Add LoadPrivateKey(s) functions

client.go

@@ -87,7 +87,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
 			return nil, err
 		}
 
-		pubkey, err = base64.StdEncoding.DecodeString(info.Pubkey)
+		pubkey, err = base64.StdEncoding.DecodeString(info.PublicKey)
 		if err != nil {
 			return nil, err
 		}
@@ -148,7 +148,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
 			return nil, err
 		}
 
-		newPubkey, err := base64.StdEncoding.DecodeString(info.Pubkey)
+		newPubkey, err := base64.StdEncoding.DecodeString(info.PublicKey)
 		if err != nil {
 			return nil, err
 		}

keys.go

@@ -102,3 +102,44 @@ func generateKeys(path string) (ed25519.PublicKey, ed25519.PrivateKey, error) {
 
 	return pub, priv, nil
 }
+
+// LoadPrivateKeys loads the private keys at all the provided paths.
+//
+// Any invalid keys are skipped.
+func LoadPrivateKeys(paths ...string) []ed25519.PrivateKey {
+	out := make([]ed25519.PrivateKey, len(paths))
+	for i, path := range paths {
+		privkey, err := LoadPrivateKey(path)
+		if err != nil {
+			continue
+		}
+		out[i] = privkey
+	}
+	return out
+}
+
+// LoadPrivateKey loads a private Ed25519 key from the given path.
+func LoadPrivateKey(path string) (ed25519.PrivateKey, error) {
+	privData, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	privBlock, _ := pem.Decode(privData)
+
+	if privBlock == nil {
+		return nil, errors.New("invalid private key data")
+	}
+
+	privkey, err := x509.ParsePKCS8PrivateKey(privBlock.Bytes)
+	if err != nil {
+		return nil, err
+	}
+
+	priv, ok := privkey.(ed25519.PrivateKey)
+	if !ok {
+		return nil, errors.New("invalid private key type")
+	}
+
+	return priv, nil
+}

server_info.go

@@ -16,10 +16,10 @@ type ServerInfoHandler struct {
 	// PreviousNames should contain any previous names this server used.
 	PreviousNames []string
 
-	// Pubkey should contain the server's public Ed25519 key.
-	Pubkey ed25519.PublicKey
-	// Privkey should contain the server's private Ed25519 key.
-	Privkey ed25519.PrivateKey
+	// PublicKey should contain the server's public Ed25519 key.
+	PublicKey ed25519.PublicKey
+	// PrivateKey should contain the server's private Ed25519 key.
+	PrivateKey ed25519.PrivateKey
 	// PreviousKeys should contain any previously-used private keys.
 	// If this is not provided when the key changes, servers will not
 	// trust the new key and all responses will be rejected.
@@ -32,7 +32,7 @@ type ServerInfoHandler struct {
 type serverInfoData struct {
 	ServerName    string   `json:"server_name"`
 	PreviousNames []string `json:"previous_names"`
-	Pubkey        string   `json:"pubkey"`
+	PublicKey     string   `json:"pubkey"`
 }
 
 // ServeHTTP implements the http.Handler interface
@@ -40,7 +40,7 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
 	data, err := json.Marshal(serverInfoData{
 		ServerName:    sih.ServerName,
 		PreviousNames: sih.PreviousNames,
-		Pubkey:        base64.StdEncoding.EncodeToString(sih.Pubkey),
+		PublicKey:     base64.StdEncoding.EncodeToString(sih.PublicKey),
 	})
 	if err != nil {
 		sih.ErrorHandler(err, res)
@@ -52,9 +52,10 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
 		res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
 	}
 
-	sig := ed25519.Sign(sih.Privkey, data)
+	sig := ed25519.Sign(sih.PrivateKey, data)
 	res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
 
+	res.Header().Set("Content-Type", "application/json")
 	_, err = res.Write(data)
 	if err != nil {
 		sih.ErrorHandler(err, res)