certcache: decrypt certs as they are read

This commit is contained in:
Cadey Ratio 2017-01-25 20:25:05 -08:00
parent d40414b40f
commit 7f01cd6ebd
1 changed files with 10 additions and 0 deletions

View File

@ -1,6 +1,7 @@
package database
import (
"errors"
"log"
r "github.com/GoRethink/gorethink"
@ -57,6 +58,15 @@ func (c *CertCache) Get(ctx context.Context, key string) ([]byte, error) {
switch cert.CryptoLevel {
case CryptoLevelNone:
body = cert.Body
case CryptoLevelSecretbox:
if c.SimpleBox == nil {
return nil, errors.New("can't read this cert, no key in memory")
}
body, err = c.SimpleBox.Decrypt(cert.Body)
if err != nil {
return nil, autocert.ErrCacheMiss
}
}
log.Printf("certcache: fetched: %s", key)