-
Notifications
You must be signed in to change notification settings - Fork 3
/
issuer.go
97 lines (86 loc) · 2.44 KB
/
issuer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package auth
import (
"crypto/rand"
"crypto/rsa"
"os"
"time"
"github.com/dgrijalva/jwt-go"
"github.com/gofrs/uuid"
)
const (
// DefaultTokenValidPeriod is the default amount of minutes a token is valid
DefaultTokenValidPeriod = 60
)
// IssuerConfig is a set of data to configure an issuer
type IssuerConfig struct {
Name string
TokenValidPeriod int
}
// Issuer represents a set of methods for generating a JWT with a private key
type Issuer struct {
privateKey *rsa.PrivateKey
publicKey *rsa.PublicKey
name string
tokenValidPeriod int
}
// NewIssuerFromPrivateKeyPEM will take a private key PEM file and return a token issuer
func NewIssuerFromPrivateKeyPEM(cfg IssuerConfig, pem []byte) (*Issuer, error) {
pk, err := jwt.ParseRSAPrivateKeyFromPEM(pem)
if err != nil {
return nil, err
}
return NewIssuer(cfg, pk), nil
}
// NewIssuer returns a new JWT instance
func NewIssuer(cfg IssuerConfig, privateKey *rsa.PrivateKey) *Issuer {
if cfg.TokenValidPeriod < 1 {
cfg.TokenValidPeriod = DefaultTokenValidPeriod
}
return &Issuer{
privateKey: privateKey,
publicKey: &privateKey.PublicKey,
name: cfg.Name,
tokenValidPeriod: cfg.TokenValidPeriod,
}
}
// NewMockIssuer creates a new tokeniser with a random key pair
func NewMockIssuer() (*Issuer, error) {
reader := rand.Reader
bitSize := 2048
privateKey, err := rsa.GenerateKey(reader, bitSize)
if err != nil {
return nil, err
}
name, err := os.Hostname()
if err != nil {
return nil, err
}
return NewIssuer(IssuerConfig{
Name: name,
}, privateKey), nil
}
// Issue generates and returns a JWT authentication token for a private key
func (i *Issuer) Issue(consumer *Consumer) (string, error) {
id, err := uuid.NewV4()
if err != nil {
return "", err
}
claims := Claims{
Consumer: *consumer,
StandardClaims: jwt.StandardClaims{
ExpiresAt: time.Now().Add(time.Duration(i.tokenValidPeriod) * time.Minute).Unix(),
Issuer: i.name,
Id: id.String(),
},
}
return i.IssueWithClaims(claims)
}
// IssueWithClaims overrides the default claims and issues a JWT token for the a private key
func (i *Issuer) IssueWithClaims(claims Claims) (string, error) {
token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
return token.SignedString(i.privateKey)
}
// Parser returns a parser based on the issuers private key's public counterpart
func (i *Issuer) Parser() *Parser {
return &Parser{publicKey: i.publicKey}
}