KeyFunc no longer uses multi-value return
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
c3f73ffb57
commit
030edaf72d
@ -13,30 +13,30 @@ import (
|
|||||||
|
|
||||||
var _ oidc.Codec = &Codec{}
|
var _ oidc.Codec = &Codec{}
|
||||||
|
|
||||||
// KeyFunc returns 2 keys: a required signing key, and an optional encryption key.
|
// KeyFunc returns a single key: a symmetric key.
|
||||||
type KeyFunc func() ([]byte, []byte)
|
type KeyFunc func() []byte
|
||||||
|
|
||||||
// Codec can dynamically encode and decode information by using a KeyFunc to get its keys
|
// Codec can dynamically encode and decode information by using a KeyFunc to get its keys
|
||||||
// just-in-time.
|
// just-in-time.
|
||||||
type Codec struct {
|
type Codec struct {
|
||||||
keyFunc KeyFunc
|
signingKeyFunc KeyFunc
|
||||||
|
encryptionKeyFunc KeyFunc
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a new Codec that will use the provided keyFunc for its key source.
|
// New creates a new Codec that will use the provided keyFuncs for its key source.
|
||||||
func New(keyFunc KeyFunc) *Codec {
|
func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
|
||||||
return &Codec{
|
return &Codec{
|
||||||
keyFunc: keyFunc,
|
signingKeyFunc: signingKeyFunc,
|
||||||
|
encryptionKeyFunc: encryptionKeyFunc,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Encode implements oidc.Encode().
|
// Encode implements oidc.Encode().
|
||||||
func (c *Codec) Encode(name string, value interface{}) (string, error) {
|
func (c *Codec) Encode(name string, value interface{}) (string, error) {
|
||||||
signingKey, encryptionKey := c.keyFunc()
|
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Encode(name, value)
|
||||||
return securecookie.New(signingKey, encryptionKey).Encode(name, value)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode implements oidc.Decode().
|
// Decode implements oidc.Decode().
|
||||||
func (c *Codec) Decode(name string, value string, into interface{}) error {
|
func (c *Codec) Decode(name string, value string, into interface{}) error {
|
||||||
signingKey, encryptionKey := c.keyFunc()
|
return securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc()).Decode(name, value, into)
|
||||||
return securecookie.New(signingKey, encryptionKey).Decode(name, value, into)
|
|
||||||
}
|
}
|
||||||
|
@ -81,9 +81,12 @@ func TestCodec(t *testing.T) {
|
|||||||
if test.keys != nil {
|
if test.keys != nil {
|
||||||
test.keys(&encoderSigningKey, &encoderEncryptionKey, &decoderSigningKey, &decoderEncryptionKey)
|
test.keys(&encoderSigningKey, &encoderEncryptionKey, &decoderSigningKey, &decoderEncryptionKey)
|
||||||
}
|
}
|
||||||
encoder := New(func() ([]byte, []byte) {
|
encoder := New(func() []byte {
|
||||||
return encoderSigningKey, encoderEncryptionKey
|
return encoderSigningKey
|
||||||
})
|
},
|
||||||
|
func() []byte {
|
||||||
|
return encoderEncryptionKey
|
||||||
|
})
|
||||||
|
|
||||||
encoded, err := encoder.Encode("some-name", "some-message")
|
encoded, err := encoder.Encode("some-name", "some-message")
|
||||||
if test.wantEncoderError != "" {
|
if test.wantEncoderError != "" {
|
||||||
@ -92,9 +95,12 @@ func TestCodec(t *testing.T) {
|
|||||||
}
|
}
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
decoder := New(func() ([]byte, []byte) {
|
decoder := New(func() []byte {
|
||||||
return decoderSigningKey, decoderEncryptionKey
|
return decoderSigningKey
|
||||||
})
|
},
|
||||||
|
func() []byte {
|
||||||
|
return decoderEncryptionKey
|
||||||
|
})
|
||||||
|
|
||||||
var decoded string
|
var decoded string
|
||||||
err = decoder.Decode("some-name", encoded, &decoded)
|
err = decoder.Decode("some-name", encoded, &decoded)
|
||||||
|
Loading…
Reference in New Issue
Block a user