From 001a4b4ac5ef28f86c07ab925e43c29786b890b7 Mon Sep 17 00:00:00 2001
From: cheddar <cheddar@crispbyte.dev>
Date: Thu, 20 Feb 2025 22:53:18 -0500
Subject: [PATCH] Add support for more key types

---
 client/register.go                  |  9 +++++--
 ecdsa                               |  9 +++++++
 ecdsa.pub                           |  1 +
 testkey => ed25519                  |  0
 testkey.pub => ed25519.pub          |  0
 keydirectory/in_memory_directory.go |  3 +--
 keydirectory/keyentry.go            | 22 ++++++++++++++---
 keydirectory/registration.go        |  2 +-
 keydirectory/sqlite.go              | 33 +++++++++----------------
 rsa                                 | 38 +++++++++++++++++++++++++++++
 rsa.pub                             |  1 +
 server/server.go                    | 20 +++++++--------
 testkey2                            |  7 ------
 testkey2.pub                        |  1 -
 14 files changed, 98 insertions(+), 48 deletions(-)
 create mode 100644 ecdsa
 create mode 100644 ecdsa.pub
 rename testkey => ed25519 (100%)
 rename testkey.pub => ed25519.pub (100%)
 create mode 100644 rsa
 create mode 100644 rsa.pub
 delete mode 100644 testkey2
 delete mode 100644 testkey2.pub

diff --git a/client/register.go b/client/register.go
index f8c63db..8b1232d 100644
--- a/client/register.go
+++ b/client/register.go
@@ -3,6 +3,7 @@ package client
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -37,7 +38,11 @@ func RegisterKey(baseUrl *url.URL, key string, userId string) (string, error) {
 		return "", err
 	}
 
-	keyId := string(out[:])
+	bodyContent := string(out[:])
 
-	return keyId, nil
+	if resp.StatusCode >= 300 {
+		return "", fmt.Errorf("bad status: %d - %s", resp.StatusCode, bodyContent)
+	}
+
+	return bodyContent, nil
 }
diff --git a/ecdsa b/ecdsa
new file mode 100644
index 0000000..475412d
--- /dev/null
+++ b/ecdsa
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQl8nqmx9kQiMeVUceyDaSx7UGOVNxJ
+2ZZehRHZxrnYEj3aYBw9FjFuMwDLsPYhe2b6Blz/+LsMlVxJNlCAazudAAAAqJWu9DKVrv
+QyAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXyeqbH2RCIx5VR
+x7INpLHtQY5U3EnZll6FEdnGudgSPdpgHD0WMW4zAMuw9iF7ZvoGXP/4uwyVXEk2UIBrO5
+0AAAAgXFjJ/LBbKff2oeiOpzrnuhbXL2731pCneA5IrvJLChMAAAAMamFtaWVAYXRoZW5h
+AQIDBA==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/ecdsa.pub b/ecdsa.pub
new file mode 100644
index 0000000..0885e84
--- /dev/null
+++ b/ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXyeqbH2RCIx5VRx7INpLHtQY5U3EnZll6FEdnGudgSPdpgHD0WMW4zAMuw9iF7ZvoGXP/4uwyVXEk2UIBrO50= jamie@athena
diff --git a/testkey b/ed25519
similarity index 100%
rename from testkey
rename to ed25519
diff --git a/testkey.pub b/ed25519.pub
similarity index 100%
rename from testkey.pub
rename to ed25519.pub
diff --git a/keydirectory/in_memory_directory.go b/keydirectory/in_memory_directory.go
index d2851b8..5122c20 100644
--- a/keydirectory/in_memory_directory.go
+++ b/keydirectory/in_memory_directory.go
@@ -28,7 +28,7 @@ func (dir inMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string)
 	return entry.toAlg()
 }
 
-func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
+func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, userId string) (string, error) {
 	keyId, err := generateKeyId()
 
 	if err != nil {
@@ -36,7 +36,6 @@ func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userI
 	}
 
 	dir.records[keyId] = keyEntry{
-		Alg:       alg,
 		PublicKey: key,
 		UserId:    userId,
 	}
diff --git a/keydirectory/keyentry.go b/keydirectory/keyentry.go
index a3efaa0..fa2751c 100644
--- a/keydirectory/keyentry.go
+++ b/keydirectory/keyentry.go
@@ -2,15 +2,19 @@ package keydirectory
 
 import (
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/rsa"
 	"fmt"
+	"reflect"
 
