From 976f2f5d2a4fcd8f5583eec4d8dd74aa294a0aba Mon Sep 17 00:00:00 2001 From: Leigh McCulloch Date: Fri, 5 Jun 2020 10:11:03 -0700 Subject: [PATCH] exp/services/webauth: remove old convjwt2jwk command (#2666) ### What Remove the `convjwt2jwk` command. ### Why The command was added to convert JWT keys generated with the old `genjwtkey` command into the same format as the new `genjwk` command. We no longer have any keys in the old format and do not need this command anymore. --- exp/services/webauth/README.md | 8 +--- exp/services/webauth/cmd/convjwt2jwk.go | 58 ------------------------- exp/services/webauth/main.go | 1 - exp/support/jwtkey/jwtkey.go | 54 ----------------------- exp/support/jwtkey/jwtkey_test.go | 51 ---------------------- 5 files changed, 2 insertions(+), 170 deletions(-) delete mode 100644 exp/services/webauth/cmd/convjwt2jwk.go diff --git a/exp/services/webauth/README.md b/exp/services/webauth/README.md index f08ab2b014..c49310569a 100644 --- a/exp/services/webauth/README.md +++ b/exp/services/webauth/README.md @@ -25,12 +25,8 @@ Usage: webauth [command] Available Commands: - convjwtkey2jwk Convert a JWT ECDSA private key ASN.1 DER Base64 encoded that was generated with the old genjwtkey command to a JSON Web Key - genjwk Generate a JSON Web Key (ECDSA/ES256) for JWT issuing - serve Run the SEP-10 Web Authentication server - -Flags: - -h, --help help for webauth + genjwk Generate a JSON Web Key (ECDSA/ES256) for JWT issuing + serve Run the SEP-10 Web Authentication server Use "webauth [command] --help" for more information about a command. ``` diff --git a/exp/services/webauth/cmd/convjwt2jwk.go b/exp/services/webauth/cmd/convjwt2jwk.go deleted file mode 100644 index 3dd8f82818..0000000000 --- a/exp/services/webauth/cmd/convjwt2jwk.go +++ /dev/null @@ -1,58 +0,0 @@ -package cmd - -import ( - "encoding/json" - - "github.com/spf13/cobra" - "github.com/stellar/go/exp/support/jwtkey" - supportlog "github.com/stellar/go/support/log" - "gopkg.in/square/go-jose.v2" -) - -type ConvJWTKeyToJWKCommand struct { - Logger *supportlog.Entry -} - -func (c *ConvJWTKeyToJWKCommand) Command() *cobra.Command { - cmd := &cobra.Command{ - Use: "convjwtkey2jwk [jwt-key]", - Short: "Convert a JWT ECDSA private key ASN.1 DER Base64 encoded that was generated with the old genjwtkey command to a JSON Web Key", - Run: func(_ *cobra.Command, args []string) { - c.Run(args) - }, - } - return cmd -} - -func (c *ConvJWTKeyToJWKCommand) Run(args []string) { - if len(args) != 1 { - c.Logger.Fatal("One key (ASN.1 DER Base64 encoded) must be provided.") - } - - k, err := jwtkey.PrivateKeyFromString(args[0]) - if err != nil { - c.Logger.Fatal(err) - } - - alg := jose.ES256 - - { - jwk := jose.JSONWebKey{Key: &k.PublicKey, Algorithm: string(alg)} - bytes, err := json.Marshal(jwk) - if err == nil { - c.Logger.Print("Public:", string(bytes)) - } else { - c.Logger.Print("Public:", err) - } - } - - { - jwk := jose.JSONWebKey{Key: k, Algorithm: string(alg)} - bytes, err := json.Marshal(jwk) - if err == nil { - c.Logger.Print("Private:", string(bytes)) - } else { - c.Logger.Print("Private:", err) - } - } -} diff --git a/exp/services/webauth/main.go b/exp/services/webauth/main.go index 37259c4734..fffecd8843 100644 --- a/exp/services/webauth/main.go +++ b/exp/services/webauth/main.go @@ -21,7 +21,6 @@ func main() { rootCmd.AddCommand((&cmd.ServeCommand{Logger: logger}).Command()) rootCmd.AddCommand((&cmd.GenJWKCommand{Logger: logger}).Command()) - rootCmd.AddCommand((&cmd.ConvJWTKeyToJWKCommand{Logger: logger}).Command()) err := rootCmd.Execute() if err != nil { diff --git a/exp/support/jwtkey/jwtkey.go b/exp/support/jwtkey/jwtkey.go index d234ddf595..a97e985a28 100644 --- a/exp/support/jwtkey/jwtkey.go +++ b/exp/support/jwtkey/jwtkey.go @@ -10,8 +10,6 