Affected by GO-2024-2442 and 3 other vulnerabilities

GO-2024-2442: Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

GO-2024-2445: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

GO-2024-2447: Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport

GO-2024-2449: Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

jwt

package

v1.2.3-fred.7 Latest Latest Go to latest Published: Oct 20, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravitational/teleport

Documentation ¶

Overview ¶

Package jwt is used to sign and verify JWT tokens used by application access.

Index ¶

func GenerateKeyPair() ([]byte, []byte, error)
func UnmarshalJWK(jwk JWK) (crypto.PublicKey, error)
type Claims
type Config
- func (c *Config) CheckAndSetDefaults() error
type JWK
- func MarshalJWK(bytes []byte) (JWK, error)
type Key
- func New(config *Config) (*Key, error)
type SignParams
- func (p *SignParams) Check() error
type SnowflakeVerifyParams
- func (p *SnowflakeVerifyParams) Check() error
type VerifyParams
- func (p *VerifyParams) Check() error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateKeyPair ¶

func GenerateKeyPair() ([]byte, []byte, error)

GenerateKeyPair generates and return a PEM encoded private and public key in the format used by this package.

func UnmarshalJWK ¶

func UnmarshalJWK(jwk JWK) (crypto.PublicKey, error)

UnmarshalJWK will unmarshal JWK into a crypto.PublicKey that can be used to validate signatures.

Types ¶

type Claims ¶

type Claims struct {
	// Claims represents public claim values (as specified in RFC 7519).
	jwt.Claims

	// Username returns the Teleport identity of the user.
	Username string `json:"username"`

	// Roles returns the list of roles assigned to the user within Teleport.
	Roles []string `json:"roles"`

	// Traits returns the traits assigned to the user within Teleport.
	Traits wrappers.Traits `json:"traits"`
}

Claims represents public and private claims for a JWT token.

type Config ¶

type Config struct {
	// Clock is used to control expiry time.
	Clock clockwork.Clock

	// PublicKey is used to verify a signed token.
	PublicKey crypto.PublicKey

	// PrivateKey is used to sign and verify tokens.
	PrivateKey crypto.Signer

	// Algorithm is algorithm used to sign JWT tokens.
	Algorithm jose.SignatureAlgorithm

	// ClusterName is the name of the cluster that will be signing the JWT tokens.
	ClusterName string
}

Config defines the clock and PEM encoded bytes of a public and private key that form a *jwt.Key.

func (*Config) CheckAndSetDefaults ¶

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults validates the values of a *Config.

type JWK ¶

type JWK struct {
	// KeyType is the type of asymmetric key used.
	KeyType string `json:"kty"`
	// Algorithm used to sign.
	Algorithm string `json:"alg"`
	// N is the modulus of the public key.
	N string `json:"n"`
	// E is the exponent of the public key.
	E string `json:"e"`
}

JWK is a JSON Web Key, described in detail in RFC 7517.

func MarshalJWK ¶

func MarshalJWK(bytes []byte) (JWK, error)

MarshalJWK will marshal a supported public key into JWK format.

type Key ¶

type Key struct {
	// contains filtered or unexported fields
}

Key is a JWT key that can be used to sign and/or verify a token.

func New ¶

func New(config *Config) (*Key, error)

New creates a JWT key that can be used to sign and verify tokens.

func (*Key) Sign ¶

func (k *Key) Sign(p SignParams) (string, error)

func (*Key) SignSnowflake ¶

func (k *Key) SignSnowflake(p SignParams, issuer string) (string, error)

func (*Key) Verify ¶

func (k *Key) Verify(p VerifyParams) (*Claims, error)

Verify will validate the passed in JWT token.

func (*Key) VerifySnowflake ¶

func (k *Key) VerifySnowflake(p SnowflakeVerifyParams) (*Claims, error)

VerifySnowflake will validate the passed in JWT token.

type SignParams ¶

type SignParams struct {
	// Username is the Teleport identity.
	Username string

	// Roles are the roles assigned to the user within Teleport.
	Roles []string

	// Traits are the traits assigned to the user within Teleport.
	Traits wrappers.Traits

	// Expiry is time to live for the token.
	Expires time.Time

	// URI is the URI of the recipient application.
	URI string
}

SignParams are the claims to be embedded within the JWT token.

func (*SignParams) Check ¶

func (p *SignParams) Check() error

Check verifies all the values are valid.

type SnowflakeVerifyParams ¶

type SnowflakeVerifyParams struct {
	AccountName string
	LoginName   string
	RawToken    string
}

func (*SnowflakeVerifyParams) Check ¶

func (p *SnowflakeVerifyParams) Check() error

type VerifyParams ¶

type VerifyParams struct {
	// Username is the Teleport identity.
	Username string

	// RawToken is the JWT token.
	RawToken string

	// URI is the URI of the recipient application.
	URI string
}

VerifyParams are the parameters needed to pass the token and data needed to verify.

func (*VerifyParams) Check ¶

func (p *VerifyParams) Check() error

Check verifies all the values are valid.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL