ContainerImage.Pinniped/internal/oidc/dynamiccodec/codec.go
Andrew Keesler 1291380611 dynamiccodec.Codec uses securecookie.JSONEncoder
Signed-off-by: aram price <pricear@vmware.com>
2020-12-10 17:32:55 -08:00

49 lines
1.6 KiB
Go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package dynamiccodec provides a type that can encode information using a just-in-time signing and
// (optionally) encryption secret.
package dynamiccodec
import (
"github.com/gorilla/securecookie"
"go.pinniped.dev/internal/oidc"
)
var _ oidc.Codec = &Codec{}
// KeyFunc returns a single key: a symmetric key.
type KeyFunc func() []byte
// Codec can dynamically encode and decode information by using a KeyFunc to get its keys
// just-in-time.
type Codec struct {
signingKeyFunc KeyFunc
encryptionKeyFunc KeyFunc
}
// New creates a new Codec that will use the provided keyFuncs for its key source, and
// use the securecookie.JSONEncoder. The securecookie.JSONEncoder is used because the default
// securecookie.GobEncoder is less compact and more difficult to make forward compatible.
func New(signingKeyFunc, encryptionKeyFunc KeyFunc) *Codec {
return &Codec{
signingKeyFunc: signingKeyFunc,
encryptionKeyFunc: encryptionKeyFunc,
}
}
// Encode implements oidc.Encode().
func (c *Codec) Encode(name string, value interface{}) (string, error) {
encoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
encoder.SetSerializer(securecookie.JSONEncoder{})
return encoder.Encode(name, value)
}
// Decode implements oidc.Decode().
func (c *Codec) Decode(name string, value string, into interface{}) error {
decoder := securecookie.New(c.signingKeyFunc(), c.encryptionKeyFunc())
decoder.SetSerializer(securecookie.JSONEncoder{})
return decoder.Decode(name, value, into)
}