From 12d5b700333f5d7611e4348d0c7d18240f353362 Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Sun, 22 May 2016 20:18:11 +0100 Subject: Move binaries into cmd/ directory --- client/client_test.go | 99 --------------------------------------- client/keys.go | 82 -------------------------------- client/main.go | 127 -------------------------------------------------- 3 files changed, 308 deletions(-) delete mode 100644 client/client_test.go delete mode 100644 client/keys.go delete mode 100644 client/main.go (limited to 'client') diff --git a/client/client_test.go b/client/client_test.go deleted file mode 100644 index 492f4fc..0000000 --- a/client/client_test.go +++ /dev/null @@ -1,99 +0,0 @@ -package main - -import ( - "bytes" - "crypto/rand" - "crypto/rsa" - "encoding/json" - "fmt" - "net/http" - "net/http/httptest" - "testing" - - "github.com/nsheridan/cashier/lib" - "github.com/nsheridan/cashier/testdata" - - "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/agent" -) - -func TestLoadCert(t *testing.T) { - priv, _ := ssh.ParseRawPrivateKey(testdata.Priv) - key := priv.(*rsa.PrivateKey) - pub, _ := ssh.NewPublicKey(&key.PublicKey) - c := &ssh.Certificate{ - Key: pub, - CertType: ssh.UserCert, - ValidBefore: ssh.CertTimeInfinity, - ValidAfter: 0, - } - signer, err := ssh.NewSignerFromKey(key) - if err != nil { - t.Fatal(err) - } - c.SignCert(rand.Reader, signer) - a := agent.NewKeyring() - if err := installCert(a, c, key); err != nil { - t.Fatal(err) - } - listedKeys, err := a.List() - if err != nil { - t.Fatalf("Error reading from agent: %v", err) - } - if len(listedKeys) != 1 { - t.Fatalf("Expected 1 key, got %d", len(listedKeys)) - } - if !bytes.Equal(listedKeys[0].Marshal(), c.Marshal()) { - t.Fatal("Certs not equal") - } -} - -func TestSignGood(t *testing.T) { - res := &lib.SignResponse{ - Status: "ok", - Response: string(testdata.Cert), - } - j, _ := json.Marshal(res) - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Fprintln(w, string(j)) - })) - defer ts.Close() - *ca = ts.URL - _, err := send([]byte(`{}`), "token") - if err != nil { - t.Fatal(err) - } - k, _, _, _, err := ssh.ParseAuthorizedKey(testdata.Pub) - if err != nil { - t.Fatal(err) - } - cert, err := sign(k, "token") - if cert == nil && err != nil { - t.Fatal(err) - } -} - -func TestSignBad(t *testing.T) { - res := &lib.SignResponse{ - Status: "error", - Response: `{"response": "error"}`, - } - j, _ := json.Marshal(res) - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Fprintln(w, string(j)) - })) - defer ts.Close() - *ca = ts.URL - _, err := send([]byte(`{}`), "token") - if err != nil { - t.Fatal(err) - } - k, _, _, _, err := ssh.ParseAuthorizedKey(testdata.Pub) - if err != nil { - t.Fatal(err) - } - cert, err := sign(k, "token") - if cert != nil && err == nil { - t.Fatal(err) - } -} diff --git a/client/keys.go b/client/keys.go deleted file mode 100644 index a2f95e9..0000000 --- a/client/keys.go +++ /dev/null @@ -1,82 +0,0 @@ -package main - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/rsa" - "fmt" - - "golang.org/x/crypto/ed25519" - "golang.org/x/crypto/ssh" -) - -type key interface{} -type keyfunc func(int) (key, ssh.PublicKey, error) - -var ( - keytypes = map[string]keyfunc{ - "rsa": generateRSAKey, - "ecdsa": generateECDSAKey, - "ed25519": generateED25519Key, - } -) - -func generateED25519Key(bits int) (key, ssh.PublicKey, error) { - p, k, err := ed25519.GenerateKey(rand.Reader) - if err != nil { - return nil, nil, err - } - pub, err := ssh.NewPublicKey(p) - if err != nil { - return nil, nil, err - } - return k, pub, nil -} - -func generateRSAKey(bits int) (key, ssh.PublicKey, error) { - k, err := rsa.GenerateKey(rand.Reader, bits) - if err != nil { - return nil, nil, err - } - pub, err := ssh.NewPublicKey(&k.PublicKey) - if err != nil { - return nil, nil, err - } - return k, pub, nil -} - -func generateECDSAKey(bits int) (key, ssh.PublicKey, error) { - var curve