Compare commits
No commits in common. "249b99f46f466e68ecd678b8616ce181228126e7" and "a02a6fd302bcf9a5d83248a2d3b991e67bf867b7" have entirely different histories.
249b99f46f
...
a02a6fd302
@ -87,7 +87,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pubkey, err = base64.StdEncoding.DecodeString(info.PublicKey)
|
||||
pubkey, err = base64.StdEncoding.DecodeString(info.Pubkey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -148,7 +148,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
newPubkey, err := base64.StdEncoding.DecodeString(info.PublicKey)
|
||||
newPubkey, err := base64.StdEncoding.DecodeString(info.Pubkey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
41
keys.go
41
keys.go
@ -102,44 +102,3 @@ func generateKeys(path string) (ed25519.PublicKey, ed25519.PrivateKey, error) {
|
||||
|
||||
return pub, priv, nil
|
||||
}
|
||||
|
||||
// LoadPrivateKeys loads the private keys at all the provided paths.
|
||||
//
|
||||
// Any invalid keys are skipped.
|
||||
func LoadPrivateKeys(paths ...string) []ed25519.PrivateKey {
|
||||
out := make([]ed25519.PrivateKey, len(paths))
|
||||
for i, path := range paths {
|
||||
privkey, err := LoadPrivateKey(path)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
out[i] = privkey
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
// LoadPrivateKey loads a private Ed25519 key from the given path.
|
||||
func LoadPrivateKey(path string) (ed25519.PrivateKey, error) {
|
||||
privData, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
privBlock, _ := pem.Decode(privData)
|
||||
|
||||
if privBlock == nil {
|
||||
return nil, errors.New("invalid private key data")
|
||||
}
|
||||
|
||||
privkey, err := x509.ParsePKCS8PrivateKey(privBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
priv, ok := privkey.(ed25519.PrivateKey)
|
||||
if !ok {
|
||||
return nil, errors.New("invalid private key type")
|
||||
}
|
||||
|
||||
return priv, nil
|
||||
}
|
||||
|
@ -16,10 +16,10 @@ type ServerInfoHandler struct {
|
||||
// PreviousNames should contain any previous names this server used.
|
||||
PreviousNames []string
|
||||
|
||||
// PublicKey should contain the server's public Ed25519 key.
|
||||
PublicKey ed25519.PublicKey
|
||||
// PrivateKey should contain the server's private Ed25519 key.
|
||||
PrivateKey ed25519.PrivateKey
|
||||
// Pubkey should contain the server's public Ed25519 key.
|
||||
Pubkey ed25519.PublicKey
|
||||
// Privkey should contain the server's private Ed25519 key.
|
||||
Privkey ed25519.PrivateKey
|
||||
// PreviousKeys should contain any previously-used private keys.
|
||||
// If this is not provided when the key changes, servers will not
|
||||
// trust the new key and all responses will be rejected.
|
||||
@ -32,7 +32,7 @@ type ServerInfoHandler struct {
|
||||
type serverInfoData struct {
|
||||
ServerName string `json:"server_name"`
|
||||
PreviousNames []string `json:"previous_names"`
|
||||
PublicKey string `json:"pubkey"`
|
||||
Pubkey string `json:"pubkey"`
|
||||
}
|
||||
|
||||
// ServeHTTP implements the http.Handler interface
|
||||
@ -40,7 +40,7 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
||||
data, err := json.Marshal(serverInfoData{
|
||||
ServerName: sih.ServerName,
|
||||
PreviousNames: sih.PreviousNames,
|
||||
PublicKey: base64.StdEncoding.EncodeToString(sih.PublicKey),
|
||||
Pubkey: base64.StdEncoding.EncodeToString(sih.Pubkey),
|
||||
})
|
||||
if err != nil {
|
||||
sih.ErrorHandler(err, res)
|
||||
@ -52,10 +52,9 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
||||
res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
|
||||
}
|
||||
|
||||
sig := ed25519.Sign(sih.PrivateKey, data)
|
||||
sig := ed25519.Sign(sih.Privkey, data)
|
||||
res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
|
||||
|
||||
res.Header().Set("Content-Type", "application/json")
|
||||
_, err = res.Write(data)
|
||||
if err != nil {
|
||||
sih.ErrorHandler(err, res)
|
||||
|
Loading…
Reference in New Issue
Block a user