feature: add gpg key add operations to profile api

greenpau · Mar 19, 2024 · bca8dda · bca8dda
1 parent 7bdfa68
commit bca8dda
Show file tree

Hide file tree

Showing 4 changed files with 225 additions and 3 deletions.
diff --git a/pkg/authn/api_add_user_gpg_key.go b/pkg/authn/api_add_user_gpg_key.go
@@ -0,0 +1,118 @@
+// Copyright 2024 Paul Greenberg [email protected]
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/greenpau/go-authcrunch/pkg/authn/enums/operator"
+	"github.com/greenpau/go-authcrunch/pkg/ids"
+	"github.com/greenpau/go-authcrunch/pkg/requests"
+	"github.com/greenpau/go-authcrunch/pkg/tagging"
+	"github.com/greenpau/go-authcrunch/pkg/user"
+)
+
+var gpgKeyTitleRegexPattern = regexp.MustCompile(`^[\w\@\.\s\(\)<>,\-+:]+$`)
+
+// AddUserGPGKey adds GPG key to user identity.
+func (p *Portal) AddUserGPGKey(
+	ctx context.Context,
+	w http.ResponseWriter,
+	r *http.Request,
+	rr *requests.Request,
+	parsedUser *user.User,
+	resp map[string]interface{},
+	usr *user.User,
+	backend ids.IdentityStore,
+	bodyData map[string]interface{}) error {
+
+	var keyTitle, keyDescription, keyPayload string
+	var keyLabels []string = []string{}
+	var keyTags []tagging.Tag = []tagging.Tag{}
+
+	// Extract data.
+	if v, exists := bodyData["content"]; exists {
+		switch exp := v.(type) {
+		case string:
+			keyPayload = strings.TrimSpace(exp)
+		default:
+			resp["message"] = "Profile API did find key content in the request payload, but it is malformed"
+			return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+		}
+	} else {
+		resp["message"] = "Profile API did not find key content in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if v, exists := bodyData["title"]; exists {
+		keyTitle = v.(string)
+	} else {
+		resp["message"] = "Profile API did not find title in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if v, exists := bodyData["description"]; exists {
+		keyDescription = v.(string)
+	} else {
+		resp["message"] = "Profile API did not find description in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if extractedTokenTags, err := tagging.ExtractTags(bodyData); err == nil {
+		for _, extractedTokenTag := range extractedTokenTags {
+			keyTags = append(keyTags, *extractedTokenTag)
+		}
+	} else {
+		resp["message"] = "Profile API find malformed tags in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if extractedTokenLabels, err := tagging.ExtractLabels(bodyData); err == nil {
+		keyLabels = extractedTokenLabels
+	} else {
+		resp["message"] = "Profile API find malformed tags in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	// Validate data.
+	if !gpgKeyTitleRegexPattern.MatchString(keyTitle) {
+		resp["message"] = "Profile API found non-compliant GPG key title value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if !tokenDescriptionRegexPattern.MatchString(keyDescription) && (keyDescription != "") {
+		resp["message"] = "Profile API found non-compliant GPG key description value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if !gpgKeyRegexPattern1.MatchString(keyPayload) && !gpgKeyRegexPattern2.MatchString(keyPayload) {
+		resp["message"] = "Profile API found non-compliant GPG public key value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	rr.Key.Usage = "gpg"
+	rr.Key.Comment = keyTitle
+	rr.Key.Description = keyDescription
+	rr.Key.Payload = keyPayload
+	rr.Key.Labels = keyLabels
+	rr.Key.Tags = keyTags
+
+	if err := backend.Request(operator.AddKeyGPG, rr); err != nil {
+		var errMsg string = fmt.Sprintf("the Profile API failed to add GPG key to identity store: %v", err)
+		resp["message"] = errMsg
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	resp["entry"] = "Created"
+	return handleAPIProfileResponse(w, rr, http.StatusOK, resp)
+}
diff --git a/pkg/authn/api_test_user_gpg_key.go b/pkg/authn/api_test_user_gpg_key.go
@@ -0,0 +1,91 @@
