mirror of
https://github.com/elyby/chrly.git
synced 2024-12-24 05:59:54 +05:30
Read multiline signing private key from the config and remove base64 encoding support
This commit is contained in:
parent
436ff7c294
commit
528b131309
@ -4,11 +4,11 @@ import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
"encoding/pem"
|
||||
"strings"
|
||||
"errors"
|
||||
"log/slog"
|
||||
|
||||
signerClient "ely.by/chrly/internal/client/signer"
|
||||
"ely.by/chrly/internal/client/signer"
|
||||
"ely.by/chrly/internal/http"
|
||||
"ely.by/chrly/internal/security"
|
||||
|
||||
@ -19,47 +19,41 @@ import (
|
||||
var securityDiOptions = di.Options(
|
||||
di.Provide(newSigner,
|
||||
di.As(new(http.Signer)),
|
||||
di.As(new(signerClient.Signer)),
|
||||
di.As(new(signer.Signer)),
|
||||
),
|
||||
di.Provide(newSignerService),
|
||||
)
|
||||
|
||||
func newSigner(config *viper.Viper) (*security.Signer, error) {
|
||||
var privateKey *rsa.PrivateKey
|
||||
var err error
|
||||
|
||||
keyStr := config.GetString("chrly.signing.key")
|
||||
if keyStr == "" {
|
||||
// TODO: log a message about the generated signing key and the way to specify it permanently
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
privateKey, err = rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return security.NewSigner(privateKey), nil
|
||||
}
|
||||
|
||||
var keyBytes []byte
|
||||
if strings.HasPrefix(keyStr, "base64:") {
|
||||
base64Value := keyStr[7:]
|
||||
decodedKey, err := base64.URLEncoding.DecodeString(base64Value)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
keyBytes = decodedKey
|
||||
slog.Warn("A private signing key has been generated. To make it permanent, specify the valid RSA private key in the config parameter chrly.signing.key")
|
||||
} else {
|
||||
keyBytes = []byte(keyStr)
|
||||
}
|
||||
keyBytes := []byte(keyStr)
|
||||
rawPem, _ := pem.Decode(keyBytes)
|
||||
if rawPem == nil {
|
||||
return nil, errors.New("unable to decode pem key")
|
||||
}
|
||||
|
||||
rawPem, _ := pem.Decode(keyBytes)
|
||||
privateKey, err := x509.ParsePKCS1PrivateKey(rawPem.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
privateKey, err = x509.ParsePKCS1PrivateKey(rawPem.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return security.NewSigner(privateKey), nil
|
||||
}
|
||||
|
||||
func newSignerService(signer signerClient.Signer) http.SignerService {
|
||||
return &signerClient.LocalSigner{
|
||||
Signer: signer,
|
||||
func newSignerService(s signer.Signer) http.SignerService {
|
||||
return &signer.LocalSigner{
|
||||
Signer: s,
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user