Upgrade dependent version: github.com/open-policy-agent/opa (#5315)
Upgrade dependent version: github.com/open-policy-agent/opa v0.18.0 -> v0.45.0 Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io>
This commit is contained in:
hongzhouzi
100
vendor/github.com/open-policy-agent/opa/keys/keys.go
generated
vendored
Normal file
100
vendor/github.com/open-policy-agent/opa/keys/keys.go
generated
vendored
Normal file
@@ -0,0 +1,100 @@
|
||||
package keys
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
||||
"github.com/open-policy-agent/opa/util"
|
||||
)
|
||||
|
||||
const defaultSigningAlgorithm = "RS256"
|
||||
|
||||
var supportedAlgos = map[string]struct{}{
|
||||
"ES256": {}, "ES384": {}, "ES512": {},
|
||||
"HS256": {}, "HS384": {}, "HS512": {},
|
||||
"PS256": {}, "PS384": {}, "PS512": {},
|
||||
"RS256": {}, "RS384": {}, "RS512": {},
|
||||
}
|
||||
|
||||
// IsSupportedAlgorithm true if provided alg is supported
|
||||
func IsSupportedAlgorithm(alg string) bool {
|
||||
_, ok := supportedAlgos[alg]
|
||||
return ok
|
||||
}
|
||||
|
||||
// Config holds the keys used to sign or verify bundles and tokens
|
||||
type Config struct {
|
||||
Key string `json:"key"`
|
||||
PrivateKey string `json:"private_key"`
|
||||
Algorithm string `json:"algorithm"`
|
||||
Scope string `json:"scope"`
|
||||
}
|
||||
|
||||
// Equal returns true if this key config is equal to the other.
|
||||
func (k *Config) Equal(other *Config) bool {
|
||||
return other != nil && *k == *other
|
||||
}
|
||||
|
||||
func (k *Config) validateAndInjectDefaults(id string) error {
|
||||
if k.Key == "" && k.PrivateKey == "" {
|
||||
return fmt.Errorf("invalid keys configuration: no keys provided for key ID %v", id)
|
||||
}
|
||||
|
||||
if k.Algorithm == "" {
|
||||
k.Algorithm = defaultSigningAlgorithm
|
||||
}
|
||||
|
||||
if !IsSupportedAlgorithm(k.Algorithm) {
|
||||
return fmt.Errorf("unsupported algorithm '%v'", k.Algorithm)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewKeyConfig return a new Config
|
||||
func NewKeyConfig(key, alg, scope string) (*Config, error) {
|
||||
var pubKey string
|
||||
if _, err := os.Stat(key); err == nil {
|
||||
bs, err := ioutil.ReadFile(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pubKey = string(bs)
|
||||
} else if os.IsNotExist(err) {
|
||||
pubKey = key
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &Config{
|
||||
Key: pubKey,
|
||||
Algorithm: alg,
|
||||
Scope: scope,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// ParseKeysConfig returns a map containing the key and the signing algorithm
|
||||
func ParseKeysConfig(raw json.RawMessage) (map[string]*Config, error) {
|
||||
keys := map[string]*Config{}
|
||||
var obj map[string]json.RawMessage
|
||||
|
||||
if err := util.Unmarshal(raw, &obj); err == nil {
|
||||
for k := range obj {
|
||||
var keyConfig Config
|
||||
if err = util.Unmarshal(obj[k], &keyConfig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err = keyConfig.validateAndInjectDefaults(k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
keys[k] = &keyConfig
|
||||
}
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
return keys, nil
|
||||
}
|
||||
Reference in New Issue
Block a user