/LICENSE @@ -0,0 +1,9 @@ +The MIT License (MIT) + +Copyright (c) 2014 XOR Data Exchange, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/xordataexchange/crypt/config/config.go b/vendor/github.com/xordataexchange/crypt/config/config.go new file mode 100644 index 00000000..30864ae9 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/config/config.go @@ -0,0 +1,201 @@ +package config + +import ( + "bytes" + "io" + "io/ioutil" + + "github.com/xordataexchange/crypt/backend" + "github.com/xordataexchange/crypt/backend/consul" + "github.com/xordataexchange/crypt/backend/etcd" + "github.com/xordataexchange/crypt/encoding/secconf" +) + +type KVPair struct { + backend.KVPair +} + +type KVPairs []*KVPair + +type configManager struct { + keystore []byte + store backend.Store +} + +// A ConfigManager retrieves and decrypts configuration from a key/value store. +type ConfigManager interface { + Get(key string) ([]byte, error) + List(key string) (KVPairs, error) + Set(key string, value []byte) error + Watch(key string, stop chan bool) <-chan *Response +} + +type standardConfigManager struct { + store backend.Store +} + +func NewStandardConfigManager(client backend.Store) (ConfigManager, error) { + return standardConfigManager{client}, nil +} + +func NewConfigManager(client backend.Store, keystore io.Reader) (ConfigManager, error) { + bytes, err := ioutil.ReadAll(keystore) + if err != nil { + return nil, err + } + return configManager{bytes, client}, nil +} + +// NewStandardEtcdConfigManager returns a new ConfigManager backed by etcd. +func NewStandardEtcdConfigManager(machines []string) (ConfigManager, error) { + store, err := etcd.New(machines) + if err != nil { + return nil, err + } + + return NewStandardConfigManager(store) +} + +// NewStandardConsulConfigManager returns a new ConfigManager backed by consul. +func NewStandardConsulConfigManager(machines []string) (ConfigManager, error) { + store, err := consul.New(machines) + if err != nil { + return nil, err + } + return NewStandardConfigManager(store) +} + +// NewEtcdConfigManager returns a new ConfigManager backed by etcd. +// Data will be encrypted. +func NewEtcdConfigManager(machines []string, keystore io.Reader) (ConfigManager, error) { + store, err := etcd.New(machines) + if err != nil { + return nil, err + } + return NewConfigManager(store, keystore) +} + +// NewConsulConfigManager returns a new ConfigManager backed by consul. +// Data will be encrypted. +func NewConsulConfigManager(machines []string, keystore io.Reader) (ConfigManager, error) { + store, err := consul.New(machines) + if err != nil { + return nil, err + } + return NewConfigManager(store, keystore) +} + +// Get retrieves and decodes a secconf value stored at key. +func (c configManager) Get(key string) ([]byte, error) { + value, err := c.store.Get(key) + if err != nil { + return nil, err + } + return secconf.Decode(value, bytes.NewBuffer(c.keystore)) +} + +// Get retrieves a value stored at key. +// convenience function, no additional value provided over +// `etcdctl` +func (c standardConfigManager) Get(key string) ([]byte, error) { + value, err := c.store.Get(key) + if err != nil { + return nil, err + } + return value, err +} + +// List retrieves and decodes all secconf value stored under key. +func (c configManager) List(key string) (KVPairs, error) { + list, err := c.store.List(key) + retList := make(KVPairs, len(list)) + if err != nil { + return nil, err + } + for i, kv := range list { + retList[i].Key = kv.Key + retList[i].Value, err = secconf.Decode(kv.Value, bytes.NewBuffer(c.keystore)) + if err != nil { + return nil, err + } + } + return retList, nil +} + +// List retrieves all values under key. +// convenience function, no additional value provided over +// `etcdctl` +func (c standardConfigManager) List(key string) (KVPairs, error) { + list, err := c.store.List(key) + retList := make(KVPairs, len(list)) + if