diff options
| author | Ulf Wiger <ulf@feuerlabs.com> | 2015-05-27 15:51:50 +0200 |
|---|---|---|
| committer | Ulf Wiger <ulf@feuerlabs.com> | 2015-06-10 11:28:38 +0200 |
| commit | de465588f342f6c8fd95640de04bbea16ea7e003 (patch) | |
| tree | 32b343a8b4fa5aef3b3fb1b759f76ed3f1670130 | |
| parent | 28c50bdc233ba30f73aeac9d1fba80521431a263 (diff) | |
| download | rvi_core-de465588f342f6c8fd95640de04bbea16ea7e003.tar.gz | |
added auth escript
| -rw-r--r-- | Makefile | 8 | ||||
| -rw-r--r-- | components/authorize/Makefile | 5 | ||||
| -rw-r--r-- | components/authorize/rebar.config | 2 | ||||
| -rw-r--r-- | components/authorize/src/auth.erl | 109 | ||||
| -rw-r--r-- | components/authorize/src/authorize_keys.erl | 7 |
5 files changed, 126 insertions, 5 deletions
@@ -12,10 +12,9 @@ .PHONY: all deps compile clean rpm rpmclean +VERSION=0.3.2 -VERSION=0.4.0 - -all: deps compile +all: deps compile escript deps: ./rebar get-deps @@ -23,6 +22,9 @@ deps: compile: ./rebar compile +escript: compile + (cd components/authorize && make escript) + recomp: ./rebar compile skip_deps=true diff --git a/components/authorize/Makefile b/components/authorize/Makefile index d1485c6..5e47ad4 100644 --- a/components/authorize/Makefile +++ b/components/authorize/Makefile @@ -1,4 +1,4 @@ -.PHONY: all deps compile setup clean doc +.PHONY: all deps compile setup clean doc escript NAME=authorize @@ -14,6 +14,9 @@ deps: compile: rebar compile +escript: + ERL_LIBS=$(PWD)/..:$(PWD)/../../deps:$(ERL_LIBS) rebar escriptize + recomp: rebar compile skip_deps=true diff --git a/components/authorize/rebar.config b/components/authorize/rebar.config new file mode 100644 index 0000000..9efa777 --- /dev/null +++ b/components/authorize/rebar.config @@ -0,0 +1,2 @@ +{escript_name, auth}. +{escript_incl_apps, [rvi_common, base64url, exo, lager]}. diff --git a/components/authorize/src/auth.erl b/components/authorize/src/auth.erl new file mode 100644 index 0000000..d564405 --- /dev/null +++ b/components/authorize/src/auth.erl @@ -0,0 +1,109 @@ +%% -*- mode: erlang; indent-tabs-mode: nil; -*- +-module(auth). + +-define(verbose(Fmt, Args), case verbose() of true -> + io:fwrite(Fmt, Args); + false -> + ok + end). + +-export([main/1]). + +-import(proplists, [get_value/2, get_value/3]). + +main([]) -> + help(), + halt(1); +main(Args) -> + Opts = opts(Args), + check_verbose(Opts), + {_, Cmd} = lists:keyfind(command, 1, Opts), + ?verbose("Cmd = ~p; Options = ~p~n", + [Cmd, lists:keydelete(command, 1, Opts)]), + cmd(Cmd, Opts). + +opts(["-v" , "true" |T]) -> [{verbose, true}|opts(T)]; +opts(["-v" , "false" |T]) -> [{verbose, false}|opts(T)]; +opts(["-v" |T]) -> [{verbose, true}|opts(T)]; +opts(["-pub" , PubKey |T]) -> [{pub, PubKey}|opts(T)]; +opts(["-root", RootKey |T]) -> [{root, RootKey}|opts(T)]; +opts(["-o" , OutF |T]) -> [{out, OutF}|opts(T)]; +opts(["-c" , Cert |T]) -> [{cert, Cert}|opts(T)]; +opts(["-fmt" , Fmt |T]) -> [{fmt, Fmt}|opts(T)]; +opts([Cmd]) -> + [{command, Cmd}]; +opts([]) -> + []. + +check_verbose(Opts) -> + V = get_value(verbose, Opts, false), + put({?MODULE, verbose}, V), + V. + +verbose() -> + get({?MODULE, verbose}). + +cmd("make_auth", Opts) -> + case {get_value(root, Opts), get_value(pub, Opts), get_value(fmt, Opts)} of + {undefined, _, "jwt"} -> + fail("Cannot create JWT without root key~n", []); + {_Root, undefined, "jwt"} -> + fail("Cannot create JWT without pub key~n", []); + {Root, Pub, Fmt} -> + case authorize_keys:get_key_pair_from_pem(openssl, Root) of + {undefined, undefined} -> + fail("Cannot read root key (~p)~n", [Root]); + {RPriv, _RPub} -> + case authorize_keys:get_pub_key(Pub) of + undefined -> + fail("Cannot read pub key (~p)~n", [Pub]); + PubKey -> + make_auth(RPriv, PubKey, Fmt, Opts) + end + end + end. + +make_auth(RPriv, Pub, Fmt, Opts) -> + case Fmt of + "json" -> + JSON = authorize_sig:ensure_json( + authorize_keys:public_key_to_json(Pub)), + out(JSON, Opts); + "jwt" -> + JWT = authorize_keys:signed_public_key(Pub, RPriv), + out(JWT, Opts) + end. + +out(Str, Opts) -> + case get_value(out, Opts, tty) of + tty -> + io:fwrite("~s", [Str]); + OutF when is_list(OutF) -> + case file:open(OutF, [write]) of + {ok, Fd} -> + try io:fwrite(Fd, "~s", [Str]) + after + file:close(Fd) + end; + Error -> + fail("Cannot write output (~p): ~p~n", [OutF, Error]) + end + end. + +help() -> + io:fwrite( + "Usage: " ++ excript:script_name() ++ "[Options] Cmd~n" + "Options:~n" + " -pem PemFile : Name of OpenSSL (2048 bit RSA) pem key file~n" + " -c CertFile : Name of JSON-formatted RVI Certificate~n" + " -fmt Format : Output format (json|jwt)~n" + " -o OutFile : Name of output (tty output, if not specified)~n" + "Command:~n" + " auth : ~n", []). + +fail(Fmt, Args) -> + io:fwrite(Fmt, Args), + help(), + erlang:halt(1). + + diff --git a/components/authorize/src/authorize_keys.erl b/components/authorize/src/authorize_keys.erl index 4e554b1..7618854 100644 --- a/components/authorize/src/authorize_keys.erl +++ b/components/authorize/src/authorize_keys.erl @@ -2,8 +2,11 @@ -behaviour(gen_server). -export([get_key_pair/0, + get_key_pair_from_pem/2, + get_pub_key/1, authorize_jwt/0, provisioning_key/0, + signed_public_key/2, save_keys/2]). -export([get_certificates/0, get_certificates/1]). @@ -54,6 +57,9 @@ self_signed_public_key() -> "self_provisioning_key.pem"]), {Priv, _} = get_key_pair_from_pem(openssl, Key), MyPub = authorize_rpc:public_key(), + signed_public_key(MyPub, Priv). + +signed_public_key(MyPub, Priv) -> JSON = {struct, [ {"keys", {array, [public_key_to_json(MyPub)]}} ]}, @@ -159,7 +165,6 @@ certs_by_conn(Conn) -> _='_'}}, [], [{{'$1', '$2'}}] }]), [C || {C,V} <- Certs, check_validity(V, UTC)]. - get_env(K) -> case application:get_env(rvi, K) of |