From 11e38a82bd6fd9579f7947a0230f1f0afb422257 Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Mon, 10 May 2021 20:24:52 +0300 Subject: Lazyload the private key --- src/handlers.rs | 33 +++++++++++++++++---------------- src/lib.rs | 42 ++++++------------------------------------ src/schema.rs | 1 + 3 files changed, 24 insertions(+), 52 deletions(-) (limited to 'src') diff --git a/src/handlers.rs b/src/handlers.rs index 251d970..5273324 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -7,6 +7,7 @@ use block_modes::{BlockMode, Cbc}; use chrono::Utc; use jsonwebtoken::errors::ErrorKind; use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; +use lazy_static::lazy_static; use log::{debug, warn}; use md5::Md5; use parking_lot::RwLockUpgradableReadGuard; @@ -55,6 +56,21 @@ use crate::schema::{ const BEARER: &str = "Bearer "; +lazy_static! { + static ref DER_ENCODED: String = PRIVATE_KEY + .lines() + .filter(|line| !line.starts_with('-')) + .fold(String::new(), |mut data, line| { + data.push_str(&line); + data + }); + + // base64(der(pem)) + // Our private key is saved in PEM (base64) format + static ref DER_BYTES: Vec = base64::decode(&*DER_ENCODED).expect("failed to decode base64 content"); + static ref GRADECOIN_PRIVATE_KEY: RSAPrivateKey = RSAPrivateKey::from_pkcs1(&DER_BYTES).expect("failed to parse key"); +} + /// POST request to /register endpoint /// /// Lets a [`User`] (=student) to authenticate themselves to the system @@ -100,21 +116,6 @@ pub async fn authenticate_user( // In essence PEM files are just base64 encoded versions of the DER encoded data. // ~tls.mbed.org - // TODO: lazyload or something <14-04-21, yigit> // - // Load our RSA Private Key as DER - let der_encoded = PRIVATE_KEY - .lines() - .filter(|line| !line.starts_with('-')) - .fold(String::new(), |mut data, line| { - data.push_str(&line); - data - }); - - // base64(der(pem)) - // Our private key is saved in PEM (base64) format - let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); - let gradecoin_private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); - let padding = PaddingScheme::new_oaep::(); // Peel away the base64 layer from "key" field @@ -139,7 +140,7 @@ pub async fn authenticate_user( }; // Decrypt the "key" field using Gradecoin's private key - let temp_key = match gradecoin_private_key.decrypt(padding, &key_ciphertext) { + let temp_key = match GRADECOIN_PRIVATE_KEY.decrypt(padding, &key_ciphertext) { Ok(k) => k, Err(err) => { debug!( diff --git a/src/lib.rs b/src/lib.rs index 5442c6b..c335ae9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -26,40 +26,10 @@ pub mod handlers; pub mod routes; pub mod schema; -pub const PRIVATE_KEY: &str = "-----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAyGuqiCPGcguy+Y9TH7Bl7XlEsalyqb9bYlzpbV0dnqZ3lPkE -PkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO/jbN8jfcxVwBu0JxjF3v1YRBxbOH -hz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDvQiSW5NdrX/lEkvqfGtdEX1m2+Hdc -G0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+DPWGC5s001U/BxkCIWJ+eJQCb7Bv+ -9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2v+Q/dPt8kHX1OJdMuYUrUJGACppM -QY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPThQIDAQABAoIBABbHrg1lS5QA4mnd -MYyDh0JTq0wqP18t4dwvRVTp5Yj30NW87A+MlPmLyFR0QdKG1h+Ak4m7wmGgfx9x -TkBNy+y3G/dxBAXmrEe1iKR0tOLm8nbfLgNgKTpUb/3e2pkuumRdqaRI7/kXE2Ea -Guoc0bUJ5aDDH3A8K+As3lK1rw7LNxwxZdmqmpO+EAldP6NaLnXNP5BegjLK50xP -NXTDNx6pw+I2ZHHwC/A6+QVksSA6zPipI1poANaO0frHffwKhcEZ/VucuXlJGGq/ -aqXT/cc7IkKUVq8EZUwUqHi4SrnyDDq/mtuikSD0MazxumbeC6fBKRP98Kavy2rT -JItHSYECgYEA8H/yC9GDrR1bwBesD0pKdKBy18UMFQF3BrB04OjqdGzugdVafF4e -7azYQQTQ0ZddLDvgYl0QYvQaZfv26L7o4VrN5XEg8WjUWKuww8XUYOCfPn4gOFL1 -ar8nQ0w3P65gYf/rw0rFMo3eB78rJMROYnG8nZ/3OdgQjVaYPJxFKmECgYEA1VZy -EQz8dHK3+F0EfQIFeXOSlYGUegmPZ9iYmh+yvW/zWKLYdXBEHNhAIRlBmfe7Yhj6 -1FNluNGjFqZYuRnP0RuiBxt2RCd+AL90Lqq+O6jem4XNgr3cOKoaV0FbaU49sI4s -/B6iiYBFdVuPBiknz+Wf1KEF9lQ+w2VYSLucY6UCgYAWPe73ste3sehjWo0aGOfL -427bj6ivZKRKZRVaG5BbVhu0vDOTHu1DU+HoGXbqe1ItnhgBYNP8ItEyL1xFaCqH -dOtn1c+TI/vHe5FseaZLk1qG4AlAzENQLP+HlMvjQtA9H/sA47BbHY20L7TgwJrz -NcuY1Et7+QSG3cRUjqtC4QKBgGuP+VUVehfwW0dzBrdMlJwGpGqS+dyKA271awOS -ZdlTn5saCA82OnFcqwDFLilGGYk9VQJGxivoLtVVq7gwBnLE/u2ccAWu773KyfZZ -ii6kVxCM5vA7b9R2F2/U+RTgKQRiutWnUIYJUXv5XORbTcJpYSugwFPRaA+2gkux -pAktAoGABRyVs5LOhQ/oeXe2H2kvuaUq9c7f/dTtnyMNdNxK0uZcQn4jcB2eK9kB -PDYHM9dfQ8xn51U0fTeaXjy/8Km8fyX2Jtxntlm6puyhSTJ8AX+FEgJkC4ajNEvA -mJ1Gsy2fXKUyyZdI2b74MLqOpzr9cvS60tmTIScuiHFzg/SJgiA= ------END RSA PRIVATE KEY-----"; +use lazy_static::lazy_static; +use std::fs; -pub const PUB_KEY: &str = "-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGuqiCPGcguy+Y9TH7Bl -7XlEsalyqb9bYlzpbV0dnqZ3lPkEPkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO -/jbN8jfcxVwBu0JxjF3v1YRBxbOHhz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDv -QiSW5NdrX/lEkvqfGtdEX1m2+HdcG0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+D -PWGC5s001U/BxkCIWJ+eJQCb7Bv+9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2 -v+Q/dPt8kHX1OJdMuYUrUJGACppMQY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPT -hQIDAQAB ------END PUBLIC KEY-----"; +lazy_static! { + static ref PRIVATE_KEY: String = + fs::read_to_string("secrets/gradecoin.pem").expect("error reading 'secrets/gradecoin.pem'"); +} diff --git a/src/schema.rs b/src/schema.rs index 77e22c1..bbd4628 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -315,6 +315,7 @@ pub struct InitialAuthRequest { pub key: String, } +// Students who are authorized to have Gradecoin accounts lazy_static! { static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { [ -- cgit v1.2.3-70-g09d2