Merge pull request #135 from xmidt-org/addClorthoJWKSSUpport

Add Clortho and JWKS support
xmidt-org · Aug 12, 2022 · 0b9b46b · 0b9b46b
2 parents 272c8f0 + 1618522
commit 0b9b46b
Show file tree

Hide file tree

Showing 24 changed files with 104 additions and 2,522 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+- Refactored basculehttp to use Clortho instead of key package. [135](https://github.com/xmidt-org/bascule/pull/135)
 - Update dependencies. [131](https://github.com/xmidt-org/bascule/pull/131)
     -  [github.com/gorilla/sessions v1.2.1 cwe-613 no patch available](https://ossindex.sonatype.org/vulnerability/sonatype-2021-4899)
 - Update dependencies. [130](https://github.com/xmidt-org/bascule/pull/130)

diff --git a/basculehttp/bearerTokenFactory.go b/basculehttp/bearerTokenFactory.go
@@ -26,7 +26,8 @@ import (
 	"github.com/golang-jwt/jwt"
 	"github.com/xmidt-org/arrange"
 	"github.com/xmidt-org/bascule"
-	"github.com/xmidt-org/bascule/key"
+	"github.com/xmidt-org/clortho"
+	"github.com/xmidt-org/clortho/clorthofx"
 	"go.uber.org/fx"
 )
 
@@ -47,8 +48,8 @@ var (
 // converting it into a bascule Token.
 type BearerTokenFactory struct {
 	fx.In
-	DefaultKeyID string            `name:"default_key_id"`
-	Resolver     key.Resolver      `name:"key_resolver"`
+	DefaultKeyID string `name:"default_key_id"`
+	Resolver     clortho.Resolver
 	Parser       bascule.JWTParser `optional:"true"`
 	Leeway       bascule.Leeway    `name:"jwt_leeway" optional:"true"`
 }
@@ -68,11 +69,11 @@ func (btf BearerTokenFactory) ParseAndValidate(ctx context.Context, _ *http.Requ
 			keyID = btf.DefaultKeyID
 		}
 
-		pair, err := btf.Resolver.ResolveKey(ctx, keyID)
+		key, err := btf.Resolver.Resolve(ctx, keyID)
 		if err != nil {
 			return nil, fmt.Errorf("failed to resolve key: %v", err)
 		}
-		return pair.Public(), nil
+		return key.Public(), nil
 	}
 
 	leewayclaims := bascule.ClaimsWithLeeway{
@@ -114,7 +115,7 @@ func (btf BearerTokenFactory) ParseAndValidate(ctx context.Context, _ *http.Requ
 // with the bearer token factory.
 func ProvideBearerTokenFactory(configKey string, optional bool) fx.Option {
 	return fx.Options(
-		key.ProvideResolver(fmt.Sprintf("%s.key", configKey), optional),
+		clorthofx.Provide(),
 		fx.Provide(
 			fx.Annotated{
 				Name: "jwt_leeway",
@@ -127,12 +128,6 @@ func ProvideBearerTokenFactory(configKey string, optional bool) fx.Option {
 					if f.Parser == nil {
 						f.Parser = bascule.DefaultJWTParser
 					}
-					if f.Resolver == nil {
-						if optional {
-							return nil, nil
-						}
-						return nil, ErrNilResolver
-					}
 					return WithTokenFactory(BearerAuthorization, f), nil
 				},
 			},

diff --git a/basculehttp/bearerTokenFactory_test.go b/basculehttp/bearerTokenFactory_test.go
@@ -32,7 +32,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/xmidt-org/arrange"
 	"github.com/xmidt-org/bascule"
-	"github.com/xmidt-org/bascule/key"
 	"go.uber.org/fx"
 )
 
