From 3dfe5b8558ee5dc478ce6bce85a80370f2be595e Mon Sep 17 00:00:00 2001 From: cheddar Date: Mon, 17 Feb 2025 19:55:53 -0500 Subject: [PATCH] Separate out key directory --- keydirectory/keyentry.go | 9 +++++++ main.go | 20 ++++++++++---- server/key_directory.go | 40 ---------------------------- server/server.go | 18 +++---------- sqlite_directory/create_directory.go | 23 ++++++++++++++++ sqlite_directory/sqlite_directory.go | 35 ++++++++++++++++++++++++ 6 files changed, 85 insertions(+), 60 deletions(-) create mode 100644 keydirectory/keyentry.go delete mode 100644 server/key_directory.go create mode 100644 sqlite_directory/create_directory.go create mode 100644 sqlite_directory/sqlite_directory.go diff --git a/keydirectory/keyentry.go b/keydirectory/keyentry.go new file mode 100644 index 0000000..c23e573 --- /dev/null +++ b/keydirectory/keyentry.go @@ -0,0 +1,9 @@ +package keydirectory + +import "crypto" + +type KeyEntry struct { + Alg string + PublicKey crypto.PublicKey + UserId string +} diff --git a/main.go b/main.go index 7e38805..dfe9e74 100644 --- a/main.go +++ b/main.go @@ -13,6 +13,7 @@ import ( "crispbyte.dev/sig-auth/client" "crispbyte.dev/sig-auth/server" + "crispbyte.dev/sig-auth/sqlite_directory" "github.com/opencontainers/go-digest" "golang.org/x/crypto/ssh" ) @@ -92,13 +93,15 @@ func runClient(keyFile *string, simulateCaddy bool) { } func runServer(keyFile *string, simulateCaddy bool) { - key, err := loadPublicKey(*keyFile) + key, alg, err := loadPublicKey(*keyFile) if err != nil { log.Fatal(err) } - server.Start(key, simulateCaddy) + keyDir := sqlite_directory.CreateDirectory(alg, key) + + server.Start(simulateCaddy, keyDir) } func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) { @@ -111,14 +114,21 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) { return ssh.ParseRawPrivateKey(keyBytes) } -func loadPublicKey(keyFile string) (crypto.PublicKey, error) { +func loadPublicKey(keyFile string) (crypto.PublicKey, string, error) { keyBytes, err := os.ReadFile(keyFile) if err != nil { - return nil, err + return nil, "", err } pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes) - return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err + var alg string + + switch pk.Type() { + case "ssh-ed25519": + alg = "ed25519" + } + + return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err } diff --git a/server/key_directory.go b/server/key_directory.go deleted file mode 100644 index 926fe02..0000000 --- a/server/key_directory.go +++ /dev/null @@ -1,40 +0,0 @@ -package server - -import ( - "context" - "crypto" - "crypto/ed25519" - "fmt" - - "github.com/common-fate/httpsig/alg_ed25519" - "github.com/common-fate/httpsig/verifier" -) - -type KeyEntry struct { - alg string - publicKey crypto.PublicKey - userId string -} - -type InMemoryDirectory struct { - records map[string]KeyEntry -} - -func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) { - entry := dir.records[keyId] - - var alg verifier.Algorithm - var err error - - switch entry.alg { - case "ed25519": - alg = alg_ed25519.Ed25519{ - PublicKey: entry.publicKey.(ed25519.PublicKey), - Attrs: entry.userId, - } - default: - err = fmt.Errorf("unknown algoritm: %s", entry.alg) - } - - return alg, err -} diff --git a/server/server.go b/server/server.go index a22e1df..fa289f5 100644 --- a/server/server.go +++ b/server/server.go @@ -2,32 +2,20 @@ package server import ( "context" - "crypto" "fmt" "net/http" "github.com/common-fate/httpsig" "github.com/common-fate/httpsig/inmemory" + "github.com/common-fate/httpsig/verifier" ) -func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error { - keyDir := InMemoryDirectory{ - records: map[string]KeyEntry{}, - } - - keyId := "test-id" - - keyDir.records[keyId] = KeyEntry{ - alg: "ed25519", - publicKey: publicKey, - userId: "test_user", - } - +func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error { mux := http.NewServeMux() verifier := httpsig.Middleware(httpsig.MiddlewareOpts{ NonceStorage: inmemory.NewNonceStorage(), - KeyDirectory: &keyDir, + KeyDirectory: keyDir, Tag: "auth", Scheme: "http", Authority: "localhost:8080", diff --git a/sqlite_directory/create_directory.go b/sqlite_directory/create_directory.go new file mode 100644 index 0000000..034e002 --- /dev/null +++ b/sqlite_directory/create_directory.go @@ -0,0 +1,23 @@ +package sqlite_directory + +import ( + "crypto" + + "crispbyte.dev/sig-auth/keydirectory" +) + +func CreateDirectory(alg string, publicKey crypto.PublicKey) InMemoryDirectory { + keyDir := InMemoryDirectory{ + records: map[string]keydirectory.KeyEntry{}, + } + + keyId := "test-id" + + keyDir.records[keyId] = keydirectory.KeyEntry{ + Alg: alg, + PublicKey: publicKey, + UserId: "test_user", + } + + return keyDir +} diff --git a/sqlite_directory/sqlite_directory.go b/sqlite_directory/sqlite_directory.go new file mode 100644 index 0000000..ea0d632 --- /dev/null +++ b/sqlite_directory/sqlite_directory.go @@ -0,0 +1,35 @@ +package sqlite_directory + +import ( + "context" + "crypto/ed25519" + "fmt" + + "github.com/common-fate/httpsig/alg_ed25519" + "github.com/common-fate/httpsig/verifier" + + "crispbyte.dev/sig-auth/keydirectory" +) + +type InMemoryDirectory struct { + records map[string]keydirectory.KeyEntry +} + +func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) { + entry := dir.records[keyId] + + var alg verifier.Algorithm + var err error + + switch entry.Alg { + case "ed25519": + alg = alg_ed25519.Ed25519{ + PublicKey: entry.PublicKey.(ed25519.PublicKey), + Attrs: entry.UserId, + } + default: + err = fmt.Errorf("unknown algoritm: %s", entry.Alg) + } + + return alg, err +}