diff options
| author | Eric Avdey <eiri@eiri.ca> | 2020-04-21 11:42:37 -0300 |
|---|---|---|
| committer | Eric Avdey <eiri@eiri.ca> | 2020-04-21 11:42:37 -0300 |
| commit | 941310019eff98f1c60dd53c62c11341968c08e4 (patch) | |
| tree | 0352b4cea1ec317c295c812c1261b570309a5694 | |
| parent | 2ec4bc89cde4e781cbc8ec188d1a76bdb48a8f60 (diff) | |
| download | couchdb-941310019eff98f1c60dd53c62c11341968c08e4.tar.gz | |
Remove example key manager, add noop key manager, make it default
| -rw-r--r-- | src/aegis/rebar.config.script | 26 | ||||
| -rw-r--r-- | src/aegis/src/aegis_example_key_manager.erl | 55 | ||||
| -rw-r--r-- | src/aegis/src/aegis_noop_key_manager.erl | 36 |
3 files changed, 49 insertions, 68 deletions
diff --git a/src/aegis/rebar.config.script b/src/aegis/rebar.config.script index a2337a3f3..ef148bfbe 100644 --- a/src/aegis/rebar.config.script +++ b/src/aegis/rebar.config.script @@ -19,17 +19,17 @@ CouchConfig = case filelib:is_file(os:getenv("COUCHDB_CONFIG")) of [] end. -case lists:keyfind(aegis_key_manager, 1, CouchConfig) of - {aegis_key_manager, ""} -> - CONFIG; - {aegis_key_manager, Module} -> - CurrentOpts = case lists:keyfind(erl_opts, 1, CONFIG) of - {erl_opts, Opts} -> Opts; - false -> [] - end, - AegisOpts = {d, 'AEGIS_KEY_MANAGER', list_to_atom(Module)}, - NewOpts = [AegisOpts | CurrentOpts], - lists:keystore(erl_opts, 1, CONFIG, {erl_opts, NewOpts}); +AegisKeyManager = case lists:keyfind(aegis_key_manager, 1, CouchConfig) of + {aegis_key_manager, Module} when Module /= "" -> + list_to_atom(Module); _ -> - CONFIG -end. + aegis_noop_key_manager +end, + +CurrentOpts = case lists:keyfind(erl_opts, 1, CONFIG) of + {erl_opts, Opts} -> Opts; + false -> [] +end, + +AegisOpts = {d, 'AEGIS_KEY_MANAGER', AegisKeyManager}, +lists:keystore(erl_opts, 1, CONFIG, {erl_opts, [AegisOpts | CurrentOpts]}). diff --git a/src/aegis/src/aegis_example_key_manager.erl b/src/aegis/src/aegis_example_key_manager.erl deleted file mode 100644 index 48007f54c..000000000 --- a/src/aegis/src/aegis_example_key_manager.erl +++ /dev/null @@ -1,55 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing, software -% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -% License for the specific language governing permissions and limitations under -% the License. - --module(aegis_example_key_manager). - - --behaviour(aegis_key_manager). - - --export([ - init/0, - generate_key/3, - unwrap_key/3 -]). - - - -init() -> - case config:get("aegis_example_key_manager", "key_provider") of - undefined -> - erlang:error(misconfigured_key_provider); - KeyProvider -> - PassPhrase = os:cmd(KeyProvider), - {ok, RootKey} = couch_passwords:pbkdf2( - iolist_to_binary(PassPhrase), <<0:256>>, 10000, 32), - <<(binary_to_integer(RootKey, 16)):256>> - end. - - -generate_key(RootKey, #{} = _Db, _Options) -> - DbKey = crypto:strong_rand_bytes(32), - WrappedKey = aegis_keywrap:key_wrap(RootKey, DbKey), - - %% just an example of how to represent the arbitrary options - AegisConfig = {<<"wrapped_key">>, WrappedKey}, - {ok, DbKey, AegisConfig}. - - -unwrap_key(RootKey, #{} = _Db, AegisConfig) -> - {<<"wrapped_key">>, WrappedKey} = AegisConfig, - case aegis_keywrap:key_unwrap(RootKey, WrappedKey) of - fail -> - erlang:error(unwrap_failed); - DbKey -> - {ok, DbKey, AegisConfig} - end. diff --git a/src/aegis/src/aegis_noop_key_manager.erl b/src/aegis/src/aegis_noop_key_manager.erl new file mode 100644 index 000000000..bb6bd7228 --- /dev/null +++ b/src/aegis/src/aegis_noop_key_manager.erl @@ -0,0 +1,36 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + +-module(aegis_noop_key_manager). + + +-behaviour(aegis_key_manager). + + +-export([ + init/0, + generate_key/3, + unwrap_key/3 +]). + + + +init() -> + []. + + +generate_key([], #{} = _Db, _Options) -> + false. + + +unwrap_key([], #{} = _Db, _AegisConfig) -> + erlang:error(invalid_operation). |