mirror of
https://github.com/go-gitea/gitea
synced 2025-10-27 17:38:25 +00:00
99 lines
2.0 KiB
Go
99 lines
2.0 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package secrets
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
// MasterKeyProviderType is the type of master key provider
|
|
type MasterKeyProviderType string
|
|
|
|
// Types of master key providers
|
|
const (
|
|
MasterKeyProviderTypeNone MasterKeyProviderType = "none"
|
|
MasterKeyProviderTypePlain MasterKeyProviderType = "plain"
|
|
)
|
|
|
|
var (
|
|
masterKey MasterKeyProvider
|
|
encProvider EncryptionProvider
|
|
)
|
|
|
|
// Init initializes master key provider based on settings
|
|
func Init() error {
|
|
switch MasterKeyProviderType(setting.MasterKeyProvider) {
|
|
case MasterKeyProviderTypeNone:
|
|
masterKey = NewNopMasterKeyProvider()
|
|
case MasterKeyProviderTypePlain:
|
|
masterKey = NewPlainMasterKeyProvider()
|
|
default:
|
|
return fmt.Errorf("invalid master key provider %v", setting.MasterKeyProvider)
|
|
}
|
|
|
|
encProvider = NewAesEncryptionProvider()
|
|
|
|
return nil
|
|
}
|
|
|
|
// GenerateMasterKey generates a new master key and returns secret or secrets for unsealing
|
|
func GenerateMasterKey() ([][]byte, error) {
|
|
return masterKey.GenerateMasterKey()
|
|
}
|
|
|
|
func Encrypt(secret []byte) ([]byte, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return secret, nil
|
|
}
|
|
|
|
return encProvider.Encrypt(secret, key)
|
|
}
|
|
|
|
func EncryptString(secret string) (string, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return secret, nil
|
|
}
|
|
|
|
return encProvider.EncryptString(secret, key)
|
|
}
|
|
|
|
func Decrypt(enc []byte) ([]byte, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return enc, nil
|
|
}
|
|
|
|
return encProvider.Decrypt(enc, key)
|
|
}
|
|
|
|
func DecryptString(enc string) (string, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return enc, nil
|
|
}
|
|
|
|
return encProvider.DecryptString(enc, key)
|
|
}
|