djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KeyFunc no longer uses multi-value return 

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
aram price 2020-12-10 10:51:15 -08:00
parent c3f73ffb57
commit 030edaf72d
2 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
internal/oidc/dynamiccodec/codec.go
View File

@ -13,30 +13,30 @@ import (
var _ oidc.Codec = &Codec{} var _ oidc.Codec = &Codec{}
// KeyFunc returns 2 keys: a required signing key, and an optional encryption key. // KeyFunc returns a single key: a symmetric key.
type KeyFunc func() ([]byte, []byte) type KeyFunc func() []byte
// Codec can dynamically encode and decode information by using a KeyFunc to get its keys // Codec can dynamically encode and decode information by using a KeyFunc to get its keys
// just-in-time. // just-in-time.
type Codec struct { type Codec struct {
keyFunc KeyFunc signingKeyFunc KeyFunc
encryptionKeyFunc KeyFunc
} }
// New creates a new Codec that will use the provided keyFunc for its key source. // New creates a new Codec that will use the provided keyFuncs for its key source.
func New(keyFunc KeyFunc) *Codec { func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
return &Codec{ return &Codec{
keyFunc: keyFunc, signingKeyFunc: signingKeyFunc,
encryptionKeyFunc: encryptionKeyFunc,
} }
} }
// Encode implements oidc.Encode(). // Encode implements oidc.Encode().
func (c *Codec) Encode(name string, value interface{}) (string, error) { func (c *Codec) Encode(name string, value interface{}) (string, error) {
signingKey, encryptionKey := c.keyFunc() return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Encode(name, value)
return securecookie.New(signingKey, encryptionKey).Encode(name, value)
} }
// Decode implements oidc.Decode(). // Decode implements oidc.Decode().
func (c *Codec) Decode(name string, value string, into interface{}) error { func (c *Codec) Decode(name string, value string, into interface{}) error {
signingKey, encryptionKey := c.keyFunc() return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Decode(name, value, into)
return securecookie.New(signingKey, encryptionKey).Decode(name, value, into)
} }

18
internal/oidc/dynamiccodec/codec_test.go
View File

@ -81,9 +81,12 @@ func TestCodec(t *testing.T) {
if test.keys != nil { if test.keys != nil {
test.keys(&encoderSigningKey, &encoderEncryptionKey, &decoderSigningKey, &decoderEncryptionKey) test.keys(&encoderSigningKey, &encoderEncryptionKey, &decoderSigningKey, &decoderEncryptionKey)
} }
encoder := New(func() ([]byte, []byte) { encoder := New(func() []byte {
return encoderSigningKey, encoderEncryptionKey return encoderSigningKey
}) },
func() []byte {
return encoderEncryptionKey
})
encoded, err := encoder.Encode("some-name", "some-message") encoded, err := encoder.Encode("some-name", "some-message")
if test.wantEncoderError != "" { if test.wantEncoderError != "" {
@ -92,9 +95,12 @@ func TestCodec(t *testing.T) {
} }
require.NoError(t, err) require.NoError(t, err)
decoder := New(func() ([]byte, []byte) { decoder := New(func() []byte {
return decoderSigningKey, decoderEncryptionKey return decoderSigningKey
}) },
func() []byte {
return decoderEncryptionKey
})
var decoded string var decoded string
err = decoder.Decode("some-name", encoded, &decoded) err = decoder.Decode("some-name", encoded, &decoded)