Jimmy Zelinskie
GitHub
commit
3e17081a71
2 changed files with 10 additions and 5 deletions
|
|
@ -28,7 +28,7 @@ chihaya:
|
||||||
config:
|
config:
|
||||||
issuer: https://issuer.com
|
issuer: https://issuer.com
|
||||||
audience: https://chihaya.issuer.com
|
audience: https://chihaya.issuer.com
|
||||||
jwk_set_uri: https://issuer.com/keys
|
jwk_set_url: https://issuer.com/keys
|
||||||
jwk_set_update_interval: 5m
|
jwk_set_update_interval: 5m
|
||||||
- name: client approval
|
- name: client approval
|
||||||
config:
|
config:
|
||||||
|
|
|
||||||
|
|
@ -51,15 +51,17 @@ type hook struct {
|
||||||
|
|
||||||
// NewHook returns an instance of the JWT middleware.
|
// NewHook returns an instance of the JWT middleware.
|
||||||
func NewHook(cfg Config) (middleware.Hook, error) {
|
func NewHook(cfg Config) (middleware.Hook, error) {
|
||||||
|
log.Debugf("creating new JWT middleware with config: %#v", cfg)
|
||||||
h := &hook{
|
h := &hook{
|
||||||
cfg: cfg,
|
cfg: cfg,
|
||||||
publicKeys: map[string]crypto.PublicKey{},
|
publicKeys: map[string]crypto.PublicKey{},
|
||||||
closing: make(chan struct{}),
|
closing: make(chan struct{}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Debug("performing initial fetch of JWKs")
|
||||||
err := h.updateKeys()
|
err := h.updateKeys()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("failed to update initial JWK Set: " + err.Error())
|
return nil, errors.New("failed to fetch initial JWK Set: " + err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
|
|
@ -68,6 +70,7 @@ func NewHook(cfg Config) (middleware.Hook, error) {
|
||||||
case <-h.closing:
|
case <-h.closing:
|
||||||
return
|
return
|
||||||
case <-time.After(cfg.JWKUpdateInterval):
|
case <-time.After(cfg.JWKUpdateInterval):
|
||||||
|
log.Debug("performing fetch of JWKs")
|
||||||
h.updateKeys()
|
h.updateKeys()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -83,7 +86,7 @@ func (h *hook) updateKeys() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
parsedJWKs := map[string]gojwk.Key{}
|
var parsedJWKs gojwk.Key
|
||||||
err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
|
err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
resp.Body.Close()
|
resp.Body.Close()
|
||||||
|
|
@ -93,20 +96,22 @@ func (h *hook) updateKeys() error {
|
||||||
resp.Body.Close()
|
resp.Body.Close()
|
||||||
|
|
||||||
keys := map[string]crypto.PublicKey{}
|
keys := map[string]crypto.PublicKey{}
|
||||||
for kid, parsedJWK := range parsedJWKs {
|
for _, parsedJWK := range parsedJWKs.Keys {
|
||||||
publicKey, err := parsedJWK.DecodePublicKey()
|
publicKey, err := parsedJWK.DecodePublicKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorln("failed to decode JWK into public key: " + err.Error())
|
log.Errorln("failed to decode JWK into public key: " + err.Error())
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
keys[kid] = publicKey
|
keys[parsedJWK.Kid] = publicKey
|
||||||
}
|
}
|
||||||
h.publicKeys = keys
|
h.publicKeys = keys
|
||||||
|
|
||||||
|
log.Debug("successfully fetched JWK Set")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *hook) Stop() <-chan error {
|
func (h *hook) Stop() <-chan error {
|
||||||
|
log.Debug("attempting to shutdown JWT middleware")
|
||||||
select {
|
select {
|
||||||
case <-h.closing:
|
case <-h.closing:
|
||||||
return stopper.AlreadyStopped
|
return stopper.AlreadyStopped
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue