agentjwt

package

v0.0.0-...-50a5168 Latest Latest Go to latest Published: Jan 8, 2020 License: Apache-2.0 Imports: 17 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/orion-labs/jwt-ssh-agent-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ParsePubkeySignedToken(tokenString string, pubkeyFunc func(subject string) (pubkey string, err error)) (subject string, token *jwt.Token, err error)
func SignedJwtToken(subject string, pubkey string) (token string, err error)
type SigningMethodRSAAgent
type TestServer
- func (d *TestServer) RootHandler(w http.ResponseWriter, r *http.Request)
- func (d *TestServer) RunTestServer() (err error)

Constants ¶

View Source

const MAX_TOKEN_DURATION = 300

MAX_TOKEN_DURATION is the maximum duration allowed on a signed token.

Variables ¶

This section is empty.

Functions ¶

func ParsePubkeySignedToken ¶

func ParsePubkeySignedToken(tokenString string, pubkeyFunc func(subject string) (pubkey string, err error)) (subject string, token *jwt.Token, err error)

ParsePubkeySignedToken takes a token string that has been signed by the ssh-agent (RS256) The Subject of the token (user authenticating) is part of the claims on the token. Subject in claim is used to retrieve the public key which is used to verify the signature of the token. The pubkeyFunc takes the subject, and produces a public key by some means. The subject is as trustworthy as your pubkeyFunc. If the subject (which came from the client) produces a different pubkey (as if the user set the wrong subject), validation will fail. If the claims are tampered with, the validation will fail Security of this method depends entirely on pubkeyFunc being able to produce a pubkey for the subject that corresponds to a private key held by the requestor.

func SignedJwtToken ¶

func SignedJwtToken(subject string, pubkey string) (token string, err error)

SignedJwtToken takes a subject, and a public key string (as provided by ssh-agent or ssh-keygen) and creates a signed JWT Token by asking the ssh-agent politely to sign the token claims. The token is good for MAX_TOKEN_DURATION seconds.

Types ¶

type SigningMethodRSAAgent ¶

type SigningMethodRSAAgent struct {
	Name string
	Hash crypto.Hash
}

SigningMethodRSAAgent is a JWT Signing method that produces RS256 signatures from a running ssh-agent.

func (*SigningMethodRSAAgent) Alg ¶

func (m *SigningMethodRSAAgent) Alg() string

Alg returns the name of the name of the algorithm used by the signing method

func (*SigningMethodRSAAgent) Sign ¶

func (m *SigningMethodRSAAgent) Sign(signingString string, key interface{}) (sig string, err error)

Sign sends a request to the running ssh-agent to sign the header and claims of the JWT. This is pretty much the normal RS256 mechanism, but it doesn't require the private key in order to sign. The private key is held by the ssh-agent.

func (*SigningMethodRSAAgent) Verify ¶

func (m *SigningMethodRSAAgent) Verify(signingString, signature string, key interface{}) (err error)

Verify verifies the signature on the JWT Token in the normal JWT RS256 fashion

type TestServer ¶

type TestServer struct {
	Address    string
	Port       int
	PubkeyFunc func(username string) (pubkey string, err error)
}

TestServer an HTTP server demostrating JWT RSA Auth

func (*TestServer) RootHandler ¶

func (d *TestServer) RootHandler(w http.ResponseWriter, r *http.Request)

RootHandler The main HTTP handler for TestServer

func (*TestServer) RunTestServer ¶

func (d *TestServer) RunTestServer() (err error)

RunTestServer runs the test server.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL