Just use plain old unencrypted TLS keys right now.
diff --git a/pem.go b/pem.go deleted file mode 100644 index b021eff..0000000 --- a/pem.go +++ /dev/null
@@ -1,56 +0,0 @@ -package goscaffold - -import ( - "crypto/tls" - "crypto/x509" - "encoding/pem" - "errors" - "fmt" - "io/ioutil" -) - -func decodePEM(fileName string, pwFunc func() []byte) ([]byte, string, error) { - pb, err := ioutil.ReadFile(fileName) - if err != nil { - return nil, "", err - } - block, _ := pem.Decode(pb) - if x509.IsEncryptedPEMBlock(block) { - if pwFunc == nil { - return nil, "", errors.New("Cannot read encrypted file without password") - } - dec, err := x509.DecryptPEMBlock(block, pwFunc()) - if err != nil { - return nil, "", err - } - return dec, block.Type, nil - } - return block.Bytes, block.Type, nil -} - -func getCertificate(certFile, keyFile string, pwFunc func() []byte) (tls.Certificate, error) { - ret := tls.Certificate{} - - certBytes, _, err := decodePEM(certFile, nil) - if err != nil { - return ret, err - } - ret.Certificate = [][]byte{certBytes} - - keyBytes, keyType, err := decodePEM(keyFile, pwFunc) - if err != nil { - return ret, err - } - switch keyType { - case "RSA PRIVATE KEY": - pk, err := x509.ParsePKCS1PrivateKey(keyBytes) - if err != nil { - return ret, err - } - ret.PrivateKey = pk - default: - return ret, fmt.Errorf("Invalid private key type %s", keyType) - } - - return ret, nil -}
diff --git a/scaffold.go b/scaffold.go index de6e7f3..a878a7b 100644 --- a/scaffold.go +++ b/scaffold.go
@@ -94,7 +94,6 @@ markdownMethod string markdownHandler MarkdownHandler keyFile string - keyPassFunc func() []byte certFile string } @@ -190,9 +189,8 @@ If "getPass" is non-null, then the function will be called at startup time to retrieve the password for the key file. */ -func (s *HTTPScaffold) SetKeyFile(fn string, getPass func() []byte) { +func (s *HTTPScaffold) SetKeyFile(fn string) { s.keyFile = fn - s.keyPassFunc = getPass } /* @@ -278,7 +276,7 @@ if s.keyFile == "" || s.certFile == "" { return errors.New("key and certificate files must be set") } - cert, err := getCertificate(s.certFile, s.keyFile, s.keyPassFunc) + cert, err := tls.LoadX509KeyPair(s.certFile, s.keyFile) if err != nil { return err }
diff --git a/scaffold_test.go b/scaffold_test.go index 361a6f0..e46bcad 100644 --- a/scaffold_test.go +++ b/scaffold_test.go
@@ -279,7 +279,7 @@ It("Secure And Insecure Ports", func() { s := CreateHTTPScaffold() s.SetSecurePort(0) - s.SetKeyFile("./testkeys/clearkey.pem", nil) + s.SetKeyFile("./testkeys/clearkey.pem") s.SetCertFile("./testkeys/clearcert.pem") stopChan := make(chan error) err := s.Open() @@ -309,7 +309,7 @@ s := CreateHTTPScaffold() s.SetSecurePort(0) s.SetInsecurePort(-1) - s.SetKeyFile("./testkeys/clearkey.pem", nil) + s.SetKeyFile("./testkeys/clearkey.pem") s.SetCertFile("./testkeys/clearcert.pem") stopChan := make(chan error) err := s.Open() @@ -332,63 +332,6 @@ s.Shutdown(shutdownErr) Eventually(stopChan).Should(Receive(Equal(shutdownErr))) }) - - It("Secure Port Encrypted Key", func() { - s := CreateHTTPScaffold() - s.SetSecurePort(0) - s.SetInsecurePort(-1) - s.SetKeyFile("./testkeys/serverkey.pem", func() []byte { - return []byte("secure") - }) - s.SetCertFile("./testkeys/servercert.pem") - stopChan := make(chan error) - err := s.Open() - Expect(err).Should(Succeed()) - Expect(s.InsecureAddress()).Should(BeEmpty()) - - go func() { - fmt.Fprintf(GinkgoWriter, "Gonna listen on %s\n", - s.SecureAddress()) - stopErr := s.Listen(&testHandler{}) - fmt.Fprintf(GinkgoWriter, "Done listening\n") - stopChan <- stopErr - }() - - Eventually(func() bool { - return testGetSecure(s, "") - }, 5*time.Second).Should(BeTrue()) - - shutdownErr := errors.New("Validate") - s.Shutdown(shutdownErr) - Eventually(stopChan).Should(Receive(Equal(shutdownErr))) - }) - - It("Read PEM files", func() { - _, t, err := decodePEM("./testkeys/clearkey.pem", nil) - Expect(err).Should(Succeed()) - Expect(t).Should(Equal("RSA PRIVATE KEY")) - _, t, err = decodePEM("./testkeys/clearcert.pem", nil) - Expect(err).Should(Succeed()) - Expect(t).Should(Equal("CERTIFICATE")) - _, err = getCertificate("./testkeys/clearcert.pem", "./testkeys/clearkey.pem", nil) - Expect(err).Should(Succeed()) - - _, _, err = decodePEM("./testkeys/servercert.pem", nil) - Expect(err).Should(Succeed()) - _, _, err = decodePEM("./testkeys/serverkey.pem", nil) - Expect(err).ShouldNot(Succeed()) - _, _, err = decodePEM("./testkeys/serverkey.pem", func() []byte { - return []byte("notsecure") - }) - Expect(err).ShouldNot(Succeed()) - _, _, err = decodePEM("./testkeys/serverkey.pem", func() []byte { - return []byte("secure") - }) - Expect(err).Should(Succeed()) - _, err = getCertificate("./testkeys/servercert.pem", "./testkeys/serverkey.pem", func() []byte { - return []byte("notsecure") - }) - }) }) func getText(url string) (int, string) {