Merge pull request dexidp#187 from bcwaldon/relo-jose-sig

jose: collapse jose/sig into jose pkg

jose/jwt.go

@@ -62,3 +62,23 @@ func (j *JWT) Encode() string {
 	s := encodeSegment(j.Signature)
 	return strings.Join([]string{d, s}, ".")
 }
+
+func NewSignedJWT(claims map[string]interface{}, s Signer) (*JWT, error) {
+	header := JOSEHeader{
+		HeaderKeyAlgorithm: s.Alg(),
+		HeaderKeyID:        s.ID(),
+	}
+
+	jwt, err := NewJWT(header, Claims(claims))
+	if err != nil {
+		return nil, err
+	}
+
+	sig, err := s.Sign([]byte(jwt.Data()))
+	if err != nil {
+		return nil, err
+	}
+	jwt.Signature = sig
+
+	return &jwt, nil
+}

jose/sig/interface.go → jose/sig.go

@@ -1,10 +1,8 @@
-package sig
+package jose
 
 import (
 	"fmt"
 	"strings"
-
-	"github.com/coreos-inc/auth/jose"
 )
 
 type Verifier interface {
@@ -18,7 +16,7 @@ type Signer interface {
 	Sign(data []byte) (sig []byte, err error)
 }
 
-func NewVerifier(jwk jose.JWK) (Verifier, error) {
+func NewVerifier(jwk JWK) (Verifier, error) {
 	if strings.ToUpper(jwk.Type) != "RSA" {
 		return nil, fmt.Errorf("unsupported key type %q", jwk.Type)
 	}

jose/sig/hmac.go → jose/sig_hmac.go

@@ -1,4 +1,4 @@
-package sig
+package jose
 
 import (
 	"bytes"
@@ -8,8 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"strings"
-
-	"github.com/coreos-inc/auth/jose"
 )
 
 type VerifierHMAC struct {
@@ -22,7 +20,7 @@ type SignerHMAC struct {
 	VerifierHMAC
 }
 
-func NewVerifierHMAC(jwk jose.JWK) (*VerifierHMAC, error) {
+func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
 	if strings.ToUpper(jwk.Alg) != "HS256" {
 		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
 	}

jose/sig/hmac_test.go → jose/sig_hmac_test.go

@@ -1,24 +1,22 @@
-package sig
+package jose
 
 import (
 	"bytes"
 	"encoding/base64"
 	"testing"
-
-	"github.com/coreos-inc/auth/jose"
 )
 
 var hmacTestCases = []struct {
 	data  string
 	sig   string
-	jwk   jose.JWK
+	jwk   JWK
 	valid bool
 	desc  string
 }{
 	{
 		"test",
 		"Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
-		jose.JWK{
+		JWK{
 			ID:     "fake-key",
 			Alg:    "HS256",
 			Secret: []byte("secret"),
@@ -29,7 +27,7 @@ var hmacTestCases = []struct {
 	{
 		"test",
 		"Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
-		jose.JWK{
+		JWK{
 			ID:     "different-key",
 			Alg:    "HS256",
 			Secret: []byte("secret"),
@@ -40,7 +38,7 @@ var hmacTestCases = []struct {
 	{
 		"test sig and non-matching data",
 		"Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
-		jose.JWK{
+		JWK{
 			ID:     "fake-key",
 			Alg:    "HS256",
 			Secret: []byte("secret"),

jose/sig/rsa.go → jose/sig_rsa.go

@@ -1,13 +1,11 @@
-package sig
+package jose
 
 import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"fmt"
 	"strings"
-
-	"github.com/coreos-inc/auth/jose"
 )
 
 type VerifierRSA struct {
@@ -21,7 +19,7 @@ type SignerRSA struct {
 	VerifierRSA
 }
 
-func NewVerifierRSA(jwk jose.JWK) (*VerifierRSA, error) {
+func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
 	if strings.ToUpper(jwk.Alg) != "RS256" {
 		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
 	}

key/key.go

@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/coreos-inc/auth/jose"
-	josesig "github.com/coreos-inc/auth/jose/sig"
 )
 
 func NewPublicKey(jwk jose.JWK) *PublicKey {
@@ -23,8 +22,8 @@ func (k *PublicKey) ID() string {
 	return k.jwk.ID
 }
 
-func (k *PublicKey) Verifier() (josesig.Verifier, error) {
-	return josesig.NewVerifierRSA(k.jwk)
+func (k *PublicKey) Verifier() (jose.Verifier, error) {
+	return jose.NewVerifierRSA(k.jwk)
 }
 
 type PrivateKey struct {
@@ -36,8 +35,8 @@ func (k *PrivateKey) ID() string {
 	return k.KeyID
 }
 
-func (k *PrivateKey) Signer() josesig.Signer {
-	return josesig.NewSignerRSA(k.ID(), *k.PrivateKey)
+func (k *PrivateKey) Signer() jose.Signer {
+	return jose.NewSignerRSA(k.ID(), *k.PrivateKey)
 }
 
 func (k *PrivateKey) JWK() jose.JWK {

key/manager.go

@@ -7,13 +7,12 @@ import (
 	"github.com/jonboulle/clockwork"
 
