From 3a7b3dd25065127ee7a6fe8f2ff4d3c2e733cc71 Mon Sep 17 00:00:00 2001 From: Captain ALM Date: Sat, 8 Jun 2024 23:57:52 +0100 Subject: [PATCH] In progress. --- key_store.go | 84 +++++++++++++++++++++++++++++++++++++---------- key_store_test.go | 47 ++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 17 deletions(-) create mode 100644 key_store_test.go diff --git a/key_store.go b/key_store.go index fa39ad2..b0a0b1a 100644 --- a/key_store.go +++ b/key_store.go @@ -2,6 +2,7 @@ package mjwt import ( "crypto/rsa" + "errors" "github.com/1f349/rsa-helper/rsaprivate" "github.com/1f349/rsa-helper/rsapublic" "os" @@ -20,8 +21,8 @@ type defaultMJwtKeyStore struct { var _ KeyStore = &defaultMJwtKeyStore{} -// NewMJwtKeyStore creates a new defaultMJwtKeyStore. -func NewMJwtKeyStore() KeyStore { +// newDefaultMJwtKeyStore creates a new defaultMJwtKeyStore. +func newDefaultMJwtKeyStore() *defaultMJwtKeyStore { return &defaultMJwtKeyStore{ rwLocker: new(sync.RWMutex), store: make(map[string]*rsa.PrivateKey), @@ -29,11 +30,16 @@ func NewMJwtKeyStore() KeyStore { } } +// NewMJwtKeyStore creates a new defaultMJwtKeyStore. +func NewMJwtKeyStore() KeyStore { + return newDefaultMJwtKeyStore() +} + // NewMJwtKeyStoreFromDirectory loads keys from a directory with the specified extensions to denote public and private // rsa keys; the kID is the filename of the key up to the first . func NewMJwtKeyStoreFromDirectory(directory string, keyPrvExt string, keyPubExt string) (KeyStore, error) { // Create empty KeyStore - ks := NewMJwtKeyStore() + ks := newDefaultMJwtKeyStore() // List directory contents dirEntries, err := os.ReadDir(directory) if err != nil { @@ -46,22 +52,66 @@ func NewMJwtKeyStoreFromDirectory(directory string, keyPrvExt string, keyPubExt lastDotIdx := strings.LastIndex(entry.Name(), ".") if firstDotIdx > 0 && lastDotIdx+1 < len(entry.Name()) { if entry.Name()[lastDotIdx+1:] == keyPrvExt { + kID := entry.Name()[:firstDotIdx] // Load rsa private key with the file name as the kID (Up to the first .) - key, err := rsaprivate.Read(path.Join(directory, entry.Name())) - if err == nil { - ks.SetKey(entry.Name()[:firstDotIdx], key) + key, err2 := rsaprivate.Read(path.Join(directory, entry.Name())) + if err2 == nil { + ks.store[kID] = key + ks.storePub[kID] = &key.PublicKey + } else { + err = err2 } } else if entry.Name()[lastDotIdx+1:] == keyPubExt { + kID := entry.Name()[:firstDotIdx] // Load rsa public key with the file name as the kID (Up to the first .) - key, err := rsapublic.Read(path.Join(directory, entry.Name())) - if err == nil { - ks.SetKeyPublic(entry.Name()[:firstDotIdx], key) + key, err2 := rsapublic.Read(path.Join(directory, entry.Name())) + if err2 == nil { + _, exs := ks.store[kID] + if !exs { + ks.store[kID] = nil + } + ks.storePub[kID] = key + } else { + err = err2 } } } } } - return ks, nil + return ks, err +} + +// ExportKeyStore saves all the keys stored in the specified KeyStore into a directory with the specified +// extensions for public and private keys +func ExportKeyStore(ks KeyStore, directory string, keyPrvExt string, keyPubExt string) error { + if ks == nil { + return errors.New("ks is nil") + } + + // Create directory + err := os.MkdirAll(directory, 0700) + if err != nil { + return err + } + + // Export all keys + for _, kID := range ks.ListKeys() { + kPrv := ks.GetKey(kID) + if kPrv != nil { + err2 := rsaprivate.Write(path.Join(directory, kID+"."+keyPrvExt), kPrv) + if err2 != nil { + err = err2 + } + } + kPub := ks.GetKeyPublic(kID) + if kPub != nil { + err2 := rsapublic.Write(path.Join(directory, kID+"."+keyPubExt), kPub) + if err2 != nil { + err = err2 + } + } + } + return err } // SetKey adds a new rsa.PrivateKey with the specified kID to the KeyStore. @@ -83,7 +133,10 @@ func (d *defaultMJwtKeyStore) SetKeyPublic(kID string, pubKey *rsa.PublicKey) bo } d.rwLocker.Lock() defer d.rwLocker.Unlock() - delete(d.store, kID) + _, exs := d.store[kID] + if !exs { + d.store[kID] = nil + } d.storePub[kID] = pubKey return true } @@ -111,6 +164,7 @@ func (d *defaultMJwtKeyStore) ListKeys() []string { i := 0 for k := range d.store { lKeys[i] = k + i++ } return lKeys } @@ -150,10 +204,6 @@ func (d *defaultMJwtKeyStore) ClearKeys() { } d.rwLocker.Lock() defer d.rwLocker.Unlock() - for k := range d.store { - delete(d.store, k) - } - for k := range d.storePub { - delete(d.storePub, k) - } + clear(d.store) + clear(d.storePub) } diff --git a/key_store_test.go b/key_store_test.go new file mode 100644 index 0000000..d79333e --- /dev/null +++ b/key_store_test.go @@ -0,0 +1,47 @@ +package mjwt + +import ( + "crypto/rand" + "crypto/rsa" + "github.com/1f349/rsa-helper/rsaprivate" + "github.com/1f349/rsa-helper/rsapublic" + "github.com/stretchr/testify/assert" + "os" + "path" + "testing" +) + +func TestNewMJwtKeyStoreFromDirectory(t *testing.T) { + t.Parallel() + tempDir, err := os.MkdirTemp("", "this-is-a-test-dir") + assert.NoError(t, err) + + const prvExt = "prv" + const pubExt = "pub" + + key1, err := rsa.GenerateKey(rand.Reader, 2048) + assert.NoError(t, err) + err = rsaprivate.Write(path.Join(tempDir, "key1.pem."+prvExt), key1) + assert.NoError(t, err) + + key2, err := rsa.GenerateKey(rand.Reader, 2048) + assert.NoError(t, err) + err = rsaprivate.Write(path.Join(tempDir, "key2.pem."+prvExt), key2) + assert.NoError(t, err) + err = rsapublic.Write(path.Join(tempDir, "key2.pem."+pubExt), &key2.PublicKey) + assert.NoError(t, err) + + key3, err := rsa.GenerateKey(rand.Reader, 2048) + assert.NoError(t, err) + err = rsapublic.Write(path.Join(tempDir, "key3.pem."+pubExt), &key3.PublicKey) + assert.NoError(t, err) + + kStore, err := NewMJwtKeyStoreFromDirectory(tempDir, "prv", "pub") + assert.NoError(t, err) + + assert.Len(t, kStore.ListKeys(), 3) + kIDsToFind := []string{"key1", "key2", "key3"} + for _, k := range kIDsToFind { + assert.Contains(t, kStore.ListKeys(), k) + } +}