- commit
- 001a4b4
- parent
- b1e4a0c
- author
- cheddar
- date
- 2025-02-21 04:53:18 +0100 CET
Add support for more key types
14 files changed,
+98,
-48
+7,
-2
1@@ -3,6 +3,7 @@ package client
2 import (
3 "bytes"
4 "encoding/json"
5+ "fmt"
6 "io"
7 "net/http"
8 "net/url"
9@@ -37,7 +38,11 @@ func RegisterKey(baseUrl *url.URL, key string, userId string) (string, error) {
10 return "", err
11 }
12
13- keyId := string(out[:])
14+ bodyContent := string(out[:])
15
16- return keyId, nil
17+ if resp.StatusCode >= 300 {
18+ return "", fmt.Errorf("bad status: %d - %s", resp.StatusCode, bodyContent)
19+ }
20+
21+ return bodyContent, nil
22 }
A
ecdsa
+9,
-0
1@@ -0,0 +1,9 @@
2+-----BEGIN OPENSSH PRIVATE KEY-----
3+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
4+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQl8nqmx9kQiMeVUceyDaSx7UGOVNxJ
5+2ZZehRHZxrnYEj3aYBw9FjFuMwDLsPYhe2b6Blz/+LsMlVxJNlCAazudAAAAqJWu9DKVrv
6+QyAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXyeqbH2RCIx5VR
7+x7INpLHtQY5U3EnZll6FEdnGudgSPdpgHD0WMW4zAMuw9iF7ZvoGXP/4uwyVXEk2UIBrO5
8+0AAAAgXFjJ/LBbKff2oeiOpzrnuhbXL2731pCneA5IrvJLChMAAAAMamFtaWVAYXRoZW5h
9+AQIDBA==
10+-----END OPENSSH PRIVATE KEY-----
+1,
-0
1@@ -0,0 +1 @@
2+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXyeqbH2RCIx5VRx7INpLHtQY5U3EnZll6FEdnGudgSPdpgHD0WMW4zAMuw9iF7ZvoGXP/4uwyVXEk2UIBrO50= jamie@athena
R testkey =>
ed25519
+0,
-0
R testkey.pub =>
ed25519.pub
+0,
-0
+1,
-2
1@@ -28,7 +28,7 @@ func (dir inMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string)
2 return entry.toAlg()
3 }
4
5-func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
6+func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, userId string) (string, error) {
7 keyId, err := generateKeyId()
8
9 if err != nil {
10@@ -36,7 +36,6 @@ func (dir inMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userI
11 }
12
13 dir.records[keyId] = keyEntry{
14- Alg: alg,
15 PublicKey: key,
16 UserId: userId,
17 }
+18,
-4
1@@ -2,15 +2,19 @@ package keydirectory
2
3 import (
4 "crypto"
5+ "crypto/ecdsa"
6 "crypto/ed25519"
7+ "crypto/rsa"
8 "fmt"
9+ "reflect"
10
11+ "github.com/common-fate/httpsig/alg_ecdsa"
12 "github.com/common-fate/httpsig/alg_ed25519"
13+ "github.com/common-fate/httpsig/alg_rsa"
14 "github.com/common-fate/httpsig/verifier"
15 )
16
17 type keyEntry struct {
18- Alg string
19 PublicKey crypto.PublicKey
20 UserId string
21 }
22@@ -19,14 +23,24 @@ func (k keyEntry) toAlg() (verifier.Algorithm, error) {
23 var alg verifier.Algorithm
24 var err error
25
26- switch k.Alg {
27- case "ed25519":
28+ switch k.PublicKey.(type) {
29+ case ed25519.PublicKey:
30 alg = alg_ed25519.Ed25519{
31 PublicKey: k.PublicKey.(ed25519.PublicKey),
32 Attrs: k.UserId,
33 }
34+ case *rsa.PublicKey:
35+ alg = alg_rsa.RSAPKCS256{
36+ PublicKey: k.PublicKey.(*rsa.PublicKey),
37+ Attrs: k.UserId,
38+ }
39+ case *ecdsa.PublicKey:
40+ alg = alg_ecdsa.P256{
41+ PublicKey: k.PublicKey.(*ecdsa.PublicKey),
42+ Attrs: k.UserId,
43+ }
44 default:
45- err = fmt.Errorf("unknown algoritm: %s", k.Alg)
46+ err = fmt.Errorf("unknown key type: %s", reflect.TypeOf(k.PublicKey))
47 }
48
49 return alg, err
+1,
-1
1@@ -8,5 +8,5 @@ import (
2
3 type RegistrationDirectory interface {
4 verifier.KeyDirectory
5- RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error)
6+ RegisterKey(key crypto.PublicKey, userId string) (string, error)
7 }
+12,
-21
1@@ -3,9 +3,8 @@ package keydirectory
2 import (
3 "context"
4 "crypto"
5- "crypto/ed25519"
6+ "crypto/x509"
7 "database/sql"
8- "fmt"
9
10 "github.com/common-fate/httpsig/verifier"
11 _ "github.com/mattn/go-sqlite3"
12@@ -40,7 +39,7 @@ func InitSqlite(dbPath string) (*dbWrapper, error) {
13 func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
14 db := dir.db
15
16- query := "select userId, alg, publicKey from keys where keyId = ?"
17+ query := "select userId, publicKey from keys where keyId = ?"
18
19 stmt, err := db.Prepare(query)
20
21@@ -51,28 +50,23 @@ func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verif
22 defer stmt.Close()
23
24 var userId string
25- var alg string
26 var keyBytes []byte
27
28 row := stmt.QueryRow(keyId)
29
30- err = row.Scan(&userId, &alg, &keyBytes)
31+ err = row.Scan(&userId, &keyBytes)
32
33 if err != nil {
34 return nil, err
35 }
36
37- var publicKey crypto.PublicKey
38+ publicKey, err := x509.ParsePKIXPublicKey(keyBytes)
39
40- switch alg {
41- case "ed25519":
42- publicKey = ed25519.PublicKey(keyBytes)
43- default:
44- return nil, fmt.Errorf("unknown algorithm: %s", alg)
45+ if err != nil {
46+ return nil, err
47 }
48
49 keyEntry := keyEntry{
50- Alg: alg,
51 UserId: userId,
52 PublicKey: publicKey,
53 }
54@@ -80,7 +74,7 @@ func (dir *dbWrapper) GetKey(ctx context.Context, keyId string, _ string) (verif
55 return keyEntry.toAlg()
56 }
57
58-func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
59+func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, userId string) (string, error) {
60 db := dir.db
61
62 keyId, err := generateKeyId()
63@@ -89,18 +83,15 @@ func (dir *dbWrapper) RegisterKey(key crypto.PublicKey, alg string, userId strin
64 return "", err
65 }
66
67- stmt := "insert into keys(keyId, userId, alg, publicKey) values (?, ?, ?, ?)"
68+ stmt := "insert into keys(keyId, userId, publicKey) values (?, ?, ?)"
69
70- var keyBytes []byte
71+ keyBytes, err := x509.MarshalPKIXPublicKey(key)
72
73- switch alg {
74- case "ed25519":
75- keyBytes = []byte(key.(ed25519.PublicKey))
76- default:
77- return "", fmt.Errorf("unknown algorithm: %s", alg)
78+ if err != nil {
79+ return "", err
80 }
81
82- _, err = db.Exec(stmt, keyId, userId, alg, keyBytes)
83+ _, err = db.Exec(stmt, keyId, userId, keyBytes)
84
85 if err != nil {
86 return "", err
A
rsa
+38,
-0
1@@ -0,0 +1,38 @@
2+-----BEGIN OPENSSH PRIVATE KEY-----
3+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
4+NhAAAAAwEAAQAAAYEAuuE3B3FyhjNnvkfDQEn7t6E97spa4tTNKDsGUWHtVk090I4v8wXu
5+yM+fTiuU6ReSQEDGERUkyL/kS6yt7dL78GR5ApPB2LglcoKUTt34wwCaa7aapNHQ6Q5Gjy
6+Fs16NCCAd7kJLpAf6ixpptkLzChCmSYWQ7fZgSafkcnXYhlAxT11drXGFNEopMbL2hLyxt
7++C83hFiqKmBY6KyANXyiANjRcHq3Zcn/1NR0AfB5nfkdjjK6X5sNCShvlX91X4iV6BHfnQ
8+QSJmV4DGdmasBD27dpZA5MkomL6lRu8RbDMB4zCbhy6AGEX1epN1CtNmPi0raV5ifHGHbF
