Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[added] support for StrictSigningKeyUsage and updated jwt library #1845

Merged
merged 3 commits into from
Jan 26, 2021
Merged

[added] support for StrictSigningKeyUsage and updated jwt library #1845

merged 3 commits into from
Jan 26, 2021

Conversation

matthiashanel
Copy link
Contributor

This will cause the server to not trust accounts/user signed by an
identity key

Signed-off-by: Matthias Hanel mh@synadia.com

To be sure I changed using len( s.trustedKeys) > 0 to a check for not nil.
To support this I moved all keys trusted into signingKeys.

@matthiashanel
[added] support for StrictSigningKeyUsage and updated jwt library
f160c44 
This will cause the server to not trust accounts/user signed by an
identity key

Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic reviewed Jan 26, 2021
View reviewed changes
Copy link
Member

@kozlovic kozlovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wonder if you thought about config reload and see if there is an issue (maybe existing prior to this change).

server/jwt.go Show resolved Hide resolved
@matthiashanel
Incorporated review comments and setting up boot strapping system acc
d5eb6c6 
The boot strapping system account will assume the account is issued by
the operator.
If this is not desirable, the system account can be provided right away
as resolver_preload.

Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic requested changes Jan 26, 2021
View reviewed changes
server/jwt.go Outdated Show resolved Hide resolved
server/server.go Outdated Show resolved Hide resolved
@matthiashanel
Incorporating comments
6b2473a 
Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic approved these changes Jan 26, 2021
View reviewed changes
Copy link
Member

@kozlovic kozlovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@matthiashanel matthiashanel merged commit dea9eff into master Jan 26, 2021
@matthiashanel matthiashanel deleted the require-sk branch January 26, 2021 22:49
This was referenced Mar 15, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kozlovic kozlovic kozlovic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthiashanel @kozlovic