Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
K
keystore
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
id
keystore
Commits
74d4d20b
Commit
74d4d20b
authored
Dec 20, 2019
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Increase and standardize logging messages
parent
18716e12
Pipeline
#5424
failed with stages
in 1 minute and 4 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
10 deletions
+15
-10
server/keystore.go
server/keystore.go
+6
-4
server/server.go
server/server.go
+9
-6
No files found.
server/keystore.go
View file @
74d4d20b
...
...
@@ -202,14 +202,16 @@ func (s *KeyStore) Get(username, ssoTicket string) ([]byte, error) {
}
// Close the user's key store and wipe the associated unencrypted key
// from memory.
func
(
s
*
KeyStore
)
Close
(
username
string
)
{
// from memory.
Returns true if a key was actually discarded.
func
(
s
*
KeyStore
)
Close
(
username
string
)
bool
{
s
.
mx
.
Lock
()
if
k
,
ok
:=
s
.
userKeys
[
username
];
ok
{
defer
s
.
mx
.
Unlock
()
k
,
ok
:=
s
.
userKeys
[
username
]
if
ok
{
wipeBytes
(
k
.
pkey
)
delete
(
s
.
userKeys
,
username
)
}
s
.
mx
.
Unlock
()
return
ok
}
func
wipeBytes
(
b
[]
byte
)
{
...
...
server/server.go
View file @
74d4d20b
...
...
@@ -23,13 +23,13 @@ func (s *keyStoreServer) handleOpen(w http.ResponseWriter, r *http.Request) {
err
:=
s
.
KeyStore
.
Open
(
r
.
Context
(),
req
.
Username
,
req
.
Password
,
req
.
TTL
)
if
err
==
errNoKeys
{
log
.
Printf
(
"
no keys found for %s
"
,
req
.
Username
)
log
.
Printf
(
"
Open(%s): no encrypted keys found in database
"
,
req
.
Username
)
}
else
if
err
!=
nil
{
log
.
Printf
(
"Open(%s) error: %v"
,
req
.
Username
,
err
)
log
.
Printf
(
"Open(%s)
:
error: %v"
,
req
.
Username
,
err
)
http
.
Error
(
w
,
err
.
Error
(),
http
.
StatusInternalServerError
)
return
}
else
{
log
.
Printf
(
"
decrypted key for %s
, ttl=%d"
,
req
.
Username
,
req
.
TTL
)
log
.
Printf
(
"
Open(%s): decrypted key
, ttl=%d"
,
req
.
Username
,
req
.
TTL
)
}
serverutil
.
EncodeJSONResponse
(
w
,
&
emptyResponse
)
...
...
@@ -44,20 +44,21 @@ func (s *keyStoreServer) handleGet(w http.ResponseWriter, r *http.Request) {
var
resp
keystore
.
GetResponse
key
,
err
:=
s
.
KeyStore
.
Get
(
req
.
Username
,
req
.
SSOTicket
)
if
err
==
errNoKeys
{
log
.
Printf
(
"
no keys for %s
"
,
req
.
Username
)
log
.
Printf
(
"
Get(%s): no unlocked keys found in memory
"
,
req
.
Username
)
}
else
if
err
!=
nil
{
// Return an appropriate error code.
switch
err
{
case
errUnauthorized
,
errBadUser
:
http
.
Error
(
w
,
err
.
Error
(),
http
.
StatusForbidden
)
default
:
log
.
Printf
(
"Get(%s) error: %v"
,
req
.
Username
,
err
)
log
.
Printf
(
"Get(%s)
:
error: %v"
,
req
.
Username
,
err
)
http
.
Error
(
w
,
err
.
Error
(),
http
.
StatusInternalServerError
)
}
return
}
else
{
resp
.
HasKey
=
true
resp
.
Key
=
key
log
.
Printf
(
"Get(%s): fetched key"
,
req
.
Username
)
}
serverutil
.
EncodeJSONResponse
(
w
,
&
resp
)
...
...
@@ -69,7 +70,9 @@ func (s *keyStoreServer) handleClose(w http.ResponseWriter, r *http.Request) {
return
}
s
.
KeyStore
.
Close
(
req
.
Username
)
if
s
.
KeyStore
.
Close
(
req
.
Username
)
{
log
.
Printf
(
"Close(%s): discarded key"
,
req
.
Username
)
}
serverutil
.
EncodeJSONResponse
(
w
,
&
emptyResponse
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment