commit 584cecee6ca8118c7dd7916844df88db6f9fc13b
author Gregory Brail <greg@apigee.com> Thu Nov 10 13:56:39 2016 -0800
committer Gregory Brail <greg@apigee.com> Thu Nov 10 13:56:39 2016 -0800
tree 7108c86b7d4e55878be9f8da3e9048ff734b65fd
parent 9ff3c289539b03a5cc49c088b855f0eb8a8a4ccb

Just use plain old unencrypted TLS keys right now.

pem.go

diff --git a/pem.go b/pem.go
deleted file mode 100644
index b021eff..0000000
--- a/pem.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package goscaffold
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io/ioutil"
-)
-
-func decodePEM(fileName string, pwFunc func() []byte) ([]byte, string, error) {
-	pb, err := ioutil.ReadFile(fileName)
-	if err != nil {
-		return nil, "", err
-	}
-	block, _ := pem.Decode(pb)
-	if x509.IsEncryptedPEMBlock(block) {
-		if pwFunc == nil {
-			return nil, "", errors.New("Cannot read encrypted file without password")
-		}
-		dec, err := x509.DecryptPEMBlock(block, pwFunc())
-		if err != nil {
-			return nil, "", err
-		}
-		return dec, block.Type, nil
-	}
-	return block.Bytes, block.Type, nil
-}
-
-func getCertificate(certFile, keyFile string, pwFunc func() []byte) (tls.Certificate, error) {
-	ret := tls.Certificate{}
-
-	certBytes, _, err := decodePEM(certFile, nil)
-	if err != nil {
-		return ret, err
-	}
-	ret.Certificate = [][]byte{certBytes}
-
-	keyBytes, keyType, err := decodePEM(keyFile, pwFunc)
-	if err != nil {
-		return ret, err
-	}
-	switch keyType {
-	case "RSA PRIVATE KEY":
-		pk, err := x509.ParsePKCS1PrivateKey(keyBytes)
-		if err != nil {
-			return ret, err
-		}
-		ret.PrivateKey = pk
-	default:
-		return ret, fmt.Errorf("Invalid private key type %s", keyType)
-	}
-
-	return ret, nil
-}

scaffold.go

diff --git a/scaffold.go b/scaffold.go
index de6e7f3..a878a7b 100644
--- a/scaffold.go
+++ b/scaffold.go
@@ -94,7 +94,6 @@
 	markdownMethod     string
 	markdownHandler    MarkdownHandler
 	keyFile            string
-	keyPassFunc        func() []byte
 	certFile           string
 }
 
@@ -190,9 +189,8 @@
 If "getPass" is non-null, then the function will be called at startup time
 to retrieve the password for the key file.
 */
-func (s *HTTPScaffold) SetKeyFile(fn string, getPass func() []byte) {
+func (s *HTTPScaffold) SetKeyFile(fn string) {
 	s.keyFile = fn
-	s.keyPassFunc = getPass
 }
 
 /*
@@ -278,7 +276,7 @@
 		if s.keyFile == "" || s.certFile == "" {
 			return errors.New("key and certificate files must be set")
 		}
-		cert, err := getCertificate(s.certFile, s.keyFile, s.keyPassFunc)
+		cert, err := tls.LoadX509KeyPair(s.certFile, s.keyFile)
 		if err != nil {
 			return err
 		}

scaffold_test.go

diff --git a/scaffold_test.go b/scaffold_test.go
index 361a6f0..e46bcad 100644
--- a/scaffold_test.go
+++ b/scaffold_test.go
@@ -279,7 +279,7 @@
 	It("Secure And Insecure Ports", func() {
 		s := CreateHTTPScaffold()
 		s.SetSecurePort(0)
-		s.SetKeyFile("./testkeys/clearkey.pem", nil)
+		s.SetKeyFile("./testkeys/clearkey.pem")
 		s.SetCertFile("./testkeys/clearcert.pem")
 		stopChan := make(chan error)
 		err := s.Open()
@@ -309,7 +309,7 @@
 		s := CreateHTTPScaffold()
 		s.SetSecurePort(0)
 		s.SetInsecurePort(-1)
-		s.SetKeyFile("./testkeys/clearkey.pem", nil)
+		s.SetKeyFile("./testkeys/clearkey.pem")
 		s.SetCertFile("./testkeys/clearcert.pem")
 		stopChan := make(chan error)
 		err := s.Open()
@@ -332,63 +332,6 @@
 		s.Shutdown(shutdownErr)
 		Eventually(stopChan).Should(Receive(Equal(shutdownErr)))
 	})
-
-	It("Secure Port Encrypted Key", func() {
-		s := CreateHTTPScaffold()
-		s.SetSecurePort(0)
-		s.SetInsecurePort(-1)
-		s.SetKeyFile("./testkeys/serverkey.pem", func() []byte {
-			return []byte("secure")
-		})
-		s.SetCertFile("./testkeys/servercert.pem")
-		stopChan := make(chan error)
-		err := s.Open()
-		Expect(err).Should(Succeed())
-		Expect(s.InsecureAddress()).Should(BeEmpty())
-
-		go func() {
-			fmt.Fprintf(GinkgoWriter, "Gonna listen on %s\n",
-				s.SecureAddress())
-			stopErr := s.Listen(&testHandler{})
-			fmt.Fprintf(GinkgoWriter, "Done listening\n")
-			stopChan <- stopErr
-		}()
-
-		Eventually(func() bool {
-			return testGetSecure(s, "")
-		}, 5*time.Second).Should(BeTrue())
-
-		shutdownErr := errors.New("Validate")
-		s.Shutdown(shutdownErr)
-		Eventually(stopChan).Should(Receive(Equal(shutdownErr)))
-	})
-
-	It("Read PEM files", func() {
-		_, t, err := decodePEM("./testkeys/clearkey.pem", nil)
-		Expect(err).Should(Succeed())
-		Expect(t).Should(Equal("RSA PRIVATE KEY"))
-		_, t, err = decodePEM("./testkeys/clearcert.pem", nil)
-		Expect(err).Should(Succeed())
-		Expect(t).Should(Equal("CERTIFICATE"))
-		_, err = getCertificate("./testkeys/clearcert.pem", "./testkeys/clearkey.pem", nil)
-		Expect(err).Should(Succeed())
-
-		_, _, err = decodePEM("./testkeys/servercert.pem", nil)
-		Expect(err).Should(Succeed())
-		_, _, err = decodePEM("./testkeys/serverkey.pem", nil)
-		Expect(err).ShouldNot(Succeed())
-		_, _, err = decodePEM("./testkeys/serverkey.pem", func() []byte {
-			return []byte("notsecure")
-		})
-		Expect(err).ShouldNot(Succeed())
-		_, _, err = decodePEM("./testkeys/serverkey.pem", func() []byte {
-			return []byte("secure")
-		})
-		Expect(err).Should(Succeed())
-		_, err = getCertificate("./testkeys/servercert.pem", "./testkeys/serverkey.pem", func() []byte {
-			return []byte("notsecure")
-		})
-	})
 })
 
 func getText(url string) (int, string) {