From cc3b633021ec6e6683cbae7034e88a5fddc7c194 Mon Sep 17 00:00:00 2001 From: vnugent Date: Wed, 10 Apr 2024 01:06:31 -0400 Subject: chore: Updated libs, custom data signing, AOT compiled builds --- Module.Taskfile.yaml | 18 +++++--------- Taskfile.yaml | 58 +++++---------------------------------------- src/PkiAuthenticator.csproj | 4 ++-- src/Program.cs | 8 +++++++ src/Statics.cs | 15 ++++++++---- 5 files changed, 32 insertions(+), 71 deletions(-) diff --git a/Module.Taskfile.yaml b/Module.Taskfile.yaml index 45f63ac..46db9c3 100644 --- a/Module.Taskfile.yaml +++ b/Module.Taskfile.yaml @@ -5,7 +5,7 @@ version: '3' vars: INT_DIR: '{{.SCRATCH_DIR}}/obj/{{.MODULE_NAME}}/' TARGET: '{{.OUTPUT_DIR}}/{{.HEAD_SHA}}' - MS_ARGS: '--sc false /p:RunAnalyzersDuringBuild=false /p:IntermediateOutputPath="{{.INT_DIR}}" /p:UseCommonOutputDirectory=true /p:BuildInParallel=true /p:MultiProcessorCompilation=true' + MS_ARGS: '--self-contained true -p:PublishSingleFile=true -p:IncludeNativeLibrariesForSelfExtract=true -p:PublishTrimmed=true /p:RunAnalyzersDuringBuild=false /p:IntermediateOutputPath="{{.INT_DIR}}" /p:UseCommonOutputDirectory=true /p:BuildInParallel=true /p:MultiProcessorCompilation=true' tasks: #called by build pipeline to sync repo @@ -13,8 +13,8 @@ tasks: dir: '{{.USER_WORKING_DIR}}' cmds: #force remove any local changes and overwite - - git remote update - git reset --hard + - git remote update - git pull origin {{.BRANCH_NAME}} --verify-signatures #re-write semver after hard reset - dotnet-gitversion.exe /updateprojectfiles @@ -49,18 +49,12 @@ tasks: dir: '{{.USER_WORKING_DIR}}' internal: true cmds: - - dotnet publish -c debug -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c debug -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c debug -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c debug -r linux-arm {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c debug -r linux-arm64 {{.BUILD_FLAGS}} {{.MS_ARGS}} + - for: [win-x64, linux-x64, osx-x64, linux-arm, linux-arm64 ] + cmd: dotnet publish -c debug -r {{.ITEM}} {{.BUILD_FLAGS}} {{.MS_ARGS}} build_release: dir: '{{.USER_WORKING_DIR}}' internal: true cmds: - - dotnet publish -c release -r win-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c release -r linux-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c release -r osx-x64 {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c release -r linux-arm {{.BUILD_FLAGS}} {{.MS_ARGS}} - - dotnet publish -c release -r linux-arm64 {{.BUILD_FLAGS}} {{.MS_ARGS}} \ No newline at end of file + - for: [win-x64, linux-x64, osx-x64, linux-arm, linux-arm64 ] + cmd: dotnet publish -c release -r {{.ITEM}} {{.BUILD_FLAGS}} {{.MS_ARGS}} diff --git a/Taskfile.yaml b/Taskfile.yaml index c184bf8..7ca9f9d 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -14,62 +14,16 @@ tasks: dir: '{{.USER_WORKING_DIR}}' cmds: - - #run post in debug mode - - task: postbuild - vars: - BUILD_MODE: debug - TARGET_OS: linux-x64 - - - task: postbuild - vars: - BUILD_MODE: debug - TARGET_OS: win-x64 - - - task: postbuild - vars: - BUILD_MODE: debug - TARGET_OS: osx-x64 - - - task: postbuild - vars: - BUILD_MODE: debug - TARGET_OS: linux-arm - - - task: postbuild - vars: - BUILD_MODE: debug - TARGET_OS: linux-arm64 - + - for: ['linux-x64', 'win-x64', 'osx-x64', 'linux-arm', 'linux-arm64'] + task: postbuild + vars: { BUILD_MODE: debug, TARGET_OS: '{{.ITEM}}'} #remove uncessary files from the release dir - powershell -Command "Get-ChildItem -Recurse '{{.RELEASE_DIR}}/' -Include *.pdb,*.xml | Remove-Item" - #run post in release mode - - task: postbuild - vars: - BUILD_MODE: release - TARGET_OS: linux-x64 - - - task: postbuild - vars: - BUILD_MODE: release - TARGET_OS: win-x64 - - - task: postbuild - vars: - BUILD_MODE: release - TARGET_OS: osx-x64 - - - task: postbuild - vars: - BUILD_MODE: release - TARGET_OS: linux-arm - - - task: postbuild - vars: - BUILD_MODE: release - TARGET_OS: linux-arm64 + - for: ['linux-x64', 'win-x64', 'osx-x64', 'linux-arm', 'linux-arm64'] + task: postbuild + vars: { BUILD_MODE: release, TARGET_OS: '{{.ITEM}}'} #pack up source code and put in output - powershell -Command "Get-ChildItem -Include *.cs,*.csproj -Recurse | Where { \$_.FullName -notlike '*\obj\*' } | Resolve-Path -Relative | tar --files-from - -czf '{{.TARGET}}/src.tgz'" diff --git a/src/PkiAuthenticator.csproj b/src/PkiAuthenticator.csproj index 808b447..96d8c19 100644 --- a/src/PkiAuthenticator.csproj +++ b/src/PkiAuthenticator.csproj @@ -38,8 +38,8 @@ - - + + diff --git a/src/Program.cs b/src/Program.cs index cdbeea7..a150eba 100644 --- a/src/Program.cs +++ b/src/Program.cs @@ -71,6 +71,11 @@ namespace PkiAuthenticator authenticating. If not specified, uses the certificates CN subject value. + --sign Enables entering custom data to add to the OTP before signing. + This allows applications to add an extra layer of authentication + security. If you application requires signing data, you must set + this flag. + --software Runs the process using a software authenticator instead of a YubiKey hardware authenticator. The cert file must be a a valid x509 certificate with the public key. You must also @@ -154,6 +159,9 @@ namespace PkiAuthenticator #software vauth.exe --software cert.pem --export pem + Sign data: + vauth.exe --sign # sign data before generating OTP + List devices: vauth.exe --list-devices # only supported in hardware mode "; diff --git a/src/Statics.cs b/src/Statics.cs index 0978abf..b9d105a 100644 --- a/src/Statics.cs +++ b/src/Statics.cs @@ -90,6 +90,13 @@ namespace PkiAuthenticator string? uid = CliArgs.GetArgument("-u"); uid ??= CliArgs.GetArgument("--user"); + string? dataToSign = null; + if (CliArgs.HasArgument("--sign")) + { + Log.Information("Enter the data to sign: "); + dataToSign = Console.ReadLine(); + } + HashAlg digest; //Init the jwt header @@ -133,17 +140,15 @@ namespace PkiAuthenticator { //Default uid is the subjet name uid ??= cert.SubjectName.Name.AsSpan().SliceAfterParam("=").ToString(); - - //Get random nonce for entropy - string nonce = RandomHash.GetRandomBase32(16); - + jwt.InitPayloadClaim() .AddClaim("sub", uid) - .AddClaim("n", nonce) + .AddClaim("n", RandomHash.GetRandomBase32(16)) .AddClaim("iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds()) //Keyid is the hex sha1 of the certificate .AddClaim("keyid", Convert.ToHexString(cert.GetCertHash(HashAlgorithmName.SHA1))) .AddClaim("serial", cert.SerialNumber) + .AddClaim("data", dataToSign!) .CommitClaims(); } -- cgit