elliptic.Curve - switch bits { - case 256: - curve = elliptic.P256() - case 384: - curve = elliptic.P384() - case 521: - curve = elliptic.P521() - default: - return nil, nil, fmt.Errorf("Unsupported key size. Valid sizes are '256', '384', '521'") - } - k, err := ecdsa.GenerateKey(curve, rand.Reader) - if err != nil { - return nil, nil, err - } - pub, err := ssh.NewPublicKey(&k.PublicKey) - if err != nil { - return nil, nil, err - } - return k, pub, nil -} - -func generateKey(keytype string, bits int) (key, ssh.PublicKey, error) { - f, ok := keytypes[keytype] - if !ok { - var valid []string - for k := range keytypes { - valid = append(valid, k) - } - return nil, nil, fmt.Errorf("Unsupported key type %s. Valid choices are %s", keytype, valid) - } - return f(bits) -} diff --git a/client/main.go b/client/main.go deleted file mode 100644 index 8bcc3e7..0000000 --- a/client/main.go +++ /dev/null @@ -1,127 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "flag" - "fmt" - "io/ioutil" - "log" - "net" - "net/http" - "os" - "time" - - "github.com/nsheridan/cashier/lib" - "github.com/pkg/browser" - "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/agent" -) - -var ( - ca = flag.String("ca", "http://localhost:10000", "CA server") - keybits = flag.Int("bits", 2048, "Key size. Ignored for ed25519 keys") - validity = flag.Duration("validity", time.Hour*24, "Key validity") - keytype = flag.String("key_type", "rsa", "Type of private key to generate - rsa, ecdsa or ed25519") -) - -func installCert(a agent.Agent, cert *ssh.Certificate, key key) error { - pubcert := agent.AddedKey{ - PrivateKey: key, - Certificate: cert, - Comment: cert.KeyId, - } - if err := a.Add(pubcert); err != nil { - return fmt.Errorf("error importing certificate: %s", err) - } - return nil -} - -func send(s []byte, token string) (*lib.SignResponse, error) { - req, err := http.NewRequest("POST", *ca+"/sign", bytes.NewReader(s)) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Add("Accept", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - return nil, err - } - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("Bad response from server: %s", resp.Status) - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, err - } - c := &lib.SignResponse{} - if err := json.Unmarshal(body, c); err != nil { - return nil, err - } - return c, nil -} - -func sign(pub ssh.PublicKey, token string) (*ssh.Certificate, error) { - marshaled := ssh.MarshalAuthorizedKey(pub) - marshaled = marshaled[:len(marshaled)-1] - s, err := json.Marshal(&lib.SignRequest{ - Key: string(marshaled), - ValidUntil: time.Now().Add(*validity), - }) - if err != nil { - return nil, err - } - resp, err := send(s, token) - if err != nil { - return nil, err - } - if resp.Status != "ok" { - return nil, fmt.Errorf("error: %s", resp.Response) - } - k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(resp.Response)) - if err != nil { - return nil, err - } - cert, ok := k.(*ssh.Certificate) - if !ok { - return nil, fmt.Errorf("did not receive a certificate from server") - } - return cert, nil -} - -func main() { - flag.Parse() - - fmt.Printf("Your browser has been opened to visit %s\n", *ca) - if err := browser.OpenURL(*ca); err != nil { - fmt.Println("Error launching web browser. Go to the link in your web browser") - } - fmt.Println("Generating new key pair") - priv, pub, err := generateKey(*keytype, *keybits) - if err != nil { - log.Fatalln("Error generating key pair: ", err) - } - - fmt.Print("Enter token: ") - var token string - fmt.Scanln(&token) - - cert, err := sign(pub, token) - if err != nil { - log.Fatalln(err) - } - sock, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")) - if err != nil { - log.Fatalln("Error connecting to agent: %s", err) - } - defer sock.Close() - a := agent.NewClient(sock) - if err := installCert(a, cert, priv); err != nil { - log.Fatalln(err) - } - fmt.Println("Certificate added.") -} -- cgit v1.2.3