chore: Updated libs, custom data signing, AOT compiled buildsHEADv0.1.3master

5 files changed, 32 insertions, 71 deletions

diff --git a/Module.Taskfile.yaml b/Module.Taskfile.yaml
index 45f63ac..46db9c3 100644
--- a/Module.Taskfile.yaml
+++ b/Module.Taskfile.yaml
@@ -5,7 +5,7 @@ version: '3'
 vars:
   INT_DIR: '{{.SCRATCH_DIR}}/obj/{{.MODULE_NAME}}/'
   TARGET: '{{.OUTPUT_DIR}}/{{.HEAD_SHA}}'
-  MS_ARGS: '--sc false /p:RunAnalyzersDuringBuild=false /p:IntermediateOutputPath="{{.INT_DIR}}" /p:UseCommonOutputDirectory=true /p:BuildInParallel=true /p:MultiProcessorCompilation=true'
+  MS_ARGS: '--self-contained true -p:PublishSingleFile=true -p:IncludeNativeLibrariesForSelfExtract=true -p:PublishTrimmed=true /p:RunAnalyzersDuringBuild=false /p:IntermediateOutputPath="{{.INT_DIR}}" /p:UseCommonOutputDirectory=true /p:BuildInParallel=true /p:MultiProcessorCompilation=true'
 
 tasks:
 #called by build pipeline to sync repo
@@ -13,8 +13,8 @@ tasks:
     dir: '{{.USER_WORKING_DIR}}'
     cmds:
      #force remove any local changes and overwite
-     - git remote update
      - git reset --hard  
+     - git remote update
      - git pull origin {{.BRANCH_NAME}} --verify-signatures 
     #re-write semver after hard reset
      - dotnet-gitversion.exe /updateprojectfiles
@@ -49,18 +49,12 @@ tasks:
     dir: '{{.USER_WORKING_DIR}}'
     internal: true
     cmds:
-     - dotnet publish -c debug -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c debug -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c debug -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c debug -r linux-arm {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c debug -r linux-arm64 {{.BUILD_FLAGS}} {{.MS_ARGS}} 
+     - for: [win-x64, linux-x64, osx-x64, linux-arm, linux-arm64 ]
+       cmd: dotnet publish -c debug -r {{.ITEM}} {{.BUILD_FLAGS}} {{.MS_ARGS}}
 
   build_release:
     dir: '{{.USER_WORKING_DIR}}'
     internal: true
     cmds:
-     - dotnet publish -c release -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c release -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c release -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c release -r linux-arm {{.BUILD_FLAGS}} {{.MS_ARGS}}
-     - dotnet publish -c release -r linux-arm64 {{.BUILD_FLAGS}} {{.MS_ARGS}}
\ No newline at end of file
+     - for: [win-x64, linux-x64, osx-x64, linux-arm, linux-arm64 ]
+       cmd: dotnet publish -c release -r {{.ITEM}} {{.BUILD_FLAGS}} {{.MS_ARGS}}
diff --git a/Taskfile.yaml b/Taskfile.yaml
index c184bf8..7ca9f9d 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -14,62 +14,16 @@ tasks:
     dir: '{{.USER_WORKING_DIR}}'
 
     cmds:
-
-     #run post in debug mode
-     - task: postbuild
-       vars: 
-         BUILD_MODE: debug 
-         TARGET_OS: linux-x64
-
-     - task: postbuild
-       vars: 
-         BUILD_MODE: debug 
-         TARGET_OS: win-x64
-    
-     - task: postbuild
-       vars: 
-         BUILD_MODE: debug 
-         TARGET_OS: osx-x64
-
-     - task: postbuild
-       vars: 
-         BUILD_MODE: debug 
-         TARGET_OS: linux-arm
-
-     - task: postbuild
-       vars: 
-         BUILD_MODE: debug 
-         TARGET_OS: linux-arm64
-   
+     - for: ['linux-x64', 'win-x64', 'osx-x64', 'linux-arm', 'linux-arm64']
+       task: postbuild
+       vars: { BUILD_MODE: debug, TARGET_OS: '{{.ITEM}}'}
 
      #remove uncessary files from the release dir
      - powershell -Command "Get-ChildItem -Recurse '{{.RELEASE_DIR}}/' -Include *.pdb,*.xml | Remove-Item"
 