 	"github.com/coreos-inc/auth/jose"
-	josesig "github.com/coreos-inc/auth/jose/sig"
 	"github.com/coreos-inc/auth/pkg/health"
 )
 
 type PrivateKeyManager interface {
 	ExpiresAt() time.Time
-	Signer() (josesig.Signer, error)
+	Signer() (jose.Signer, error)
 	JWKs() ([]jose.JWK, error)
 	PublicKeys() ([]PublicKey, error)
 
@@ -40,7 +39,7 @@ func (m *privateKeyManager) ExpiresAt() time.Time {
 	return m.keySet.ExpiresAt()
 }
 
-func (m *privateKeyManager) Signer() (josesig.Signer, error) {
+func (m *privateKeyManager) Signer() (jose.Signer, error) {
 	if err := m.Healthy(); err != nil {
 		return nil, err
 	}

server/auth_middleware_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"
 
-	josesig "github.com/coreos-inc/auth/jose/sig"
+	"github.com/coreos-inc/auth/jose"
 	"github.com/coreos-inc/auth/key"
 	"github.com/coreos-inc/auth/oidc"
 )
@@ -40,7 +40,7 @@ func TestClientToken(t *testing.T) {
 
 	makeToken := func(iss, sub, aud string, iat, exp time.Time) string {
 		claims := oidc.NewClaims(iss, sub, aud, iat, exp)
-		jwt, err := josesig.NewSignedJWT(claims, signer)
+		jwt, err := jose.NewSignedJWT(claims, signer)
 		if err != nil {
 			t.Fatalf("Failed to generate JWT, error=%v", err)
 		}

server/server.go

@@ -13,7 +13,6 @@ import (
 
 	"github.com/coreos-inc/auth/connector"
 	"github.com/coreos-inc/auth/jose"
-	josesig "github.com/coreos-inc/auth/jose/sig"
 	"github.com/coreos-inc/auth/key"
 	"github.com/coreos-inc/auth/oauth2"
 	"github.com/coreos-inc/auth/oidc"
@@ -219,7 +218,7 @@ func (s *Server) ClientCredsToken(creds oidc.ClientCredentials) (*jose.JWT, erro
 	claims := oidc.NewClaims(s.IssuerURL.String(), creds.ID, creds.ID, now, exp)
 	claims.Add("name", creds.ID)
 
-	jwt, err := josesig.NewSignedJWT(claims, signer)
+	jwt, err := jose.NewSignedJWT(claims, signer)
 	if err != nil {
 		log.Errorf("Failed to generate ID token: %v", err)
 		return nil, oauth2.NewError(oauth2.ErrorServerError)
@@ -259,7 +258,7 @@ func (s *Server) CodeToken(creds oidc.ClientCredentials, sessionKey string) (*jo
 		return nil, oauth2.NewError(oauth2.ErrorServerError)
 	}
 
-	jwt, err := josesig.NewSignedJWT(ses.Claims(s.IssuerURL.String()), signer)
+	jwt, err := jose.NewSignedJWT(ses.Claims(s.IssuerURL.String()), signer)
 	if err != nil {
 		log.Errorf("Failed to generate ID token: %v", err)
 		return nil, oauth2.NewError(oauth2.ErrorServerError)

server/server_test.go

@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/coreos-inc/auth/jose"
-	josesig "github.com/coreos-inc/auth/jose/sig"
 	"github.com/coreos-inc/auth/key"
 	"github.com/coreos-inc/auth/oauth2"
 	"github.com/coreos-inc/auth/oidc"
@@ -18,15 +17,15 @@ import (
 type StaticKeyManager struct {
 	key.PrivateKeyManager
 	expiresAt time.Time
-	signer    josesig.Signer
+	signer    jose.Signer
 	keys      []jose.JWK
 }
 
 func (m *StaticKeyManager) ExpiresAt() time.Time {
 	return m.expiresAt
 }
 
-func (m *StaticKeyManager) Signer() (josesig.Signer, error) {
+func (m *StaticKeyManager) Signer() (jose.Signer, error) {
 	return m.signer, nil
 }
 
@@ -312,7 +311,7 @@ func TestServerTokenFail(t *testing.T) {
 	signerFixture := &StaticSigner{sig: []byte("beer"), err: nil}
 
 	tests := []struct {
-		signer josesig.Signer
+		signer jose.Signer
 		argCC  oidc.ClientCredentials
 		argKey string
 		err    string

test

@@ -14,7 +14,7 @@ COVER=${COVER:-"-cover"}
 
 source ./build
 
-TESTABLE="connector db integration jose jose/sig key oauth2 oidc pkg/crypto pkg/flag pkg/health pkg/http pkg/net pkg/time server session"
+TESTABLE="connector db integration jose key oauth2 oidc pkg/crypto pkg/flag pkg/health pkg/http pkg/net pkg/time server session"
 FORMATTABLE="$TESTABLE cmd/authctl cmd/authd-worker cmd/authd-overlord examples/app functional pkg/log"
 
 # user has not provided PKG override