From c2a1daab63f4e05dc0fae40fff455df13faeb9cd Mon Sep 17 00:00:00 2001
From: Jacob Finkelman <jfinkelm@amazon.com>
Date: Tue, 13 Dec 2022 18:57:47 +0000
Subject: [PATCH] print the public key on login

---
 src/cargo/ops/registry.rs   |  8 +++++---
 src/cargo/util/auth.rs      | 10 +++++++---
 tests/testsuite/registry.rs | 18 +++++++++++++++---
 3 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/cargo/ops/registry.rs b/src/cargo/ops/registry.rs
index 217617e3e..331b4b113 100644
--- a/src/cargo/ops/registry.rs
+++ b/src/cargo/ops/registry.rs
@@ -30,7 +30,7 @@ use crate::ops;
 use crate::ops::Packages;
 use crate::sources::{RegistrySource, SourceConfigMap, CRATES_IO_DOMAIN, CRATES_IO_REGISTRY};
 use crate::util::auth::{
-    check_format_like_paserk_secret, {self, AuthorizationError},
+    paserk_public_from_paserk_secret, {self, AuthorizationError},
 };
 use crate::util::config::{Config, SslVersionConfig, SslVersionConfigRange};
 use crate::util::errors::CargoResult;
@@ -807,7 +807,7 @@ pub fn registry_login(
     let new_token;
     if generate_keypair || secret_key_required || key_subject.is_some() {
         if !config.cli_unstable().registry_auth {
-            panic!("-registry_auth required.");
+            panic!("-Zregistry_auth required.");
         }
         assert!(token.is_none());
         // we are dealing with asymmetric tokens
@@ -839,7 +839,9 @@ pub fn registry_login(
                 .cloned()
                 .ok_or_else(|| anyhow!("need a secret_key to set a key_subject"))?;
         }
-        if !check_format_like_paserk_secret(&secret_key) {
+        if let Some(p) = paserk_public_from_paserk_secret(&secret_key) {
+            drop_println!(config, "{}", &p);
+        } else {
             bail!("not a validly formated PASERK secret key");
         }
         new_token = RegistryCredentialConfig::AsymmetricKey((
diff --git a/src/cargo/util/auth.rs b/src/cargo/util/auth.rs
index ece79508a..a56a0b2f2 100644
--- a/src/cargo/util/auth.rs
+++ b/src/cargo/util/auth.rs
@@ -3,6 +3,7 @@
 use crate::util::{config, config::ConfigKey, CanonicalUrl, CargoResult, Config, IntoUrl};
 use anyhow::{bail, format_err, Context as _};
 use cargo_util::ProcessError;
+use pasetors::paserk::FormatAsPaserk;
 use core::fmt;
 use pasetors::keys::{AsymmetricPublicKey, AsymmetricSecretKey};
 use serde::Deserialize;
@@ -488,9 +489,12 @@ pub fn login(config: &Config, sid: &SourceId, token: RegistryCredentialConfig) -
     Ok(())
 }
 
-pub(crate) fn check_format_like_paserk_secret(secret_key: &str) -> bool {
-    let key: Result<AsymmetricSecretKey<pasetors::version3::V3>, _> = secret_key.try_into();
-    key.is_ok()
+pub(crate) fn paserk_public_from_paserk_secret(secret_key: &str) -> Option<String> {
+    let secret: AsymmetricSecretKey<pasetors::version3::V3> = secret_key.try_into().ok()?;
+    let public: AsymmetricPublicKey<pasetors::version3::V3> = (&secret).try_into().ok()?;
+    let mut paserk_pub_key = String::new();
+    FormatAsPaserk::fmt(&public, &mut paserk_pub_key).unwrap();
+    Some(paserk_pub_key)
 }
 
 /// Removes the token for the given registry.
diff --git a/tests/testsuite/registry.rs b/tests/testsuite/registry.rs
index 7b3251501..2a90f3aa8 100644
--- a/tests/testsuite/registry.rs
+++ b/tests/testsuite/registry.rs
@@ -1135,7 +1135,11 @@ fn login_with_asymmetric_token_and_subject_on_stdin() {
     cargo_process("login --key-subject=foo --secret-key -v -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
         .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "\
+        please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
         .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
         .run();
     let credentials = fs::read_to_string(&credentials).unwrap();
@@ -1152,7 +1156,11 @@ fn login_with_asymmetric_token_on_stdin() {
     cargo_process("login --secret-key -v -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
         .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "\
+    please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
         .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
         .run();
     let credentials = fs::read_to_string(&credentials).unwrap();
@@ -1175,7 +1183,10 @@ fn login_with_asymmetric_key_subject_without_key() {
     cargo_process("login --secret-key -v -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
         .replace_crates_io(registry.index_url())
-        .with_stdout("please paste the API secret key below")
+        .with_stdout(
+            "please paste the API secret key below
+k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
+        )
         .with_stdin("k3.secret.fNYVuMvBgOlljt9TDohnaYLblghqaHoQquVZwgR6X12cBFHZLFsaU3q7X3k1Zn36")
         .run();
 
@@ -1199,6 +1210,7 @@ fn login_with_generate_asymmetric_token() {
     cargo_process("login --generate-keypair -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
         .replace_crates_io(registry.index_url())
+        .with_stdout("k3.public.[..]")
         .run();
     let credentials = fs::read_to_string(&credentials).unwrap();
     assert!(credentials.contains("secret-key = \"k3.secret."));