9+qY/BgolwQmYyZgvvtACzp2EEPEV1QMre//i+XIU3BhQUM9v8TtnvrXR1lII04nCdeaCwLb
10+Uu1NHp4BdAJgmBHiPdMoWSB91K1JDfsK07Rtvrtvu20Va+9mPLcQZAFqYa0zv0Rc/ubT++
11+2WScs+51tbpprBBY3zUeO9KMNc2m0FMmIlW8hyfJAAAFiCusRwcrrEcHAAAAB3NzaC1yc2
12+EAAAGBALrhNwdxcoYzZ75Hw0BJ+7ehPe7KWuLUzSg7BlFh7VZNPdCOL/MF7sjPn04rlOkX
13+kkBAxhEVJMi/5Eusre3S+/BkeQKTwdi4JXKClE7d+MMAmmu2mqTR0OkORo8hbNejQggHe5
14+CS6QH+osaabZC8woQpkmFkO32YEmn5HJ12IZQMU9dXa1xhTRKKTGy9oS8sbfgvN4RYqipg
15+WOisgDV8ogDY0XB6t2XJ/9TUdAHweZ35HY4yul+bDQkob5V/dV+IlegR350EEiZleAxnZm
16+rAQ9u3aWQOTJKJi+pUbvEWwzAeMwm4cugBhF9XqTdQrTZj4tK2leYnxxh2xamPwYKJcEJm
17+MmYL77QAs6dhBDxFdUDK3v/4vlyFNwYUFDPb/E7Z7610dZSCNOJwnXmgsC21LtTR6eAXQC
18+YJgR4j3TKFkgfdStSQ37CtO0bb67b7ttFWvvZjy3EGQBamGtM79EXP7m0/vtlknLPudbW6
19+aawQWN81HjvSjDXNptBTJiJVvIcnyQAAAAMBAAEAAAGACoshUSyv4u1siXpABFUIPBx/Q4
20+UsKocKCh6GZToKq2dROP6EqwfnKHI6US05SgtX54MgCZ+xQxg8d56G85eHOlFY2HHgqmr9
21+ReAjIO36Fnpmu/QB9pGV4Ug6Z+HhY6sk0xIlAQug1Ml6goz86IEV0mIMDa2bg6L8SvlQiX
22+u8Oj+VzVzzxDMDJ6wg0rPCL8iobauwTKm59AkaiwoMc7gT5ctVyaxKw5XpdqcD4oYgPm7r
23+IXYwOKulSSJ8ZSlbRGgOwGDPfTindH3rZ9r14P3XRCIaK9RtFSV4TowVwrlMW73fnCWe51
24+T1xK5TEopue7k30viR/JTO0CUnxcHBeQy4xc1TT+ojNnSg/QbN77rLLVG/v7ezYRqDUFM2
25+mEymtpNuS8uXh4TFwlUi89kROYLmRsarUvVChO1p2pRuUuVjSAz33Oqe68EmT32n44L0eC
26+lV2owKy3a0CWg+VKERrDV6O17Qv5b9FPWKgWn8kY2mUvDJ49oyMzHl6aWAVoEctp9nAAAA
27+wGmKkmMv2BavrJPH3u31PN8uAJFXGXPtS2PxhrXPYfNfT878zNCtHJ7jWaJ3758oVMxZKn
28+gpM/i6sKKKyCWHgI7DRTSEKCYT8541iAcG46UZxx0YtvX7cNYsLgYiNv8KWIaIi2qGlvH3
29+x2pxfQczdXYkMDwXn2O16TPpj5cKr8nxLL/qGSrKRvQIaN2v5d0yiQkIrT8pJnnSZ0H98F
30+j5ZCkL4624lg3qtilihoE68bUXUo3IPrEL/yHA5CLItKofCwAAAMEA5xEmu0Te3kXoLk3o
31+wi/oMNcAcl3PFH3s2xWqhySWzBQ0jx+V9vPZPmEJNsnY/wAcA2f0uQr7i8Fi5gGFQXZYm3
32+P7mnMtrNpA7DJM8UzR7FDwx8JENF24fY2dVkdT26BPNLAhNooc53251AO88iS8RAiWNrlG
33+TWZTyM/TWXZHbW+5Fu8P6f8BLQAu/2EV71YumfxbhrlqyhKRDI8hA5qxvKTdhE93I7wt31
34+QoMxbmsWrqHgqbGInhNsxhDmzdNzI7AAAAwQDPC3aEVm8gSWM52LRS1aU7hQgxCJla1dQG
35+HRAIY3AQ8JhAJV+7TRTpXEfOBM1Z7K/7w5Jz/V6KdebxAc8VIYF6SDtZJzO91xuNZbEg5P
36+tAeOMk5kK2X1a73KJPbBW5LZaxng3gj9b13f6vRSdlgzz2+4QVVbQukFwsAmGd0E8bmuPl
37+r6uKKdfhS34MDFCzEuAyuzBkDT1sIObNrMULxzDKtCSi4y5cH1jWidgglF63oYEqjJGByd
38+/fJi/N/BrWycsAAAAMamFtaWVAYXRoZW5hAQIDBAUGBw==
39+-----END OPENSSH PRIVATE KEY-----
A
rsa.pub
+1,
-0
1@@ -0,0 +1 @@
