forked from dgolja/godoauth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
144 lines (122 loc) · 3.07 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package godoauth
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"io/ioutil"
"os"
"strings"
"time"
"github.com/dgrijalva/jwt-go"
"github.com/docker/libtrust"
"gopkg.in/yaml.v2"
)
type Config struct {
Version string `yaml:"version,omitempty"`
Log Log `yaml:"log,omitempty"`
Storage Storage `yaml:"storage,omitempty"`
HTTP ServerConf `yaml:"http"`
Token Token `yaml:"token"`
}
type Log struct {
Level string `yaml:"level,omitempty"`
File string `yaml:"file,omitempty"`
}
type Storage struct {
Vault Vault `yaml:"vault"`
}
type Vault struct {
Host string `yaml:"host"`
Port int `yaml:"port"`
AuthToken string `yaml:"auth_token"`
Proto string `yaml:"proto"`
Timeout string `yaml:"timeout,omitempty"`
}
type ServerConf struct {
Addr string `yaml:"addr"`
Timeout string `yaml:"timeout"`
TLS ServerTLS `yaml:"tls"`
publicKey libtrust.PublicKey
privateKey libtrust.PrivateKey
}
type ServerTLS struct {
Certificate string `yaml:"certificate,omitempty"`
Key string `yaml:"key,omitempty"`
}
type Token struct {
Issuer string `yaml:"issuer"`
Expiration int64 `yaml:"expiration"`
Certificate string `yaml:"certificate"`
Key string `yaml:"key"`
publicKey libtrust.PublicKey
privateKey libtrust.PrivateKey
}
func (c *Config) LoadFromFile(path string) error {
fp, err := os.Open(path)
if err != nil {
return err
}
return c.Parse(fp)
}
func (c *Config) Parse(rd io.Reader) error {
in, err := ioutil.ReadAll(rd)
if err != nil {
return err
}
err = yaml.Unmarshal(in, c)
if err != nil {
return err
}
if c.Token.Certificate == "" || c.Token.Key == "" {
return fmt.Errorf("Missing Certificate or Key for the Token definition")
}
if c.Storage.Vault.Timeout == "" {
c.Storage.Vault.Timeout = "3s"
} else {
if _, err := time.ParseDuration(c.Storage.Vault.Timeout); err != nil {
return err
}
}
if c.HTTP.Timeout == "" {
c.HTTP.Timeout = "5s"
} else {
if _, err := time.ParseDuration(c.HTTP.Timeout); err != nil {
return err
}
}
return nil
}
func (c *Config) LoadCerts() error {
var err error
c.Token.publicKey, c.Token.privateKey, err = c.loadCerts(c.Token.Certificate, c.Token.Key)
if err != nil {
return err
}
// Sign something dummy to find out which algorithm is used.
_, sigAlg, err := c.Token.privateKey.Sign(strings.NewReader("whoami"), 0)
if err != nil {
return fmt.Errorf("failed to sign: %s", err)
}
// check if the library supports this sign algorithm
if alg := jwt.GetSigningMethod(sigAlg); alg == nil {
return fmt.Errorf("signing algorithm not supported: %s", sigAlg)
}
return nil
}
func (c *Config) loadCerts(certFile, keyFile string) (pk libtrust.PublicKey, prk libtrust.PrivateKey, err error) {
certificate, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return
}
x509Cert, err := x509.ParseCertificate(certificate.Certificate[0])
if err != nil {
return
}
pk, err = libtrust.FromCryptoPublicKey(x509Cert.PublicKey)
if err != nil {
return
}
prk, err = libtrust.FromCryptoPrivateKey(certificate.PrivateKey)
return
}