cli: signed-integrity get-pubkey action implemented (ref. #66)

plugins/signed-integrity/cli.js

@@ -29,6 +29,36 @@ let genKeypair = async () => {
     return JSON.stringify(exported_keypair)
 }
 
+/**
+ * derive a public key from a provided public key file
+ * 
+ * keyfile - a path to a file containing the private key
+ */
+let getPubkey = async (keyfile) => {
+    
+    // we only want to process one file
+    if (Array.isArray(keyfile)) {
+        keyfile = keyfile[0]
+    }
+    // 
+    var keydata = JSON.parse(await Deno.readTextFile(keyfile));
+    // the key can be eitehr in a CryptoKeyPair structure, or directly in CryptoKey structure
+    // standardize!
+    if ("privateKey" in keydata) {
+        keydata = keydata.privateKey
+    }
+    
+    // make the key public by deleting private parts and modifying key_ops
+    // ref. https://stackoverflow.com/a/57571350
+    delete keydata.d;
+    keydata.key_ops = ['verify']
+    
+    // import the key, thus making sure data is valid and makes sense
+    let key = await crypto.subtle.importKey("jwk", keydata, {name: 'ECDSA', namedCurve: 'P-384'}, true, ['verify'])
+    
+    // export it again
+    return JSON.stringify(await crypto.subtle.exportKey("jwk", key))
+}
 
 // this never changes
 const pluginName = "signed-integrity"
@@ -38,6 +68,16 @@ const pluginActions = {
     "gen-keypair": {
         run: genKeypair,
         description: "generate a keypair and export it as a JSON Web Key"
+    },
+    "get-pubkey": {
+        run: getPubkey,
+        description: "print out a public key derived from the provided private key",
+        arguments: {
+            '_': {
+                name: "keyfile",
+                description: "file containing the private key in JSON Web Key format"
+            }
+        }
     }
 }