2023-06-22 22:12:33 +00:00
|
|
|
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
2022-12-14 00:18:51 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2023-06-22 22:12:33 +00:00
|
|
|
package storage
|
2022-12-14 00:18:51 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"hash"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/ory/fosite"
|
|
|
|
"github.com/ory/fosite/compose"
|
|
|
|
)
|
|
|
|
|
|
|
|
// DynamicGlobalSecretConfig is a wrapper around fosite.Config which allows us to always return dynamic secrets,
|
|
|
|
// since those secrets can change at any time when they are loaded or reloaded by our controllers.
|
|
|
|
type DynamicGlobalSecretConfig struct {
|
|
|
|
fositeConfig *fosite.Config
|
|
|
|
keyFunc func() []byte
|
|
|
|
}
|
|
|
|
|
|
|
|
var _ compose.HMACSHAStrategyConfigurator = &DynamicGlobalSecretConfig{}
|
|
|
|
|
|
|
|
func NewDynamicGlobalSecretConfig(
|
|
|
|
fositeConfig *fosite.Config,
|
|
|
|
keyFunc func() []byte,
|
|
|
|
) *DynamicGlobalSecretConfig {
|
|
|
|
return &DynamicGlobalSecretConfig{
|
|
|
|
fositeConfig: fositeConfig,
|
|
|
|
keyFunc: keyFunc,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetAccessTokenLifespan(ctx context.Context) time.Duration {
|
|
|
|
return d.fositeConfig.GetAccessTokenLifespan(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetRefreshTokenLifespan(ctx context.Context) time.Duration {
|
|
|
|
return d.fositeConfig.GetRefreshTokenLifespan(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetAuthorizeCodeLifespan(ctx context.Context) time.Duration {
|
|
|
|
return d.fositeConfig.GetAuthorizeCodeLifespan(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetTokenEntropy(ctx context.Context) int {
|
|
|
|
return d.fositeConfig.GetTokenEntropy(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetHMACHasher(ctx context.Context) func() hash.Hash {
|
|
|
|
return d.fositeConfig.GetHMACHasher(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetGlobalSecret(ctx context.Context) ([]byte, error) {
|
|
|
|
// Always call keyFunc() without ever caching its value, because that is the whole point
|
|
|
|
// of this type. We want the global secret to be dynamic.
|
|
|
|
return d.keyFunc(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *DynamicGlobalSecretConfig) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error) {
|
|
|
|
// We don't support having multiple global secrets yet, but when we do we will need to implement this.
|
|
|
|
return nil, nil
|
|
|
|
}
|