cheddar/sig-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement test server

Browse source
This commit is contained in:
cheddar 2025-02-14 19:41:22 -05:00
parent b223a25055
commit 6bc1ce6679
No known key found for this signature in database
6 changed files with 152 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
client/client.go
View file

@ -31,6 +31,7 @@ func GetSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error)
} }
client := httpsig.NewClient(httpsig.ClientOpts{ client := httpsig.NewClient(httpsig.ClientOpts{
Tag: "test-tag",
KeyID: keyId, KeyID: keyId,
Alg: alg, Alg: alg,
}) })

53
main.go
View file

@ -4,22 +4,38 @@ import (
"bytes" "bytes"
"crypto" "crypto"
"encoding/json" "encoding/json"
"flag"
"fmt" "fmt"
"io"
"log" "log"
"net/http"
"os" "os"
"crispbyte.dev/sig-auth/client" "crispbyte.dev/sig-auth/client"
"crispbyte.dev/sig-auth/server"
"github.com/opencontainers/go-digest" "github.com/opencontainers/go-digest"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
func main() { func main() {
useClient := flag.Bool("c", false, "Run client")
keyPath := flag.String("key", "", "Path to the private (client mode) or public (server mode) to use")
flag.Parse()
if *useClient {
runClient(keyPath)
} else {
runServer(keyPath)
}
}
func runClient(keyFile *string) {
testData := map[string]string{"hello": "world"} testData := map[string]string{"hello": "world"}
json_data, _ := json.Marshal(testData) json_data, _ := json.Marshal(testData)
keyFile := "testkey" key, err := loadPrivateKey(*keyFile)
key, err := loadPrivateKey(keyFile)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -50,11 +66,24 @@ func main() {
defer resp.Body.Close() defer resp.Body.Close()
var res map[string]interface{} out, err := io.ReadAll(resp.Body)
json.NewDecoder(resp.Body).Decode(&res) if err != nil {
log.Fatal(err)
}
fmt.Println(res) fmt.Println(resp.StatusCode)
fmt.Println(string(out[:]))
}
func runServer(keyFile *string) {
key, err := loadPublicKey(*keyFile)
if err != nil {
log.Fatal(err)
}
server.Start(key)
} }
func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) { func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
@ -66,3 +95,15 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
return ssh.ParseRawPrivateKey(keyBytes) return ssh.ParseRawPrivateKey(keyBytes)
} }
func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
keyBytes, err := os.ReadFile(keyFile)
if err != nil {
return nil, err
}
pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
}

40
server/key_directory.go Normal file
View file

@ -0,0 +1,40 @@
package server
import (
"context"
"crypto"
"crypto/ed25519"
"fmt"
"github.com/common-fate/httpsig/alg_ed25519"
"github.com/common-fate/httpsig/verifier"
)
type KeyEntry struct {
alg string
publicKey crypto.PublicKey
userId string
}
type InMemoryDirectory struct {
records map[string]KeyEntry
}
func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
entry := dir.records[keyId]
var alg verifier.Algorithm
var err error
switch entry.alg {
case "ed25519":
alg = alg_ed25519.Ed25519{
PublicKey: entry.publicKey.(ed25519.PublicKey),
Attrs: entry.userId,
}
default:
err = fmt.Errorf("unknown algoritm: %s", entry.alg)
}
return alg, err
}

56
server/server.go Normal file
View file

@ -0,0 +1,56 @@
package server
import (
"context"
"crypto"
"fmt"
"net/http"
"github.com/common-fate/httpsig"
"github.com/common-fate/httpsig/inmemory"
)
func Start(publicKey crypto.PublicKey) error {
keyDir := InMemoryDirectory{
records: map[string]KeyEntry{},
}
keyId := "test-id"
keyDir.records[keyId] = KeyEntry{
alg: "ed25519",
publicKey: publicKey,
userId: "test_user",
}
mux := http.NewServeMux()
verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
NonceStorage: inmemory.NewNonceStorage(),
KeyDirectory: &keyDir,
Tag: "test-tag",
Scheme: "http",
Authority: "localhost:8080",
OnValidationError: func(ctx context.Context, err error) {
fmt.Printf("validation error: %s\n", err)
},
OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
fmt.Printf("string to sign:\n%s\n", stringToSign)
},
})
mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Printf("Responding...\n")
attr := httpsig.AttributesFromContext(r.Context()).(string)
fmt.Printf("User is %s\n", attr)
msg := fmt.Sprintf("hello, %s!", attr)
w.Write([]byte(msg))
fmt.Printf("Responded...\n")
})))
err := http.ListenAndServe("localhost:8080", mux)
return err
}

7
testkey2 Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5wAAAJA3GdxYNxnc
WAAAAAtzc2gtZWQyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5w
AAAECcClGiCCayTB0yRGxnn3R26heCf966qN+YAISC4dCMERUF9WPYZ/wgFtT0bydjP1jp
RBFyN2hyXcIPQYqEgC3nAAAADGphbWllQGF0aGVuYQE=
-----END OPENSSH PRIVATE KEY-----

1
testkey2.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUF9WPYZ/wgFtT0bydjP1jpRBFyN2hyXcIPQYqEgC3n jamie@athena