mirror of
https://github.com/1f349/mjwt.git
synced 2024-12-22 15:34:08 +00:00
Pedantic: Remove defensive programming on receivers.
This commit is contained in:
parent
3201964fec
commit
690b9f9512
19
key_store.go
19
key_store.go
@ -107,7 +107,7 @@ func ExportKeyStore(ks KeyStore, directory, keyPrvExt, keyPubExt string) error {
|
|||||||
|
|
||||||
// SetKey adds a new rsa.PrivateKey with the specified kID to the KeyStore.
|
// SetKey adds a new rsa.PrivateKey with the specified kID to the KeyStore.
|
||||||
func (d *defaultMJwtKeyStore) SetKey(kID string, prvKey *rsa.PrivateKey) {
|
func (d *defaultMJwtKeyStore) SetKey(kID string, prvKey *rsa.PrivateKey) {
|
||||||
if d == nil || prvKey == nil {
|
if prvKey == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
d.rwLocker.Lock()
|
d.rwLocker.Lock()
|
||||||
@ -119,7 +119,7 @@ func (d *defaultMJwtKeyStore) SetKey(kID string, prvKey *rsa.PrivateKey) {
|
|||||||
|
|
||||||
// SetKeyPublic adds a new rsa.PublicKey with the specified kID to the KeyStore.
|
// SetKeyPublic adds a new rsa.PublicKey with the specified kID to the KeyStore.
|
||||||
func (d *defaultMJwtKeyStore) SetKeyPublic(kID string, pubKey *rsa.PublicKey) {
|
func (d *defaultMJwtKeyStore) SetKeyPublic(kID string, pubKey *rsa.PublicKey) {
|
||||||
if d == nil || pubKey == nil {
|
if pubKey == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
d.rwLocker.Lock()
|
d.rwLocker.Lock()
|
||||||
@ -134,9 +134,6 @@ func (d *defaultMJwtKeyStore) SetKeyPublic(kID string, pubKey *rsa.PublicKey) {
|
|||||||
|
|
||||||
// RemoveKey removes a specified kID from the KeyStore.
|
// RemoveKey removes a specified kID from the KeyStore.
|
||||||
func (d *defaultMJwtKeyStore) RemoveKey(kID string) {
|
func (d *defaultMJwtKeyStore) RemoveKey(kID string) {
|
||||||
if d == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
d.rwLocker.Lock()
|
d.rwLocker.Lock()
|
||||||
defer d.rwLocker.Unlock()
|
defer d.rwLocker.Unlock()
|
||||||
delete(d.store, kID)
|
delete(d.store, kID)
|
||||||
@ -146,9 +143,6 @@ func (d *defaultMJwtKeyStore) RemoveKey(kID string) {
|
|||||||
|
|
||||||
// ListKeys lists the kIDs of all the keys in the KeyStore.
|
// ListKeys lists the kIDs of all the keys in the KeyStore.
|
||||||
func (d *defaultMJwtKeyStore) ListKeys() []string {
|
func (d *defaultMJwtKeyStore) ListKeys() []string {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
d.rwLocker.RLock()
|
d.rwLocker.RLock()
|
||||||
defer d.rwLocker.RUnlock()
|
defer d.rwLocker.RUnlock()
|
||||||
lKeys := make([]string, len(d.store))
|
lKeys := make([]string, len(d.store))
|
||||||
@ -162,9 +156,6 @@ func (d *defaultMJwtKeyStore) ListKeys() []string {
|
|||||||
|
|
||||||
// GetKey gets the rsa.PrivateKey given the kID in the KeyStore or null if not found.
|
// GetKey gets the rsa.PrivateKey given the kID in the KeyStore or null if not found.
|
||||||
func (d *defaultMJwtKeyStore) GetKey(kID string) *rsa.PrivateKey {
|
func (d *defaultMJwtKeyStore) GetKey(kID string) *rsa.PrivateKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
d.rwLocker.RLock()
|
d.rwLocker.RLock()
|
||||||
defer d.rwLocker.RUnlock()
|
defer d.rwLocker.RUnlock()
|
||||||
kPrv, ok := d.store[kID]
|
kPrv, ok := d.store[kID]
|
||||||
@ -176,9 +167,6 @@ func (d *defaultMJwtKeyStore) GetKey(kID string) *rsa.PrivateKey {
|
|||||||
|
|
||||||
// GetKeyPublic gets the rsa.PublicKey given the kID in the KeyStore or null if not found.
|
// GetKeyPublic gets the rsa.PublicKey given the kID in the KeyStore or null if not found.
|
||||||
func (d *defaultMJwtKeyStore) GetKeyPublic(kID string) *rsa.PublicKey {
|
func (d *defaultMJwtKeyStore) GetKeyPublic(kID string) *rsa.PublicKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
d.rwLocker.RLock()
|
d.rwLocker.RLock()
|
||||||
defer d.rwLocker.RUnlock()
|
defer d.rwLocker.RUnlock()
|
||||||
kPub, ok := d.storePub[kID]
|
kPub, ok := d.storePub[kID]
|
||||||
@ -190,9 +178,6 @@ func (d *defaultMJwtKeyStore) GetKeyPublic(kID string) *rsa.PublicKey {
|
|||||||
|
|
||||||
// ClearKeys removes all the stored keys in the KeyStore.
