-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implementing remote options for keyring configuration
This commit adds the possibility to extract parameters from the main keyring configuration file into a separate file, or remote HTTP objects. Basic tests using perl are also added. Two simple configuration files are 'keyring-w-file.json' and 'keyring-w-http.json'. Additionally, the HTTP version also support a 'ca' parameter for SSL, similar to the main keyring vault configuration. With this commit, all string parameters support these options, except the main 'provider' option.
- Loading branch information
Showing
22 changed files
with
471 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
'provider': 'file', | ||
'datafile': { | ||
'type': 'file', | ||
'path': '/tmp/datafile-location' | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
'provider': 'file', | ||
'datafile': { | ||
'type': 'remote', | ||
'url': 'http://localhost:8888/hello' | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
|
||
#ifndef KEYRING_CURL_H | ||
#define KEYRING_CURL_H | ||
|
||
#include "pg_tde_defines.h" | ||
|
||
#include <stdbool.h> | ||
#include <curl/curl.h> | ||
|
||
typedef struct curlString { | ||
char *ptr; | ||
size_t len; | ||
} curlString; | ||
|
||
extern CURL* keyringCurl; | ||
|
||
bool curlSetupSession(const char* url, const char* caFile, curlString* outStr); | ||
|
||
#endif //KEYRING_CURL_H |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
|
||
#include "keyring/keyring_curl.h" | ||
#include "keyring/keyring_config.h" | ||
#include "pg_tde_defines.h" | ||
|
||
CURL* keyringCurl = NULL; | ||
|
||
static size_t writefunc(void *ptr, size_t size, size_t nmemb, struct curlString *s) | ||
{ | ||
size_t new_len = s->len + size*nmemb; | ||
s->ptr = repalloc(s->ptr, new_len+1); | ||
if (s->ptr == NULL) { | ||
exit(EXIT_FAILURE); | ||
} | ||
memcpy(s->ptr+s->len, ptr, size*nmemb); | ||
s->ptr[new_len] = '\0'; | ||
s->len = new_len; | ||
|
||
return size*nmemb; | ||
} | ||
|
||
bool curlSetupSession(const char* url, const char* caFile, curlString* outStr) | ||
{ | ||
if(keyringCurl == NULL) | ||
{ | ||
keyringCurl = curl_easy_init(); | ||
|
||
if(keyringCurl == NULL) return 0; | ||
} | ||
|
||
if(curl_easy_setopt(keyringCurl, CURLOPT_SSL_VERIFYPEER, 1) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_SSL_VERIFYHOST, 1) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_USE_SSL, CURLUSESSL_ALL) != CURLE_OK) return 0; | ||
if(caFile == NULL || strlen(caFile) == 0) | ||
{ | ||
//if(curl_easy_setopt(keyringCurl, CURLOPT_CAINFO, "") != CURLE_OK) return 0; | ||
//if(curl_easy_setopt(keyringCurl, CURLSSLOPT_NATIVE_CA, 1) != CURLE_OK) return 0; | ||
} else | ||
{ | ||
if(curl_easy_setopt(keyringCurl, CURLSSLOPT_NATIVE_CA, 0) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_CAINFO, caFile) != CURLE_OK) return 0; | ||
} | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_FOLLOWLOCATION, 1L) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_CONNECTTIMEOUT, 3) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_TIMEOUT, 10) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_HTTP_VERSION,(long)CURL_HTTP_VERSION_1_1) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_WRITEFUNCTION,writefunc) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_WRITEDATA,outStr) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_URL, url) != CURLE_OK) return 0; | ||
|
||
if(curl_easy_setopt(keyringCurl, CURLOPT_POSTFIELDS, NULL) != CURLE_OK) return 0; | ||
if(curl_easy_setopt(keyringCurl, CURLOPT_POST, 0) != CURLE_OK) return 0; | ||
|
||
return 1; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.