+	"github.com/common-fate/httpsig/alg_ecdsa"
 	"github.com/common-fate/httpsig/alg_ed25519"
+	"github.com/common-fate/httpsig/alg_rsa"
 	"github.com/common-fate/httpsig/verifier"
 )
 
 type keyEntry struct {
-	Alg       string
 	PublicKey crypto.PublicKey
 	UserId    string
 }
@@ -19,14 +23,24 @@ func (k keyEntry) toAlg() (verifier.Algorithm, error) {
 	var alg verifier.Algorithm
 	var err error
 
-	switch k.Alg {
-	case "ed25519":
+	switch k.PublicKey.(type) {
+	case ed25519.PublicKey:
 		alg = alg_ed25519.Ed25519{
 			PublicKey: k.PublicKey.(ed25519.PublicKey),
 			Attrs:     k.UserId,
 		}
+	case *rsa.PublicKey:
+		alg = alg_rsa.RSAPKCS256{
+			PublicKey: k.PublicKey.(*rsa.PublicKey),
+			Attrs:     k.UserId,
+		}
+	case *ecdsa.PublicKey:
+		alg = alg_ecdsa.P256{
+			PublicKey: k.PublicKey.(*ecdsa.PublicKey),
+			Attrs:     k.UserId,
+		}
 	default:
-		err = fmt.Errorf("unknown algoritm: %s", k.Alg)
+		err = fmt.Errorf("unknown key type: %s", reflect.TypeOf(k.PublicKey))
 	}
 
 	return alg, err
diff --git a/keydirectory/registration.go b/keydirectory/registration.go
index e3ec100..91b3e0c 100644
--- a/keydirectory/registration.go
+++ b/keydirectory/registration.go
@@ -8,5 +8,5 @@ import (
 
 type RegistrationDirectory interface {
 	verifier.KeyDirectory
-	RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error)
+	RegisterKey(key crypto.PublicKey, userId string) (string, error)
 }
diff --git a/keydirectory/sqlite.go b/keydirectory/sqlite.go
index b64044f..372b453 100644
--- a/keydirectory/sqlite.go
+++ b/keydirectory/sqlite.go
@@ -3,9 +3,8 @@ package keydirectory
 import (
 	"context"
 	"crypto"
-	"crypto/ed25519"
+	"crypto/x509"
 	"database/sql"
-	"fmt"
 
 	"github.com/common-fate/httpsig/verifier"
 	_ "github.com/mattn/go-sqlite3"
@@ -40,7 +39,7 @@ func InitSqlite(dbPath string) (*dbWrapper, error) {
 func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
 	db := dir.db
 
-	query := "select userId, alg, publicKey from keys where keyId = ?"
+	query := "select userId, publicKey from keys where keyId = ?"
 
 	stmt, err := db.Prepare(query)
 
@@ -51,28 +50,23 @@ func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verif
 	defer stmt.Close()
 
 	var userId string
-	var alg string
 	var keyBytes []byte
 
 	row := stmt.QueryRow(keyId)
 
-	err = row.Scan(&userId, &alg, &keyBytes)
+	err = row.Scan(&userId, &keyBytes)
 
 	if err != nil {
 		return nil, err
 	}
 
-	var publicKey crypto.PublicKey
+	publicKey, err := x509.ParsePKIXPublicKey(keyBytes)
 
-	switch alg {
-	case "ed25519":
-		publicKey = ed25519.PublicKey(keyBytes)
-	default:
-		return nil, fmt.Errorf("unknown algorithm: %s", alg)
+	if err != nil {
+		return nil, err
 	}
 
 	keyEntry := keyEntry{
-		Alg:       alg,
 		UserId:    userId,
 		PublicKey: publicKey,
 	}
@@ -80,7 +74,7 @@ func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verif
 	return keyEntry.toAlg()
 }
 
-func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
+func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, userId string) (string, error) {
 	db := dir.db
 
 	keyId, err := generateKeyId()
@@ -89,18 +83,15 @@ func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, alg string, userId strin
 		return "", err
 	}
 
-	stmt := "insert into keys(keyId, userId, alg, publicKey) values (?, ?, ?, ?)"
+	stmt := "insert into keys(keyId, userId, publicKey) values (?, ?, ?)"
 
-	var keyBytes []byte
+	keyBytes, err := x509.MarshalPKIXPublicKey(key)
 
-	switch alg {
-	case "ed25519":
-		keyBytes = []byte(key.(ed25519.PublicKey))
-	default:
-		return "", fmt.Errorf("unknown algorithm: %s", alg)
+	if err != nil {
+		return "", err
 	}
 
