diff options
Diffstat (limited to 'src/nkeys.zig')
-rw-r--r-- | src/nkeys.zig | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/src/nkeys.zig b/src/nkeys.zig index 15605ca..3b77719 100644 --- a/src/nkeys.zig +++ b/src/nkeys.zig | |||
@@ -27,7 +27,7 @@ pub const prefix_byte_seed = 18 << 3; // S | |||
27 | pub const prefix_byte_server = 13 << 3; // N | 27 | pub const prefix_byte_server = 13 << 3; // N |
28 | pub const prefix_byte_user = 20 << 3; // U | 28 | pub const prefix_byte_user = 20 << 3; // U |
29 | 29 | ||
30 | pub fn prefixByteLetter(prefix_byte: u8) ?u8 { | 30 | pub fn prefixByteToLetter(prefix_byte: u8) ?u8 { |
31 | return switch (prefix_byte) { | 31 | return switch (prefix_byte) { |
32 | prefix_byte_account => 'A', | 32 | prefix_byte_account => 'A', |
33 | prefix_byte_cluster => 'C', | 33 | prefix_byte_cluster => 'C', |
@@ -84,7 +84,7 @@ pub const Role = enum(u8) { | |||
84 | } | 84 | } |
85 | 85 | ||
86 | pub fn letter(self: Self) u8 { | 86 | pub fn letter(self: Self) u8 { |
87 | return prefixByteLetter(self.publicPrefixByte()) orelse unreachable; | 87 | return prefixByteToLetter(self.publicPrefixByte()) orelse unreachable; |
88 | } | 88 | } |
89 | }; | 89 | }; |
90 | 90 | ||
@@ -384,8 +384,12 @@ pub fn isValidPrivateKey(text: []const u8) bool { | |||
384 | } | 384 | } |
385 | 385 | ||
386 | // `line` must not contain CR or LF characters. | 386 | // `line` must not contain CR or LF characters. |
387 | pub fn isKeySectionBarrier(line: []const u8) bool { | 387 | pub fn isKeySectionBarrier(line: []const u8, opening: bool) bool { |
388 | return line.len >= 6 and mem.startsWith(u8, line, "---") and mem.endsWith(u8, line, "---"); | 388 | if (line.len < 6) return false; |
389 | const start = mem.indexOf(u8, line, "---") orelse return false; | ||
390 | if (!opening and start != 0) return false; | ||
391 | if (line.len - start < 6) return false; | ||
392 | return mem.endsWith(u8, line, "---"); | ||
389 | } | 393 | } |
390 | 394 | ||
391 | const allowed_creds_section_chars_table: [256]bool = allowed: { | 395 | const allowed_creds_section_chars_table: [256]bool = allowed: { |
@@ -401,21 +405,15 @@ pub fn areKeySectionContentsValid(contents: []const u8) bool { | |||
401 | } | 405 | } |
402 | 406 | ||
403 | pub fn findKeySection(text: []const u8, line_it: *std.mem.SplitIterator) ?[]const u8 { | 407 | pub fn findKeySection(text: []const u8, line_it: *std.mem.SplitIterator) ?[]const u8 { |
404 | // TODO(rutgerbrf): There is a weird edge case in the github.com/nats-io/nkeys library, | ||
405 | // see https://regex101.com/r/pEaqcJ/1. It allows the opening barrier to start at an | ||
406 | // arbitrary point on the line, meaning that `asdf-----BEGIN USER NKEY SEED-----` | ||
407 | // is regarded as a valid opening barrier by the library. | ||
408 | // Should we accept a creds file formatted in such a manner? | ||
409 | |||
410 | while (true) { | 408 | while (true) { |
411 | const opening_line = line_it.next() orelse return null; | 409 | const opening_line = line_it.next() orelse return null; |
412 | if (!isKeySectionBarrier(opening_line)) continue; | 410 | if (!isKeySectionBarrier(opening_line, true)) continue; |
413 | 411 | ||
414 | const contents_line = line_it.next() orelse return null; | 412 | const contents_line = line_it.next() orelse return null; |
415 | if (!areKeySectionContentsValid(contents_line)) continue; | 413 | if (!areKeySectionContentsValid(contents_line)) continue; |
416 | 414 | ||
417 | const closing_line = line_it.next() orelse return null; | 415 | const closing_line = line_it.next() orelse return null; |
418 | if (!isKeySectionBarrier(closing_line)) continue; | 416 | if (!isKeySectionBarrier(closing_line, false)) continue; |
419 | 417 | ||
420 | return contents_line; | 418 | return contents_line; |
421 | } | 419 | } |