From cc2d2202f1ef1b6bb64b24e164b6c214bcb64ba2 Mon Sep 17 00:00:00 2001
From: Ramakrishnan Muthukrishnan <ram@leastauthority.com>
Date: Thu, 7 Nov 2019 19:40:55 +0530
Subject: [PATCH] take signing key path as the parameter instead of the key
 itself

This is to make sure that we don't leak keys in the argument and hence
in logs etc.
---
 src/PaymentServer/Main.hs | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/PaymentServer/Main.hs b/src/PaymentServer/Main.hs
index 93ea9ee..e035b4e 100644
--- a/src/PaymentServer/Main.hs
+++ b/src/PaymentServer/Main.hs
@@ -76,6 +76,7 @@ import System.Exit
   ( exitFailure
   )
 import Data.Semigroup ((<>))
+import qualified Data.Text.IO as TIO
 
 data Issuer =
   Trivial
@@ -89,7 +90,7 @@ data Database =
 
 data ServerConfig = ServerConfig
   { issuer          :: Issuer
-  , signingKey      :: Maybe Text
+  , signingKeyPath  :: Maybe FilePath
   , database        :: Database
   , databasePath    :: Maybe Text
   , endpoint        :: Endpoint
@@ -150,8 +151,8 @@ sample = ServerConfig
     <> showDefault
     <> value Trivial )
   <*> optional (option str
-  ( long "signing-key"
-    <> help "The base64 encoded signing key (ristretto only)"
+  ( long "signing-key-path"
+    <> help "Path to base64 encoded signing key (ristretto only)"
     <> showDefault ) )
   <*> option auto
   ( long "database"
@@ -205,18 +206,21 @@ logEndpoint endpoint =
 getApp :: ServerConfig -> IO Application
 getApp config =
   let
-    getIssuer ServerConfig{ issuer, signingKey } =
-      case (issuer, signingKey) of
-        (Trivial, Nothing) -> Right trivialIssue
-        (Ristretto, Just key) -> Right $ ristrettoIssue key
-        _ -> Left "invalid options"
+    getIssuer ServerConfig{ issuer, signingKeyPath } = do
+      case (issuer, signingKeyPath) of
+        (Trivial, Nothing) -> return $ Right trivialIssue
+        (Ristretto, Just keyPath) -> do
+          key <- TIO.readFile keyPath
+          return $ Right $ ristrettoIssue key
+        _ -> return $ Left "invalid options"
     getDatabase ServerConfig{ database, databasePath } =
       case (database, databasePath) of
         (Memory, Nothing) -> Right memory
         (SQLite3, Just path) -> Right (getDBConnection path)
         _ -> Left "invalid options"
   in do
-    case getIssuer config of
+    issuer <- getIssuer config
+    case issuer of
       Left err -> do
         print err
         exitFailure
-- 
GitLab