mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-06 13:56:04 +02:00
config: no longer stub out HPKE public key fetch (#4853)
This partially reverts commit a1388592d8.
Fetching the authenticate service HPKE public key is required only for
the stateless authentication flow. Now that Pomerium will instead use
the older (stateful) authentication flow when configured for a
self-hosted authenticate service, this logic shouldn't be needed at all.
Removing this logic should also make it easier to test against a local
instance of the hosted authenticate service.
This commit is contained in:
Kenneth Jenkins
GitHub
parent
1dbe4410d7
commit
fe46ed33f4
3 changed files with 4 additions and 60 deletions
|
|
@ -237,22 +237,10 @@ func (cfg *Config) GetAuthenticateKeyFetcher() (hpke.KeyFetcher, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// For hosted authenticate, we need to fetch the HPKE public key.
|
|
||||||
if urlutil.IsHostedAuthenticateDomain(authenticateURL.Hostname()) {
|
|
||||||
hpkeURL := authenticateURL.ResolveReference(&url.URL{
|
hpkeURL := authenticateURL.ResolveReference(&url.URL{
|
||||||
Path: urlutil.HPKEPublicKeyPath,
|
Path: urlutil.HPKEPublicKeyPath,
|
||||||
}).String()
|
}).String()
|
||||||
return hpke.NewKeyFetcher(hpkeURL, transport), nil
|
return hpke.NewKeyFetcher(hpkeURL, transport), nil
|
||||||
}
|
|
||||||
|
|
||||||
// Otherwise we can use our own HPKE public key.
|
|
||||||
privKey, err := cfg.Options.GetHPKEPrivateKey()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
pubKey := privKey.PublicKey()
|
|
||||||
return hpke.NewStubKeyFetcher(pubKey), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cfg *Config) resolveAuthenticateURL() (*url.URL, *http.Transport, error) {
|
func (cfg *Config) resolveAuthenticateURL() (*url.URL, *http.Transport, error) {
|
||||||
|
|
|
||||||
|
|
@ -1,18 +0,0 @@
|
||||||
package hpke
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
)
|
|
||||||
|
|
||||||
type stubFetcher struct {
|
|
||||||
key *PublicKey
|
|
||||||
}
|
|
||||||
|
|
||||||
func (f stubFetcher) FetchPublicKey(_ context.Context) (*PublicKey, error) {
|
|
||||||
return f.key, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewStubKeyFetcher returns a new KeyFetcher which returns a fixed key.
|
|
||||||
func NewStubKeyFetcher(key *PublicKey) KeyFetcher {
|
|
||||||
return stubFetcher{key}
|
|
||||||
}
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
||||||
package hpke_test
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
"github.com/pomerium/pomerium/pkg/hpke"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestStubFetcher(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
hpkePrivateKey, err := hpke.GeneratePrivateKey()
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
expected := hpkePrivateKey.PublicKey()
|
|
||||||
|
|
||||||
f := hpke.NewStubKeyFetcher(expected)
|
|
||||||
|
|
||||||
actual, err := f.FetchPublicKey(context.Background())
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, expected.String(), actual.String())
|
|
||||||
}
|
|
||||||
Loading…
Add table
Reference in a new issue