Generate a random key ID on registration

commit: 09417b5
parent: 949d1fc
author: cheddar
date: 2025-02-18 03:03:31 +0100 CET

Generate a random key ID on registration

5 files changed, +47, -10

M go.mod

M go.sum

M main.go

M server/server.go

M sqlite_directory/sqlite_directory.go

M go.mod

+1, -0

1@@ -4,6 +4,7 @@ go 1.23.4
2 
3 require (
4 	github.com/common-fate/httpsig v0.2.1
5+	github.com/google/uuid v1.6.0
6 	github.com/opencontainers/go-digest v1.0.0
7 	golang.org/x/crypto v0.33.0
8 )

M go.sum

+2, -0

1@@ -4,6 +4,8 @@ github.com/dunglas/httpsfv v1.0.2 h1:iERDp/YAfnojSDJ7PW3dj1AReJz4MrwbECSSE59JWL0
2 github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
3 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
4 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
5+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
6+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
7 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
9 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=

M main.go

+26, -5

 1@@ -21,6 +21,8 @@ import (
 2 func main() {
 3 	useClient := flag.Bool("c", false, "Run client")
 4 
 5+	keyId := flag.String("id", "", "The key id to pass")
 6+
 7 	register := flag.Bool("r", false, "Register a key")
 8 
 9 	user := flag.String("user", "", "Username to register")
10@@ -32,12 +34,12 @@ func main() {
11 	flag.Parse()
12 
13 	if *useClient {
14-		if *keyPath == "" || *user == "" {
15+		if *keyPath == "" || *keyId == "" {
16 			flag.PrintDefaults()
17 			return
18 		}
19 
20-		runClient(*keyPath, *user, *simulateCaddy)
21+		runClient(*keyPath, *keyId, *simulateCaddy)
22 	} else if *register {
23 		if *keyPath == "" || *user == "" {
24 			flag.PrintDefaults()
25@@ -50,7 +52,7 @@ func main() {
26 	}
27 }
28 
29-func runClient(keyFile string, user string, simulateCaddy bool) {
30+func runClient(keyFile string, keyId string, simulateCaddy bool) {
31 	testData := map[string]string{"hello": "world"}
32 	json_data, _ := json.Marshal(testData)
33 
34@@ -60,7 +62,7 @@ func runClient(keyFile string, user string, simulateCaddy bool) {
35 		log.Fatal(err)
36 	}
37 
38-	client, err := client.GetSigningClient(key, user)
39+	client, err := client.GetSigningClient(key, keyId)
40 
41 	if err != nil {
42 		log.Fatal(err)
43@@ -135,5 +137,24 @@ func registerKey(keyFile string, userId string) {
44 
45 	json_data, _ := json.Marshal(request)
46 
47-	http.DefaultClient.Post("http://localhost:8080/register", "application/json", bytes.NewBuffer(json_data))
48+	resp, err := http.DefaultClient.Post(
49+		"http://localhost:8080/register",
50+		"application/json",
51+		bytes.NewBuffer(json_data))
52+
53+	if err != nil {
54+		log.Fatal(err)
55+	}
56+
57+	defer resp.Body.Close()
58+
59+	out, err := io.ReadAll(resp.Body)
60+
61+	if err != nil {
62+		log.Fatal(err)
63+	}
64+
65+	fmt.Println(resp.StatusCode)
66+	fmt.Println(resp.Header)
67+	fmt.Println(string(out[:]))
68 }

M server/server.go

+11, -4

 1@@ -56,10 +56,10 @@ func getDefaultHandler(isCaddyAuth bool) http.Handler {
 2 
 3 		if isCaddyAuth {
 4 			w.Header().Add("Remote-User", attr)
 5-		} else {
 6-			msg := fmt.Sprintf("hello, %s!", attr)
 7-			w.Write([]byte(msg))
 8 		}
 9+
10+		msg := fmt.Sprintf("hello, %s!", attr)
11+		w.Write([]byte(msg))
12 	}
13 
14 	return http.HandlerFunc(handler)
15@@ -90,7 +90,14 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
16 
17 		fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
18 
19-		keyDir.RegisterKey(key, alg, request.UserId)
20+		keyId, err := keyDir.RegisterKey(key, alg, request.UserId)
21+
22+		if err != nil {
23+			http.Error(w, fmt.Sprintf("Server error - %s", err), 500)
24+			return
25+		}
26+
27+		w.Write([]byte(keyId))
28 	}
29 
30 	return http.HandlerFunc(handler)

M sqlite_directory/sqlite_directory.go

+7, -1

 1@@ -9,6 +9,7 @@ import (
 2 
 3 	"github.com/common-fate/httpsig/alg_ed25519"
 4 	"github.com/common-fate/httpsig/verifier"
 5+	"github.com/google/uuid"
 6 
 7 	"crispbyte.dev/sig-auth/keydirectory"
 8 )
 9@@ -41,7 +42,12 @@ func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string)
10 }
11 
12 func (dir InMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
13-	keyId := userId
14+	uuid, err := uuid.NewRandom()
15+	keyId := uuid.String()
16+
17+	if err != nil {
18+		return "", err
19+	}
20 
21 	dir.records[keyId] = keydirectory.KeyEntry{
22 		Alg:       alg,