pkg/gpgchallenge: use long form when looking for key ID

We migrated to using the long form for key IDs sometime ago, but we never updated the client of the gpgchallenge accordingly, so in functions that take a keyID as an argument, it would fail to find the given long keyID within a key ring. However, for usability reasons, we want to keep the short form in the hostname of the instance (and hence as the DNS entry), so we revert to using the short form when perkeepd is setting its host name. Change-Id: I8373016671fdead32780a04f6d64045e81cc9cd1
2018-04-23 20:27:54 -07:00 · 2018-04-23 20:27:54 -07:00 · 66e6766571
parent 4a562043e0
commit 66e6766571
2 changed files with 11 additions and 6 deletions
--- a/pkg/gpgchallenge/gpg.go
+++ b/pkg/gpgchallenge/gpg.go
@ -265,7 +265,7 @@ func (cs *Server) handleClaim(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	keyID := pk.KeyIdShortString()
+	keyID := pk.KeyIdString()
 	if isSpammer := cs.rateLimit(keyID, claimedIP); isSpammer {
 		http.Error(w, "don't be a spammer", http.StatusTooManyRequests)
 		return
@ -817,7 +817,7 @@ func publicKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
 	}
 	for _, e := range el {
 		pubk := e.PrimaryKey
-		if pubk.KeyIdShortString() == keyId {
+		if pubk.KeyIdString() == keyId {
 			return e, nil
 		}
 	}
@ -837,7 +837,7 @@ func secretKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
 	for _, e := range el {
 		pubk := &e.PrivateKey.PublicKey
 		// TODO(mpl): decrypt private key if it is passphrase-encrypted
-		if pubk.KeyIdShortString() == keyId {
+		if pubk.KeyIdString() == keyId {
 			return e, nil
 		}
 	}
--- a/server/perkeepd/camlistored.go
+++ b/server/perkeepd/camlistored.go
@ -346,7 +346,12 @@ func listenForCamliNet(ws *webserver.Server, config *serverinit.Config) (baseURL
 	if err != nil {
 		return "", fmt.Errorf("could not get keyId for camliNet hostname: %v", err)
 	}
-	camliNetHostName = strings.ToLower(keyId + "." + camliNetDomain)
+	// catch future length changes
+	if len(keyId) != 16 {
+		panic("length of GPG keyId is not 16 anymore")
+	}
+	shortKeyId := keyId[8:]
+	camliNetHostName = strings.ToLower(shortKeyId + "." + camliNetDomain)
 	m := autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		HostPolicy: autocert.HostWhitelist(camliNetHostName),
@ -457,7 +462,7 @@ func muxChallengeHandler(ws *webserver.Server, config *serverinit.Config) (*gpgc
 // setInstanceHostname sets the "camlistore-hostname" metadata on the GCE
 // instance where perkeepd is running. The value set is the same as the one we
 // register with the camlistore.net DNS, i.e. "<gpgKeyId>.camlistore.net", where
-// <gpgKeyId> is Perkeep's keyId.
+// <gpgKeyId> is the short form (8 trailing chars) of Perkeep's keyId.
 func setInstanceHostname() error {
 	if !env.OnGCE() {
 		return nil
@ -555,7 +560,7 @@ func setInstanceHostname() error {

 // requestHostName performs the GPG challenge to register/obtain a name in the
 // camlistore.net domain. The acquired name should be "<gpgKeyId>.camlistore.net",
-// where <gpgKeyId> is Perkeep's keyId.
+// where <gpgKeyId> is the short form (8 trailing chars) of Perkeep's keyId.
 // It also starts a goroutine that will rerun the challenge every hour, to keep
 // the camlistore.net DNS server up to date.
 func requestHostName(cl *gpgchallenge.Client) error {