jwtauthn

package
v0.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2021 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package jwtauthn is a generated GoMock package.

Index

Constants

View Source
const PubkeyCacheExpirationSec = 600

PubkeyCacheExpirationSec is the default cache expiration time in 5 minutes.

Variables

View Source
var (
	ErrInvalidToken          = errors.New("invalid token")
	ErrJwtNotFound           = errors.New("jwt token not found")
	ErrJwtBadFormat          = errors.New("jwt bad format")
	ErrJwtAudienceNotAllowed = errors.New("jwt audience not allowed")
	ErrJwtExpired            = errors.New("jwt expired")
	ErrJwtNotYetValid        = errors.New("jwt not yet valid")
	ErrJwksNoValidKeys       = errors.New("jwks no valid keys")
	ErrJwtUnknownIssuer      = errors.New("jwt unknown issuer")
	ErrJwksFetch             = errors.New("failed to fetch jwks")
)

sentinal errors

Functions

func CreateJwtAuthnFilterFactory

func CreateJwtAuthnFilterFactory(cfg map[string]interface{}) (api.StreamFilterChainFactory, error)

CreateJwtAuthnFilterFactory creates a new JwtAuthnFilterFactory.

func ParseJWTAuthnFilter

func ParseJWTAuthnFilter(cfg map[string]interface{}) (*jwtauthnv3.JwtAuthentication, error)

ParseJWTAuthnFilter parses cfg parse to *jwtauthnv3.JwtAuthentication

Types

type Authenticator

type Authenticator interface {
	Verify(headers api.HeaderMap, tokens []JwtLocation) error
}

Authenticator object to handle all JWT authentication flow.

type Extractor

type Extractor interface {
	Extract(headers api.HeaderMap, requestArg string) []JwtLocation
}

Extractor extracts JWT from locations specified in the config.

func NewExtractor

func NewExtractor(providers []*jwtauthnv3.JwtProvider) Extractor

NewExtractor creates a new Extractor.

type FilterConfig

type FilterConfig interface {
	BypassCorsPreflightRequest() bool
	// Finds the matcher that matched the request
	FindVerifier(headers api.HeaderMap, requestArg, requestPath string) Verifier
}

FilterConfig is the filter config interface.

func NewFilterConfig

func NewFilterConfig(config *jwtauthnv3.JwtAuthentication) (FilterConfig, error)

NewFilterConfig creates a new filter config.

type FilterConfigFactory

type FilterConfigFactory struct {
	// contains filtered or unexported fields
}

FilterConfigFactory -

func (*FilterConfigFactory) CreateFilterChain

func (f *FilterConfigFactory) CreateFilterChain(context context.Context, callbacks api.StreamFilterChainFactoryCallbacks)

CreateFilterChain creates a JwtAuthnFilter

type HeaderLocationSpec

type HeaderLocationSpec struct {
	// contains filtered or unexported fields
}

HeaderLocationSpec value type to store prefix and issuers that specified this header.

type JwksCache

type JwksCache interface {
	FindByIssuer(issuer string) JwksData
	FindByProvider(provider string) JwksData
}

JwksCache is an interface to access all configured Jwt rules and their cached Jwks objects. It only caches Jwks specified in the config.

func NewJwksCache

func NewJwksCache(providers map[string]*jwtauthnv3.JwtProvider) JwksCache

NewJwksCache creates a new JwksCache.

type JwksData

type JwksData interface {
	GetJwtProvider() *jwtauthnv3.JwtProvider
	GetJwksObj() *jwk.Set
	SetRemoteJwks(jwks *jwk.Set)
	IsExpired() bool
	AreAudiencesAllowed(aud string) bool
}

JwksData is an Interface to access a Jwks config rule and its cached Jwks object.

func NewJwksData

func NewJwksData(provider *jwtauthnv3.JwtProvider) JwksData

NewJwksData creates a new JwksData.

type JwksFetcher

type JwksFetcher interface {
	Fetch(uri *envoycorev3.HttpUri) (*jwk.Set, error)
}

JwksFetcher is and interface can be used to retrieve remote JWKS.

func NewJwksFetcher

func NewJwksFetcher() JwksFetcher

NewJwksFetcher creates a new JwksFetcher.

type JwtLocation

type JwtLocation interface {
	// Get the token string
	Token() string
	// Check if an issuer has specified the location.
	IsIssuerSpecified(issuer string) bool
	// Remove the token from the headers
	RemoveJwt(headers api.HeaderMap)
}

JwtLocation stores following token information: 1. extracted token string 2. list of issuers specified the location.

type JwtParamLocation

type JwtParamLocation struct {
	// contains filtered or unexported fields
}

JwtParamLocation is the JwtLocation for param extraction.

func (*JwtParamLocation) IsIssuerSpecified

func (j *JwtParamLocation) IsIssuerSpecified(issuer string) bool

func (*JwtParamLocation) RemoveJwt

func (j *JwtParamLocation) RemoveJwt(headers api.HeaderMap)

RemoveJwt removes JWT from parameter

func (*JwtParamLocation) Token

func (j *JwtParamLocation) Token() string

type Matcher

type Matcher interface {
	Matches(headers api.HeaderMap, requestPath string) bool
}

Matcher supports matching a HTTP requests with JWT requirements.

func NewMatcher

func NewMatcher(rule *jwtauthnv3.RequirementRule) Matcher

NewMatcher creates a new Matcher.

type MatcherVerifierPair

type MatcherVerifierPair struct {
	// contains filtered or unexported fields
}

MatcherVerifierPair is a pair of matcher and Verifier.

type MockJwksFetcher

type MockJwksFetcher struct {
	// contains filtered or unexported fields
}

MockJwksFetcher is a mock of JwksFetcher interface

func NewMockJwksFetcher

func NewMockJwksFetcher(ctrl *gomock.Controller) *MockJwksFetcher

NewMockJwksFetcher creates a new mock instance

func (*MockJwksFetcher) EXPECT

EXPECT returns an object that allows the caller to indicate expected use

func (*MockJwksFetcher) Fetch

func (m *MockJwksFetcher) Fetch(uri *v3.HttpUri) (*jwk.Set, error)

Fetch mocks base method

type MockJwksFetcherMockRecorder

type MockJwksFetcherMockRecorder struct {
	// contains filtered or unexported fields
}

MockJwksFetcherMockRecorder is the mock recorder for MockJwksFetcher

func (*MockJwksFetcherMockRecorder) Fetch

func (mr *MockJwksFetcherMockRecorder) Fetch(uri interface{}) *gomock.Call

Fetch indicates an expected call of Fetch

type ParamLocationSpec

type ParamLocationSpec struct {
	// contains filtered or unexported fields
}

ParamLocationSpec value type to store issuers that specified this header.

type Verifier

type Verifier interface {
	Verify(headers api.HeaderMap, requestArg string) error
}

Verifier supports verification of JWTs with configured requirements.

func NewVerifier

func NewVerifier(require *jwtauthnv3.JwtRequirement, providers map[string]*jwtauthnv3.JwtProvider, parentProviderNames []string, fetcher JwksFetcher) (Verifier, error)

NewVerifier creates a new Verifier.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL