update dependencies (#6267)
Signed-off-by: hongming <coder.scala@gmail.com>
This commit is contained in:
hongming
68
vendor/github.com/open-policy-agent/opa/topdown/tokens.go
generated
vendored
68
vendor/github.com/open-policy-agent/opa/topdown/tokens.go
generated
vendored
@@ -233,7 +233,7 @@ func builtinJWTVerifyRSA(a ast.Value, b ast.Value, hasher func() hash.Hash, veri
|
||||
}
|
||||
|
||||
// Implements ES256 JWT signature verification.
|
||||
func builtinJWTVerifyES256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyES256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha256.New, verifyES)
|
||||
if err == nil {
|
||||
return iter(ast.NewTerm(result))
|
||||
@@ -242,7 +242,7 @@ func builtinJWTVerifyES256(bctx BuiltinContext, operands []*ast.Term, iter func(
|
||||
}
|
||||
|
||||
// Implements ES384 JWT signature verification
|
||||
func builtinJWTVerifyES384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyES384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha512.New384, verifyES)
|
||||
if err == nil {
|
||||
return iter(ast.NewTerm(result))
|
||||
@@ -251,7 +251,7 @@ func builtinJWTVerifyES384(bctx BuiltinContext, operands []*ast.Term, iter func(
|
||||
}
|
||||
|
||||
// Implements ES512 JWT signature verification
|
||||
func builtinJWTVerifyES512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyES512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
result, err := builtinJWTVerify(operands[0].Value, operands[1].Value, sha512.New, verifyES)
|
||||
if err == nil {
|
||||
return iter(ast.NewTerm(result))
|
||||
@@ -413,7 +413,7 @@ func builtinJWTVerify(a ast.Value, b ast.Value, hasher func() hash.Hash, verify
|
||||
}
|
||||
|
||||
// Implements HS256 (secret) JWT signature verification
|
||||
func builtinJWTVerifyHS256(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyHS256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
// Decode the JSON Web Token
|
||||
token, err := decodeJWT(operands[0].Value)
|
||||
if err != nil {
|
||||
@@ -442,7 +442,7 @@ func builtinJWTVerifyHS256(bctx BuiltinContext, operands []*ast.Term, iter func(
|
||||
}
|
||||
|
||||
// Implements HS384 JWT signature verification
|
||||
func builtinJWTVerifyHS384(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyHS384(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
// Decode the JSON Web Token
|
||||
token, err := decodeJWT(operands[0].Value)
|
||||
if err != nil {
|
||||
@@ -471,7 +471,7 @@ func builtinJWTVerifyHS384(bctx BuiltinContext, operands []*ast.Term, iter func(
|
||||
}
|
||||
|
||||
// Implements HS512 JWT signature verification
|
||||
func builtinJWTVerifyHS512(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinJWTVerifyHS512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
// Decode the JSON Web Token
|
||||
token, err := decodeJWT(operands[0].Value)
|
||||
if err != nil {
|
||||
@@ -720,8 +720,10 @@ func (constraints *tokenConstraints) validAudience(aud ast.Value) bool {
|
||||
|
||||
// JWT algorithms
|
||||
|
||||
type tokenVerifyFunction func(key interface{}, hash crypto.Hash, payload []byte, signature []byte) error
|
||||
type tokenVerifyAsymmetricFunction func(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error
|
||||
type (
|
||||
tokenVerifyFunction func(key interface{}, hash crypto.Hash, payload []byte, signature []byte) error
|
||||
tokenVerifyAsymmetricFunction func(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error
|
||||
)
|
||||
|
||||
// jwtAlgorithm describes a JWS 'alg' value
|
||||
type tokenAlgorithm struct {
|
||||
@@ -793,7 +795,7 @@ func verifyRSAPSS(key interface{}, hash crypto.Hash, digest []byte, signature []
|
||||
return nil
|
||||
}
|
||||
|
||||
func verifyECDSA(key interface{}, hash crypto.Hash, digest []byte, signature []byte) (err error) {
|
||||
func verifyECDSA(key interface{}, _ crypto.Hash, digest []byte, signature []byte) (err error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
err = fmt.Errorf("ECDSA signature verification error: %v", r)
|
||||
@@ -912,7 +914,6 @@ func (header *tokenHeader) valid() bool {
|
||||
}
|
||||
|
||||
func commonBuiltinJWTEncodeSign(bctx BuiltinContext, inputHeaders, jwsPayload, jwkSrc string, iter func(*ast.Term) error) error {
|
||||
|
||||
keys, err := jwk.ParseString(jwkSrc)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -946,21 +947,51 @@ func commonBuiltinJWTEncodeSign(bctx BuiltinContext, inputHeaders, jwsPayload, j
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return iter(ast.StringTerm(string(jwsCompact)))
|
||||
|
||||
return iter(ast.StringTerm(string(jwsCompact)))
|
||||
}
|
||||
|
||||
func builtinJWTEncodeSign(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
inputHeadersAsJSON, err := ast.JSON(operands[0].Value)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to prepare JWT headers for marshalling: %v", err)
|
||||
}
|
||||
|
||||
inputHeaders := operands[0].String()
|
||||
jwsPayload := operands[1].String()
|
||||
jwkSrc := operands[2].String()
|
||||
return commonBuiltinJWTEncodeSign(bctx, inputHeaders, jwsPayload, jwkSrc, iter)
|
||||
inputHeadersBs, err := json.Marshal(inputHeadersAsJSON)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal JWT headers: %v", err)
|
||||
}
|
||||
|
||||
payloadAsJSON, err := ast.JSON(operands[1].Value)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to prepare JWT payload for marshalling: %v", err)
|
||||
}
|
||||
|
||||
payloadBs, err := json.Marshal(payloadAsJSON)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal JWT payload: %v", err)
|
||||
}
|
||||
|
||||
signatureAsJSON, err := ast.JSON(operands[2].Value)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to prepare JWT signature for marshalling: %v", err)
|
||||
}
|
||||
|
||||
signatureBs, err := json.Marshal(signatureAsJSON)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal JWT signature: %v", err)
|
||||
}
|
||||
|
||||
return commonBuiltinJWTEncodeSign(
|
||||
bctx,
|
||||
string(inputHeadersBs),
|
||||
string(payloadBs),
|
||||
string(signatureBs),
|
||||
iter,
|
||||
)
|
||||
}
|
||||
|
||||
func builtinJWTEncodeSignRaw(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
|
||||
jwkSrc, err := builtins.StringOperand(operands[2].Value, 3)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -1048,10 +1079,9 @@ func builtinJWTDecodeVerify(bctx BuiltinContext, operands []*ast.Term, iter func
|
||||
// Nested JWT, go round again with payload as first argument
|
||||
a = p.Value
|
||||
continue
|
||||
} else {
|
||||
// Non-nested JWT (or we've reached the bottom of the nesting).
|
||||
break
|
||||
}
|
||||
// Non-nested JWT (or we've reached the bottom of the nesting).
|
||||
break
|
||||
}
|
||||
payload, err := extractJSONObject(string(p.Value.(ast.String)))
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user