-	_, err = db.Exec(stmt, keyId, userId, alg, keyBytes)
+	_, err = db.Exec(stmt, keyId, userId, keyBytes)
 
 	if err != nil {
 		return "", err
diff --git a/rsa b/rsa
new file mode 100644
index 0000000..075c189
--- /dev/null
+++ b/rsa
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAuuE3B3FyhjNnvkfDQEn7t6E97spa4tTNKDsGUWHtVk090I4v8wXu
+yM+fTiuU6ReSQEDGERUkyL/kS6yt7dL78GR5ApPB2LglcoKUTt34wwCaa7aapNHQ6Q5Gjy
+Fs16NCCAd7kJLpAf6ixpptkLzChCmSYWQ7fZgSafkcnXYhlAxT11drXGFNEopMbL2hLyxt
++C83hFiqKmBY6KyANXyiANjRcHq3Zcn/1NR0AfB5nfkdjjK6X5sNCShvlX91X4iV6BHfnQ
+QSJmV4DGdmasBD27dpZA5MkomL6lRu8RbDMB4zCbhy6AGEX1epN1CtNmPi0raV5ifHGHbF
+qY/BgolwQmYyZgvvtACzp2EEPEV1QMre//i+XIU3BhQUM9v8TtnvrXR1lII04nCdeaCwLb
+Uu1NHp4BdAJgmBHiPdMoWSB91K1JDfsK07Rtvrtvu20Va+9mPLcQZAFqYa0zv0Rc/ubT++
+2WScs+51tbpprBBY3zUeO9KMNc2m0FMmIlW8hyfJAAAFiCusRwcrrEcHAAAAB3NzaC1yc2
+EAAAGBALrhNwdxcoYzZ75Hw0BJ+7ehPe7KWuLUzSg7BlFh7VZNPdCOL/MF7sjPn04rlOkX
+kkBAxhEVJMi/5Eusre3S+/BkeQKTwdi4JXKClE7d+MMAmmu2mqTR0OkORo8hbNejQggHe5
+CS6QH+osaabZC8woQpkmFkO32YEmn5HJ12IZQMU9dXa1xhTRKKTGy9oS8sbfgvN4RYqipg
+WOisgDV8ogDY0XB6t2XJ/9TUdAHweZ35HY4yul+bDQkob5V/dV+IlegR350EEiZleAxnZm
+rAQ9u3aWQOTJKJi+pUbvEWwzAeMwm4cugBhF9XqTdQrTZj4tK2leYnxxh2xamPwYKJcEJm
+MmYL77QAs6dhBDxFdUDK3v/4vlyFNwYUFDPb/E7Z7610dZSCNOJwnXmgsC21LtTR6eAXQC
+YJgR4j3TKFkgfdStSQ37CtO0bb67b7ttFWvvZjy3EGQBamGtM79EXP7m0/vtlknLPudbW6
+aawQWN81HjvSjDXNptBTJiJVvIcnyQAAAAMBAAEAAAGACoshUSyv4u1siXpABFUIPBx/Q4
+UsKocKCh6GZToKq2dROP6EqwfnKHI6US05SgtX54MgCZ+xQxg8d56G85eHOlFY2HHgqmr9
+ReAjIO36Fnpmu/QB9pGV4Ug6Z+HhY6sk0xIlAQug1Ml6goz86IEV0mIMDa2bg6L8SvlQiX
+u8Oj+VzVzzxDMDJ6wg0rPCL8iobauwTKm59AkaiwoMc7gT5ctVyaxKw5XpdqcD4oYgPm7r
+IXYwOKulSSJ8ZSlbRGgOwGDPfTindH3rZ9r14P3XRCIaK9RtFSV4TowVwrlMW73fnCWe51
+T1xK5TEopue7k30viR/JTO0CUnxcHBeQy4xc1TT+ojNnSg/QbN77rLLVG/v7ezYRqDUFM2
+mEymtpNuS8uXh4TFwlUi89kROYLmRsarUvVChO1p2pRuUuVjSAz33Oqe68EmT32n44L0eC
+lV2owKy3a0CWg+VKERrDV6O17Qv5b9FPWKgWn8kY2mUvDJ49oyMzHl6aWAVoEctp9nAAAA
+wGmKkmMv2BavrJPH3u31PN8uAJFXGXPtS2PxhrXPYfNfT878zNCtHJ7jWaJ3758oVMxZKn
+gpM/i6sKKKyCWHgI7DRTSEKCYT8541iAcG46UZxx0YtvX7cNYsLgYiNv8KWIaIi2qGlvH3
+x2pxfQczdXYkMDwXn2O16TPpj5cKr8nxLL/qGSrKRvQIaN2v5d0yiQkIrT8pJnnSZ0H98F
+j5ZCkL4624lg3qtilihoE68bUXUo3IPrEL/yHA5CLItKofCwAAAMEA5xEmu0Te3kXoLk3o
+wi/oMNcAcl3PFH3s2xWqhySWzBQ0jx+V9vPZPmEJNsnY/wAcA2f0uQr7i8Fi5gGFQXZYm3
+P7mnMtrNpA7DJM8UzR7FDwx8JENF24fY2dVkdT26BPNLAhNooc53251AO88iS8RAiWNrlG
+TWZTyM/TWXZHbW+5Fu8P6f8BLQAu/2EV71YumfxbhrlqyhKRDI8hA5qxvKTdhE93I7wt31
+QoMxbmsWrqHgqbGInhNsxhDmzdNzI7AAAAwQDPC3aEVm8gSWM52LRS1aU7hQgxCJla1dQG
+HRAIY3AQ8JhAJV+7TRTpXEfOBM1Z7K/7w5Jz/V6KdebxAc8VIYF6SDtZJzO91xuNZbEg5P
+tAeOMk5kK2X1a73KJPbBW5LZaxng3gj9b13f6vRSdlgzz2+4QVVbQukFwsAmGd0E8bmuPl
+r6uKKdfhS34MDFCzEuAyuzBkDT1sIObNrMULxzDKtCSi4y5cH1jWidgglF63oYEqjJGByd
+/fJi/N/BrWycsAAAAMamFtaWVAYXRoZW5hAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/rsa.pub b/rsa.pub
new file mode 100644
index 0000000..ecc3dd8
--- /dev/null
+++ b/rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC64TcHcXKGM2e+R8NASfu3oT3uylri1M0oOwZRYe1WTT3Qji/zBe7Iz59OK5TpF5JAQMYRFSTIv+RLrK3t0vvwZHkCk8HYuCVygpRO3fjDAJprtpqk0dDpDkaPIWzXo0IIB3uQkukB/qLGmm2QvMKEKZJhZDt9mBJp+RyddiGUDFPXV2tcYU0SikxsvaEvLG34LzeEWKoqYFjorIA1fKIA2NFwerdlyf/U1HQB8Hmd+R2OMrpfmw0JKG+Vf3VfiJXoEd+dBBImZXgMZ2ZqwEPbt2lkDkySiYvqVG7xFsMwHjMJuHLoAYRfV6k3UK02Y+LStpXmJ8cYdsWpj8GCiXBCZjJmC++0ALOnYQQ8RXVAyt7/+L5chTcGFBQz2/xO2e+tdHWUgjTicJ15oLAttS7U0engF0AmCYEeI90yhZIH3UrUkN+wrTtG2+u2+7bRVr72Y8txBkAWphrTO/RFz+5tP77ZZJyz7nW1ummsEFjfNR470ow1zabQUyYiVbyHJ8k= jamie@athena
diff --git a/server/server.go b/server/server.go
index b7eb74a..3e5eda6 100644
--- a/server/server.go
+++ b/server/server.go
@@ -77,22 +77,25 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
 		err := json.NewDecoder(r.Body).Decode(&request)
 
