mirror of
https://code.sup39.dev/repos/Wqawg
synced 2025-01-14 14:25:10 +09:00
Crypto: PersistField instance for ActorKey, preparing to support per-actor keys
Like the KeyFile instance, it stores just the secret key, in a plain ByteString, and generates the public key from it when decoding from the DB
This commit is contained in:
parent
3ec92679df
commit
ab105cb604
1 changed files with 27 additions and 2 deletions
|
@ -1,6 +1,6 @@
|
||||||
{- This file is part of Vervis.
|
{- This file is part of Vervis.
|
||||||
-
|
-
|
||||||
- Written in 2019 by fr33domlover <fr33domlover@riseup.net>.
|
- Written in 2019, 2022 by fr33domlover <fr33domlover@riseup.net>.
|
||||||
-
|
-
|
||||||
- ♡ Copying is an act of love. Please copy, reuse and share.
|
- ♡ Copying is an act of love. Please copy, reuse and share.
|
||||||
-
|
-
|
||||||
|
@ -23,21 +23,27 @@ module Vervis.ActorKey
|
||||||
)
|
)
|
||||||
where
|
where
|
||||||
|
|
||||||
|
import Control.Exception.Base
|
||||||
import Control.Concurrent (threadDelay)
|
import Control.Concurrent (threadDelay)
|
||||||
import Control.Concurrent.STM (TVar, modifyTVar')
|
import Control.Concurrent.STM (TVar, modifyTVar')
|
||||||
import Control.Monad (forever)
|
import Control.Monad (forever)
|
||||||
import Control.Monad.STM (atomically)
|
import Control.Monad.STM (atomically)
|
||||||
import Crypto.Error (throwCryptoErrorIO)
|
import Crypto.Error
|
||||||
import Crypto.PubKey.Ed25519 hiding (Signature)
|
import Crypto.PubKey.Ed25519 hiding (Signature)
|
||||||
|
import Data.Bifunctor
|
||||||
import Data.ByteArray (convert)
|
import Data.ByteArray (convert)
|
||||||
import Data.ByteString (ByteString)
|
import Data.ByteString (ByteString)
|
||||||
|
import Data.Text (Text)
|
||||||
import Data.Time.Interval (TimeInterval, microseconds)
|
import Data.Time.Interval (TimeInterval, microseconds)
|
||||||
import Data.PEM
|
import Data.PEM
|
||||||
import Data.X509
|
import Data.X509
|
||||||
|
import Database.Persist
|
||||||
|
import Database.Persist.Sql
|
||||||
import Network.HTTP.Signature (Signature (..))
|
import Network.HTTP.Signature (Signature (..))
|
||||||
import System.Directory (doesFileExist)
|
import System.Directory (doesFileExist)
|
||||||
|
|
||||||
import qualified Data.ByteString as B (writeFile, readFile)
|
import qualified Data.ByteString as B (writeFile, readFile)
|
||||||
|
import qualified Data.Text as T
|
||||||
|
|
||||||
import Crypto.PublicVerifKey
|
import Crypto.PublicVerifKey
|
||||||
import Data.KeyFile
|
import Data.KeyFile
|
||||||
|
@ -69,6 +75,25 @@ instance KeyFile ActorKey where
|
||||||
}
|
}
|
||||||
renderKey = convert . actorKeySecret
|
renderKey = convert . actorKeySecret
|
||||||
|
|
||||||
|
actorKeySecretBin :: ActorKey -> ByteString
|
||||||
|
actorKeySecretBin = convert . actorKeySecret
|
||||||
|
|
||||||
|
instance PersistField ActorKey where
|
||||||
|
toPersistValue = toPersistValue . actorKeySecretBin
|
||||||
|
fromPersistValue v = do
|
||||||
|
b <- fromPersistValue v :: Either Text ByteString
|
||||||
|
secret <- bimap showError id $ eitherCryptoError $ secretKey b
|
||||||
|
return ActorKey
|
||||||
|
{ actorKeySecret = secret
|
||||||
|
, actorKeyPublic = toPublic secret
|
||||||
|
}
|
||||||
|
where
|
||||||
|
showError e =
|
||||||
|
"Parsing ActorKey from DB failed: " <> T.pack (displayException e)
|
||||||
|
|
||||||
|
instance PersistFieldSql ActorKey where
|
||||||
|
sqlType = sqlType . fmap actorKeySecretBin
|
||||||
|
|
||||||
{-
|
{-
|
||||||
-- | Ed25519 public key for signature verification. We receive these public
|
-- | Ed25519 public key for signature verification. We receive these public
|
||||||
-- keys from other servers and we use them to verify HTTP request signatures.
|
-- keys from other servers and we use them to verify HTTP request signatures.
|
||||||
|
|
Loading…
Reference in a new issue