added code for token issuance and verification
This commit is contained in:
@ -1,8 +1,10 @@
|
||||
package main
|
||||
|
||||
import "crypto/rsa"
|
||||
import "crypto/tls"
|
||||
import "crypto/x509"
|
||||
import "encoding/base64"
|
||||
import "encoding/pem"
|
||||
import "errors"
|
||||
import "fmt"
|
||||
import "hodu"
|
||||
@ -49,6 +51,8 @@ type AuthConfig struct {
|
||||
Realm string `yaml:"realm"`
|
||||
Creds []string `yaml:"credentials"`
|
||||
TokenTtl string `yaml:"token-ttl"`
|
||||
TokenRsaKeyText string `yaml:"token-rsa-key-text"`
|
||||
TokenRsaKeyFile string `yaml:"token-rsa-key-file"`
|
||||
}
|
||||
|
||||
type CTLServiceConfig struct {
|
||||
@ -346,11 +350,14 @@ func make_tls_client_config(cfg *ClientTLSConfig) (*tls.Config, error) {
|
||||
}
|
||||
|
||||
// --------------------------------------------------------------------
|
||||
func make_server_basic_auth_config(cfg *AuthConfig) (*hodu.ServerAuthConfig, error) {
|
||||
func make_server_auth_config(cfg *AuthConfig) (*hodu.ServerAuthConfig, error) {
|
||||
var config hodu.ServerAuthConfig
|
||||
var cred string
|
||||
var b []byte
|
||||
var x []string
|
||||
var rsa_key_text []byte
|
||||
var rk *rsa.PrivateKey
|
||||
var pb *pem.Block
|
||||
var err error
|
||||
|
||||
config.Enabled = cfg.Enabled
|
||||
@ -361,6 +368,7 @@ func make_server_basic_auth_config(cfg *AuthConfig) (*hodu.ServerAuthConfig, err
|
||||
return nil, fmt.Errorf("invalid token ttl %s - %s", cred, err)
|
||||
}
|
||||
|
||||
// convert user credentials
|
||||
for _, cred = range cfg.Creds {
|
||||
b, err = base64.StdEncoding.DecodeString(cred)
|
||||
if err == nil { cred = string(b) }
|
||||
@ -368,11 +376,33 @@ func make_server_basic_auth_config(cfg *AuthConfig) (*hodu.ServerAuthConfig, err
|
||||
// each entry must be of the form username:password
|
||||
x = strings.Split(cred, ":")
|
||||
if len(x) != 2 {
|
||||
return nil, fmt.Errorf("invalid basic auth credential - %s", cred)
|
||||
return nil, fmt.Errorf("invalid auth credential - %s", cred)
|
||||
}
|
||||
|
||||
config.Creds[x[0]] = x[1]
|
||||
}
|
||||
|
||||
|
||||
// load rsa key
|
||||
if cfg.TokenRsaKeyText == "" && cfg.TokenRsaKeyFile != "" {
|
||||
rsa_key_text, err = os.ReadFile(cfg.TokenRsaKeyFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to read %s - %s", cfg.TokenRsaKeyFile, err.Error())
|
||||
}
|
||||
}
|
||||
if len(rsa_key_text) == 0 { rsa_key_text = []byte(cfg.TokenRsaKeyText) }
|
||||
if len(rsa_key_text) == 0 { rsa_key_text = hodu_rsa_key_text }
|
||||
|
||||
pb, b = pem.Decode(rsa_key_text)
|
||||
if pb == nil || len(b) > 0 {
|
||||
return nil, fmt.Errorf("invalid token rsa key text %s - no block or too many blocks", string(rsa_key_text))
|
||||
}
|
||||
|
||||
rk, err = x509.ParsePKCS1PrivateKey(pb.Bytes)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid token rsa key text %s - %s", string(rsa_key_text), err.Error())
