aboutsummaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/rpc.go68
-rw-r--r--server/server.go2
-rw-r--r--server/signer/signer.go16
3 files changed, 1 insertions, 85 deletions
diff --git a/server/rpc.go b/server/rpc.go
deleted file mode 100644
index 2d02218..0000000
--- a/server/rpc.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package server
-
-import (
- "log"
- "net"
-
- "golang.org/x/net/context"
-
- "golang.org/x/oauth2"
-
- "google.golang.org/grpc"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/metadata"
-
- "github.com/nsheridan/cashier/lib"
- "github.com/nsheridan/cashier/proto"
-)
-
-type rpcServer struct{}
-
-type key int
-
-const usernameKey key = 0
-
-func (s *rpcServer) Sign(ctx context.Context, req *proto.SignRequest) (*proto.SignResponse, error) {
- username, ok := ctx.Value(usernameKey).(string)
- if !ok {
- return nil, grpc.Errorf(codes.InvalidArgument, "Error reading username")
- }
- cert, err := keysigner.SignUserKeyFromRPC(req, username)
- if err != nil {
- return nil, grpc.Errorf(codes.InvalidArgument, err.Error())
- }
- if err := certstore.SetCert(cert); err != nil {
- log.Printf("Error recording cert: %v", err)
- }
- resp := &proto.SignResponse{
- Cert: lib.GetPublicKey(cert),
- }
- return resp, nil
-}
-
-func authInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
- md, ok := metadata.FromOutgoingContext(ctx)
- if !ok {
- return nil, grpc.Errorf(codes.Unauthenticated, "request not authenticated")
- }
- switch md["security"][0] {
- case "authorization":
- token := &oauth2.Token{
- AccessToken: md["payload"][0],
- }
- if !authprovider.Valid(token) {
- return nil, grpc.Errorf(codes.PermissionDenied, "access denied")
- }
- ctx = context.WithValue(ctx, usernameKey, authprovider.Username(token))
- authprovider.Revoke(token)
- default:
- return nil, grpc.Errorf(codes.InvalidArgument, "unknown argument")
- }
- return handler(ctx, req)
-}
-
-func runGRPCServer(l net.Listener) {
- serv := grpc.NewServer(grpc.UnaryInterceptor(authInterceptor))
- proto.RegisterSignerServer(serv, &rpcServer{})
- serv.Serve(l)
-}
diff --git a/server/server.go b/server/server.go
index 97b3c63..2995ead 100644
--- a/server/server.go
+++ b/server/server.go
@@ -41,7 +41,7 @@ func loadCerts(certFile, keyFile string) (tls.Certificate, error) {
return tls.X509KeyPair(cert, key)
}
-// Run the HTTP and RPC servers.
+// Run the HTTP server.
func Run(conf *config.Config) {
var err error
keysigner, err = signer.New(conf.SSH)
diff --git a/server/signer/signer.go b/server/signer/signer.go
index 47ff7c8..8830d50 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -10,9 +10,7 @@ import (
"go4.org/wkfs"
_ "go4.org/wkfs/gcs" // Register "/gcs/" as a wkfs.
- "github.com/golang/protobuf/ptypes"
"github.com/nsheridan/cashier/lib"
- "github.com/nsheridan/cashier/proto"
"github.com/nsheridan/cashier/server/config"
"github.com/nsheridan/cashier/server/store"
"github.com/stripe/krl"
@@ -53,20 +51,6 @@ func (s *KeySigner) setPermissions(cert *ssh.Certificate) {
}
}
-// SignUserKeyFromRPC returns a signed ssh certificate.
-func (s *KeySigner) SignUserKeyFromRPC(req *proto.SignRequest, username string) (*ssh.Certificate, error) {
- valid, err := ptypes.Timestamp(req.GetValidUntil())
- if err != nil {
- return nil, err
- }
- r := &lib.SignRequest{
- Key: string(req.GetKey()),
- ValidUntil: valid,
- Message: string(req.GetMessage()),
- }
- return s.SignUserKey(r, username)
-}
-
// SignUserKey returns a signed ssh certificate.
func (s *KeySigner) SignUserKey(req *lib.SignRequest, username string) (*ssh.Certificate, error) {
pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key))