woodpecker/pkg/yaml/secure/secure.go

package secure

import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"

	"github.com/drone/drone/Godeps/_workspace/src/github.com/square/go-jose"
)

// Encrypt encrypts a secret string.
func Encrypt(in, privKey string) (string, error) {
	rsaPrivKey, err := decodePrivateKey(privKey)
	if err != nil {
		return "", err
	}

	return encrypt(in, &rsaPrivKey.PublicKey)
}

// decodePrivateKey is a helper function that unmarshals a PEM
// bytes to an RSA Private Key
func decodePrivateKey(privateKey string) (*rsa.PrivateKey, error) {
	derBlock, _ := pem.Decode([]byte(privateKey))
	return x509.ParsePKCS1PrivateKey(derBlock.Bytes)
}

// encrypt encrypts a plaintext variable using JOSE with
// RSA_OAEP and A128GCM algorithms.
func encrypt(text string, pubKey *rsa.PublicKey) (string, error) {
	var encrypted string
	var plaintext = []byte(text)

	// Creates a new encrypter using defaults
	encrypter, err := jose.NewEncrypter(jose.RSA_OAEP, jose.A128GCM, pubKey)
	if err != nil {
		return encrypted, err
	}
	// Encrypts the plaintext value and serializes
	// as a JOSE string.
	object, err := encrypter.Encrypt(plaintext)
	if err != nil {
		return encrypted, err
	}
	return object.CompactSerialize()
}
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`package secure`

			`import (`
no repo model in parsing secure section of yaml 2015-08-20 04:24:32 +00:00			`"crypto/rsa"`
support for .drone.sec file 2015-09-07 19:13:27 +00:00			`"crypto/x509"`
			`"encoding/pem"`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00
vendored go-jose 2015-09-07 19:50:21 +00:00			`"github.com/drone/drone/Godeps/_workspace/src/github.com/square/go-jose"`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`)`

support for .drone.sec file 2015-09-07 19:13:27 +00:00			`// Encrypt encrypts a secret string.`
			`func Encrypt(in, privKey string) (string, error) {`
			`rsaPrivKey, err := decodePrivateKey(privKey)`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`if err != nil {`
support for .drone.sec file 2015-09-07 19:13:27 +00:00			`return "", err`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`}`

support for .drone.sec file 2015-09-07 19:13:27 +00:00			`return encrypt(in, &rsaPrivKey.PublicKey)`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`}`

support for .drone.sec file 2015-09-07 19:13:27 +00:00			`// decodePrivateKey is a helper function that unmarshals a PEM`
			`// bytes to an RSA Private Key`
			`func decodePrivateKey(privateKey string) (*rsa.PrivateKey, error) {`
			`derBlock, _ := pem.Decode([]byte(privateKey))`
			`return x509.ParsePKCS1PrivateKey(derBlock.Bytes)`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`}`

support for .drone.sec file 2015-09-07 19:13:27 +00:00			`// encrypt encrypts a plaintext variable using JOSE with`
			`// RSA_OAEP and A128GCM algorithms.`
			`func encrypt(text string, pubKey *rsa.PublicKey) (string, error) {`
			`var encrypted string`
			`var plaintext = []byte(text)`
AES to RSA-OAEP 2015-08-19 14:11:24 +00:00
support for .drone.sec file 2015-09-07 19:13:27 +00:00			`// Creates a new encrypter using defaults`
			`encrypter, err := jose.NewEncrypter(jose.RSA_OAEP, jose.A128GCM, pubKey)`
			`if err != nil {`
			`return encrypted, err`
initial implementation and endpoint for #1145 2015-08-19 06:59:30 +00:00			`}`
support for .drone.sec file 2015-09-07 19:13:27 +00:00			`// Encrypts the plaintext value and serializes`
			`// as a JOSE string.`
			`object, err := encrypter.Encrypt(plaintext)`
			`if err != nil {`
			`return encrypted, err`
			`}`
			`return object.CompactSerialize()`
AES to RSA-OAEP 2015-08-19 14:11:24 +00:00			`}`