+// Copyright 2024 Paul Greenberg [email protected]
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/greenpau/go-authcrunch/pkg/identity"
+	"github.com/greenpau/go-authcrunch/pkg/ids"
+	"github.com/greenpau/go-authcrunch/pkg/requests"
+	"github.com/greenpau/go-authcrunch/pkg/user"
+)
+
+var gpgKeyRegexPattern1 = regexp.MustCompile(`^[-]{3,5}\s*BEGIN\sPGP\sPUBLIC\sKEY\sBLOCK[-]{3,5}\s*`)
+var gpgKeyRegexPattern2 = regexp.MustCompile(`[-]{3,5}\s*END\sPGP\sPUBLIC\sKEY\sBLOCK[-]{3,5}\s*$`)
+
+// TestUserGPGKey tests GPG key.
+func (p *Portal) TestUserGPGKey(
+	ctx context.Context,
+	w http.ResponseWriter,
+	r *http.Request,
+	rr *requests.Request,
+	parsedUser *user.User,
+	resp map[string]interface{},
+	usr *user.User,
+	backend ids.IdentityStore,
+	bodyData map[string]interface{}) error {
+
+	rr.Key.Usage = "gpg"
+
+	// Extract data.
+	if v, exists := bodyData["content"]; exists {
+		switch keyContent := v.(type) {
+		case string:
+			rr.Key.Payload = strings.TrimSpace(keyContent)
+		default:
+			resp["message"] = "Profile API did find key content in the request payload, but it is malformed"
+			return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+		}
+	} else {
+		resp["message"] = "Profile API did not find key content in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	// Validate data.
+	if !gpgKeyRegexPattern1.MatchString(rr.Key.Payload) || !gpgKeyRegexPattern2.MatchString(rr.Key.Payload) {
+		resp["message"] = "Profile API found non-compliant GPG public key value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	pk, err := identity.NewPublicKey(rr)
+	if err != nil {
+		var errMsg string = fmt.Sprintf("the Profile API failed to convert input into GPG key: %v", err)
+		resp["message"] = errMsg
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	respData := make(map[string]interface{})
+	if pk != nil {
+		respData["success"] = true
+		if pk.FingerprintMD5 != "" {
+			respData["fingerprint_md5"] = pk.FingerprintMD5
+		}
+		if pk.Fingerprint != "" {
+			respData["fingerprint"] = pk.Fingerprint
+		}
+		if pk.Comment != "" {
+			respData["comment"] = pk.Comment
+		}
+	} else {
+		respData["success"] = false
+	}
+	resp["entry"] = respData
+	return handleAPIProfileResponse(w, rr, http.StatusOK, resp)
+}
diff --git a/pkg/authn/handle_api_profile.go b/pkg/authn/handle_api_profile.go
@@ -113,6 +113,8 @@ func (p *Portal) handleAPIProfile(ctx context.Context, w http.ResponseWriter, r
 	case "fetch_user_gpg_keys":
 	case "fetch_user_gpg_key":
 	case "delete_user_gpg_key":
+	case "test_user_gpg_key":
+	case "add_user_gpg_key":
 	default:
 		resp["message"] = "Profile API received unsupported request type"
 		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
@@ -194,6 +196,10 @@ func (p *Portal) handleAPIProfile(ctx context.Context, w http.ResponseWriter, r
 		return p.FetchUserGPGKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
 	case "delete_user_gpg_key":
 		return p.DeleteUserGPGKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
+	case "test_user_gpg_key":
+		return p.TestUserGPGKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
+	case "add_user_gpg_key":
+		return p.AddUserGPGKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
 	}
 
 	// Default response

diff --git a/pkg/identity/public_key.go b/pkg/identity/public_key.go
@@ -246,11 +246,18 @@ func (p *PublicKey) parsePublicKeyPGP() error {
 		break
 	}
 	comment = fmt.Sprintf("%s, algo %s, created %s", user, algo, pk.CreationTime.UTC())
-	if p.Comment != "" {
-		p.Comment = fmt.Sprintf("%s (%s)", p.Comment, comment)
-	} else {
+
+	if p.Comment == "" {
 		p.Comment = comment
 	}
+
+	if p.Description == "" && p.Comment != comment {
+		p.Description = comment
+	}
+
+	if !strings.Contains(p.Description, comment) && !strings.Contains(p.Comment, comment) {
+		p.Description = p.Description + " " + comment
+	}
 	return nil
 }