Compare commits
3 Commits
a02a6fd302
...
249b99f46f
Author | SHA1 | Date | |
---|---|---|---|
249b99f46f | |||
10fa7919b0 | |||
06fca3e3fe |
@ -87,7 +87,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pubkey, err = base64.StdEncoding.DecodeString(info.Pubkey)
|
pubkey, err = base64.StdEncoding.DecodeString(info.PublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -148,7 +148,7 @@ func (c Client) Lookup(id string) (*Descriptor, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
newPubkey, err := base64.StdEncoding.DecodeString(info.Pubkey)
|
newPubkey, err := base64.StdEncoding.DecodeString(info.PublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
41
keys.go
41
keys.go
@ -102,3 +102,44 @@ func generateKeys(path string) (ed25519.PublicKey, ed25519.PrivateKey, error) {
|
|||||||
|
|
||||||
return pub, priv, nil
|
return pub, priv, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LoadPrivateKeys loads the private keys at all the provided paths.
|
||||||
|
//
|
||||||
|
// Any invalid keys are skipped.
|
||||||
|
func LoadPrivateKeys(paths ...string) []ed25519.PrivateKey {
|
||||||
|
out := make([]ed25519.PrivateKey, len(paths))
|
||||||
|
for i, path := range paths {
|
||||||
|
privkey, err := LoadPrivateKey(path)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
out[i] = privkey
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// LoadPrivateKey loads a private Ed25519 key from the given path.
|
||||||
|
func LoadPrivateKey(path string) (ed25519.PrivateKey, error) {
|
||||||
|
privData, err := os.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
privBlock, _ := pem.Decode(privData)
|
||||||
|
|
||||||
|
if privBlock == nil {
|
||||||
|
return nil, errors.New("invalid private key data")
|
||||||
|
}
|
||||||
|
|
||||||
|
privkey, err := x509.ParsePKCS8PrivateKey(privBlock.Bytes)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
priv, ok := privkey.(ed25519.PrivateKey)
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.New("invalid private key type")
|
||||||
|
}
|
||||||
|
|
||||||
|
return priv, nil
|
||||||
|
}
|
||||||
|
@ -16,10 +16,10 @@ type ServerInfoHandler struct {
|
|||||||
// PreviousNames should contain any previous names this server used.
|
// PreviousNames should contain any previous names this server used.
|
||||||
PreviousNames []string
|
PreviousNames []string
|
||||||
|
|
||||||
// Pubkey should contain the server's public Ed25519 key.
|
// PublicKey should contain the server's public Ed25519 key.
|
||||||
Pubkey ed25519.PublicKey
|
PublicKey ed25519.PublicKey
|
||||||
// Privkey should contain the server's private Ed25519 key.
|
// PrivateKey should contain the server's private Ed25519 key.
|
||||||
Privkey ed25519.PrivateKey
|
PrivateKey ed25519.PrivateKey
|
||||||
// PreviousKeys should contain any previously-used private keys.
|
// PreviousKeys should contain any previously-used private keys.
|
||||||
// If this is not provided when the key changes, servers will not
|
// If this is not provided when the key changes, servers will not
|
||||||
// trust the new key and all responses will be rejected.
|
// trust the new key and all responses will be rejected.
|
||||||
@ -32,7 +32,7 @@ type ServerInfoHandler struct {
|
|||||||
type serverInfoData struct {
|
type serverInfoData struct {
|
||||||
ServerName string `json:"server_name"`
|
ServerName string `json:"server_name"`
|
||||||
PreviousNames []string `json:"previous_names"`
|
PreviousNames []string `json:"previous_names"`
|
||||||
Pubkey string `json:"pubkey"`
|
PublicKey string `json:"pubkey"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ServeHTTP implements the http.Handler interface
|
// ServeHTTP implements the http.Handler interface
|
||||||
@ -40,7 +40,7 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
|||||||
data, err := json.Marshal(serverInfoData{
|
data, err := json.Marshal(serverInfoData{
|
||||||
ServerName: sih.ServerName,
|
ServerName: sih.ServerName,
|
||||||
PreviousNames: sih.PreviousNames,
|
PreviousNames: sih.PreviousNames,
|
||||||
Pubkey: base64.StdEncoding.EncodeToString(sih.Pubkey),
|
PublicKey: base64.StdEncoding.EncodeToString(sih.PublicKey),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sih.ErrorHandler(err, res)
|
sih.ErrorHandler(err, res)
|
||||||
@ -52,9 +52,10 @@ func (sih ServerInfoHandler) ServeHTTP(res http.ResponseWriter, req *http.Reques
|
|||||||
res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
|
res.Header().Add("X-ProfileFed-Previous", base64.StdEncoding.EncodeToString(sig))
|
||||||
}
|
}
|
||||||
|
|
||||||
sig := ed25519.Sign(sih.Privkey, data)
|
sig := ed25519.Sign(sih.PrivateKey, data)
|
||||||
res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
|
res.Header().Set("X-ProfileFed-Sig", base64.StdEncoding.EncodeToString(sig))
|
||||||
|
|
||||||
|
res.Header().Set("Content-Type", "application/json")
|
||||||
_, err = res.Write(data)
|
_, err = res.Write(data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sih.ErrorHandler(err, res)
|
sih.ErrorHandler(err, res)
|
||||||
|
Loading…
Reference in New Issue
Block a user