cleanup

2020-01-10 09:27:52 +01:00 · 2020-01-10 09:27:52 +01:00 · 5d91ebfd62
commit 5d91ebfd62
parent 32be81575e
5 changed files with 10 additions and 115 deletions
--- a/pkg/op/authrequest_test.go
+++ b/pkg/op/authrequest_test.go
@ -108,7 +108,7 @@ func TestValidateAuthRequest(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := op.ValidateAuthRequest(tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr {
+			if err := op.ValidateAuthRequest(nil, tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr {
 				t.Errorf("ValidateAuthRequest() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@ -218,7 +218,7 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := op.ValidateAuthReqRedirectURI(tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr {
+			if err := op.ValidateAuthReqRedirectURI(nil, tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr {
 				t.Errorf("ValidateRedirectURI() error = %v, wantErr %v", err.Error(), tt.wantErr)
 			}
 		})
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -13,7 +13,6 @@ type Configuration interface {
 	UserinfoEndpoint() Endpoint
 	KeysEndpoint() Endpoint

-	// SupportedScopes() []string
 	AuthMethodPostSupported() bool

 	Port() string
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -36,7 +36,6 @@ type AuthRequest interface {
 	GetAudience() []string
 	GetAuthTime() time.Time
 	GetClientID() string
-	// GetCode() string
 	GetCodeChallenge() *oidc.CodeChallenge
 	GetNonce() string
 	GetRedirectURI() string
--- a/pkg/rp/default_verifier.go
+++ b/pkg/rp/default_verifier.go
@ -96,12 +96,6 @@ func WithSupportedSigningAlgorithms(algs ...string) func(*verifierConfig) {
 	}
 }

-// func WithVerifierHTTPClient(client *http.Client) func(*verifierConfig) {
-// 	return func(conf *verifierConfig) {
-// 		conf.httpClient = client
-// 	}
-// }
-
 type verifierConfig struct {
 	issuer            string
 	clientID          string
@ -213,12 +207,8 @@ func (v *DefaultVerifier) VerifyIDToken(ctx context.Context, idTokenString strin
 	if err = v.checkAuthTime(claims.AuthTime); err != nil {
 		return nil, err
 	}
-	//return idtoken struct, err

 	return claims, nil
-	// })
-	// _ = token
-	// return err
 }

 func (v *DefaultVerifier) parseToken(tokenString string) (*oidc.IDTokenClaims, []byte, error) {
@ -297,68 +287,6 @@ func (v *DefaultVerifier) checkSignature(ctx context.Context, idTokenString stri
 	return jose.SignatureAlgorithm(sig.Header.Algorithm), nil
 }

-// type KeySet struct {
-// 	remoteURL  url.URL
-// 	httpClient *http.Client
-// 	keys       []jose.JSONWebKey
-
-// 	m        sync.Mutex
-// 	inflight *inflight
-// }
-
-// func (k *KeySet) GetKey(ctx context.Context, keyID string) (*jose.JSONWebKey, error) {
-// 	key, err := k.getKey(keyID)
-// 	if err != nil {
-// 		//lock
-// 		k.updateKeys(ctx)
-// 		//unlock
-// 		return k.getKey(keyID)
-// 	}
-// 	return key, nil
-// }
-
-// func (k *KeySet) getKey(keyID string) (*jose.JSONWebKey, error) {
-// 	k.m.Lock()
-// 	keys := k.keys
-// 	k.m.Unlock()
-// 	for _, key := range keys {
-// 		if key.KeyID == keyID {
-// 			return &key, nil
-// 		}
-// 	}
-// 	return nil, nil //TODO: err
-// }
-
-// func (k *KeySet) retrieveNewKeys(ctx context.Context) ([]jose.JSONWebKey, error) {
-// 	resp, err := k.httpClient.Get(k.remoteURL.String())
-// 	if err != nil {
-// 		return nil, err
-// 	}
-// 	if resp.StatusCode != http.StatusOK {
-// 		return nil, nil //TODO: errs
-// 	}
-
-// 	defer resp.Body.Close()
-// 	body, err := ioutil.ReadAll(resp.Body)
-// 	if err != nil {
-// 		return nil, err
-// 	}
-
-// 	var keySet jose.JSONWebKeySet
-// 	err = json.Unmarshal(body, keySet)
-// 	if err != nil {
-// 		return nil, err
-// 	}
-// 	return keySet.Keys, nil
-// }
-
-// func (k *KeySet) updateKeys(ctx context.Context) error {
-// 	k.inflight
-// 	k.m.Lock()
-// 	k.keys = keySet.Keys
-// 	return nil
-// }
-
 func (v *DefaultVerifier) checkExpiration(expiration time.Time) error {
 	expiration = expiration.Round(time.Second)
 	if !v.now().Before(expiration) {
@ -419,25 +347,6 @@ func (v *DefaultVerifier) decryptToken(tokenString string) (string, error) {
 	return tokenString, nil //TODO: impl
 }

