9bdcbe0447
Major integrations and fixes: - Added BACKBEAT SDK integration for P2P operation timing - Implemented beat-aware status tracking for distributed operations - Added Docker secrets support for secure license management - Resolved KACHING license validation via HTTPS/TLS - Updated docker-compose configuration for clean stack deployment - Disabled rollback policies to prevent deployment failures - Added license credential storage (CHORUS-DEV-MULTI-001) Technical improvements: - BACKBEAT P2P operation tracking with phase management - Enhanced configuration system with file-based secrets - Improved error handling for license validation - Clean separation of KACHING and CHORUS deployment stacks 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
85 lines
2.5 KiB
Go
85 lines
2.5 KiB
Go
// Copyright 2021 The age Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package age
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
)
|
|
|
|
// ParseIdentities parses a file with one or more private key encodings, one per
|
|
// line. Empty lines and lines starting with "#" are ignored.
|
|
//
|
|
// This is the same syntax as the private key files accepted by the CLI, except
|
|
// the CLI also accepts SSH private keys, which are not recommended for the
|
|
// average application.
|
|
//
|
|
// Currently, all returned values are of type *X25519Identity, but different
|
|
// types might be returned in the future.
|
|
func ParseIdentities(f io.Reader) ([]Identity, error) {
|
|
const privateKeySizeLimit = 1 << 24 // 16 MiB
|
|
var ids []Identity
|
|
scanner := bufio.NewScanner(io.LimitReader(f, privateKeySizeLimit))
|
|
var n int
|
|
for scanner.Scan() {
|
|
n++
|
|
line := scanner.Text()
|
|
if strings.HasPrefix(line, "#") || line == "" {
|
|
continue
|
|
}
|
|
i, err := ParseX25519Identity(line)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error at line %d: %v", n, err)
|
|
}
|
|
ids = append(ids, i)
|
|
}
|
|
if err := scanner.Err(); err != nil {
|
|
return nil, fmt.Errorf("failed to read secret keys file: %v", err)
|
|
}
|
|
if len(ids) == 0 {
|
|
return nil, fmt.Errorf("no secret keys found")
|
|
}
|
|
return ids, nil
|
|
}
|
|
|
|
// ParseRecipients parses a file with one or more public key encodings, one per
|
|
// line. Empty lines and lines starting with "#" are ignored.
|
|
//
|
|
// This is the same syntax as the recipients files accepted by the CLI, except
|
|
// the CLI also accepts SSH recipients, which are not recommended for the
|
|
// average application.
|
|
//
|
|
// Currently, all returned values are of type *X25519Recipient, but different
|
|
// types might be returned in the future.
|
|
func ParseRecipients(f io.Reader) ([]Recipient, error) {
|
|
const recipientFileSizeLimit = 1 << 24 // 16 MiB
|
|
var recs []Recipient
|
|
scanner := bufio.NewScanner(io.LimitReader(f, recipientFileSizeLimit))
|
|
var n int
|
|
for scanner.Scan() {
|
|
n++
|
|
line := scanner.Text()
|
|
if strings.HasPrefix(line, "#") || line == "" {
|
|
continue
|
|
}
|
|
r, err := ParseX25519Recipient(line)
|
|
if err != nil {
|
|
// Hide the error since it might unintentionally leak the contents
|
|
// of confidential files.
|
|
return nil, fmt.Errorf("malformed recipient at line %d", n)
|
|
}
|
|
recs = append(recs, r)
|
|
}
|
|
if err := scanner.Err(); err != nil {
|
|
return nil, fmt.Errorf("failed to read recipients file: %v", err)
|
|
}
|
|
if len(recs) == 0 {
|
|
return nil, fmt.Errorf("no recipients found")
|
|
}
|
|
return recs, nil
|
|
}
|