diff --git a/internal/di/security.go b/internal/di/security.go index 90ad0ee..8407295 100644 --- a/internal/di/security.go +++ b/internal/di/security.go @@ -4,11 +4,11 @@ import ( "crypto/rand" "crypto/rsa" "crypto/x509" - "encoding/base64" "encoding/pem" - "strings" + "errors" + "log/slog" - signerClient "ely.by/chrly/internal/client/signer" + "ely.by/chrly/internal/client/signer" "ely.by/chrly/internal/http" "ely.by/chrly/internal/security" @@ -19,47 +19,41 @@ import ( var securityDiOptions = di.Options( di.Provide(newSigner, di.As(new(http.Signer)), - di.As(new(signerClient.Signer)), + di.As(new(signer.Signer)), ), di.Provide(newSignerService), ) func newSigner(config *viper.Viper) (*security.Signer, error) { + var privateKey *rsa.PrivateKey + var err error + keyStr := config.GetString("chrly.signing.key") if keyStr == "" { - // TODO: log a message about the generated signing key and the way to specify it permanently - privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + privateKey, err = rsa.GenerateKey(rand.Reader, 2048) if err != nil { return nil, err } - return security.NewSigner(privateKey), nil - } - - var keyBytes []byte - if strings.HasPrefix(keyStr, "base64:") { - base64Value := keyStr[7:] - decodedKey, err := base64.URLEncoding.DecodeString(base64Value) - if err != nil { - return nil, err - } - - keyBytes = decodedKey + slog.Warn("A private signing key has been generated. To make it permanent, specify the valid RSA private key in the config parameter chrly.signing.key") } else { - keyBytes = []byte(keyStr) - } + keyBytes := []byte(keyStr) + rawPem, _ := pem.Decode(keyBytes) + if rawPem == nil { + return nil, errors.New("unable to decode pem key") + } - rawPem, _ := pem.Decode(keyBytes) - privateKey, err := x509.ParsePKCS1PrivateKey(rawPem.Bytes) - if err != nil { - return nil, err + privateKey, err = x509.ParsePKCS1PrivateKey(rawPem.Bytes) + if err != nil { + return nil, err + } } return security.NewSigner(privateKey), nil } -func newSignerService(signer signerClient.Signer) http.SignerService { - return &signerClient.LocalSigner{ - Signer: signer, +func newSignerService(s signer.Signer) http.SignerService { + return &signer.LocalSigner{ + Signer: s, } }