Read multiline signing private key from the config and remove base64 encoding support

This commit is contained in:
ErickSkrauch 2024-03-05 13:55:31 +01:00
parent 436ff7c294
commit 528b131309
No known key found for this signature in database
GPG Key ID: 669339FCBB30EE0E

View File

@ -4,11 +4,11 @@ import (
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"encoding/base64"
"encoding/pem" "encoding/pem"
"strings" "errors"
"log/slog"
signerClient "ely.by/chrly/internal/client/signer" "ely.by/chrly/internal/client/signer"
"ely.by/chrly/internal/http" "ely.by/chrly/internal/http"
"ely.by/chrly/internal/security" "ely.by/chrly/internal/security"
@ -19,47 +19,41 @@ import (
var securityDiOptions = di.Options( var securityDiOptions = di.Options(
di.Provide(newSigner, di.Provide(newSigner,
di.As(new(http.Signer)), di.As(new(http.Signer)),
di.As(new(signerClient.Signer)), di.As(new(signer.Signer)),
), ),
di.Provide(newSignerService), di.Provide(newSignerService),
) )
func newSigner(config *viper.Viper) (*security.Signer, error) { func newSigner(config *viper.Viper) (*security.Signer, error) {
var privateKey *rsa.PrivateKey
var err error
keyStr := config.GetString("chrly.signing.key") keyStr := config.GetString("chrly.signing.key")
if keyStr == "" { if keyStr == "" {
// TODO: log a message about the generated signing key and the way to specify it permanently privateKey, err = rsa.GenerateKey(rand.Reader, 2048)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return security.NewSigner(privateKey), nil slog.Warn("A private signing key has been generated. To make it permanent, specify the valid RSA private key in the config parameter chrly.signing.key")
}
var keyBytes []byte
if strings.HasPrefix(keyStr, "base64:") {
base64Value := keyStr[7:]
decodedKey, err := base64.URLEncoding.DecodeString(base64Value)
if err != nil {
return nil, err
}
keyBytes = decodedKey
} else { } else {
keyBytes = []byte(keyStr) keyBytes := []byte(keyStr)
rawPem, _ := pem.Decode(keyBytes)
if rawPem == nil {
return nil, errors.New("unable to decode pem key")
} }
rawPem, _ := pem.Decode(keyBytes) privateKey, err = x509.ParsePKCS1PrivateKey(rawPem.Bytes)
privateKey, err := x509.ParsePKCS1PrivateKey(rawPem.Bytes)
if err != nil { if err != nil {
return nil, err return nil, err
} }
}
return security.NewSigner(privateKey), nil return security.NewSigner(privateKey), nil
} }
func newSignerService(signer signerClient.Signer) http.SignerService { func newSignerService(s signer.Signer) http.SignerService {
return &signerClient.LocalSigner{ return &signer.LocalSigner{
Signer: signer, Signer: s,
} }
} }