Implement test server
This commit is contained in:
parent
b223a25055
commit
6bc1ce6679
6 changed files with 152 additions and 6 deletions
|
|
@ -31,6 +31,7 @@ func GetSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error)
|
|||
}
|
||||
|
||||
client := httpsig.NewClient(httpsig.ClientOpts{
|
||||
Tag: "test-tag",
|
||||
KeyID: keyId,
|
||||
Alg: alg,
|
||||
})
|
||||
|
|
|
|||
53
main.go
53
main.go
|
|
@ -4,22 +4,38 @@ import (
|
|||
"bytes"
|
||||
"crypto"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
"crispbyte.dev/sig-auth/client"
|
||||
"crispbyte.dev/sig-auth/server"
|
||||
"github.com/opencontainers/go-digest"
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
func main() {
|
||||
useClient := flag.Bool("c", false, "Run client")
|
||||
|
||||
keyPath := flag.String("key", "", "Path to the private (client mode) or public (server mode) to use")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
if *useClient {
|
||||
runClient(keyPath)
|
||||
} else {
|
||||
runServer(keyPath)
|
||||
}
|
||||
}
|
||||
|
||||
func runClient(keyFile *string) {
|
||||
testData := map[string]string{"hello": "world"}
|
||||
json_data, _ := json.Marshal(testData)
|
||||
|
||||
keyFile := "testkey"
|
||||
|
||||
key, err := loadPrivateKey(keyFile)
|
||||
key, err := loadPrivateKey(*keyFile)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
|
|
@ -50,11 +66,24 @@ func main() {
|
|||
|
||||
defer resp.Body.Close()
|
||||
|
||||
var res map[string]interface{}
|
||||
out, err := io.ReadAll(resp.Body)
|
||||
|
||||
json.NewDecoder(resp.Body).Decode(&res)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
fmt.Println(res)
|
||||
fmt.Println(resp.StatusCode)
|
||||
fmt.Println(string(out[:]))
|
||||
}
|
||||
|
||||
func runServer(keyFile *string) {
|
||||
key, err := loadPublicKey(*keyFile)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
server.Start(key)
|
||||
}
|
||||
|
||||
func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
|
||||
|
|
@ -66,3 +95,15 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
|
|||
|
||||
return ssh.ParseRawPrivateKey(keyBytes)
|
||||
}
|
||||
|
||||
func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
|
||||
keyBytes, err := os.ReadFile(keyFile)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
|
||||
|
||||
return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
|
||||
}
|
||||
|
|
|
|||
40
server/key_directory.go
Normal file
40
server/key_directory.go
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"crypto/ed25519"
|
||||
"fmt"
|
||||
|
||||
"github.com/common-fate/httpsig/alg_ed25519"
|
||||
"github.com/common-fate/httpsig/verifier"
|
||||
)
|
||||
|
||||
type KeyEntry struct {
|
||||
alg string
|
||||
publicKey crypto.PublicKey
|
||||
userId string
|
||||
}
|
||||
|
||||
type InMemoryDirectory struct {
|
||||
records map[string]KeyEntry
|
||||
}
|
||||
|
||||
func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
|
||||
entry := dir.records[keyId]
|
||||
|
||||
var alg verifier.Algorithm
|
||||
var err error
|
||||
|
||||
switch entry.alg {
|
||||
case "ed25519":
|
||||
alg = alg_ed25519.Ed25519{
|
||||
PublicKey: entry.publicKey.(ed25519.PublicKey),
|
||||
Attrs: entry.userId,
|
||||
}
|
||||
default:
|
||||
err = fmt.Errorf("unknown algoritm: %s", entry.alg)
|
||||
}
|
||||
|
||||
return alg, err
|
||||
}
|
||||
56
server/server.go
Normal file
56
server/server.go
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/common-fate/httpsig"
|
||||
"github.com/common-fate/httpsig/inmemory"
|
||||
)
|
||||
|
||||
func Start(publicKey crypto.PublicKey) error {
|
||||
keyDir := InMemoryDirectory{
|
||||
records: map[string]KeyEntry{},
|
||||
}
|
||||
|
||||
keyId := "test-id"
|
||||
|
||||
keyDir.records[keyId] = KeyEntry{
|
||||
alg: "ed25519",
|
||||
publicKey: publicKey,
|
||||
userId: "test_user",
|
||||
}
|
||||
|
||||
mux := http.NewServeMux()
|
||||
|
||||
verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
|
||||
NonceStorage: inmemory.NewNonceStorage(),
|
||||
KeyDirectory: &keyDir,
|
||||
Tag: "test-tag",
|
||||
Scheme: "http",
|
||||
Authority: "localhost:8080",
|
||||
|
||||
OnValidationError: func(ctx context.Context, err error) {
|
||||
fmt.Printf("validation error: %s\n", err)
|
||||
},
|
||||
|
||||
OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
|
||||
fmt.Printf("string to sign:\n%s\n", stringToSign)
|
||||
},
|
||||
})
|
||||
|
||||
mux.Handle("/", verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Printf("Responding...\n")
|
||||
attr := httpsig.AttributesFromContext(r.Context()).(string)
|
||||
fmt.Printf("User is %s\n", attr)
|
||||
msg := fmt.Sprintf("hello, %s!", attr)
|
||||
w.Write([]byte(msg))
|
||||
fmt.Printf("Responded...\n")
|
||||
})))
|
||||
|
||||
err := http.ListenAndServe("localhost:8080", mux)
|
||||
|
||||
return err
|
||||
}
|
||||
7
testkey2
Normal file
7
testkey2
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5wAAAJA3GdxYNxnc
|
||||
WAAAAAtzc2gtZWQyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5w
|
||||
AAAECcClGiCCayTB0yRGxnn3R26heCf966qN+YAISC4dCMERUF9WPYZ/wgFtT0bydjP1jp
|
||||
RBFyN2hyXcIPQYqEgC3nAAAADGphbWllQGF0aGVuYQE=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
1
testkey2.pub
Normal file
1
testkey2.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUF9WPYZ/wgFtT0bydjP1jpRBFyN2hyXcIPQYqEgC3n jamie@athena
|
||||
Loading…
Add table
Add a link
Reference in a new issue