aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/crc16.zig2
-rw-r--r--src/nkeys.zig22
2 files changed, 11 insertions, 13 deletions
diff --git a/src/crc16.zig b/src/crc16.zig
index 2c49500..b69dcbc 100644
--- a/src/crc16.zig
+++ b/src/crc16.zig
@@ -1,7 +1,7 @@
1pub const InvalidChecksumError = error{InvalidChecksum}; 1pub const InvalidChecksumError = error{InvalidChecksum};
2 2
3const crc16tab: [256]u16 = tab: { 3const crc16tab: [256]u16 = tab: {
4 @setEvalBranchQuota(10000); 4 @setEvalBranchQuota(5000);
5 5
6 // CRC-16-CCITT/XMODEM 6 // CRC-16-CCITT/XMODEM
7 const poly: u32 = 0x1021; 7 const poly: u32 = 0x1021;
diff --git a/src/nkeys.zig b/src/nkeys.zig
index 15605ca..3b77719 100644
--- a/src/nkeys.zig
+++ b/src/nkeys.zig
@@ -27,7 +27,7 @@ pub const prefix_byte_seed = 18 << 3; // S
27pub const prefix_byte_server = 13 << 3; // N 27pub const prefix_byte_server = 13 << 3; // N
28pub const prefix_byte_user = 20 << 3; // U 28pub const prefix_byte_user = 20 << 3; // U
29 29
30pub fn prefixByteLetter(prefix_byte: u8) ?u8 { 30pub fn prefixByteToLetter(prefix_byte: u8) ?u8 {
31 return switch (prefix_byte) { 31 return switch (prefix_byte) {
32 prefix_byte_account => 'A', 32 prefix_byte_account => 'A',
33 prefix_byte_cluster => 'C', 33 prefix_byte_cluster => 'C',
@@ -84,7 +84,7 @@ pub const Role = enum(u8) {
84 } 84 }
85 85
86 pub fn letter(self: Self) u8 { 86 pub fn letter(self: Self) u8 {
87 return prefixByteLetter(self.publicPrefixByte()) orelse unreachable; 87 return prefixByteToLetter(self.publicPrefixByte()) orelse unreachable;
88 } 88 }
89}; 89};
90 90
@@ -384,8 +384,12 @@ pub fn isValidPrivateKey(text: []const u8) bool {
384} 384}
385 385
386// `line` must not contain CR or LF characters. 386// `line` must not contain CR or LF characters.
387pub fn isKeySectionBarrier(line: []const u8) bool { 387pub fn isKeySectionBarrier(line: []const u8, opening: bool) bool {
388 return line.len >= 6 and mem.startsWith(u8, line, "---") and mem.endsWith(u8, line, "---"); 388 if (line.len < 6) return false;
389 const start = mem.indexOf(u8, line, "---") orelse return false;
390 if (!opening and start != 0) return false;
391 if (line.len - start < 6) return false;
392 return mem.endsWith(u8, line, "---");
389} 393}
390 394
391const allowed_creds_section_chars_table: [256]bool = allowed: { 395const allowed_creds_section_chars_table: [256]bool = allowed: {
@@ -401,21 +405,15 @@ pub fn areKeySectionContentsValid(contents: []const u8) bool {
401} 405}
402 406
403pub fn findKeySection(text: []const u8, line_it: *std.mem.SplitIterator) ?[]const u8 { 407pub fn findKeySection(text: []const u8, line_it: *std.mem.SplitIterator) ?[]const u8 {
404 // TODO(rutgerbrf): There is a weird edge case in the github.com/nats-io/nkeys library,
405 // see https://regex101.com/r/pEaqcJ/1. It allows the opening barrier to start at an
406 // arbitrary point on the line, meaning that `asdf-----BEGIN USER NKEY SEED-----`
407 // is regarded as a valid opening barrier by the library.
408 // Should we accept a creds file formatted in such a manner?
409
410 while (true) { 408 while (true) {
411 const opening_line = line_it.next() orelse return null; 409 const opening_line = line_it.next() orelse return null;
412 if (!isKeySectionBarrier(opening_line)) continue; 410 if (!isKeySectionBarrier(opening_line, true)) continue;
413 411
414 const contents_line = line_it.next() orelse return null; 412 const contents_line = line_it.next() orelse return null;
415 if (!areKeySectionContentsValid(contents_line)) continue; 413 if (!areKeySectionContentsValid(contents_line)) continue;
416 414
417 const closing_line = line_it.next() orelse return null; 415 const closing_line = line_it.next() orelse return null;
418 if (!isKeySectionBarrier(closing_line)) continue; 416 if (!isKeySectionBarrier(closing_line, false)) continue;
419 417
420 return contents_line; 418 return contents_line;
421 } 419 }
generated by cgit v1.2.3 (git 2.49.0) at 2025-10-30 08:10:27 +0000