Skip to content

Commit

Permalink
debug invalid length error for HashiCorp Vault public key
Browse files Browse the repository at this point in the history
  • Loading branch information
andygolay committed Jan 7, 2025
1 parent a2439bb commit 1e30cd0
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 9 deletions.
3 changes: 3 additions & 0 deletions demo/hsm/src/cli/server/ed25519/hashi_corp_vault.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,11 @@ pub struct HashiCorpVault {
impl HashiCorpVault {
pub async fn run(&self) -> Result<(), anyhow::Error> {
// build the hsm
dotenv::dotenv().ok();
println!("Canonical Key String: {}", self.canonical_key);
let key = Key::try_from_canonical_string(self.canonical_key.as_str())
.map_err(|e| anyhow::anyhow!(e))?;
println!("Parsed Key: {:?}", key);
let builder = Builder::<Ed25519>::new();
let hsm = Signer::new(builder.build(key).await?);

Expand Down
3 changes: 3 additions & 0 deletions util/signing/interface/src/cryptography/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ macro_rules! fixed_size {

impl crate::cryptography::TryFromBytes for $Name {
fn try_from_bytes(bytes: &[u8]) -> Result<Self, anyhow::Error> {
println!("Self::BYTES_LEN: {}", Self::BYTES_LEN);
println!("bytes: {:?}", bytes);
println!("bytes.len: {:?}", bytes.len());
if bytes.len() != Self::BYTES_LEN {
Err(anyhow::anyhow!("invalid length"))?;
}
Expand Down
23 changes: 18 additions & 5 deletions util/signing/providers/aws-kms/src/hsm/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,23 @@ where
C: Curve + AwsKmsCryptographySpec + Sync,
{
async fn build(&self, key: Key) -> Result<AwsKms<C>, SignerBuilderError> {
let mut hsm = AwsKms::try_from_env()
.await
.map_err(|e| SignerBuilderError::Internal(e.to_string()))?;
hsm.set_key_id(key.to_delimited_canonical_string("/"));
// Log the key being used to build the HSM
println!("Building HSM with key: {:?}", key);

// Attempt to create the AwsKms HSM from the environment
let mut hsm = AwsKms::try_from_env().await.map_err(|e| {
println!("Failed to create AwsKms from environment: {:?}", e);
SignerBuilderError::Internal(e.to_string())
})?;

// Convert the key to a delimited canonical string and log it
let key_id = key.to_delimited_canonical_string("/");
println!("Setting key ID: {}", key_id);

// Set the key ID in the HSM
hsm.set_key_id(key_id);

// Return the successfully built HSM
Ok(hsm)
}
}
}
12 changes: 10 additions & 2 deletions util/signing/providers/hashicorp-vault/src/hsm/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,17 @@ where
C: Curve + HashiCorpVaultCryptographySpec + Sync,
{
async fn build(&self, key: Key) -> Result<HashiCorpVault<C>, SignerBuilderError> {
println!("Building HSM with key: {:?}", key);
let mut hsm = HashiCorpVault::try_from_env()
.map_err(|e| SignerBuilderError::Internal(e.to_string()))?;
hsm.set_key_id(key.to_delimited_canonical_string("/"));
.map_err(|e| {
println!("Failed to create HashiCorpVault from environment: {:?}", e);
SignerBuilderError::Internal(e.to_string())
})?;

let key_id = key.to_delimited_canonical_string("/");
println!("Setting key ID: {}", key_id);
hsm.set_key_id(key_id);

Ok(hsm)
}
}
4 changes: 2 additions & 2 deletions util/signing/providers/hashicorp-vault/src/hsm/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ where

let key_name = std::env::var("VAULT_KEY_NAME").context("VAULT_KEY_NAME not set")?;
let mount_name = std::env::var("VAULT_MOUNT_NAME").context("VAULT_MOUNT_NAME not set")?;
let public_key = std::env::var("VAULT_PUBLIC_KEY").unwrap_or_default();
let public_key = base64::decode(std::env::var("VAULT_PUBLIC_KEY").unwrap_or_default())?;

Ok(Self::new(
client,
key_name,
mount_name,
C::PublicKey::try_from_bytes(public_key.as_bytes())?,
C::PublicKey::try_from_bytes(&public_key)?,
))
}

Expand Down

0 comments on commit 1e30cd0

Please sign in to comment.