Newer
Older
"code.vereign.com/code/viam-apis/errors"
vc "github.com/hashicorp/vault/api"
)
type PEMReader interface {
readCertificatePEM() []byte
readPrivateKeyPEM() []byte
readCaCertificatePEM() []byte
readVereignCaCertificatePEM() []byte
}
type FilePEMReader struct {
certificationURL string
certificationToken string
certificationPath string
certificationCertFile string
certificationKeyFile string
certificationCaCertFile string
certificationVereignCertFile string
}
func (f FilePEMReader) readCertificatePEM() []byte {
pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCertFile)
return pem
}
func (f FilePEMReader) readPrivateKeyPEM() []byte {
pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationKeyFile)
if err != nil {
return pem
}
func (f FilePEMReader) readCaCertificatePEM() []byte {
pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCaCertFile)
if err != nil {
return pem
}
func (f FilePEMReader) readVereignCaCertificatePEM() []byte {
pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignCertFile)
if err != nil {
return pem
}
type VaultPEMReader struct {
certificationURL string
certificationToken string
certificationPath string
certificationCertFile string
certificationKeyFile string
certificationCaCertFile string
certificationVereignCertFile string
}
func (v VaultPEMReader) readCertificatePEM() []byte {
client, err := vc.NewClient(&vc.Config{
Address: v.certificationURL,
})
if err != nil {
log.Printf("Error: VAULT Can't create client, %s", err)
}
client.SetToken(v.certificationToken)
keyname := v.certificationPath
secretValues, err := client.Logical().Read(keyname)
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
if propName == v.certificationCertFile {
return []byte(propValue.(string))
}
}
return []byte("")
}
func (v VaultPEMReader) readPrivateKeyPEM() []byte {
client, err := vc.NewClient(&vc.Config{
Address: v.certificationURL,
})
if err != nil {
log.Printf("Error: VAULT Can't create client, %s", err)
}
client.SetToken(v.certificationToken)
keyname := v.certificationPath
secretValues, err := client.Logical().Read(keyname)
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
if propName == v.certificationKeyFile {
return []byte(propValue.(string))
}
}
return []byte("")
}
func (v VaultPEMReader) readCaCertificatePEM() []byte {
client, err := vc.NewClient(&vc.Config{
Address: v.certificationURL,
})
if err != nil {
log.Printf("Error: VAULT Can't create client, %s", err)
}
client.SetToken(v.certificationToken)
keyname := v.certificationPath
secretValues, err := client.Logical().Read(keyname)
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
if propName == v.certificationCaCertFile {
return []byte(propValue.(string))
}
}
return []byte("")
}
func (v VaultPEMReader) readVereignCaCertificatePEM() []byte {
client, err := vc.NewClient(&vc.Config{
Address: v.certificationURL,
})
if err != nil {
log.Printf("Error: VAULT Can't create client, %s", err)
}
client.SetToken(v.certificationToken)
keyname := v.certificationPath
secretValues, err := client.Logical().Read(keyname)
if err != nil {
log.Printf("Error: VAULT Can't read value, %s", err)
}
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
if propName == v.certificationVereignCertFile {
return []byte(propValue.(string))
}
}
return []byte("")
}
//copied from object storage agent
func ReadEncryptionPEMFromVault(url, token, path, pemFile string) ([]byte, error) {
client, err := vc.NewClient(&vc.Config{
Address: url,
errors.LogFormat(err, "VAULT Can't create client")
return nil, err
client.SetToken(token)
keyname := path
secretValues, err := client.Logical().Read(keyname)
if err != nil {
errors.LogFormat(err, "VAULT Can't read value")
return nil, err
pemMap := secretValues.Data["data"].(map[string]interface{})
for propName, propValue := range pemMap {
if propName == pemFile {
return []byte(propValue.(string)), nil
return []byte(""), nil