certcache: decrypt certs as they are read

2017-01-25 20:25:05 -08:00 · 2017-01-25 20:25:05 -08:00 · 7f01cd6ebd
parent d40414b40f
commit 7f01cd6ebd
1 changed files with 10 additions and 0 deletions
--- a/database/certcache.go
+++ b/database/certcache.go
@ -1,6 +1,7 @@
 package database

 import (
+	"errors"
 	"log"

 	r "github.com/GoRethink/gorethink"
@ -57,6 +58,15 @@ func (c *CertCache) Get(ctx context.Context, key string) ([]byte, error) {
 	switch cert.CryptoLevel {
 	case CryptoLevelNone:
 		body = cert.Body
+	case CryptoLevelSecretbox:
+		if c.SimpleBox == nil {
+			return nil, errors.New("can't read this cert, no key in memory")
+		}
+
+		body, err = c.SimpleBox.Decrypt(cert.Body)
+		if err != nil {
+			return nil, autocert.ErrCacheMiss
+		}
 	}

 	log.Printf("certcache: fetched: %s", key)