no repo model in parsing secure section of yaml

pkg/server/commits.go

@@ -183,7 +183,7 @@ func RunBuild(c *gin.Context) {
 	if repo.Params != nil && len(repo.Params) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), repo.Params))
 	}
-	encrypted, _ := secure.Parse(repo, string(raw))
+	encrypted, _ := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
 	if encrypted != nil && len(encrypted) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), encrypted))
 	}

pkg/server/hooks.go

@@ -101,7 +101,7 @@ func PostHook(c *gin.Context) {
 	if repo.Params != nil && len(repo.Params) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), repo.Params))
 	}
-	encrypted, _ := secure.Parse(repo, string(raw))
+	encrypted, _ := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
 	if encrypted != nil && len(encrypted) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), encrypted))
 	}

pkg/server/repos.go

@@ -253,7 +253,8 @@ func Encrypt(c *gin.Context) {
 
 	in := map[string]string{}
 	json.NewDecoder(c.Request.Body).Decode(&in)
-	err := secure.EncryptMap(repo, in)
+	privKey := sshutil.UnMarshalPrivateKey([]byte(repo.Keys.Private))
+	err := secure.EncryptMap(secure.ToHash(repo.Hash), &privKey.PublicKey, in)
 	if err != nil {
 		c.Fail(500, err)
 		return

pkg/yaml/secure/secure.go

@@ -1,33 +1,34 @@
 package secure
 
 import (
+	"crypto/rsa"
 	"crypto/sha256"
 	"hash"
 
 	"github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2"
 
-	common "github.com/drone/drone/pkg/types"
 	"github.com/drone/drone/pkg/utils/sshutil"
 )
 
 // Parse parses and returns the secure section of the
 // yaml file as plaintext parameters.
-func Parse(repo *common.Repo, raw string) (map[string]string, error) {
+func Parse(privateKeyPEM, repoHash, raw string) (map[string]string, error) {
 	params, err := parseSecure(raw)
 	if err != nil {
 		return nil, err
 	}
 
-	err = DecryptMap(repo, params)
+	hasher := ToHash(repoHash)
+	privKey := sshutil.UnMarshalPrivateKey([]byte(privateKeyPEM))
+
+	err = DecryptMap(hasher, privKey, params)
 	return params, err
 }
 
 // DecryptMap decrypts values of a map of named parameters
 // from base64 to decrypted strings.
-func DecryptMap(repo *common.Repo, params map[string]string) error {
+func DecryptMap(hasher hash.Hash, privKey *rsa.PrivateKey, params map[string]string) error {
 	var err error
-	hasher := toHash(repo.Hash)
-	privKey := sshutil.UnMarshalPrivateKey([]byte(repo.Keys.Private))
 
 	for name, encrypted := range params {
 		params[name], err = sshutil.Decrypt(hasher, privKey, encrypted)
@@ -39,13 +40,11 @@ func DecryptMap(repo *common.Repo, params map[string]string) error {
 }
 
 // EncryptMap encrypts values of a map of named parameters
-func EncryptMap(repo *common.Repo, params map[string]string) error {
+func EncryptMap(hasher hash.Hash, pubKey *rsa.PublicKey, params map[string]string) error {
 	var err error
-	hasher := toHash(repo.Hash)
-	privKey := sshutil.UnMarshalPrivateKey([]byte(repo.Keys.Private))
 
 	for name, value := range params {
-		params[name], err = sshutil.Encrypt(hasher, &privKey.PublicKey, value)
+		params[name], err = sshutil.Encrypt(hasher, pubKey, value)
 		if err != nil {
 			return err
 		}
@@ -64,8 +63,8 @@ func parseSecure(raw string) (map[string]string, error) {
 	return data.Secure, err
 }
 
-// toHash is helper function to generate Hash of given string
-func toHash(key string) hash.Hash {
+// ToHash is helper function to generate Hash of given string
+func ToHash(key string) hash.Hash {
 	hasher := sha256.New()
 	hasher.Write([]byte(key))
 	hasher.Reset()

pkg/yaml/secure/secure_test.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/drone/drone/Godeps/_workspace/src/github.com/franela/goblin"
 
-	common "github.com/drone/drone/pkg/types"
 	"github.com/drone/drone/pkg/utils/sshutil"
 )
 
@@ -14,21 +13,18 @@ func Test_Secure(t *testing.T) {
 	g := goblin.Goblin(t)
 	g.Describe("Encrypt params", func() {
 		privKey, _ := sshutil.GeneratePrivateKey()
-		keypair := common.Keypair{
-			Private: string(sshutil.MarshalPrivateKey(privKey)),
-			Public:  string(sshutil.MarshalPublicKey(&privKey.PublicKey)),
-		}
-		repo := common.Repo{
-			Hash: "9T2tH3qZ8FSPr9uxrhzV4mn2VdVgA56xPVtYvCh0",
-			Keys: &keypair,
-		}
-		hashKey := toHash(repo.Hash)
+		publicKey := &privKey.PublicKey
+
+		privateKeyPEM := string(sshutil.MarshalPrivateKey(privKey))
+
+		repoHash := "9T2tH3qZ8FSPr9uxrhzV4mn2VdVgA56xPVtYvCh0"
+		hashKey := ToHash(repoHash)
 		text := "super_duper_secret"
-		encryptedValue, _ := sshutil.Encrypt(hashKey, &privKey.PublicKey, text)
+		encryptedValue, _ := sshutil.Encrypt(hashKey, publicKey, text)
 
 		g.It("Should decrypt a yaml", func() {
 			yaml := "secure: {\"foo\": \"" + encryptedValue + "\"}"
-			decrypted, err := Parse(&repo, yaml)
+			decrypted, err := Parse(privateKeyPEM, repoHash, yaml)
 
 			g.Assert(err == nil).IsTrue()
 			g.Assert(decrypted["foo"]).Equal(text)
@@ -36,7 +32,7 @@ func Test_Secure(t *testing.T) {
 
 		g.It("Should decrypt a yaml with no secure section", func() {
 			yaml := `foo: bar`
-			decrypted, err := Parse(&repo, yaml)
+			decrypted, err := Parse(privateKeyPEM, repoHash, yaml)
 			g.Assert(err == nil).IsTrue()
 			g.Assert(len(decrypted)).Equal(0)
 		})
@@ -45,10 +41,10 @@ func Test_Secure(t *testing.T) {
 			params := map[string]string{
 				"foo": text,
 			}
-			err := EncryptMap(&repo, params)
+			err := EncryptMap(hashKey, publicKey, params)
 			g.Assert(err == nil).IsTrue()
 			g.Assert(params["foo"] == "super_duper_secret").IsFalse()
-			err = DecryptMap(&repo, params)
+			err = DecryptMap(hashKey, privKey, params)
 			g.Assert(err == nil).IsTrue()
 			g.Assert(params["foo"] == "super_duper_secret").IsTrue()
 		})