Compare commits
No commits in common. "249b99f46f466e68ecd678b8616ce181228126e7" and "a02a6fd302bcf9a5d83248a2d3b991e67bf867b7" have entirely different histories.
249b99f46f
...
a02a6fd302
@ -87,7 +87,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pubkey, err = base64.StdEncoding.DecodeString(info.PublicKey)
|
pubkey, err = base64.StdEncoding.DecodeString(info.Pubkey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -148,7 +148,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
newPubkey, err := base64.StdEncoding.DecodeString(info.PublicKey)
|
newPubkey, err := base64.StdEncoding.DecodeString(info.Pubkey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
41
keys.go
41
keys.go
@ -102,44 +102,3 @@ func generateKeys(path string) (ed25519.PublicKey, ed25519.PrivateKey, error) {
|
|||||||
|
|
||||||
return pub, priv, nil
|
return pub, priv, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadPrivateKeys loads the private keys at all the provided paths.
|
|
||||||
//
|
|
||||||
// Any invalid keys are skipped.
|
|
||||||
func LoadPrivateKeys(paths ...string) []ed25519.PrivateKey {
|
|
||||||
out := make([]ed25519.PrivateKey, len(paths))
|
|
||||||
for i, path := range paths {
|
|
||||||
privkey, err := LoadPrivateKey(path)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
out[i] = privkey
|
|
||||||
}
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// LoadPrivateKey loads a private Ed25519 key from the given path.
|
|
||||||
func LoadPrivateKey(path string) (ed25519.PrivateKey, error) {
|
|
||||||
privData, err := os.ReadFile(path)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
privBlock, _ := pem.Decode(privData)
|
|
||||||
|
|
||||||
if privBlock == nil {
|
|
||||||
return nil, errors.New("invalid private key data")
|
|
||||||
}
|
|
||||||
|
|
||||||
privkey, err := x509.ParsePKCS8PrivateKey(privBlock.Bytes)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
priv, ok := privkey.(ed25519.PrivateKey)
|
|
||||||
if !ok {
|
|
||||||
return nil, errors.New("invalid private key type")
|
|
||||||
}
|
|
||||||
|
|
||||||
return priv, nil
|
|
||||||
}
|
|
||||||
|
|||||||
@ -16,10 +16,10 @@ type ServerInfoHandler struct {
|
|||||||
// PreviousNames should contain any previous names this server used.
|
// PreviousNames should contain any previous names this server used.
|
||||||
PreviousNames []string
|
PreviousNames []string
|
||||||
|
|
||||||
// PublicKey should contain the server's public Ed25519 key.
|
// Pubkey should contain the server's public Ed25519 key.
|
||||||
PublicKey ed25519.PublicKey
|
Pubkey ed25519.PublicKey
|
||||||
// PrivateKey should contain the server's private Ed25519 key.
|
// Privkey should contain the server's private Ed25519 key.
|
||||||
PrivateKey ed25519.PrivateKey
|
Privkey ed25519.PrivateKey
|
||||||
// PreviousKeys should contain any previously-used private keys.
|
// PreviousKeys should contain any previously-used private keys.
|
||||||
// If this is not provided when the key changes, servers will not
|
// If this is not provided when the key changes, servers will not
|
||||||
// trust the new key and all responses will be rejected.
|
// trust the new key and all responses will be rejected.
|
||||||
@ -32,7 +32,7 @@ type ServerInfoHandler struct {
|
|||||||
type serverInfoData struct {
|
type serverInfoData struct {
|
||||||
ServerName string `json:"server_name"`
|
ServerName string `json:"server_name"`
|
||||||
PreviousNames []string `json:"previous_names"`
|
PreviousNames []string `json:"previous_names"`
|
||||||
PublicKey string `json:"pubkey"`
|
Pubkey string `json:"pubkey"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ServeHTTP implements the http.Handler interface
|
// ServeHTTP implements the http.Handler interface
|
||||||
@ -40,7 +40,7 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
|||||||
data, err := json.Marshal(serverInfoData{
|
data, err := json.Marshal(serverInfoData{
|
||||||
ServerName: sih.ServerName,
|
ServerName: sih.ServerName,
|
||||||
PreviousNames: sih.PreviousNames,
|
PreviousNames: sih.PreviousNames,
|
||||||
PublicKey: base64.StdEncoding.EncodeToString(sih.PublicKey),
|
Pubkey: base64.StdEncoding.EncodeToString(sih.Pubkey),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sih.ErrorHandler(err, res)
|
sih.ErrorHandler(err, res)
|
||||||
@ -52,10 +52,9 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
|||||||
res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
|
res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
|
||||||
}
|
}
|
||||||
|
|
||||||
sig := ed25519.Sign(sih.PrivateKey, data)
|
sig := ed25519.Sign(sih.Privkey, data)
|
||||||
res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
|
res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
|
||||||
|
|
||||||
res.Header().Set("Content-Type", "application/json")
|
|
||||||
_, err = res.Write(data)
|
_, err = res.Write(data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sih.ErrorHandler(err, res)
|
sih.ErrorHandler(err, res)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user