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" - "crypto/x509" - "encoding/base64" "github.com/stellar/go/support/errors" ) @@ -26,55 +24,3 @@ func GenerateKey() (*ecdsa.PrivateKey, error) { } return k, nil } - -// PrivateKeyToString converts a ECDSA private key into a ASN.1 DER and base64 -// encoded string. -func PrivateKeyToString(k *ecdsa.PrivateKey) (string, error) { - b, err := x509.MarshalECPrivateKey(k) - if err != nil { - return "", errors.Wrap(err, "marshaling ECDSA private key") - } - return base64.StdEncoding.EncodeToString(b), nil -} - -// PublicKeyToString converts a ECDSA public key into a ASN.1 DER and base64 -// encoded string. -func PublicKeyToString(k *ecdsa.PublicKey) (string, error) { - b, err := x509.MarshalPKIXPublicKey(k) - if err != nil { - return "", errors.Wrap(err, "marshaling ECDSA public key") - } - return base64.StdEncoding.EncodeToString(b), nil -} - -// PrivateKeyFromString converts a ECDSA private key from a ASN.1 DER and -// base64 encoded string into a type. -func PrivateKeyFromString(s string) (*ecdsa.PrivateKey, error) { - keyBytes, err := base64.StdEncoding.DecodeString(s) - if err != nil { - return nil, errors.Wrap(err, "base64 decoding ECDSA private key") - } - key, err := x509.ParseECPrivateKey(keyBytes) - if err != nil { - return nil, errors.Wrap(err, "unmarshaling ECDSA private key") - } - return key, nil -} - -// PublicKeyFromString converts a ECDSA public key from a ASN.1 DER and base64 -// encoded string into a type. -func PublicKeyFromString(s string) (*ecdsa.PublicKey, error) { - keyBytes, err := base64.StdEncoding.DecodeString(s) - if err != nil { - return nil, errors.Wrap(err, "base64 decoding ECDSA public key") - } - keyI, err := x509.ParsePKIXPublicKey(keyBytes) - if err != nil { - return nil, errors.Wrap(err, "unmarshaling ECDSA public key") - } - key, ok := keyI.(*ecdsa.PublicKey) - if !ok { - return nil, errors.Wrap(err, "public key not ECDSA key") - } - return key, nil -} diff --git a/exp/support/jwtkey/jwtkey_test.go b/exp/support/jwtkey/jwtkey_test.go index aca12350f5..e2c0a92a71 100644 --- a/exp/support/jwtkey/jwtkey_test.go +++ b/exp/support/jwtkey/jwtkey_test.go @@ -1,10 +1,7 @@ package jwtkey import ( - "crypto/ecdsa" "crypto/elliptic" - "crypto/rand" - "encoding/base64" "testing" "github.com/stretchr/testify/assert" @@ -16,51 +13,3 @@ func TestGenerate(t *testing.T) { require.NoError(t, err) assert.Equal(t, elliptic.P256(), key.Curve) } - -func TestToFromStringRoundTrip(t *testing.T) { - testCases := []struct { - Name string - Curve elliptic.Curve - }{ - {Name: "P224", Curve: elliptic.P224()}, - {Name: "P256", Curve: elliptic.P256()}, - {Name: "P384", Curve: elliptic.P384()}, - {Name: "P521", Curve: elliptic.P521()}, - } - for _, tc := range testCases { - t.Run(tc.Name, func(t *testing.T) { - privateKey, err := ecdsa.GenerateKey(tc.Curve, rand.Reader) - require.NoError(t, err) - - t.Run("private", func(t *testing.T) { - privateKeyStr, err := PrivateKeyToString(privateKey) - require.NoError(t, err) - - // Private key as string should be valid standard base64 - _, err = base64.StdEncoding.DecodeString(privateKeyStr) - require.NoError(t, err) - - // Private key should decode back to the original - privateKeyRoundTripped, err := PrivateKeyFromString(privateKeyStr) - require.NoError(t, err) - assert.Equal(t, privateKey, privateKeyRoundTripped) - }) - - publicKey := &privateKey.PublicKey - - t.Run("public", func(t *testing.T) { - publicKeyStr, err := PublicKeyToString(publicKey) - require.NoError(t, err) - - // Public key as string should be valid standard base64 - _, err = base64.StdEncoding.DecodeString(publicKeyStr) - require.NoError(t, err) - - // Public key should decode back to the original - publicKeyRoundTripped, err := PublicKeyFromString(publicKeyStr) - require.NoError(t, err) - assert.Equal(t, publicKey, publicKeyRoundTripped) - }) - }) - } -}