cheddar/sig-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Separate out key directory

Browse source
This commit is contained in:
cheddar 2025-02-17 19:55:53 -05:00
parent b7671b9a97
commit 3dfe5b8558
No known key found for this signature in database
6 changed files with 85 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

9
keydirectory/keyentry.go Normal file
View file

@ -0,0 +1,9 @@
package keydirectory
import "crypto"
type KeyEntry struct {
Alg string
PublicKey crypto.PublicKey
UserId string
}

20
main.go
View file

@ -13,6 +13,7 @@ import (
"crispbyte.dev/sig-auth/client" "crispbyte.dev/sig-auth/client"
"crispbyte.dev/sig-auth/server" "crispbyte.dev/sig-auth/server"
"crispbyte.dev/sig-auth/sqlite_directory"
"github.com/opencontainers/go-digest" "github.com/opencontainers/go-digest"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
@ -92,13 +93,15 @@ func runClient(keyFile *string, simulateCaddy bool) {
} }
func runServer(keyFile *string, simulateCaddy bool) { func runServer(keyFile *string, simulateCaddy bool) {
key, err := loadPublicKey(*keyFile) key, alg, err := loadPublicKey(*keyFile)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
server.Start(key, simulateCaddy) keyDir := sqlite_directory.CreateDirectory(alg, key)
server.Start(simulateCaddy, keyDir)
} }
func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) { func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
@ -111,14 +114,21 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
return ssh.ParseRawPrivateKey(keyBytes) return ssh.ParseRawPrivateKey(keyBytes)
} }
func loadPublicKey(keyFile string) (crypto.PublicKey, error) { func loadPublicKey(keyFile string) (crypto.PublicKey, string, error) {
keyBytes, err := os.ReadFile(keyFile) keyBytes, err := os.ReadFile(keyFile)
if err != nil { if err != nil {
return nil, err return nil, "", err
} }
pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes) pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err var alg string
switch pk.Type() {
case "ssh-ed25519":
alg = "ed25519"
}
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
} }

40
server/key_directory.go
View file

@ -1,40 +0,0 @@
package server
import (
"context"
"crypto"
"crypto/ed25519"
"fmt"
"github.com/common-fate/httpsig/alg_ed25519"
"github.com/common-fate/httpsig/verifier"
)
type KeyEntry struct {
alg string
publicKey crypto.PublicKey
userId string
}
type InMemoryDirectory struct {
records map[string]KeyEntry
}
func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
entry := dir.records[keyId]
var alg verifier.Algorithm
var err error
switch entry.alg {
case "ed25519":
alg = alg_ed25519.Ed25519{
PublicKey: entry.publicKey.(ed25519.PublicKey),
Attrs: entry.userId,
}
default:
err = fmt.Errorf("unknown algoritm: %s", entry.alg)
}
return alg, err
}

18
server/server.go
View file

@ -2,32 +2,20 @@ package server
import ( import (
"context" "context"
"crypto"
"fmt" "fmt"
"net/http" "net/http"
"github.com/common-fate/httpsig" "github.com/common-fate/httpsig"
"github.com/common-fate/httpsig/inmemory" "github.com/common-fate/httpsig/inmemory"
"github.com/common-fate/httpsig/verifier"
) )
func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error { func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
keyDir := InMemoryDirectory{
records: map[string]KeyEntry{},
}
keyId := "test-id"
keyDir.records[keyId] = KeyEntry{
alg: "ed25519",
publicKey: publicKey,
userId: "test_user",
}
mux := http.NewServeMux() mux := http.NewServeMux()
verifier := httpsig.Middleware(httpsig.MiddlewareOpts{ verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
NonceStorage: inmemory.NewNonceStorage(), NonceStorage: inmemory.NewNonceStorage(),
KeyDirectory: &keyDir, KeyDirectory: keyDir,
Tag: "auth", Tag: "auth",
Scheme: "http", Scheme: "http",
Authority: "localhost:8080", Authority: "localhost:8080",

23
sqlite_directory/create_directory.go Normal file
View file

@ -0,0 +1,23 @@
package sqlite_directory
import (
"crypto"
"crispbyte.dev/sig-auth/keydirectory"
)
func CreateDirectory(alg string, publicKey crypto.PublicKey) InMemoryDirectory {
keyDir := InMemoryDirectory{
records: map[string]keydirectory.KeyEntry{},
}
keyId := "test-id"
keyDir.records[keyId] = keydirectory.KeyEntry{
Alg: alg,
PublicKey: publicKey,
UserId: "test_user",
}
return keyDir
}

35
sqlite_directory/sqlite_directory.go Normal file
View file

@ -0,0 +1,35 @@
package sqlite_directory
import (
"context"
"crypto/ed25519"
"fmt"
"github.com/common-fate/httpsig/alg_ed25519"
"github.com/common-fate/httpsig/verifier"
"crispbyte.dev/sig-auth/keydirectory"
)
type InMemoryDirectory struct {
records map[string]keydirectory.KeyEntry
}
func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
entry := dir.records[keyId]
var alg verifier.Algorithm
var err error
switch entry.Alg {
case "ed25519":
alg = alg_ed25519.Ed25519{
PublicKey: entry.PublicKey.(ed25519.PublicKey),
Attrs: entry.UserId,
}
default:
err = fmt.Errorf("unknown algoritm: %s", entry.Alg)
}
return alg, err
}