smt/models/secret.go

package models

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"fmt"
	"io"
	"os"
)

type Secret struct {
	SecretId       int    `db:"SecretId"`
	RoleId         int    `db:"RoleId"`
	DeviceName     string `db:"DeviceName"`
	DeviceCategory string `db:"DeviceCategory"`
	UserName       string `db:"UserName"`
	Secret         string `db:"Secret"`
}

func (s *Secret) SaveSecret() (*Secret, error) {

	var err error

	fmt.Printf("SaveSecret storing values '%v'\n", s)
	result, err := db.NamedExec((`INSERT INTO secrets (RoleId, DeviceName, DeviceCategory, UserName, Secret) VALUES (:RoleId, :DeviceName, :DeviceCategory, :UserName, :Secret)`), s)

	if err != nil {
		fmt.Printf("StoreSecret error executing sql record : '%s'\n", err)
		return &Secret{}, err
	} else {
		affected, _ := result.RowsAffected()
		id, _ := result.LastInsertId()
		fmt.Printf("StoreSecret insert returned result id '%d' affecting %d row(s).\n", id, affected)
	}

	return s, nil
}

func (s *Secret) EncryptSecret() (*Secret, error) {

	keyString := os.Getenv("SECRETS_KEY")
	// The key argument should be the AES key, either 16 or 32 bytes
	// to select AES-128 or AES-256.
	key := []byte(keyString)
	plaintext := []byte(s.Secret)

	fmt.Printf("EncryptSecret applying key '%v' to plaintext secret '%s'\n", keyString, s.Secret)

	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err.Error())
	}

	// Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
	nonce := make([]byte, 12)
	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
		panic(err.Error())
	}

	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		panic(err.Error())
	}

	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
	fmt.Printf("EncryptSecret generated ciphertext '%x'\n", ciphertext)

	s.Secret = string(ciphertext)
	return s, nil

	//return string(ciphertext[:]), nil
}