Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement elementary .pem keyfile parsing. #62

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions cmd/jose.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@
#include <unistd.h>
#include <ctype.h>

#include <jose/openssl.h>
#include <openssl/evp.h>
#include <openssl/pem.h>

#define MAXBUFLEN 1024
#define RQARG required_argument
#define NOARG no_argument
Expand Down Expand Up @@ -376,6 +380,37 @@ jcmd_opt_set_jwks(const jcmd_cfg_t *cfg, void *vopt, const char *arg)
}
}

bool
jcmd_opt_set_pem(const jcmd_cfg_t *cfg, void *vopt, const char *arg)
{
bool retval;
json_t **jwks = vopt;
EVP_PKEY *pkey = EVP_PKEY_new();

if (!pkey)
return false;

if (!*jwks)
*jwks = json_array();

if (strcmp(arg, "-") == 0) {
if (!PEM_read_PrivateKey(stdin, &pkey, NULL, NULL))
return false;
} else {
FILE_AUTO *file = fopen(arg, "r");
// TODO: encrypted key callback for password.
if (!(file && PEM_read_PrivateKey(file, &pkey, NULL, NULL)))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here, it is not distinguished the case of !file vs the case of PEM_read_PrivateKey.

Distinguish between them, so that if the error has to do with PEM_read_PrivateKey, then fclose on file is done

return false;
}

retval = json_array_append_new(*jwks,
jose_openssl_jwk_from_EVP_PKEY(NULL, pkey)) == 0;

EVP_PKEY_free(pkey);

return retval;
}

bool
jcmd_opt_set_flag(const jcmd_cfg_t *cfg, void *vopt, const char *arg)
{
Expand Down
7 changes: 7 additions & 0 deletions cmd/jose.h
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,12 @@ static const jcmd_doc_t jcmd_doc_key[] = {
{}
};

static const jcmd_doc_t jcmd_doc_pem[] = {
{ .arg = "FILE", .doc="Import JWK from '.PEM' FILE" },
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it required for the file to be ".PEM"? Why not just "Import JWK from FILE"?

{ .arg = "-", .doc="Import JWK from '.PEM' on standard input" },
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "Import JWK from standard input" fits better

{}
};

void
jcmd_push(jcmd_t *cmd);

Expand All @@ -98,6 +104,7 @@ jcmd_set_t jcmd_opt_set_jsons; /* Takes json_t** */
jcmd_set_t jcmd_opt_set_json; /* Takes json_t** */
jcmd_set_t jcmd_opt_set_jwkt; /* Takes json_t** */
jcmd_set_t jcmd_opt_set_jwks; /* Takes json_t** */
jcmd_set_t jcmd_opt_set_pem; /* Takes json_t** */
jcmd_set_t jcmd_opt_set_flag; /* Takes bool* */

void
Expand Down
6 changes: 6 additions & 0 deletions cmd/jws/sig.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,12 @@ static const jcmd_cfg_t cfgs[] = {
.set = jcmd_opt_set_jwks,
.doc = jcmd_doc_key,
},
{
.opt = { "pem", required_argument, .val = 'p' },
.off = offsetof(jcmd_opt_t, keys),
.set = jcmd_opt_set_pem,
.doc = jcmd_doc_pem,
},
{
.opt = { "output", required_argument, .val = 'o' },
.off = offsetof(jcmd_opt_t, io.output),
Expand Down
2 changes: 1 addition & 1 deletion cmd/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ executable(meson.project_name(),
'jwe/enc.c',
'alg.c',
'fmt.c',
dependencies: jansson,
dependencies: [ jansson, libcrypto ],
link_with: libjose,
install: true
)