2+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC64TcHcXKGM2e+R8NASfu3oT3uylri1M0oOwZRYe1WTT3Qji/zBe7Iz59OK5TpF5JAQMYRFSTIv+RLrK3t0vvwZHkCk8HYuCVygpRO3fjDAJprtpqk0dDpDkaPIWzXo0IIB3uQkukB/qLGmm2QvMKEKZJhZDt9mBJp+RyddiGUDFPXV2tcYU0SikxsvaEvLG34LzeEWKoqYFjorIA1fKIA2NFwerdlyf/U1HQB8Hmd+R2OMrpfmw0JKG+Vf3VfiJXoEd+dBBImZXgMZ2ZqwEPbt2lkDkySiYvqVG7xFsMwHjMJuHLoAYRfV6k3UK02Y+LStpXmJ8cYdsWpj8GCiXBCZjJmC++0ALOnYQQ8RXVAyt7/+L5chTcGFBQz2/xO2e+tdHWUgjTicJ15oLAttS7U0engF0AmCYEeI90yhZIH3UrUkN+wrTtG2+u2+7bRVr72Y8txBkAWphrTO/RFz+5tP77ZZJyz7nW1ummsEFjfNR470ow1zabQUyYiVbyHJ8k= jamie@athena
+10,
-10
1@@ -77,22 +77,25 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
2 err := json.NewDecoder(r.Body).Decode(&request)
3
4 if err != nil {
5+ fmt.Println(err)
6 http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
7 return
8 }
9
10- key, alg, err := parsePublicKey(request.Key)
11+ key, err := parsePublicKey(request.Key)
12
13 if err != nil {
14+ fmt.Println(err)
15 http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
16 return
17 }
18
19- fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
20+ fmt.Printf("Registering key for %s\n", request.UserId)
21
22- keyId, err := keyDir.RegisterKey(key, alg, request.UserId)
23+ keyId, err := keyDir.RegisterKey(key, request.UserId)
24
25 if err != nil {
26+ fmt.Println(err)
27 http.Error(w, fmt.Sprintf("Server error - %s", err), 500)
28 return
29 }
30@@ -103,15 +106,12 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
31 return http.HandlerFunc(handler)
32 }
33
34-func parsePublicKey(input string) (crypto.PublicKey, string, error) {
35+func parsePublicKey(input string) (crypto.PublicKey, error) {
36 pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(input))
37
38- var alg string
39-
40- switch pk.Type() {
41- case "ssh-ed25519":
42- alg = "ed25519"
43+ if err != nil {
44+ return nil, err
45 }
46
47- return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
48+ return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
49 }
D
testkey2
+0,
-7
1@@ -1,7 +0,0 @@
2------BEGIN OPENSSH PRIVATE KEY-----
3-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
4-QyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5wAAAJA3GdxYNxnc
5-WAAAAAtzc2gtZWQyNTUxOQAAACAVBfVj2Gf8IBbU9G8nYz9Y6UQRcjdocl3CD0GKhIAt5w
6-AAAECcClGiCCayTB0yRGxnn3R26heCf966qN+YAISC4dCMERUF9WPYZ/wgFtT0bydjP1jp
7-RBFyN2hyXcIPQYqEgC3nAAAADGphbWllQGF0aGVuYQE=
8------END OPENSSH PRIVATE KEY-----
+0,
-1
1@@ -1 +0,0 @@
2-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUF9WPYZ/wgFtT0bydjP1jpRBFyN2hyXcIPQYqEgC3n jamie@athena