Merge pull request #2 from meltwater/an-whitespace

Only strip whitespace inside envelopes

Makefile

@@ -16,7 +16,7 @@ build:
 	 ln -sf "secretary-`uname -s`-`uname -m`" secretary
 
 test:
-	go test -v -coverprofile=coverage.txt -covermode=atomic
+	go test -bench=. -v -coverprofile=coverage.txt -covermode=atomic
 
 clean:
 	rm -f ./secretary

box.go

@@ -15,6 +15,8 @@ import (
 	"strings"
 )
 
+var envelopeRegexp = regexp.MustCompile("ENC\\[NACL,[a-zA-Z0-9+/=\\s]+\\]")
+
 // Converts a byte slice to the [32]byte expected by NaCL
 func asKey(data []byte) (*[32]byte, error) {
 	if len(data) != 32 {
@@ -148,8 +150,7 @@ func genkey(publicKeyFile string, privateKeyFile string) {
 }
 
 func extractEnvelopes(payload string) []string {
-	re := regexp.MustCompile("ENC\\[NACL,[a-zA-Z0-9+/=]+\\]")
-	return re.FindAllString(payload, 2)
+	return envelopeRegexp.FindAllString(payload, 2)
 }
 
 func isEnvelope(envelope string) bool {

box_test.go

@@ -125,3 +125,9 @@ func TestEncryptEnvelope(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, "secret", string(plaintext), "Should decrypt plaintext")
 }
+
+func BenchmarkExtractEnvelopes(b *testing.B) {
+	for n := 0; n < b.N; n++ {
+		extractEnvelopes("amqp://ENC[NACL,uSr123+/=]:ENC[NACL,pWd123+/=]@rabbit:5672/")
+	}
+}

commands.go

@@ -30,15 +30,14 @@ func encryptCommand(input io.Reader, output io.Writer, publicKey *[32]byte, priv
 
 // Decrypts data from stdin and writes to stdout
 func decryptStream(input io.Reader, output io.Writer, crypto Crypto) {
-	envelope, err := ioutil.ReadAll(input)
+	payload, err := ioutil.ReadAll(input)
 	check(err, "Failed to read encrypted data from standard input")
+	result := string(payload)
 
-	result := stripWhitespace(string(envelope))
-	envelopes := extractEnvelopes(result)
-
+	envelopes := extractEnvelopes(string(payload))
 	if len(envelopes) > 0 {
 		for _, envelope := range envelopes {
-			plaintext, err := crypto.Decrypt(envelope)
+			plaintext, err := crypto.Decrypt(stripWhitespace(envelope))
 			check(err)
 
 			result = strings.Replace(result, envelope, string(plaintext), 1)
@@ -55,13 +54,12 @@ func decryptEnvironment(input []string, output io.Writer, crypto Crypto) {
 	for _, item := range input {
 		keyval := strings.SplitN(item, "=", 2)
 		key, value := keyval[0], keyval[1]
+		result := value
 
-		result := stripWhitespace(value)
-		envelopes := extractEnvelopes(result)
-
+		envelopes := extractEnvelopes(value)
 		if len(envelopes) > 0 {
 			for _, envelope := range envelopes {
-				plaintext, err := crypto.Decrypt(envelope)
+				plaintext, err := crypto.Decrypt(stripWhitespace(envelope))
 				if err != nil {
 					fmt.Fprintf(os.Stderr, "%s: %s\n", key, err)
 					haserr = true

commands_test.go

@@ -87,3 +87,25 @@ func TestDecryptEnvironmentCommandSubstrings(t *testing.T) {
 
 	assert.Equal(t, "export b='blablasecretblablasecret2'\n", output.String())
 }
+
+func TestDecryptEnvironmentCommandSubstringsSpaces(t *testing.T) {
+	var output bytes.Buffer
+
+	configPublicKey := pemRead("./resources/test/keys/config-public-key.pem")
+	configPrivateKey := pemRead("./resources/test/keys/config-private-key.pem")
+	masterPublicKey := pemRead("./resources/test/keys/master-public-key.pem")
+	masterPrivateKey := pemRead("./resources/test/keys/master-private-key.pem")
+
+	encrypted, err := encryptEnvelope(masterPublicKey, configPrivateKey, []byte("secret"))
+	assert.Nil(t, err)
+
+	encrypted2, err := encryptEnvelope(masterPublicKey, configPrivateKey, []byte("secret2"))
+	assert.Nil(t, err)
+
+	input := []string{"a=b", fmt.Sprintf("b=blabla %sb la bla %s", encrypted, encrypted2), "c=d"}
+
+	crypto := newKeyCrypto(configPublicKey, masterPrivateKey)
+	decryptEnvironment(input, &output, crypto)
+
+	assert.Equal(t, "export b='blabla secretb la bla secret2'\n", output.String())
+}