|
||||
}
|
||||
|
||||
config.TokenRsaKey = rk
|
||||
return &config, nil
|
||||
}
|
||||
|
||||
@ -23,6 +23,8 @@ var HODU_VERSION string = "0.0.0"
|
||||
var hodu_tls_cert_text []byte
|
||||
//go:embed tls.key
|
||||
var hodu_tls_key_text []byte
|
||||
//go:embed rsa.key
|
||||
var hodu_rsa_key_text []byte
|
||||
|
||||
// --------------------------------------------------------------------
|
||||
type signal_handler struct {
|
||||
@ -125,7 +127,7 @@ func server_main(ctl_addrs []string, rpc_addrs []string, pxy_addrs []string, wpx
|
||||
if len(config.PxyAddrs) <= 0 { config.PxyAddrs = cfg.PXY.Service.Addrs }
|
||||
if len(config.WpxAddrs) <= 0 { config.WpxAddrs = cfg.WPX.Service.Addrs }
|
||||
|
||||
config.CtlAuth, err = make_server_basic_auth_config(&cfg.CTL.Service.Auth)
|
||||
config.CtlAuth, err = make_server_auth_config(&cfg.CTL.Service.Auth)
|
||||
if err != nil { return err }
|
||||
|
||||
config.CtlPrefix = cfg.CTL.Service.Prefix
|
||||
|
||||
27
cmd/rsa.key
Normal file
27
cmd/rsa.key
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAsTC9roInjDzu12tjv1CsOM4jvuB6/5vv+cmOMF5GLMVTnJCW
|
||||
6U9onsOi6iN2rzlf5glkjdtijXCPL6QEX3YLYPD4NFCiOGIPhCHjWC4nBjI7LEEm
|
||||
0SqrArMhPiyYLmnkA961a7mDw9dcr5JQBDq2ZyTe917N229Jr4PCZbHLboOxNlp3
|
||||
QLSyxE5tfKZea53qm8SUF8maBvnOH8igvuYOek3iRMg3T+GoxCqy2gE1qznvwsaK
|
||||
PdmTTzbIbc7XNU7t5yT6fZTvjUqs4WBuHqud4unE//KAT5vfxDdQFGcb45oMwxcK
|
||||
bf03w4ZsBNvAcgCkWW+ophEOZRPkKrluHjVdNwIDAQABAoIBAARZ/5aNEL6TcoQs
|
||||
2X7F0uz0NxGFfs/POxYF2q2aaxvHXtXOAT7KmfWoNVSNuWj1PkMugN8w/5scpA+V
|
||||
9huIESB42oeiYVGEKwBiOqycOY4f5q8gDH1/kEKZNpxJyRT+ucBUlF0IadGB9P9E
|
||||
1x07eeZPlAA8Pk8AzSz3zerkcmwM2lYYG851QyuiiTReSec3LLDcJvG5xAXZrIY0
|
||||
Zwm7qv8uvjJGqMVYlywMnRngeNywP9ZaOJ38vdmWMu4bBF+QwydOAB9A7O9zluDZ
|
||||
wK7OBedAZkRT15luZ1lkuTrKVZEaugD8dbt6BBLuhbPRRGuFb4WoNaVI3CRu9RSX
|
||||
72gYkRECgYEA9x0IAFGc8DmCHOP/S+uy0VjvLGYh4QN3/0UOLRvoREzF0FtAxqci
|
||||
bPASGmSCJEDL93JNjlxhITDUUawyOGRgAAXyAkE9MWmv18+pfTNTDeoaeXsBqcLz
|
||||
f9LCNc3mCx93tvCK7gfIYs8Ef0QKfdrsQwMGlutgXmjE+pexNXPFWEcCgYEAt4/8
|
||||
gsXi7tsCQp1YiP7VFZjoXSLejq+7pQrGV58PzlZKiOH/M5S6YS8wgm5oIEMLq2UP
|
||||
nUn+FBCJ/I2b6HIdVq/Jr77XHcBFSZZEQbXe2gxTTucj6BTja1kSEilOquaaPvbR
|
||||
WEs0+50rsgH0nLqSbMZZRkxOAUu9nObFvHA6O5ECgYEAzzd8+id13suam/dkoZlo
|
||||
PbzB8w1B45oxCdIybQk13/AxAONEklCcwZUe2RrnNtdPMpSbDIHSwS5dHI+1HSyu
|
||||
g9Z4dgOW+NSTK/lrOx3Ky6Q/xxaq8lwULF/jk5KxESq2DKXxGmFUW+cU8lNwKNFn
|
||||
xVnIMM335bMdWrXRV+1Y0wkCgYBbXYOl47Esij35wi+LIKwW7+DYWr7D7pxLba2D
|
||||
d1x6q2C1+Sb5GZIbRU2z3hhd1oE8cjTvaSDaA9Fqr2FmtUX9G8obe7W+zTCvi+e1
|
||||
fTzK80+T+mBY5+y6Rb9E4uKRFe64YEma1PQuOPDCzU5fpE21bpSI9PnukzBxpDvP
|
||||
q1yQwQKBgQCXiW8UghuwIp3INFzBTedBHNKBwRd82ZIhBWLcgWxC/EyWsRRFpJj4
|
||||
HlVRYOvi2Q3DV6+Yn8zg3OeBhudGfCRCTkENbzAalcWqr9qb3Q4y26tZZQ9yNKk1
|
||||
jJ2OfVw4K/6L49iVNF/2kLdbRebQXwngQUmiZSai5MlrHOFYkkiwaA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user