-// func (v *Verifier) parseIDToken(tokenString string) (IDToken, error) {
-// 	var claims jwt.StandardClaims
-// 	token, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) {
-// 		claims.VerifyIssuer(v.config.Issuer, true)
-
-// 		// return token.Header["alg"]
-// 	})
-
-// 	payload, err := parseJWT(rawIDToken)
-// 	if err != nil {
-// 		return nil, fmt.Errorf("oidc: malformed jwt: %v", err)
-// 	}
-// 	var token IDToken
-// 	if err := json.Unmarshal(payload, &token); err != nil {
-// 		return nil, fmt.Errorf("oidc: failed to unmarshal claims: %v", err)
-// 	}
-// 	return token, nil //TODO: impl
-// }
-
 func (v *DefaultVerifier) verifyAccessToken(accessToken, atHash string, sigAlgorithm jose.SignatureAlgorithm) error {
 	if atHash == "" {
 		return nil //TODO: return error
--- a/pkg/rp/jwks.go
+++ b/pkg/rp/jwks.go
@ -6,7 +6,6 @@ import (
 	"fmt"
 	"net/http"
 	"sync"
-	"time"

 	"github.com/caos/oidc/pkg/utils"

@ -22,7 +21,6 @@ func NewRemoteKeySet(client *http.Client, jwksURL string) oidc.KeySet {
 type remoteKeySet struct {
 	jwksURL    string
 	httpClient *http.Client
-	// now        func() time.Time

 	// guard all other fields
 	mu sync.Mutex
@ -33,7 +31,6 @@ type remoteKeySet struct {

 	// A set of cached keys and their expiry.
 	cachedKeys []jose.JSONWebKey
-	expiry     time.Time
 }

 // inflight is used to wait on some in-flight request from multiple goroutines.
@ -76,7 +73,7 @@ func (r *remoteKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 		break
 	}

-	keys, _ := r.keysFromCache()
+	keys := r.keysFromCache()
 	payload, err, ok := checkKey(keyID, keys, jws)
 	if ok {
 		return payload, err
@ -94,10 +91,10 @@ func (r *remoteKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 	return payload, err
 }

-func (r *remoteKeySet) keysFromCache() (keys []jose.JSONWebKey, expiry time.Time) {
+func (r *remoteKeySet) keysFromCache() (keys []jose.JSONWebKey) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
-	return r.cachedKeys, r.expiry
+	return r.cachedKeys
 }

 // keysFromRemote syncs the key set from the remote set, records the values in the
@ -127,7 +124,7 @@ func (r *remoteKeySet) keysFromRemote(ctx context.Context) ([]jose.JSONWebKey, e

 func (r *remoteKeySet) updateKeys(ctx context.Context) {
 	// Sync keys and finish inflight when that's done.
-	keys, expiry, err := r.fetchRemoteKeys(ctx)
+	keys, err := r.fetchRemoteKeys(ctx)

 	r.inflight.done(keys, err)

@ -138,33 +135,24 @@ func (r *remoteKeySet) updateKeys(ctx context.Context) {

 	if err == nil {
 		r.cachedKeys = keys
-		r.expiry = expiry
 	}

 	// Free inflight so a different request can run.
 	r.inflight = nil
 }

-func (r *remoteKeySet) fetchRemoteKeys(ctx context.Context) ([]jose.JSONWebKey, time.Time, error) {
+func (r *remoteKeySet) fetchRemoteKeys(ctx context.Context) ([]jose.JSONWebKey, error) {
 	req, err := http.NewRequest("GET", r.jwksURL, nil)
 	if err != nil {
-		return nil, time.Time{}, fmt.Errorf("oidc: can't create request: %v", err)
+		return nil, fmt.Errorf("oidc: can't create request: %v", err)
 	}

 	keySet := new(jose.JSONWebKeySet)
 	if err = utils.HttpRequest(r.httpClient, req, keySet); err != nil {
-		return nil, time.Time{}, fmt.Errorf("oidc: failed to get keys: %v", err)
+		return nil, fmt.Errorf("oidc: failed to get keys: %v", err)
 	}

-	// If the server doesn't provide cache control headers, assume the
-	// keys expire immediately.
-	// expiry := r.now()
-
-	// _, e, err := cachecontrol.CachableResponse(req, resp, cachecontrol.Options{})
-	// if err == nil && e.After(expiry) {
-	// 	expiry = e
-	// }
-	return keySet.Keys, time.Now(), nil
+	return keySet.Keys, nil
 }

 func checkKey(keyID string, keys []jose.JSONWebKey, jws *jose.JSONWebSignature) ([]byte, error, bool) {