err != nil { + return nil, err + } + for i, kv := range list { + retList[i].Key = kv.Key + retList[i].Value = kv.Value + } + return retList, err +} + +// Set will put a key/value into the data store +// and encode it with secconf +func (c configManager) Set(key string, value []byte) error { + encodedValue, err := secconf.Encode(value, bytes.NewBuffer(c.keystore)) + if err == nil { + err = c.store.Set(key, encodedValue) + } + return err +} + +// Set will put a key/value into the data store +func (c standardConfigManager) Set(key string, value []byte) error { + err := c.store.Set(key, value) + return err +} + +type Response struct { + Value []byte + Error error +} + +func (c configManager) Watch(key string, stop chan bool) <-chan *Response { + resp := make(chan *Response, 0) + backendResp := c.store.Watch(key, stop) + go func() { + for { + select { + case <-stop: + return + case r := <-backendResp: + if r.Error != nil { + resp <- &Response{nil, r.Error} + continue + } + value, err := secconf.Decode(r.Value, bytes.NewBuffer(c.keystore)) + resp <- &Response{value, err} + } + } + }() + return resp +} + +func (c standardConfigManager) Watch(key string, stop chan bool) <-chan *Response { + resp := make(chan *Response, 0) + backendResp := c.store.Watch(key, stop) + go func() { + for { + select { + case <-stop: + return + case r := <-backendResp: + if r.Error != nil { + resp <- &Response{nil, r.Error} + continue + } + resp <- &Response{r.Value, nil} + } + } + }() + return resp +} diff --git a/vendor/github.com/xordataexchange/crypt/encoding/secconf/LICENSE b/vendor/github.com/xordataexchange/crypt/encoding/secconf/LICENSE new file mode 100644 index 00000000..43846317 --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/encoding/secconf/LICENSE @@ -0,0 +1,9 @@ +The MIT License (MIT) + +Copyright (c) 2014 XOR Data Exchange, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/xordataexchange/crypt/encoding/secconf/secconf.go b/vendor/github.com/xordataexchange/crypt/encoding/secconf/secconf.go new file mode 100644 index 00000000..6e94565d --- /dev/null +++ b/vendor/github.com/xordataexchange/crypt/encoding/secconf/secconf.go @@ -0,0 +1,68 @@ +// Package secconf implements secconf encoding as specified in the following +// format: +// +// base64(gpg(gzip(data))) +// +package secconf + +import ( + "bytes" + "compress/gzip" + "encoding/base64" + "io" + "io/ioutil" + + "golang.org/x/crypto/openpgp" +) + +// Deocde decodes data using the secconf codec. +func Decode(data []byte, secertKeyring io.Reader) ([]byte, error) { + decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data)) + entityList, err := openpgp.ReadArmoredKeyRing(secertKeyring) + if err != nil { + return nil, err + } + md, err := openpgp.ReadMessage(decoder, entityList, nil, nil) + if err != nil { + return nil, err + } + gzReader, err := gzip.NewReader(md.UnverifiedBody) + if err != nil { + return nil, err + } + defer gzReader.Close() + bytes, err := ioutil.ReadAll(gzReader) + if err != nil { + return nil, err + } + return bytes, nil +} + +// Encode encodes data to a base64 encoded using the secconf codec. +// data is encrypted with all public keys found in the supplied keyring. +func Encode(data []byte, keyring io.Reader) ([]byte, error) { + entityList, err := openpgp.ReadArmoredKeyRing(keyring) + if err != nil { + return nil, err + } + buffer := new(bytes.Buffer) + encoder := base64.NewEncoder(base64.StdEncoding, buffer) + pgpWriter, err := openpgp.Encrypt(encoder, entityList, nil, nil, nil) + if err != nil { + return nil, err + } + gzWriter := gzip.NewWriter(pgpWriter) + if _, err := gzWriter.Write(data); err != nil { + return nil, err + } + if err := gzWriter.Close(); err != nil { + return nil, err + } + if err := pgpWriter.Close(); err != nil { + return nil, err + } + if err := encoder.Close(); err != nil { + return nil, err + } + return buffer.Bytes(), nil +} |