mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-17 19:17:17 +02:00
proxy: add JWT request signing support (#19)
- Refactored middleware and request hander logging. - Request refactored to use context.Context. - Add helper (based on Alice) to allow middleware chaining. - Add helper scripts to generate elliptic curve self-signed certificate that can be used to sign JWT. - Changed LetsEncrypt scripts to use acme instead of certbot. - Add script to have LetsEncrypt sign an RSA based certificate. - Add documentation to explain how to verify headers. - Refactored internal/cryptutil signer's code to expect a valid EC priv key. - Changed JWT expiries to use default leeway period. - Update docs and add screenshots. - Replaced logging handler logic to use context.Context. - Removed specific XML error handling. - Refactored handler function signatures to prefer standard go idioms.
This commit is contained in:
Bobby DeSimone
GitHub
parent
98b8c7481f
commit
426e003b03
30 changed files with 1711 additions and 588 deletions
17
scripts/generate_self_signed_signing_key.sh
Executable file
17
scripts/generate_self_signed_signing_key.sh
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
# See: https://cloud.google.com/iot/docs/how-tos/credentials/keys#generating_an_es256_key_with_a_self-signed_x509_certificate
|
||||
# To generate an ES256 key with a self-signed X.509 certificate that expires far in the future, run the following commands:
|
||||
|
||||
openssl ecparam \
|
||||
-genkey \
|
||||
-name prime256v1 \
|
||||
-noout \
|
||||
-out ec_private.pem
|
||||
|
||||
openssl req \
|
||||
-x509 \
|
||||
-new \
|
||||
-key ec_private.pem \
|
||||
-days 1000000 \
|
||||
-out ec_public.pem \
|
||||
-subj "/CN=unused"
|
||||
Loading…
Add table
Add a link
Reference in a new issue