-
Notifications
You must be signed in to change notification settings - Fork 0
/
identity.go
111 lines (93 loc) · 2.96 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package config
import (
"encoding/base64"
"errors"
"fmt"
"io"
"os"
ic "github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/peer"
)
const (
PrivateKeyPathEnvVar = "INDEXPROVIDER_PRIV_KEY_PATH"
)
// Identity tracks the configuration of the local node's identity.
type Identity struct {
PeerID string
PrivKey string `json:",omitempty"`
}
func (identity Identity) DecodeOrCreate(out io.Writer) (peer.ID, ic.PrivKey, error) {
privKey, err := identity.DecodeOrCreatePrivateKey(out, "")
if err != nil {
return "", nil, fmt.Errorf("could not decode private key: %s", err)
}
peerIDFromPrivKey, err := peer.IDFromPrivateKey(privKey)
if err != nil {
return "", nil, fmt.Errorf("could not decode peer id: %s", err)
}
// If peer ID is specified in JSON config, then verify that it is:
// 1. a valid peer ID, and
// 2. consistent with the peer ID generated from private key.
if identity.PeerID != "" {
peerID, err := peer.Decode(identity.PeerID)
if err != nil {
return "", nil, fmt.Errorf("could not decode peer id: %w", err)
}
if peerID != "" && peerIDFromPrivKey != peerID {
return "", nil, fmt.Errorf("provided peer ID must either match the peer ID generated from private key or be omitted: expected %s but got %s", peerIDFromPrivKey, peerID)
}
}
return peerIDFromPrivKey, privKey, nil
}
// DecodeOrCreatePrivateKey is a helper to decode the user's PrivateKey. If the key hasn't been provided in json config
// then it's going to be read from PrivateKeyPathEnvVar. If that file doesn't exist then a new key is going to be generated and saved there.
func (identity Identity) DecodeOrCreatePrivateKey(out io.Writer, passphrase string) (ic.PrivKey, error) {
if identity.PrivKey == "" {
pkb, err := loadPrivKeyFromFile(out)
if err != nil {
return nil, err
}
return ic.UnmarshalPrivateKey(pkb)
}
pkb, err := base64.StdEncoding.DecodeString(identity.PrivKey)
if err != nil {
return nil, err
}
return ic.UnmarshalPrivateKey(pkb)
}
func loadPrivKeyFromFile(out io.Writer) ([]byte, error) {
privKeyPath := os.Getenv(PrivateKeyPathEnvVar)
if privKeyPath == "" {
return nil, fmt.Errorf("private key not specified; it must be specified either in config or via %s env var", PrivateKeyPathEnvVar)
}
// If the file with key doesn't exist - generate a new key and save it to the file
if _, err := os.Stat(privKeyPath); errors.Is(err, os.ErrNotExist) {
pk, err := generateAndSavePrivKey(out, privKeyPath)
if err != nil {
return nil, err
}
return pk, nil
}
pkb, err := os.ReadFile(privKeyPath)
if err != nil {
return nil, err
}
return pkb, nil
}
func generateAndSavePrivKey(out io.Writer, filePath string) ([]byte, error) {
identity, err := CreateIdentity(out)
if err != nil {
return nil, err
}
f, err := os.Create(filePath)
if err != nil {
return nil, err
}
defer f.Close()
pkb, err := base64.StdEncoding.DecodeString(identity.PrivKey)
if err != nil {
return nil, err
}
_, err = f.Write(pkb)
return pkb, err
}