Add binary signature verification #558
Conversation
753e955 to
3e18934
Compare
The main thing here is to pass in an Axios client instead of the SDK client since this does not need to make API calls and we will need to pass a separate client without headers when downloading external signatures. Otherwise the structure remains the same. Some variables are renamed due to being in a new context and some strings messages are simplified.
A tiny refactor since I will need to get a third config option.
33b14b9 to
18c3c88
Compare
18c3c88 to
860b1aa
Compare
They are not needed, and the packaging step will error that it looks like you are trying to package secrets due to the test key fixtures.
| case VerificationErrorCode.Invalid: | ||
| return "Signature does not match"; | ||
| default: | ||
| return "Failed to read signature"; |
There was a problem hiding this comment.
| return "Failed to read signature"; | |
| return "Failed to verify signature"; |
since this is the default, it might not necessarily be about reading I guess?
There was a problem hiding this comment.
Ah true, there are only two error codes and the other is read so as it currently is this is accurate, but if in the future a code was added and someone did not update the switch statement, we could possibly return the wrong message. I think I can make use of never instead in some way to force the switch to be exhaustive, will fix
There was a problem hiding this comment.
Waaaaiiit looks like TypeScript is smart about this now?? No need to do anything special. When did that happen lol
So I can just replace default with VerificationErrorCode.Read and all is well.
src/pgp.ts
Outdated
| return new VerificationError(VerificationErrorCode.Invalid, error); | ||
| } | ||
| } catch (e) { | ||
| const error = `Failed to read signature or binary: ${errToStr(e)}.`; | ||
| logger?.warn(error); | ||
| return new VerificationError(VerificationErrorCode.Read, error); | ||
| } | ||
| return true; |
There was a problem hiding this comment.
I feel weird about returning errors in js. if these were thrown instead we could do something like...
try {
await verifySignature(...);
// more happy path here
} catch (error) {
if (error instanceof VerificationError) {
// unhappy path here
}
}which is maybe a bit noisier than what you're currently doing, but is also a bit more "when in rome", y'know?
There was a problem hiding this comment.
You are probably right, initially I did it that way but the added nesting felt like too much, although I did break things up after that so it would not be quite so bad now. Edit: also the type checking is unfortunate, we have to add code to check this is a verification error but it can never be anything but that, actually I think this was the real reason.
Do you think I can get away with it if I call it VerificationResult instead lol
There was a problem hiding this comment.
Ehhhh nvm on second thought I will throw
|
cc @jdomeracki-coder in case you want to take a look, should be similar to the JetBrains plugin but I went with the original flow instead of the checkbox during login since we can have prompts with multiple buttons here. |
I extracted the download function (since I needed to reuse it to download signatures) to a separate commit so it is easier to review the signature additions separately, if that is of interest.
This downloads the detached signature from Coder if available or releases.coder.com if not, then verifies the binary using that detached signature and the bundled public key. The check is performed only when the binary is first download.