From f7aac347caf5e2aaa91921102ebed158b8ba9c27 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@mullvad.net>
Date: Thu, 5 May 2022 22:42:56 +0200
Subject: read key from file

---
 cmd/sigsum_log_go/main.go | 10 +++++++---
 integration/test.sh       |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go
index 356726a..aa469fe 100644
--- a/cmd/sigsum_log_go/main.go
+++ b/cmd/sigsum_log_go/main.go
@@ -8,6 +8,7 @@ import (
 	"encoding/hex"
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"os/signal"
@@ -34,7 +35,7 @@ var (
 	prefix       = flag.String("prefix", "", "a prefix that proceeds /sigsum/v0/<endpoint>")
 	trillianID   = flag.Int64("trillian_id", 0, "log identifier in the Trillian database")
 	deadline     = flag.Duration("deadline", time.Second*10, "deadline for backend requests")
-	key          = flag.String("key", "", "hex-encoded Ed25519 signing key")
+	key          = flag.String("key", "", "path to file with hex-encoded Ed25519 private key")
 	witnesses    = flag.String("witnesses", "", "comma-separated list of trusted witness public keys in hex")
 	maxRange     = flag.Int64("max_range", 10, "maximum number of entries that can be retrived in a single request")
 	interval     = flag.Duration("interval", time.Second*30, "interval used to rotate the log's cosigned STH")
@@ -146,9 +147,12 @@ func setupInstanceFromFlags() (*instance.Instance, error) {
 	return &i, nil
 }
 
-func newLogIdentity(key string) (crypto.Signer, string, error) {
-	buf, err := hex.DecodeString(key)
+func newLogIdentity(keyFile string) (crypto.Signer, string, error) {
+	buf, err := ioutil.ReadFile(keyFile)
 	if err != nil {
+		return nil, "", err
+	}
+	if buf, err = hex.DecodeString(strings.TrimSpace(string(buf))); err != nil {
 		return nil, "", fmt.Errorf("DecodeString: %v", err)
 	}
 	sk := crypto.Signer(ed25519.PrivateKey(buf))
diff --git a/integration/test.sh b/integration/test.sh
index 3bc967c..986add7 100755
--- a/integration/test.sh
+++ b/integration/test.sh
@@ -103,7 +103,7 @@ function sigsum_setup() {
 		-prefix=$ssrv_prefix\
 		-trillian_id=$ssrv_tree_id\
 		-shard_interval_start=$ssrv_shard_start\
-		-key=$ssrv_priv\
+		-key=<(echo $ssrv_priv)\
 		-witnesses=$ssrv_witnesses\
 		-interval=$ssrv_interval\
 		-http_endpoint=$ssrv_endpoint\
-- 
cgit v1.2.3