 		if err != nil {
+			fmt.Println(err)
 			http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
 			return
 		}
 
-		key, alg, err := parsePublicKey(request.Key)
+		key, err := parsePublicKey(request.Key)
 
 		if err != nil {
+			fmt.Println(err)
 			http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
 			return
 		}
 
-		fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
+		fmt.Printf("Registering key for %s\n", request.UserId)
 
-		keyId, err := keyDir.RegisterKey(key, alg, request.UserId)
+		keyId, err := keyDir.RegisterKey(key, request.UserId)
 
 		if err != nil {
+			fmt.Println(err)
 			http.Error(w, fmt.Sprintf("Server error - %s", err), 500)
 			return
 		}
@@ -103,15 +106,12 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
 	return http.HandlerFunc(handler)
 }
 
-func parsePublicKey(input string) (crypto.PublicKey, string, error) {
+func parsePublicKey(input string) (crypto.PublicKey, error) {
 	pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(input))
 
-	var alg string
-
-	switch pk.Type() {
-	case "ssh-ed25519":
-		alg = "ed25519"
+	if err != nil {
+		return nil, err
 	}
 
-	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
+	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
 }
diff --git a/testkey2 b/testkey2
deleted file mode 100644
index 7e16e11..0000000
--- a/testkey2
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5wAAAJA3GdxYNxnc
-WAAAAAtzc2gtZWQyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5w
-AAAECcClGiCCayTB0yRGxnn3R26heCf966qN+YAISC4dCMERUF9WPYZ/wgFtT0bydjP1jp
-RBFyN2hyXcIPQYqEgC3nAAAADGphbWllQGF0aGVuYQE=
------END OPENSSH PRIVATE KEY-----
diff --git a/testkey2.pub b/testkey2.pub
deleted file mode 100644
index 39ae938..0000000
--- a/testkey2.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUF9WPYZ/wgFtT0bydjP1jpRBFyN2hyXcIPQYqEgC3n jamie@athena