|
// ClearKeys removes all the stored keys in the KeyStore.
|
||||||
func (d *defaultMJwtKeyStore) ClearKeys() {
|
func (d *defaultMJwtKeyStore) ClearKeys() {
|
||||||
if d == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
d.rwLocker.Lock()
|
d.rwLocker.Lock()
|
||||||
defer d.rwLocker.Unlock()
|
defer d.rwLocker.Unlock()
|
||||||
clear(d.store)
|
clear(d.store)
|
||||||
|
34
signer.go
34
signer.go
@ -12,7 +12,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var ErrNoPrivateKeyFound = errors.New("no private key found")
|
var ErrNoPrivateKeyFound = errors.New("no private key found")
|
||||||
var ErrSignerNil = errors.New("signer nil")
|
|
||||||
|
|
||||||
// defaultMJwtSigner implements Signer and uses an rsa.PrivateKey and issuer name
|
// defaultMJwtSigner implements Signer and uses an rsa.PrivateKey and issuer name
|
||||||
// to generate MJWT tokens
|
// to generate MJWT tokens
|
||||||
@ -95,26 +94,17 @@ func NewMJwtSignerFromFileAndDirectory(issuer, file, directory, prvExt, pubExt s
|
|||||||
|
|
||||||
// Issuer returns the name of the issuer
|
// Issuer returns the name of the issuer
|
||||||
func (d *defaultMJwtSigner) Issuer() string {
|
func (d *defaultMJwtSigner) Issuer() string {
|
||||||
if d == nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
return d.issuer
|
return d.issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateJwt generates and returns a JWT string using the sub, id, duration and claims; uses the default key
|
// GenerateJwt generates and returns a JWT string using the sub, id, duration and claims; uses the default key
|
||||||
func (d *defaultMJwtSigner) GenerateJwt(sub, id string, aud jwt.ClaimStrings, dur time.Duration, claims Claims) (string, error) {
|
func (d *defaultMJwtSigner) GenerateJwt(sub, id string, aud jwt.ClaimStrings, dur time.Duration, claims Claims) (string, error) {
|
||||||
if d == nil {
|
|
||||||
return "", ErrSignerNil
|
|
||||||
}
|
|
||||||
return d.SignJwt(wrapClaims[Claims](d, sub, id, aud, dur, claims))
|
return d.SignJwt(wrapClaims[Claims](d, sub, id, aud, dur, claims))
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignJwt signs a jwt.Claims compatible struct, this is used internally by
|
// SignJwt signs a jwt.Claims compatible struct, this is used internally by
|
||||||
// GenerateJwt but is available for signing custom structs; uses the default key
|
// GenerateJwt but is available for signing custom structs; uses the default key
|
||||||
func (d *defaultMJwtSigner) SignJwt(wrapped jwt.Claims) (string, error) {
|
func (d *defaultMJwtSigner) SignJwt(wrapped jwt.Claims) (string, error) {
|
||||||
if d == nil {
|
|
||||||
return "", ErrSignerNil
|
|
||||||
}
|
|
||||||
if d.key == nil {
|
if d.key == nil {
|
||||||
return "", ErrNoPrivateKeyFound
|
return "", ErrNoPrivateKeyFound
|
||||||
}
|
}
|
||||||
@ -124,18 +114,12 @@ func (d *defaultMJwtSigner) SignJwt(wrapped jwt.Claims) (string, error) {
|
|||||||
|
|
||||||
// GenerateJwtWithKID generates and returns a JWT string using the sub, id, duration and claims; this gets signed with the specified kID
|
// GenerateJwtWithKID generates and returns a JWT string using the sub, id, duration and claims; this gets signed with the specified kID
|
||||||
func (d *defaultMJwtSigner) GenerateJwtWithKID(sub, id string, aud jwt.ClaimStrings, dur time.Duration, claims Claims, kID string) (string, error) {
|
func (d *defaultMJwtSigner) GenerateJwtWithKID(sub, id string, aud jwt.ClaimStrings, dur time.Duration, claims Claims, kID string) (string, error) {
|
||||||
if d == nil {
|
|
||||||
return "", ErrSignerNil
|
|
||||||
}
|
|
||||||
return d.SignJwtWithKID(wrapClaims[Claims](d, sub, id, aud, dur, claims), kID)
|
return d.SignJwtWithKID(wrapClaims[Claims](d, sub, id, aud, dur, claims), kID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignJwtWithKID signs a jwt.Claims compatible struct, this is used internally by
|
// SignJwtWithKID signs a jwt.Claims compatible struct, this is used internally by
|
||||||
// GenerateJwt but is available for signing custom structs; this gets signed with the specified kID
|
// GenerateJwt but is available for signing custom structs; this gets signed with the specified kID
|
||||||
func (d *defaultMJwtSigner) SignJwtWithKID(wrapped jwt.Claims, kID string) (string, error) {
|
func (d *defaultMJwtSigner) SignJwtWithKID(wrapped jwt.Claims, kID string) (string, error) {
|
||||||
if d == nil {
|
|
||||||
return "", ErrSignerNil
|
|
||||||
}
|
|
||||||
pKey := d.verify.GetKeyStore().GetKey(kID)
|
pKey := d.verify.GetKeyStore().GetKey(kID)
|
||||||
if pKey == nil {
|
if pKey == nil {
|
||||||
return "", ErrNoPrivateKeyFound
|
return "", ErrNoPrivateKeyFound
|
||||||
@ -147,43 +131,25 @@ func (d *defaultMJwtSigner) SignJwtWithKID(wrapped jwt.Claims, kID string) (stri
|
|||||||
|
|
||||||
// VerifyJwt validates and parses MJWT tokens see defaultMJwtVerifier.VerifyJwt()
|
// VerifyJwt validates and parses MJWT tokens see defaultMJwtVerifier.VerifyJwt()
|
||||||
func (d *defaultMJwtSigner) VerifyJwt(token string, claims baseTypeClaim) (*jwt.Token, error) {
|
func (d *defaultMJwtSigner) VerifyJwt(token string, claims baseTypeClaim) (*jwt.Token, error) {
|
||||||
if d == nil {
|
|
||||||
return nil, ErrSignerNil
|
|
||||||
}
|
|
||||||
return d.verify.VerifyJwt(token, claims)
|
return d.verify.VerifyJwt(token, claims)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtSigner) PrivateKey() *rsa.PrivateKey {
|
func (d *defaultMJwtSigner) PrivateKey() *rsa.PrivateKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.key
|
return d.key
|
||||||
}
|
}
|
||||||
func (d *defaultMJwtSigner) PublicKey() *rsa.PublicKey {
|
func (d *defaultMJwtSigner) PublicKey() *rsa.PublicKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.verify.pub
|
return d.verify.pub
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtSigner) PublicKeyOf(kID string) *rsa.PublicKey {
|
func (d *defaultMJwtSigner) PublicKeyOf(kID string) *rsa.PublicKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.verify.kStore.GetKeyPublic(kID)
|
return d.verify.kStore.GetKeyPublic(kID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtSigner) GetKeyStore() KeyStore {
|
func (d *defaultMJwtSigner) GetKeyStore() KeyStore {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.verify.GetKeyStore()
|
return d.verify.GetKeyStore()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtSigner) PrivateKeyOf(kID string) *rsa.PrivateKey {
|
func (d *defaultMJwtSigner) PrivateKeyOf(kID string) *rsa.PrivateKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.verify.kStore.GetKey(kID)
|
return d.verify.kStore.GetKey(kID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
13
verifier.go
13
verifier.go
@ -9,7 +9,6 @@ import (
|
|||||||
|
|
||||||
var ErrNoPublicKeyFound = errors.New("no public key found")
|
var ErrNoPublicKeyFound = errors.New("no public key found")
|
||||||
var ErrKIDInvalid = errors.New("kid invalid")
|
var ErrKIDInvalid = errors.New("kid invalid")
|
||||||
var ErrVerifierNil = errors.New("verifier nil")
|
|
||||||
|
|
||||||
// defaultMJwtVerifier implements Verifier and uses a rsa.PublicKey to validate
|
// defaultMJwtVerifier implements Verifier and uses a rsa.PublicKey to validate
|
||||||
// MJWT tokens
|
// MJWT tokens
|
||||||
@ -71,9 +70,6 @@ func NewMJwtVerifierFromFileAndDirectory(file, directory, prvExt, pubExt string)
|
|||||||
|
|
||||||
// VerifyJwt validates and parses MJWT tokens and returns the claims
|
// VerifyJwt validates and parses MJWT tokens and returns the claims
|
||||||
func (d *defaultMJwtVerifier) VerifyJwt(token string, claims baseTypeClaim) (*jwt.Token, error) {
|
func (d *defaultMJwtVerifier) VerifyJwt(token string, claims baseTypeClaim) (*jwt.Token, error) {
|
||||||
if d == nil {
|
|
||||||
return nil, ErrVerifierNil
|
|
||||||
}
|
|
||||||
withClaims, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
|
withClaims, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
|
||||||
kIDI, exs := token.Header["kid"]
|
kIDI, exs := token.Header["kid"]
|
||||||
if exs {
|
if exs {
|
||||||
@ -100,22 +96,13 @@ func (d *defaultMJwtVerifier) VerifyJwt(token string, claims baseTypeClaim) (*jw
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtVerifier) PublicKey() *rsa.PublicKey {
|
func (d *defaultMJwtVerifier) PublicKey() *rsa.PublicKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.pub
|
return d.pub
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtVerifier) PublicKeyOf(kID string) *rsa.PublicKey {
|
func (d *defaultMJwtVerifier) PublicKeyOf(kID string) *rsa.PublicKey {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.kStore.GetKeyPublic(kID)
|
return d.kStore.GetKeyPublic(kID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *defaultMJwtVerifier) GetKeyStore() KeyStore {
|
func (d *defaultMJwtVerifier) GetKeyStore() KeyStore {
|
||||||
if d == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return d.kStore
|
return d.kStore
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user