@@ -123,18 +122,18 @@ func TestBearerTokenFactory(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(tc.description, func(t *testing.T) {
 			assert := assert.New(t)
-			r := new(key.MockResolver)
+			r := new(MockResolver)
 			p := new(mockParser)
-			pair := new(key.MockPair)
+			key := new(mockKey)
 			if tc.parseCalled {
 				token := jwt.NewWithClaims(jwt.SigningMethodHS256, tc.claims)
 				token.Valid = tc.validToken
 				p.On("ParseJWT", mock.Anything, mock.Anything, mock.Anything).Return(token, tc.parseErr).Once()
 			}
 			if tc.resolveCalled {
-				r.On("ResolveKey", mock.Anything, mock.Anything).Return(pair, tc.resolveErr).Once()
+				r.On("Resolve", mock.Anything, mock.Anything).Return(key, tc.resolveErr).Once()
 				if tc.resolveErr == nil {
-					pair.On("Public").Return(nil).Once()
+					key.On("Public").Return(nil).Once()
 				}
 			}
 			btf := BearerTokenFactory{
@@ -145,6 +144,7 @@ func TestBearerTokenFactory(t *testing.T) {
 			req := httptest.NewRequest("get", "/", nil)
 			token, err := btf.ParseAndValidate(context.Background(), req, "", tc.value)
 			assert.Equal(tc.expectedToken, token)
+			key.AssertExpectations(t)
 			if tc.expectedErr == nil || err == nil {
 				assert.Equal(tc.expectedErr, err)
 			} else {
@@ -222,7 +222,6 @@ good:
 					require.NotNil(result.Options[0])
 					return
 				}
-				require.Nil(result.Options[0])
 				return
 			}
 			assert.Nil(result.Options)

diff --git a/basculehttp/mocks_test.go b/basculehttp/mocks_test.go
@@ -18,8 +18,13 @@
 package basculehttp
 
 import (
+	"crypto"
+
 	"github.com/stretchr/testify/mock"
 	"github.com/xmidt-org/bascule"
+	"github.com/xmidt-org/clortho"
+
+	"context"
 
 	"github.com/golang-jwt/jwt"
 )
@@ -49,3 +54,52 @@ func (p *mockParser) ParseJWT(token string, claims jwt.Claims, parseFunc jwt.Key
 	_, err = parseFunc(t)
 	return t, err
 }
+
+// mockKey is a mock for key.
+type mockKey struct {
+	mock.Mock
+	clortho.Thumbprinter
+}
+
+func (key *mockKey) Public() crypto.PublicKey {
+	arguments := key.Called()
+	return arguments.Get(0)
+}
+
+func (key *mockKey) KeyType() string {
+	arguments := key.Called()
+	return arguments.String(0)
+}
+
+func (key *mockKey) KeyID() string {
+	arguments := key.Called()
+	return arguments.String(0)
+}
+
+func (key *mockKey) KeyUsage() string {
+	arguments := key.Called()
+	return arguments.String(0)
+}
+
+func (key *mockKey) Raw() interface{} {
+	arguments := key.Called()
+	return arguments.Get(0)
+}
+
+// MockResolver is a stretchr mock for Resolver.  It's exposed for other package tests.
+type MockResolver struct {
+	mock.Mock
+}
+
+func (resolver *MockResolver) Resolve(ctx context.Context, keyId string) (clortho.Key, error) {
+	arguments := resolver.Called(ctx, keyId)
+	if key, ok := arguments.Get(0).(clortho.Key); ok {
+		return key, arguments.Error(1)
+	} else {
+		return nil, arguments.Error(1)
+	}
+}
+func (resolver *MockResolver) AddListener(l clortho.ResolveListener) clortho.CancelListenerFunc {
+	arguments := resolver.Called(l)
+	return arguments.Get(0).(clortho.CancelListenerFunc)
+}
diff --git a/go.mod b/go.mod
@@ -15,15 +15,15 @@ require (
 	github.com/subosito/gotenv v1.4.0 // indirect
 	github.com/xmidt-org/arrange v0.3.0
 	github.com/xmidt-org/candlelight v0.0.10
+	github.com/xmidt-org/clortho v0.0.3
 	github.com/xmidt-org/sallust v0.1.6
 	github.com/xmidt-org/touchstone v0.1.1
-	github.com/xmidt-org/webpa-common v1.11.9
 	go.opentelemetry.io/otel/exporters/jaeger v1.9.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.9.0 // indirect
 	go.opentelemetry.io/otel/exporters/zipkin v1.9.0 // indirect
 	go.uber.org/fx v1.18.1
 	go.uber.org/zap v1.22.0
-	golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 // indirect
+	golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect
 	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
-	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 )