1507843008

Committed 13 Sep 2024 11:01AM UTC coverage: 81.326%. Remained the same

Build # 1507843008

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #727 from mzedel/chore/deprecate

Chore/deprecate

Run Details

4834 of 5944 relevant lines covered (81.33%)

42.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.33

/jwt/jwt.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package jwt

import (
        "crypto/ed25519"
        "crypto/rsa"
        "crypto/x509"
        "encoding/pem"
        "os"

        "github.com/pkg/errors"
)

var (
        ErrTokenExpired = errors.New("jwt: token expired")
        ErrTokenInvalid = errors.New("jwt: token invalid")
)

const (
        pemHeaderPKCS1 = "RSA PRIVATE KEY"
        pemHeaderPKCS8 = "PRIVATE KEY"
)

// Handler jwt generator/verifier
//
//go:generate ../utils/mockgen.sh
type Handler interface {
        ToJWT(t *Token) (string, error)
        // FromJWT parses the token
        // returns:
        // ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
        FromJWT(string) (*Token, error)
        // Validate does basic validity checks (Claims.Valid()).
        // returns:
        // ErrTokenExpired when the token is valid but expired
        // ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
        Validate(string) error
}

func NewJWTHandler(privateKeyPath string) (Handler, error) {
        priv, err := os.ReadFile(privateKeyPath)
        block, _ := pem.Decode(priv)
        if block == nil {
                return nil, errors.Wrap(err, "failed to read private key")
        }
        switch block.Type {
        case pemHeaderPKCS1:
                privKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
                if err != nil {
                        return nil, errors.Wrap(err, "failed to read rsa private key")
                }
                return NewJWTHandlerRS256(privKey), nil
        case pemHeaderPKCS8:
                key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
                if err != nil {
                        return nil, errors.Wrap(err, "failed to read private key")
                }
                switch v := key.(type) {
                case *rsa.PrivateKey:
                        return NewJWTHandlerRS256(v), nil
                case ed25519.PrivateKey:
                        return NewJWTHandlerEd25519(&v), nil
                }
        }
        return nil, errors.Errorf("unsupported server private key type")
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package jwt
15
16	import (
17	"crypto/ed25519"
18	"crypto/rsa"
19	"crypto/x509"
20	"encoding/pem"
21	"os"
22
23	"github.com/pkg/errors"
24	)
25
26	var (
27	ErrTokenExpired = errors.New("jwt: token expired")
28	ErrTokenInvalid = errors.New("jwt: token invalid")
29	)
30
31	const (
32	pemHeaderPKCS1 = "RSA PRIVATE KEY"
33	pemHeaderPKCS8 = "PRIVATE KEY"
34	)
35
36	// Handler jwt generator/verifier
37	//
38	//go:generate ../utils/mockgen.sh
39	type Handler interface {
40	ToJWT(t *Token) (string, error)
41	// FromJWT parses the token
42	// returns:
43	// ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
44	FromJWT(string) (*Token, error)
45	// Validate does basic validity checks (Claims.Valid()).
46	// returns:
47	// ErrTokenExpired when the token is valid but expired
48	// ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
49	Validate(string) error
50	}
51
52	func NewJWTHandler(privateKeyPath string) (Handler, error) {	6✔
53	priv, err := os.ReadFile(privateKeyPath)	6✔
54	block, _ := pem.Decode(priv)	6✔
55	if block == nil {	7✔
56	return nil, errors.Wrap(err, "failed to read private key")	1✔
57	}	1✔
58	switch block.Type {	5✔
59	case pemHeaderPKCS1:	2✔
60	privKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)	2✔
61	if err != nil {	2✔
62	return nil, errors.Wrap(err, "failed to read rsa private key")	×
63	}	×
64	return NewJWTHandlerRS256(privKey), nil	2✔
65	case pemHeaderPKCS8:	2✔
66	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)	2✔
67	if err != nil {	2✔
68	return nil, errors.Wrap(err, "failed to read private key")	×
69	}	×
70	switch v := key.(type) {	2✔
71	case *rsa.PrivateKey:	1✔
72	return NewJWTHandlerRS256(v), nil	1✔
73	case ed25519.PrivateKey:	1✔
74	return NewJWTHandlerEd25519(&v), nil	1✔
75	}
76	}
77	return nil, errors.Errorf("unsupported server private key type")	1✔
78	}

mendersoftware / deviceauth / 1507843008

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous