ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2026-06-17 17:07:29 +02:00
Code Issues Packages Releases Activity
Files
9d1efcd55d2f7641d02863f9f073ab0e4188a582
cc-backend/tools/convert-pem-pubkey/main.go
Jan Eitzinger 83d04dff17 feat(auth): replace .env/godotenv secret handling with config-based secrets 
Secrets (JWT keys, LDAP sync password, OIDC client id/secret, cross-login
keys) are now configured directly in config.json under the auth section
where they are used. Each secret can still be supplied via its existing
environment variable, which takes precedence over the config value.

The godotenv dependency, the .env file, configs/env-template.txt and the
loadEnvironment() bootstrap step are removed. -init now writes the demo
JWT keys into config.json instead of a .env file.

Closes #283

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 3a7cb814c53f
2026-06-17 12:28:17 +02:00

85 lines
2.6 KiB
Go
Raw Blame History

// Copyright (C) 2022 Paderborn Center for Parallel Computing, Paderborn University
// This code is released under MIT License:
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all
// copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
// SOFTWARE.
package main
import (
"crypto/ed25519"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"os"
)
func main() {
filepath := ""
if len(os.Args) > 1 {
filepath = os.Args[1]
} else {
PrintUsage()
os.Exit(1)
}
pubkey, err := LoadEd255519PubkeyFromPEMFile(filepath)
if err != nil {
fmt.Fprintf(os.Stderr, "error: %s\n", err.Error())
os.Exit(1)
}
// Print the value for use as auth.jwts.cross-login-public-key in config.json.
// It may alternatively be supplied via the CROSS_LOGIN_JWT_PUBLIC_KEY
// environment variable, which takes precedence.
fmt.Fprintf(os.Stdout,
"cross-login-public-key: %#v\n",
base64.StdEncoding.EncodeToString(pubkey))
}
// Loads an ed25519 public key stored in a file in PEM format
func LoadEd255519PubkeyFromPEMFile(filePath string) (ed25519.PublicKey, error) {
buffer, err := os.ReadFile(filePath)
if err != nil {
return nil, err
}
block, _ := pem.Decode(buffer)
if block == nil {
return nil, fmt.Errorf("no pem block found")
}
pubkey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
ed25519PublicKey, success := pubkey.(ed25519.PublicKey)
if !success {
return nil, fmt.Errorf("not an ed25519 key")
}
return ed25519PublicKey, nil
}
func PrintUsage() {
fmt.Fprintf(os.Stderr, "Usage: %s <filename>\n", os.Args[0])
fmt.Fprintf(os.Stderr, "where <filename> contains an Ed25519 public key in PEM format\n")
fmt.Fprintf(os.Stderr, "(starting with '-----BEGIN PUBLIC KEY-----')\n")
}
Reference in New Issue View Git Blame Copy Permalink