allow pubkey input to print_pubkey

src/millipds/__main__.py

@@ -6,7 +6,7 @@
   millipds account create <did> <handle> [--unsafe_password=PW] [--signing_key=PEM]
   millipds run [--sock_path=PATH] [--listen_host=HOST] [--listen_port=PORT]
   millipds util keygen [--p256 | --k256]
-  millipds util print_pubkey <signing_key_pem>
+  millipds util print_pubkey <pem>
   millipds util plcgen --genesis_json=PATH --rotation_key=PEM --handle=HANDLE --pds_host=URL --repo_pubkey=DIDKEY
   millipds util plcsign --unsigned_op=PATH --rotation_key=PEM [--prev_op=PATH]
   millipds (-h | --help)
@@ -127,8 +127,13 @@ def main():
 				privkey = crypto.keygen_p256() # openssl ecparam -name prime256v1 -genkey -noout
 			print(crypto.privkey_to_pem(privkey), end="")
 		elif args["print_pubkey"]:
-			with open(args["<signing_key_pem>"]) as pem:
-				print(crypto.encode_pubkey_as_did_key(crypto.privkey_from_pem(pem.read()).public_key()))
+			with open(args["<pem>"]) as pem:
+				pem_data = pem.read()
+			try:
+				pubkey = crypto.privkey_from_pem(pem_data).public_key()
+			except ValueError:
+				pubkey = crypto.pubkey_from_pem(pem_data)
+			print(crypto.encode_pubkey_as_did_key(pubkey))
 		elif args["plcgen"]:
 			with open(args["--rotation_key"]) as pem:
 				rotation_key = crypto.privkey_from_pem(pem.read())

src/millipds/crypto.py

@@ -93,6 +93,16 @@ def privkey_from_pem(pem: str) -> ec.EllipticCurvePrivateKey:
 		raise TypeError("unsupported key type")
 	return privkey
 
+
+def pubkey_from_pem(pem: str) -> ec.EllipticCurvePublicKey:
+	pubkey = serialization.load_pem_public_key(pem.encode())
+	if not isinstance(pubkey, ec.EllipticCurvePublicKey):
+		raise TypeError("unsupported key type")
+	if not isinstance(pubkey.curve, (ec.SECP256R1, ec.SECP256K1)):
+		raise TypeError("unsupported key type")
+	return pubkey
+
+
 def jwt_signature_alg_for_pem(pem: str) -> Literal["ES256", "ES256K"]:
 	return JWT_SIGNATURE_ALGS[type(privkey_from_pem(pem).curve)]