Merge pull request #151 from squat/improve-public-key-validation
pkg/k8s/apis/kilo/v1alpha1/types.go: add public key validation
This commit is contained in:
commit
298a772d68
@ -15,6 +15,7 @@
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
@ -133,7 +134,7 @@ func (p *Peer) Copy() *Peer {
|
||||
func (p *Peer) Validate() error {
|
||||
for _, ip := range p.Spec.AllowedIPs {
|
||||
if _, n, err := net.ParseCIDR(ip); err != nil {
|
||||
return fmt.Errorf("failed to parse %q as a valid IP address: %v", ip, err)
|
||||
return fmt.Errorf("failed to parse %q as a valid IP address: %w", ip, err)
|
||||
} else if n == nil {
|
||||
return fmt.Errorf("got invalid IP address for %q", ip)
|
||||
}
|
||||
@ -157,8 +158,11 @@ func (p *Peer) Validate() error {
|
||||
if p.Spec.PersistentKeepalive < 0 {
|
||||
return fmt.Errorf("persistent keepalive must be greater than or equal to zero; got %q", p.Spec.PersistentKeepalive)
|
||||
}
|
||||
if len(p.Spec.PublicKey) == 0 {
|
||||
return errors.New("public keys cannot be empty")
|
||||
if b, err := base64.StdEncoding.DecodeString(p.Spec.PublicKey); err != nil {
|
||||
return fmt.Errorf("WireGuard public key is not base64 encoded: %w", err)
|
||||
// Since WireGuard is using Curve25519 for the key exchange, the key length of 256 bits should not change in the near future.
|
||||
} else if len(b) != 32 {
|
||||
return errors.New("WireGuard public key has invalid length")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user