print the public key on login

2025-09-28 11:20:36 +00:00 · 2022-12-13 18:57:47 +00:00 · 2022-12-13 18:57:47 +00:00 · c2a1daab63
commit c2a1daab63
parent 83387da305
3 changed files with 27 additions and 9 deletions
--- a/src/cargo/ops/registry.rs
+++ b/src/cargo/ops/registry.rs
@ -30,7 +30,7 @@ use crate::ops;
 use crate::ops::Packages;
 use crate::sources::{RegistrySource, SourceConfigMap, CRATES_IO_DOMAIN, CRATES_IO_REGISTRY};
 use crate::util::auth::{
-    check_format_like_paserk_secret, {self, AuthorizationError},
+    paserk_public_from_paserk_secret, {self, AuthorizationError},
 };
 use crate::util::config::{Config, SslVersionConfig, SslVersionConfigRange};
 use crate::util::errors::CargoResult;
@ -807,7 +807,7 @@ pub fn registry_login(
    let new_token;
    if generate_keypair || secret_key_required || key_subject.is_some() {
        if !config.cli_unstable().registry_auth {
-            panic!("-registry_auth required.");
+            panic!("-Zregistry_auth required.");
        }
        assert!(token.is_none());
        // we are dealing with asymmetric tokens
@ -839,7 +839,9 @@ pub fn registry_login(
                .cloned()
                .ok_or_else(|| anyhow!("need a secret_key to set a key_subject"))?;
        }
-        if !check_format_like_paserk_secret(&secret_key) {
+        if let Some(p) = paserk_public_from_paserk_secret(&secret_key) {
+            drop_println!(config, "{}", &p);
+        } else {
            bail!("not a validly formated PASERK secret key");
        }
        new_token = RegistryCredentialConfig::AsymmetricKey((
--- a/src/cargo/util/auth.rs
+++ b/src/cargo/util/auth.rs
@ -3,6 +3,7 @@
 use crate::util::{config, config::ConfigKey, CanonicalUrl, CargoResult, Config, IntoUrl};
 use anyhow::{bail, format_err, Context as _};
 use cargo_util::ProcessError;
+use pasetors::paserk::FormatAsPaserk;
 use core::fmt;
 use pasetors::keys::{AsymmetricPublicKey, AsymmetricSecretKey};
 use serde::Deserialize;
@ -488,9 +489,12 @@ pub fn login(config: &Config, sid: &SourceId, token: RegistryCredentialConfig) -
    Ok(())
 }

-pub(crate) fn check_format_like_paserk_secret(secret_key: &str) -> bool {
-    let key: Result<AsymmetricSecretKey<pasetors::version3::V3>, _> = secret_key.try_into();
-    key.is_ok()
+pub(crate) fn paserk_public_from_paserk_secret(secret_key: &str) -> Option<String> {
+    let secret: AsymmetricSecretKey<pasetors::version3::V3> = secret_key.try_into().ok()?;
+    let public: AsymmetricPublicKey<pasetors::version3::V3> = (&secret).try_into().ok()?;
+    let mut paserk_pub_key = String::new();
+    FormatAsPaserk::fmt(&public, &mut paserk_pub_key).unwrap();
+    Some(paserk_pub_key)
 }

 /// Removes the token for the given registry.
--- a/tests/testsuite/registry.rs
+++ b/tests/testsuite/registry.rs
@ -1135,7 +1135,11 @@ fn login_with_asymmetric_token_and_subject_on_stdin() {
    cargo_process("login --key-subject=foo --secret-key -v -Z registry-auth")
        .masquerade_as_nightly_cargo(&["registry-auth"])
        .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "\
+        please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
        .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
        .run();
    let credentials = fs::read_to_string(&credentials).unwrap();
@ -1152,7 +1156,11 @@ fn login_with_asymmetric_token_on_stdin() {
    cargo_process("login --secret-key -v -Z registry-auth")
        .masquerade_as_nightly_cargo(&["registry-auth"])
        .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "\
+    please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
        .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
        .run();
    let credentials = fs::read_to_string(&credentials).unwrap();
@ -1175,7 +1183,10 @@ fn login_with_asymmetric_key_subject_without_key() {
    cargo_process("login --secret-key -v -Z registry-auth")
        .masquerade_as_nightly_cargo(&["registry-auth"])
        .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
        .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
        .run();

@ -1199,6 +1210,7 @@ fn login_with_generate_asymmetric_token() {
    cargo_process("login --generate-keypair -Z registry-auth")
        .masquerade_as_nightly_cargo(&["registry-auth"])
        .replace_crates_io(registry.index_url())
+        .with_stdout("k3.public.[..]")
        .run();
    let credentials = fs::read_to_string(&credentials).unwrap();
    assert!(credentials.contains("secret-key = \"k3.secret."));