Crypto: PersistField instance for ActorKey, preparing to support per-actor keys
Like the KeyFile instance, it stores just the secret key, in a plain ByteString, and generates the public key from it when decoding from the DB
This commit is contained in:
parent
3ec92679df
commit
ab105cb604
1 changed files with 27 additions and 2 deletions
|
@ -1,6 +1,6 @@
|
|||
{- This file is part of Vervis.
|
||||
-
|
||||
- Written in 2019 by fr33domlover <fr33domlover@riseup.net>.
|
||||
- Written in 2019, 2022 by fr33domlover <fr33domlover@riseup.net>.
|
||||
-
|
||||
- ♡ Copying is an act of love. Please copy, reuse and share.
|
||||
-
|
||||
|
@ -23,21 +23,27 @@ module Vervis.ActorKey
|
|||
)
|
||||
where
|
||||
|
||||
import Control.Exception.Base
|
||||
import Control.Concurrent (threadDelay)
|
||||
import Control.Concurrent.STM (TVar, modifyTVar')
|
||||
import Control.Monad (forever)
|
||||
import Control.Monad.STM (atomically)
|
||||
import Crypto.Error (throwCryptoErrorIO)
|
||||
import Crypto.Error
|
||||
import Crypto.PubKey.Ed25519 hiding (Signature)
|
||||
import Data.Bifunctor
|
||||
import Data.ByteArray (convert)
|
||||
import Data.ByteString (ByteString)
|
||||
import Data.Text (Text)
|
||||
import Data.Time.Interval (TimeInterval, microseconds)
|
||||
import Data.PEM
|
||||
import Data.X509
|
||||
import Database.Persist
|
||||
import Database.Persist.Sql
|
||||
import Network.HTTP.Signature (Signature (..))
|
||||
import System.Directory (doesFileExist)
|
||||
|
||||
import qualified Data.ByteString as B (writeFile, readFile)
|
||||
import qualified Data.Text as T
|
||||
|
||||
import Crypto.PublicVerifKey
|
||||
import Data.KeyFile
|
||||
|
@ -69,6 +75,25 @@ instance KeyFile ActorKey where
|
|||
}
|
||||
renderKey = convert . actorKeySecret
|
||||
|
||||
actorKeySecretBin :: ActorKey -> ByteString
|
||||
actorKeySecretBin = convert . actorKeySecret
|
||||
|
||||
instance PersistField ActorKey where
|
||||
toPersistValue = toPersistValue . actorKeySecretBin
|
||||
fromPersistValue v = do
|
||||
b <- fromPersistValue v :: Either Text ByteString
|
||||
secret <- bimap showError id $ eitherCryptoError $ secretKey b
|
||||
return ActorKey
|
||||
{ actorKeySecret = secret
|
||||
, actorKeyPublic = toPublic secret
|
||||
}
|
||||
where
|
||||
showError e =
|
||||
"Parsing ActorKey from DB failed: " <> T.pack (displayException e)
|
||||
|
||||
instance PersistFieldSql ActorKey where
|
||||
sqlType = sqlType . fmap actorKeySecretBin
|
||||
|
||||
{-
|
||||
-- | Ed25519 public key for signature verification. We receive these public
|
||||
-- keys from other servers and we use them to verify HTTP request signatures.
|
||||
|
|
Loading…
Reference in a new issue