Separate out key directory
This commit is contained in:
parent
b7671b9a97
commit
3dfe5b8558
6 changed files with 85 additions and 60 deletions
9
keydirectory/keyentry.go
Normal file
9
keydirectory/keyentry.go
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
package keydirectory
|
||||
|
||||
import "crypto"
|
||||
|
||||
type KeyEntry struct {
|
||||
Alg string
|
||||
PublicKey crypto.PublicKey
|
||||
UserId string
|
||||
}
|
||||
20
main.go
20
main.go
|
|
@ -13,6 +13,7 @@ import (
|
|||
|
||||
"crispbyte.dev/sig-auth/client"
|
||||
"crispbyte.dev/sig-auth/server"
|
||||
"crispbyte.dev/sig-auth/sqlite_directory"
|
||||
"github.com/opencontainers/go-digest"
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
|
@ -92,13 +93,15 @@ func runClient(keyFile *string, simulateCaddy bool) {
|
|||
}
|
||||
|
||||
func runServer(keyFile *string, simulateCaddy bool) {
|
||||
key, err := loadPublicKey(*keyFile)
|
||||
key, alg, err := loadPublicKey(*keyFile)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
server.Start(key, simulateCaddy)
|
||||
keyDir := sqlite_directory.CreateDirectory(alg, key)
|
||||
|
||||
server.Start(simulateCaddy, keyDir)
|
||||
}
|
||||
|
||||
func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
|
||||
|
|
@ -111,14 +114,21 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
|
|||
return ssh.ParseRawPrivateKey(keyBytes)
|
||||
}
|
||||
|
||||
func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
|
||||
func loadPublicKey(keyFile string) (crypto.PublicKey, string, error) {
|
||||
keyBytes, err := os.ReadFile(keyFile)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
|
||||
|
||||
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
|
||||
var alg string
|
||||
|
||||
switch pk.Type() {
|
||||
case "ssh-ed25519":
|
||||
alg = "ed25519"
|
||||
}
|
||||
|
||||
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"crypto/ed25519"
|
||||
"fmt"
|
||||
|
||||
"github.com/common-fate/httpsig/alg_ed25519"
|
||||
"github.com/common-fate/httpsig/verifier"
|
||||
)
|
||||
|
||||
type KeyEntry struct {
|
||||
alg string
|
||||
publicKey crypto.PublicKey
|
||||
userId string
|
||||
}
|
||||
|
||||
type InMemoryDirectory struct {
|
||||
records map[string]KeyEntry
|
||||
}
|
||||
|
||||
func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
|
||||
entry := dir.records[keyId]
|
||||
|
||||
var alg verifier.Algorithm
|
||||
var err error
|
||||
|
||||
switch entry.alg {
|
||||
case "ed25519":
|
||||
alg = alg_ed25519.Ed25519{
|
||||
PublicKey: entry.publicKey.(ed25519.PublicKey),
|
||||
Attrs: entry.userId,
|
||||
}
|
||||
default:
|
||||
err = fmt.Errorf("unknown algoritm: %s", entry.alg)
|
||||
}
|
||||
|
||||
return alg, err
|
||||
}
|
||||
|
|
@ -2,32 +2,20 @@ package server
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/common-fate/httpsig"
|
||||
"github.com/common-fate/httpsig/inmemory"
|
||||
"github.com/common-fate/httpsig/verifier"
|
||||
)
|
||||
|
||||
func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error {
|
||||
keyDir := InMemoryDirectory{
|
||||
records: map[string]KeyEntry{},
|
||||
}
|
||||
|
||||
keyId := "test-id"
|
||||
|
||||
keyDir.records[keyId] = KeyEntry{
|
||||
alg: "ed25519",
|
||||
publicKey: publicKey,
|
||||
userId: "test_user",
|
||||
}
|
||||
|
||||
func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
|
||||
mux := http.NewServeMux()
|
||||
|
||||
verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
|
||||
NonceStorage: inmemory.NewNonceStorage(),
|
||||
KeyDirectory: &keyDir,
|
||||
KeyDirectory: keyDir,
|
||||
Tag: "auth",
|
||||
Scheme: "http",
|
||||
Authority: "localhost:8080",
|
||||
|
|
|
|||
23
sqlite_directory/create_directory.go
Normal file
23
sqlite_directory/create_directory.go
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
package sqlite_directory
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
|
||||
"crispbyte.dev/sig-auth/keydirectory"
|
||||
)
|
||||
|
||||
func CreateDirectory(alg string, publicKey crypto.PublicKey) InMemoryDirectory {
|
||||
keyDir := InMemoryDirectory{
|
||||
records: map[string]keydirectory.KeyEntry{},
|
||||
}
|
||||
|
||||
keyId := "test-id"
|
||||
|
||||
keyDir.records[keyId] = keydirectory.KeyEntry{
|
||||
Alg: alg,
|
||||
PublicKey: publicKey,
|
||||
UserId: "test_user",
|
||||
}
|
||||
|
||||
return keyDir
|
||||
}
|
||||
35
sqlite_directory/sqlite_directory.go
Normal file
35
sqlite_directory/sqlite_directory.go
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
package sqlite_directory
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/ed25519"
|
||||
"fmt"
|
||||
|
||||
"github.com/common-fate/httpsig/alg_ed25519"
|
||||
"github.com/common-fate/httpsig/verifier"
|
||||
|
||||
"crispbyte.dev/sig-auth/keydirectory"
|
||||
)
|
||||
|
||||
type InMemoryDirectory struct {
|
||||
records map[string]keydirectory.KeyEntry
|
||||
}
|
||||
|
||||
func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
|
||||
entry := dir.records[keyId]
|
||||
|
||||
var alg verifier.Algorithm
|
||||
var err error
|
||||
|
||||
switch entry.Alg {
|
||||
case "ed25519":
|
||||
alg = alg_ed25519.Ed25519{
|
||||
PublicKey: entry.PublicKey.(ed25519.PublicKey),
|
||||
Attrs: entry.UserId,
|
||||
}
|
||||
default:
|
||||
err = fmt.Errorf("unknown algoritm: %s", entry.Alg)
|
||||
}
|
||||
|
||||
return alg, err
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue