Separate out key directory - sig-auth.git@3dfe5b8

commit: 3dfe5b8
parent: b7671b9
author: cheddar
date: 2025-02-18 01:55:53 +0100 CET

Separate out key directory

6 files changed, +85, -60

A keydirectory/keyentry.go

M main.go

D server/key_directory.go

M server/server.go

A sqlite_directory/create_directory.go

A sqlite_directory/sqlite_directory.go

A keydirectory/keyentry.go

+9, -0

 1@@ -0,0 +1,9 @@
 2+package keydirectory
 3+
 4+import "crypto"
 5+
 6+type KeyEntry struct {
 7+	Alg       string
 8+	PublicKey crypto.PublicKey
 9+	UserId    string
10+}

M main.go

+15, -5

 1@@ -13,6 +13,7 @@ import (
 2 
 3 	"crispbyte.dev/sig-auth/client"
 4 	"crispbyte.dev/sig-auth/server"
 5+	"crispbyte.dev/sig-auth/sqlite_directory"
 6 	"github.com/opencontainers/go-digest"
 7 	"golang.org/x/crypto/ssh"
 8 )
 9@@ -92,13 +93,15 @@ func runClient(keyFile *string, simulateCaddy bool) {
10 }
11 
12 func runServer(keyFile *string, simulateCaddy bool) {
13-	key, err := loadPublicKey(*keyFile)
14+	key, alg, err := loadPublicKey(*keyFile)
15 
16 	if err != nil {
17 		log.Fatal(err)
18 	}
19 
20-	server.Start(key, simulateCaddy)
21+	keyDir := sqlite_directory.CreateDirectory(alg, key)
22+
23+	server.Start(simulateCaddy, keyDir)
24 }
25 
26 func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
27@@ -111,14 +114,21 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
28 	return ssh.ParseRawPrivateKey(keyBytes)
29 }
30 
31-func loadPublicKey(keyFile string) (crypto.PublicKey, error) {
32+func loadPublicKey(keyFile string) (crypto.PublicKey, string, error) {
33 	keyBytes, err := os.ReadFile(keyFile)
34 
35 	if err != nil {
36-		return nil, err
37+		return nil, "", err
38 	}
39 
40 	pk, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
41 
42-	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), err
43+	var alg string
44+
45+	switch pk.Type() {
46+	case "ssh-ed25519":
47+		alg = "ed25519"
48+	}
49+
50+	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
51 }

D server/key_directory.go

+0, -40

 1@@ -1,40 +0,0 @@
 2-package server
 3-
 4-import (
 5-	"context"
 6-	"crypto"
 7-	"crypto/ed25519"
 8-	"fmt"
 9-
10-	"github.com/common-fate/httpsig/alg_ed25519"
11-	"github.com/common-fate/httpsig/verifier"
12-)
13-
14-type KeyEntry struct {
15-	alg       string
16-	publicKey crypto.PublicKey
17-	userId    string
18-}
19-
20-type InMemoryDirectory struct {
21-	records map[string]KeyEntry
22-}
23-
24-func (dir *InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
25-	entry := dir.records[keyId]
26-
27-	var alg verifier.Algorithm
28-	var err error
29-
30-	switch entry.alg {
31-	case "ed25519":
32-		alg = alg_ed25519.Ed25519{
33-			PublicKey: entry.publicKey.(ed25519.PublicKey),
34-			Attrs:     entry.userId,
35-		}
36-	default:
37-		err = fmt.Errorf("unknown algoritm: %s", entry.alg)
38-	}
39-
40-	return alg, err
41-}

M server/server.go

+3, -15

 1@@ -2,32 +2,20 @@ package server
 2 
 3 import (
 4 	"context"
 5-	"crypto"
 6 	"fmt"
 7 	"net/http"
 8 
 9 	"github.com/common-fate/httpsig"
10 	"github.com/common-fate/httpsig/inmemory"
11+	"github.com/common-fate/httpsig/verifier"
12 )
13 
14-func Start(publicKey crypto.PublicKey, isCaddyAuth bool) error {
15-	keyDir := InMemoryDirectory{
16-		records: map[string]KeyEntry{},
17-	}
18-
19-	keyId := "test-id"
20-
21-	keyDir.records[keyId] = KeyEntry{
22-		alg:       "ed25519",
23-		publicKey: publicKey,
24-		userId:    "test_user",
25-	}
26-
27+func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
28 	mux := http.NewServeMux()
29 
30 	verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
31 		NonceStorage: inmemory.NewNonceStorage(),
32-		KeyDirectory: &keyDir,
33+		KeyDirectory: keyDir,
34 		Tag:          "auth",
35 		Scheme:       "http",
36 		Authority:    "localhost:8080",

A sqlite_directory/create_directory.go

+23, -0

 1@@ -0,0 +1,23 @@
 2+package sqlite_directory
 3+
 4+import (
 5+	"crypto"
 6+
 7+	"crispbyte.dev/sig-auth/keydirectory"
 8+)
 9+
10+func CreateDirectory(alg string, publicKey crypto.PublicKey) InMemoryDirectory {
11+	keyDir := InMemoryDirectory{
12+		records: map[string]keydirectory.KeyEntry{},
13+	}
14+
15+	keyId := "test-id"
16+
17+	keyDir.records[keyId] = keydirectory.KeyEntry{
18+		Alg:       alg,
19+		PublicKey: publicKey,
20+		UserId:    "test_user",
21+	}
22+
23+	return keyDir
24+}

A sqlite_directory/sqlite_directory.go

+35, -0

 1@@ -0,0 +1,35 @@
 2+package sqlite_directory
 3+
 4+import (
 5+	"context"
 6+	"crypto/ed25519"
 7+	"fmt"
 8+
 9+	"github.com/common-fate/httpsig/alg_ed25519"
10+	"github.com/common-fate/httpsig/verifier"
11+
12+	"crispbyte.dev/sig-auth/keydirectory"
13+)
14+
15+type InMemoryDirectory struct {
16+	records map[string]keydirectory.KeyEntry
17+}
18+
19+func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) (verifier.Algorithm, error) {
20+	entry := dir.records[keyId]
21+
22+	var alg verifier.Algorithm
23+	var err error
24+
25+	switch entry.Alg {
26+	case "ed25519":
27+		alg = alg_ed25519.Ed25519{
28+			PublicKey: entry.PublicKey.(ed25519.PublicKey),
29+			Attrs:     entry.UserId,
30+		}
31+	default:
32+		err = fmt.Errorf("unknown algoritm: %s", entry.Alg)
33+	}
34+
35+	return alg, err
36+}