move hpke public key handler out of internal (#4065)

2025-07-07 11:58:12 +02:00 · 2023-03-20 10:37:00 -04:00 · 2023-03-20 10:37:00 -04:00 · ccf15f8f3d
commit ccf15f8f3d
parent 6e39ebc189
6 changed files with 15 additions and 9 deletions
--- a/internal/controlplane/http.go
+++ b/internal/controlplane/http.go
@ -16,6 +16,7 @@ import (
 	"github.com/pomerium/pomerium/internal/telemetry"
 	"github.com/pomerium/pomerium/internal/telemetry/requestid"
 	"github.com/pomerium/pomerium/internal/urlutil"
+	hpke_handlers "github.com/pomerium/pomerium/pkg/hpke/handlers"
 )

 func (srv *Server) addHTTPMiddleware(root *mux.Router, cfg *config.Config) {
@ -70,6 +71,6 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er
 	root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL))
 	root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL))
 	root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(signingKey))
-	root.Path(urlutil.HPKEPublicKeyPath).Methods(http.MethodGet).Handler(handlers.HPKEPublicKeyHandler(hpkePublicKey))
+	root.Path(urlutil.HPKEPublicKeyPath).Methods(http.MethodGet).Handler(hpke_handlers.HPKEPublicKeyHandler(hpkePublicKey))
 	return nil
 }
--- a/internal/handlers/hpke_public_key.go
+++ b/internal/handlers/hpke_public_key.go
@ -1,33 +0,0 @@
-package handlers
-
-import (
-	"bytes"
-	"fmt"
-	"hash/fnv"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/rs/cors"
-
-	"github.com/pomerium/pomerium/internal/httputil"
-	"github.com/pomerium/pomerium/pkg/hpke"
-)
-
-// HPKEPublicKeyHandler returns a handler which returns the HPKE public key.
-func HPKEPublicKeyHandler(publicKey *hpke.PublicKey) http.Handler {
-	return cors.AllowAll().Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
-		bs := publicKey.Bytes()
-
-		hasher := fnv.New64()
-		_, _ = hasher.Write(bs)
-		h := hasher.Sum64()
-
-		w.Header().Set("Cache-Control", "max-age=60")
-		w.Header().Set("Content-Type", "application/octet-stream")
-		w.Header().Set("Content-Length", strconv.Itoa(len(bs)))
-		w.Header().Set("ETag", fmt.Sprintf(`"%x"`, h))
-		http.ServeContent(w, r, "hpke-public-key", time.Time{}, bytes.NewReader(bs))
-		return nil
-	}))
-}
--- a/internal/handlers/hpke_public_key_test.go
+++ b/internal/handlers/hpke_public_key_test.go
@ -1,34 +0,0 @@
-package handlers_test
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-
-	"github.com/pomerium/pomerium/internal/handlers"
-	"github.com/pomerium/pomerium/pkg/hpke"
-)
-
-func TestHPKEPublicKeyHandler(t *testing.T) {
-	t.Parallel()
-
-	k1 := hpke.DerivePrivateKey([]byte("TEST"))
-
-	t.Run("cors", func(t *testing.T) {
-		w := httptest.NewRecorder()
-		r := httptest.NewRequest(http.MethodOptions, "/", nil)
-		r.Header.Set("Origin", "https://www.example.com")
-		r.Header.Set("Access-Control-Request-Method", "GET")
-		handlers.HPKEPublicKeyHandler(k1.PublicKey()).ServeHTTP(w, r)
-		assert.Equal(t, http.StatusNoContent, w.Result().StatusCode)
-	})
-	t.Run("keys", func(t *testing.T) {
-		w := httptest.NewRecorder()
-		r := httptest.NewRequest(http.MethodGet, "/", nil)
-		handlers.HPKEPublicKeyHandler(k1.PublicKey()).ServeHTTP(w, r)
-
-		assert.Equal(t, k1.PublicKey().Bytes(), w.Body.Bytes())
-	})
-}