-     #run post in release mode
-     - task: postbuild
-       vars: 
-         BUILD_MODE: release 
-         TARGET_OS: linux-x64
-
-     - task: postbuild
-       vars: 
-         BUILD_MODE: release 
-         TARGET_OS: win-x64
-    
-     - task: postbuild
-       vars: 
-         BUILD_MODE: release 
-         TARGET_OS: osx-x64
-    
-     - task: postbuild
-       vars: 
-         BUILD_MODE: release 
-         TARGET_OS: linux-arm
-
-     - task: postbuild
-       vars: 
-         BUILD_MODE: release 
-         TARGET_OS: linux-arm64
+     - for: ['linux-x64', 'win-x64', 'osx-x64', 'linux-arm', 'linux-arm64']
+       task: postbuild
+       vars: { BUILD_MODE: release, TARGET_OS: '{{.ITEM}}'}
 
      #pack up source code and put in output
      - powershell -Command "Get-ChildItem -Include *.cs,*.csproj -Recurse | Where { \$_.FullName -notlike '*\obj\*' } | Resolve-Path -Relative | tar --files-from - -czf '{{.TARGET}}/src.tgz'"
diff --git a/src/PkiAuthenticator.csproj b/src/PkiAuthenticator.csproj
index 808b447..96d8c19 100644
--- a/src/PkiAuthenticator.csproj
+++ b/src/PkiAuthenticator.csproj
@@ -38,8 +38,8 @@
   <ItemGroup>
     <PackageReference Include="Serilog" Version="3.1.1" />
     <PackageReference Include="Serilog.Sinks.Console" Version="5.0.1" />
-    <PackageReference Include="VNLib.Hashing.Portable" Version="0.1.0-ci0114" />
-    <PackageReference Include="VNLib.Utils" Version="0.1.0-ci0114" />
+    <PackageReference Include="VNLib.Hashing.Portable" Version="0.1.0-ci0120" />
+    <PackageReference Include="VNLib.Utils" Version="0.1.0-ci0120" />
     <PackageReference Include="Yubico.YubiKey" Version="1.9.1" />
   </ItemGroup>
 
diff --git a/src/Program.cs b/src/Program.cs
index cdbeea7..a150eba 100644
--- a/src/Program.cs
+++ b/src/Program.cs
@@ -71,6 +71,11 @@ namespace PkiAuthenticator
                                 authenticating. If not specified, uses the certificates CN
                                 subject value.
 
+        --sign                  Enables entering custom data to add to the OTP before signing.
+                                This allows applications to add an extra layer of authentication
+                                security. If you application requires signing data, you must set
+                                this flag.  
+
         --software <cert file>  Runs the process using a software authenticator instead of 
                                 a YubiKey hardware authenticator. The cert file must be a 
                                 a valid x509 certificate with the public key. You must also
@@ -154,6 +159,9 @@ namespace PkiAuthenticator
             #software
             vauth.exe --software cert.pem --export pem
 
+        Sign data:
+            vauth.exe --sign                # sign data before generating OTP
+
         List devices:
             vauth.exe --list-devices        # only supported in hardware mode
 ";
diff --git a/src/Statics.cs b/src/Statics.cs
index 0978abf..b9d105a 100644
--- a/src/Statics.cs
+++ b/src/Statics.cs
@@ -90,6 +90,13 @@ namespace PkiAuthenticator
             string? uid = CliArgs.GetArgument("-u");
             uid ??= CliArgs.GetArgument("--user");
 
+            string? dataToSign = null;
+            if (CliArgs.HasArgument("--sign"))
+            {
+                Log.Information("Enter the data to sign: ");
+                dataToSign = Console.ReadLine();
+            }
+
             HashAlg digest;
 
             //Init the jwt header
@@ -133,17 +140,15 @@ namespace PkiAuthenticator
             {
                 //Default uid is the subjet name
                 uid ??= cert.SubjectName.Name.AsSpan().SliceAfterParam("=").ToString();
-
-                //Get random nonce for entropy
-                string nonce = RandomHash.GetRandomBase32(16);
-
+             
                 jwt.InitPayloadClaim()
                   .AddClaim("sub", uid)
-                  .AddClaim("n", nonce)
+                  .AddClaim("n", RandomHash.GetRandomBase32(16))
                   .AddClaim("iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds())
                   //Keyid is the hex sha1 of the certificate
                   .AddClaim("keyid", Convert.ToHexString(cert.GetCertHash(HashAlgorithmName.SHA1)))
                   .AddClaim("serial", cert.SerialNumber)
+                  .AddClaim("data", dataToSign!)
                   .CommitClaims();
             }