Initial commit - test client

README.md

@@ -0,0 +1,3 @@
+# sig-auth
+
+Signature authentication service designed to be used as middleware for a reverse proxy

client/client.go

@@ -0,0 +1,39 @@
+package client
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"fmt"
+	"net/http"
+	"reflect"
+
+	"github.com/common-fate/httpsig"
+	"github.com/common-fate/httpsig/alg_ecdsa"
+	"github.com/common-fate/httpsig/alg_ed25519"
+	"github.com/common-fate/httpsig/alg_rsa"
+	"github.com/common-fate/httpsig/signer"
+)
+
+func GetSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error) {
+	var alg signer.Algorithm
+
+	switch p := key.(type) {
+	case *rsa.PrivateKey:
+		alg = alg_rsa.NewRSAPKCS256Signer(p)
+	case *ed25519.PrivateKey:
+		alg = alg_ed25519.Ed25519{PrivateKey: *p}
+	case *ecdsa.PrivateKey:
+		alg = alg_ecdsa.NewP256Signer(p)
+	default:
+		return nil, fmt.Errorf("type is unknown: %s", reflect.TypeOf(key))
+	}
+
+	client := httpsig.NewClient(httpsig.ClientOpts{
+		KeyID: keyId,
+		Alg:   alg,
+	})
+
+	return client, nil
+}

go.mod

@@ -0,0 +1,13 @@
+module crispbyte.dev/sig-auth
+
+go 1.23.4
+
+require (
+	github.com/common-fate/httpsig v0.2.1
+	golang.org/x/crypto v0.33.0
+)
+
+require (
+	github.com/dunglas/httpsfv v1.0.2 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+)

go.sum

@@ -0,0 +1,12 @@
+github.com/common-fate/httpsig v0.2.1 h1:3frYlirzDCbynvp4OleEIm7JdgvWfeNVW8KUmQHZ04w=
+github.com/common-fate/httpsig v0.2.1/go.mod h1:nMk4aBS8GDo8tiUMLqB60W6I3+BiNH5Uj437pV61Jl8=
+github.com/dunglas/httpsfv v1.0.2 h1:iERDp/YAfnojSDJ7PW3dj1AReJz4MrwbECSSE59JWL0=
+github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=

main.go

@@ -0,0 +1,56 @@
+package main
+
+import (
+	"bytes"
+	"crypto"
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+
+	"crispbyte.dev/sig-auth/client"
+	"golang.org/x/crypto/ssh"
+)
+
+func main() {
+	testData := map[string]string{"hello": "world"}
+	json_data, _ := json.Marshal(testData)
+
+	keyFile := "testkey"
+
+	key, err := loadPrivateKey(keyFile)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	client, err := client.GetSigningClient(key, "test-id")
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	resp, err := client.Post("http://localhost:8080/post", "application/json", bytes.NewBuffer(json_data))
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	defer resp.Body.Close()
+
+	var res map[string]interface{}
+
+	json.NewDecoder(resp.Body).Decode(&res)
+
+	fmt.Println(res)
+}
+
+func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
+	keyBytes, err := os.ReadFile(keyFile)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return ssh.ParseRawPrivateKey(keyBytes)
+}

shell.nix

@@ -0,0 +1,6 @@
+{ pkgs ? import <nixpkgs> {} }:
+  pkgs.mkShell {
+    nativeBuildInputs = with pkgs.buildPackages; [
+        go
+    ];
+}

testkey

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACClBMnrOEzDPIDNzMdasPn+BI6FRixvQxNTXDX7HOWOXgAAAJCI3nP3iN5z
+9wAAAAtzc2gtZWQyNTUxOQAAACClBMnrOEzDPIDNzMdasPn+BI6FRixvQxNTXDX7HOWOXg
+AAAEBpWmg8wb9vnPh9P38pGBHMqq2myayLWEY8I+8EMAIcq6UEyes4TMM8gM3Mx1qw+f4E
+joVGLG9DE1NcNfsc5Y5eAAAADGphbWllQGF0aGVuYQE=
+-----END OPENSSH PRIVATE KEY-----

testkey.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUEyes4TMM8gM3Mx1qw+f4EjoVGLG9DE1NcNfsc5Y5e test@key