ContainerImage.Pinniped/internal/oidc/jwks/dynamic_jwks_provider.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package jwks

import (
	"sync"

	"gopkg.in/square/go-jose.v2"
)

type DynamicJWKSProvider interface {
	SetIssuerToJWKSMap(
		issuerToJWKSMap map[string]*jose.JSONWebKeySet,
		issuerToActiveJWKMap map[string]*jose.JSONWebKey,
	)
	GetJWKS(issuerName string) (jwks *jose.JSONWebKeySet, activeJWK *jose.JSONWebKey)
}

type dynamicJWKSProvider struct {
	issuerToJWKSMap      map[string]*jose.JSONWebKeySet
	issuerToActiveJWKMap map[string]*jose.JSONWebKey
	mutex                sync.RWMutex
}

func NewDynamicJWKSProvider() DynamicJWKSProvider {
	return &dynamicJWKSProvider{
		issuerToJWKSMap:      map[string]*jose.JSONWebKeySet{},
		issuerToActiveJWKMap: map[string]*jose.JSONWebKey{},
	}
}

func (p *dynamicJWKSProvider) SetIssuerToJWKSMap(
	issuerToJWKSMap map[string]*jose.JSONWebKeySet,
	issuerToActiveJWKMap map[string]*jose.JSONWebKey,
) {
	p.mutex.Lock() // acquire a write lock
	defer p.mutex.Unlock()
	p.issuerToJWKSMap = issuerToJWKSMap
	p.issuerToActiveJWKMap = issuerToActiveJWKMap
}

func (p *dynamicJWKSProvider) GetJWKS(issuerName string) (*jose.JSONWebKeySet, *jose.JSONWebKey) {
	p.mutex.RLock() // acquire a read lock
	defer p.mutex.RUnlock()
	return p.issuerToJWKSMap[issuerName], p.issuerToActiveJWKMap[issuerName]
}
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`// Copyright 2020 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`package jwks`

			`import (`
			`"sync"`

			`"gopkg.in/square/go-jose.v2"`
			`)`

			`type DynamicJWKSProvider interface {`
WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`SetIssuerToJWKSMap(`
			`issuerToJWKSMap map[string]*jose.JSONWebKeySet,`
			`issuerToActiveJWKMap map[string]*jose.JSONWebKey,`
			`)`
			`GetJWKS(issuerName string) (jwks jose.JSONWebKeySet, activeJWK jose.JSONWebKey)`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`}`

			`type dynamicJWKSProvider struct {`
WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`issuerToJWKSMap map[string]*jose.JSONWebKeySet`
			`issuerToActiveJWKMap map[string]*jose.JSONWebKey`
			`mutex sync.RWMutex`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`}`

			`func NewDynamicJWKSProvider() DynamicJWKSProvider {`
			`return &dynamicJWKSProvider{`
WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`issuerToJWKSMap: map[string]*jose.JSONWebKeySet{},`
			`issuerToActiveJWKMap: map[string]*jose.JSONWebKey{},`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`}`
			`}`

WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`func (p *dynamicJWKSProvider) SetIssuerToJWKSMap(`
			`issuerToJWKSMap map[string]*jose.JSONWebKeySet,`
			`issuerToActiveJWKMap map[string]*jose.JSONWebKey,`
			`) {`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`p.mutex.Lock() // acquire a write lock`
			`defer p.mutex.Unlock()`
			`p.issuerToJWKSMap = issuerToJWKSMap`
WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`p.issuerToActiveJWKMap = issuerToActiveJWKMap`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`}`

WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`func (p dynamicJWKSProvider) GetJWKS(issuerName string) (jose.JSONWebKeySet, *jose.JSONWebKey) {`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`p.mutex.RLock() // acquire a read lock`
			`defer p.mutex.RUnlock()`
WIP: start to wire signing key into token handler This commit includes a failing test (amongst other compiler failures) for the dynamic signing key fetcher that we will inject into fosite. We are checking it in so that we can pass the WIP off. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-03 20:34:58 +00:00			`return p.issuerToJWKSMap[issuerName], p.issuerToActiveJWKMap[issuerName]`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`}`