Merge pull request #9 from ripienaar/8

(#8) support detecting if a string is a valid ed25519 key
choria-io · Feb 14, 2023 · 7f04bfd · 7f04bfd
2 parents 75e1631 + 9ed1727
commit 7f04bfd
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 7 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -5,7 +5,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go: [1.18, 1.19]
+        go: ["1.19", "1.20"]
 
     runs-on: ubuntu-latest
     steps:

diff --git a/tokens.go b/tokens.go
@@ -19,6 +19,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"regexp"
 	"strings"
 	"time"
 
@@ -28,11 +29,12 @@ import (
 )
 
 var (
-	algRS256     = jwt.SigningMethodRS256.Alg()
-	algRS384     = jwt.SigningMethodRS384.Alg()
-	algRS512     = jwt.SigningMethodRS512.Alg()
-	algEdDSA     = jwt.SigningMethodEdDSA.Alg()
-	validMethods = []string{algRS256, algRS384, algRS512, algEdDSA}
+	algRS256          = jwt.SigningMethodRS256.Alg()
+	algRS384          = jwt.SigningMethodRS384.Alg()
+	algRS512          = jwt.SigningMethodRS512.Alg()
+	algEdDSA          = jwt.SigningMethodEdDSA.Alg()
+	validMethods      = []string{algRS256, algRS384, algRS512, algEdDSA}
+	hexEncodedMatcher = regexp.MustCompile("^[0-9a-fA-F]+$")
 )
 
 const (
@@ -291,7 +293,7 @@ func getVaultIssuerPubKey(ctx context.Context, tlsc *tls.Config, key string, log
 		return nil, fmt.Errorf("did not receive a valid public key in response")
 	}
 
-	return ed25519.PublicKey(pk.PublicKey), nil
+	return pk.PublicKey, nil
 }
 
 func signWithVault(ctx context.Context, tlsc *tls.Config, key string, ss []byte, log *logrus.Entry) ([]byte, error) {
@@ -510,3 +512,12 @@ func NatsConnectionHelpers(token string, collective string, seedFile string, log
 
 	return inbox, jwth, sigh, nil
 }
+
+// IsEncodedEd25519Key determines if b holds valid characters for a hex encoded public key or seed
+func IsEncodedEd25519Key(b []byte) bool {
+	if len(b) != 64 {
+		return false
+	}
+
+	return hexEncodedMatcher.Match(b)
+}
diff --git a/tokens_test.go b/tokens_test.go
@@ -340,4 +340,38 @@ var _ = Describe("Tokens", func() {
 			Expect(claims.ExpiresAt.Time).To(BeTemporally("~", time.Now().Add(5*time.Hour), time.Second))
 		})
 	})
+
+	Describe("IsEncodedEd25519Key", func() {
+		It("Should correctly detect based on length", func() {
+			Expect(IsEncodedEd25519Key([]byte("1f5bcd09026ef84134d0963c17d6df388366a8767b418c209168dc8bb579f82b"))).To(BeTrue())
+			Expect(IsEncodedEd25519Key([]byte("1f5bcd09026ef84134d0963c17d6df388366a8767b418c209168dc8bb579f82"))).To(BeFalse())
+			Expect(IsEncodedEd25519Key([]byte("1f5bcd09026ef84134d0963c17d6df388366a8767b418c209168dc8bb579f82b2"))).To(BeFalse())
+			Expect(IsEncodedEd25519Key([]byte(""))).To(BeFalse())
+		})
+
+		It("Should detect hex strings correctly", func() {
+			var valid, invalid int
+
+			pk := []byte("1f5bcd09026ef84134d0963c17d6df388366a8767b418c209168dc8bb579f82b")
+
+			for i := 0; i < 256; i++ {
+				pk[10] = byte(i)
+
+				var isHex bool
+
+				_, err := hex.DecodeString(string(pk))
+				if err != nil {
+					invalid++
+				} else {
+					isHex = true
+					valid++
+				}
+
+				Expect(IsEncodedEd25519Key(pk)).To(Equal(isHex))
+			}
+
+			Expect(valid).To(BeNumerically(">", 1))
+			Expect(invalid).To(BeNumerically(">", 1))
+		})
+	})
 })