Add support for base16-encoded (a.k.a. hex-encoded) secret keys.

This commit is contained in:
Michael Howell 2019-03-28 14:06:01 -07:00 committed by Jeb Rosen
parent 96235615ce
commit 121210c55c
3 changed files with 27 additions and 15 deletions

View File

@ -34,6 +34,7 @@ state = "0.4.1"
time = "0.1"
memchr = "2" # TODO: Use pear instead.
base64 = "0.10"
base16 = "0.2"
pear = "0.1"
atty = "0.2"

View File

@ -10,7 +10,7 @@ use crate::config::{Table, Value, Array, Datetime};
use crate::http::private::Key;
use super::custom_values::*;
use {num_cpus, base64};
use {num_cpus, base16, base64};
/// Structure for Rocket application configuration.
///
@ -298,7 +298,7 @@ impl Config {
/// * **workers**: Integer (16-bit unsigned)
/// * **keep_alive**: Integer
/// * **log**: String
/// * **secret_key**: String (256-bit base64)
/// * **secret_key**: String (256-bit base64 or base16)
/// * **tls**: Table (`certs` (path as String), `key` (path as String))
pub(crate) fn set_raw(&mut self, name: &str, val: &Value) -> Result<()> {
let (id, ok) = (|val| val, |_| Ok(()));
@ -423,11 +423,11 @@ impl Config {
}
/// Sets the `secret_key` in `self` to `key` which must be a 256-bit base64
/// encoded string.
/// or base16 encoded string.
///
/// # Errors
///
/// If `key` is not a valid 256-bit base64 encoded string, returns a
/// If `key` is not a valid 256-bit encoded string, returns a
/// `BadType` error.
///
/// # Example
@ -438,20 +438,31 @@ impl Config {
/// let mut config = Config::new(Environment::Staging);
/// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=";
/// assert!(config.set_secret_key(key).is_ok());
/// let key = "fe4c5b09a9ac372156e44ce133bc940685ef5e0394d6e9274aadacc21e4f2643";
/// assert!(config.set_secret_key(key).is_ok());
/// assert!(config.set_secret_key("hello? anyone there?").is_err());
/// ```
pub fn set_secret_key<K: Into<String>>(&mut self, key: K) -> Result<()> {
let key = key.into();
let error = self.bad_type("secret_key", "string",
"a 256-bit base64 encoded string");
"a 256-bit base16 or base64 encoded string");
if key.len() != 44 {
return Err(error);
}
let bytes = match base64::decode(&key) {
Ok(bytes) => bytes,
Err(_) => return Err(error)
let bytes = match key.len() {
44 => {
match base64::decode(&key) {
Ok(bytes) => bytes,
Err(_) => return Err(error)
}
}
64 => {
match base16::decode(&key) {
Ok(bytes) => bytes,
Err(_) => return Err(error)
}
}
_ => {
return Err(error)
}
};
self.secret_key = SecretKey::Provided(Key::from_master(&bytes));

View File

@ -92,9 +92,9 @@ limits = { forms = 32768 }
The `workers` and `secret_key` default parameters are computed by Rocket
automatically; the values above are not valid TOML syntax. When manually
specifying the number of workers, the value should be an integer: `workers =
10`. When manually specifying the secret key, the value should a 256-bit base64
encoded string. Such a string can be generated using a tool such as openssl:
`openssl rand -base64 32`.
10`. When manually specifying the secret key, the value should a random 256-bit
value, encoded as a base64 or base16 string. Such a string can be generated
using a tool like openssl: `openssl rand -base64 32`.
The "global" pseudo-environment can be used to set and/or override configuration
parameters globally. A parameter defined in a `[global]` table sets, or