From ccf15f8f3d9cd97427a51ffa6b1b22a2ca097bbc Mon Sep 17 00:00:00 2001 From: Denis Mishin Date: Mon, 20 Mar 2023 10:37:00 -0400 Subject: [PATCH] move hpke public key handler out of internal (#4065) --- authorize/check_response_test.go | 6 +++--- internal/controlplane/http.go | 3 ++- {internal => pkg/hpke}/handlers/hpke_public_key.go | 5 +++++ {internal => pkg/hpke}/handlers/hpke_public_key_test.go | 2 +- pkg/hpke/http_test.go | 4 ++-- proxy/proxy_test.go | 4 ++-- 6 files changed, 15 insertions(+), 9 deletions(-) rename {internal => pkg/hpke}/handlers/hpke_public_key.go (80%) rename {internal => pkg/hpke}/handlers/hpke_public_key_test.go (94%) diff --git a/authorize/check_response_test.go b/authorize/check_response_test.go index 29cc87f47..0f0ba42b0 100644 --- a/authorize/check_response_test.go +++ b/authorize/check_response_test.go @@ -20,8 +20,8 @@ import ( "github.com/pomerium/pomerium/authorize/internal/store" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/atomicutil" - "github.com/pomerium/pomerium/internal/handlers" "github.com/pomerium/pomerium/internal/testutil" + hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers" "github.com/pomerium/pomerium/pkg/policy/criteria" ) @@ -33,7 +33,7 @@ func TestAuthorize_handleResult(t *testing.T) { hpkePrivateKey, err := opt.GetHPKEPrivateKey() require.NoError(t, err) - authnSrv := httptest.NewServer(handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) + authnSrv := httptest.NewServer(hpke_handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) t.Cleanup(authnSrv.Close) opt.AuthenticateURLString = authnSrv.URL @@ -228,7 +228,7 @@ func TestRequireLogin(t *testing.T) { hpkePrivateKey, err := opt.GetHPKEPrivateKey() require.NoError(t, err) - authnSrv := httptest.NewServer(handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) + authnSrv := httptest.NewServer(hpke_handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) t.Cleanup(authnSrv.Close) opt.AuthenticateURLString = authnSrv.URL diff --git a/internal/controlplane/http.go b/internal/controlplane/http.go index 520f0cdb6..8208d92c9 100644 --- a/internal/controlplane/http.go +++ b/internal/controlplane/http.go @@ -16,6 +16,7 @@ import ( "github.com/pomerium/pomerium/internal/telemetry" "github.com/pomerium/pomerium/internal/telemetry/requestid" "github.com/pomerium/pomerium/internal/urlutil" + hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers" ) func (srv *Server) addHTTPMiddleware(root *mux.Router, cfg *config.Config) { @@ -70,6 +71,6 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL)) root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL)) root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(signingKey)) - root.Path(urlutil.HPKEPublicKeyPath).Methods(http.MethodGet).Handler(handlers.HPKEPublicKeyHandler(hpkePublicKey)) + root.Path(urlutil.HPKEPublicKeyPath).Methods(http.MethodGet).Handler(hpke_handlers.HPKEPublicKeyHandler(hpkePublicKey)) return nil } diff --git a/internal/handlers/hpke_public_key.go b/pkg/hpke/handlers/hpke_public_key.go similarity index 80% rename from internal/handlers/hpke_public_key.go rename to pkg/hpke/handlers/hpke_public_key.go index 114519bfd..414013f50 100644 --- a/internal/handlers/hpke_public_key.go +++ b/pkg/hpke/handlers/hpke_public_key.go @@ -1,3 +1,4 @@ +// Package handlers provides http handlers for HPKE. package handlers import ( @@ -11,9 +12,13 @@ import ( "github.com/rs/cors" "github.com/pomerium/pomerium/internal/httputil" + "github.com/pomerium/pomerium/internal/urlutil" "github.com/pomerium/pomerium/pkg/hpke" ) +// HPKEPublicKeyPath is the path to the HPKE public key. +const HPKEPublicKeyPath = urlutil.HPKEPublicKeyPath + // HPKEPublicKeyHandler returns a handler which returns the HPKE public key. func HPKEPublicKeyHandler(publicKey *hpke.PublicKey) http.Handler { return cors.AllowAll().Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { diff --git a/internal/handlers/hpke_public_key_test.go b/pkg/hpke/handlers/hpke_public_key_test.go similarity index 94% rename from internal/handlers/hpke_public_key_test.go rename to pkg/hpke/handlers/hpke_public_key_test.go index fc753a948..2e0f8f2d6 100644 --- a/internal/handlers/hpke_public_key_test.go +++ b/pkg/hpke/handlers/hpke_public_key_test.go @@ -7,8 +7,8 @@ import ( "github.com/stretchr/testify/assert" - "github.com/pomerium/pomerium/internal/handlers" "github.com/pomerium/pomerium/pkg/hpke" + "github.com/pomerium/pomerium/pkg/hpke/handlers" ) func TestHPKEPublicKeyHandler(t *testing.T) { diff --git a/pkg/hpke/http_test.go b/pkg/hpke/http_test.go index e90f2732b..9efa9117d 100644 --- a/pkg/hpke/http_test.go +++ b/pkg/hpke/http_test.go @@ -10,8 +10,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/pomerium/pomerium/internal/handlers" "github.com/pomerium/pomerium/pkg/hpke" + hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers" ) func TestFetchPublicKeyFromJWKS(t *testing.T) { @@ -24,7 +24,7 @@ func TestFetchPublicKeyFromJWKS(t *testing.T) { require.NoError(t, err) srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey()).ServeHTTP(w, r) + hpke_handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey()).ServeHTTP(w, r) })) t.Cleanup(srv.Close) diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go index b677e0bb4..cc0738bf0 100644 --- a/proxy/proxy_test.go +++ b/proxy/proxy_test.go @@ -9,7 +9,7 @@ import ( "time" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/handlers" + hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers" "github.com/stretchr/testify/require" ) @@ -33,7 +33,7 @@ func testOptions(t *testing.T) *config.Options { hpkePrivateKey, err := opts.GetHPKEPrivateKey() require.NoError(t, err) - authnSrv := httptest.NewServer(handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) + authnSrv := httptest.NewServer(hpke_handlers.HPKEPublicKeyHandler(hpkePrivateKey.PublicKey())) t.Cleanup(authnSrv.Close) opts.AuthenticateURLString = authnSrv.URL