gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 17:51:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6f4d5c5e852ff79769357fc0f0c62cacb9ef54e
certctl/cmd/agent/keymem.go
T
shankar0123 21aeed4f4e legal: addlicense headers + normalize legacy variants (Phase 0 RED-4) 
Phase 0 closure (Path B2, post-rewrite):

addlicense sweep — adds the canonical certctl LLC copyright + BUSL-1.1
SPDX header to every production Go file. Template:

  // Copyright 2026 certctl LLC. All rights reserved.
  // SPDX-License-Identifier: BUSL-1.1

Coverage: 338 / 338 production Go files (cmd/ + internal/, excluding
*_test.go and **/testdata/**). Pre-sweep coverage was 22 / 338 (6.5%);
post-sweep is 338 / 338 (100%).

Normalized 22 pre-existing legacy headers (`// Copyright (c) certctl`
+ `// SPDX-License-Identifier: BSL-1.1`) and 1 file using a
`Certctl Contributors` attribution. The legacy SPDX ID `BSL-1.1`
is non-standard; the official SPDX identifier for Business Source
License 1.1 is `BUSL-1.1` (capital U). All 338 files now share the
canonical form.

Generated via:
  addlicense -c "certctl LLC" -y 2026 \
    -f cowork/legal/copyright-header.tpl \
    -ignore '**/testdata/**' -ignore '**/*_test.go' \
    cmd/ internal/

Verification:
  find cmd internal -name '*.go' -not -name '*_test.go' \
    -not -path '*/testdata/*' \
    -exec grep -L '^// Copyright 2026 certctl LLC' {} \; | wc -l

  Returns: 0

gofmt clean. Header additions are comments only, no compile impact.

Closes: cowork/certctl-architecture-diligence-audit.html#fix-RED-4
2026-05-13 21:23:35 +00:00

77 lines
2.6 KiB
Go
Raw Blame History

// Copyright 2026 certctl LLC. All rights reserved.
// SPDX-License-Identifier: BUSL-1.1
package main
import (
"crypto/ecdsa"
"crypto/x509"
"fmt"
"os"
"path/filepath"
)
// Bundle-9 / Audit L-002 + L-003 (agent edition).
//
// The agent generates an ECDSA P-256 key locally and writes it to disk with
// mode 0600 in a directory it expects to be 0700. The duplication of the
// local-issuer helpers (instead of importing from internal/...) is deliberate:
//
// - cmd/agent is a separate binary with its own threat model (runs on every
// deployment target, not just the control plane). Coupling it to
// internal/connector/issuer/local would pull deployment-target footprint
// into a connector that's only relevant on the server.
// - The behavior is small and self-contained; copy-paste is cheaper than
// a refactor that introduces an internal/keystore package.
//
// If a third call site emerges, lift these into internal/keystore.
// marshalAgentKeyAndZeroize marshals an ECDSA private key to DER and invokes
// onDER with the bytes; the buffer is zeroized via builtin clear() after
// onDER returns. Caller must NOT retain the slice.
func marshalAgentKeyAndZeroize(priv *ecdsa.PrivateKey, onDER func([]byte) error) error {
if priv == nil {
return fmt.Errorf("marshalAgentKeyAndZeroize: nil private key")
}
der, err := x509.MarshalECPrivateKey(priv)
if err != nil {
return fmt.Errorf("marshal EC private key: %w", err)
}
defer clear(der)
return onDER(der)
}
// ensureAgentKeyDirSecure creates dir (and ancestors) with mode 0700 or
// asserts an existing dir is owner-only. If a pre-existing dir is more
// permissive than 0700 we tighten it to 0700 (logging-free; this is a
// startup-style invariant, not a per-request check).
func ensureAgentKeyDirSecure(dir string) error {
if dir == "" || dir == "." || dir == "/" {
return fmt.Errorf("ensureAgentKeyDirSecure: refuse empty/root dir %q", dir)
}
clean := filepath.Clean(dir)
info, err := os.Stat(clean)
switch {
case os.IsNotExist(err):
if mkErr := os.MkdirAll(clean, 0o700); mkErr != nil {
return fmt.Errorf("create agent key dir %q: %w", clean, mkErr)
}
info, err = os.Stat(clean)
if err != nil {
return fmt.Errorf("stat newly-created agent key dir %q: %w", clean, err)
}
fallthrough
case err == nil:
mode := info.Mode().Perm()
if mode == 0o700 || mode&0o077 == 0 {
return nil
}
if chmodErr := os.Chmod(clean, 0o700); chmodErr != nil {
return fmt.Errorf("tighten agent key dir %q from %#o to 0700: %w", clean, mode, chmodErr)
}
return nil
default:
return fmt.Errorf("stat agent key dir %q: %w", clean, err)
}
}
Reference in New Issue View Git Blame Copy Permalink