feat(dgw): subkey tokens (#287)

Issue: DGW-35 * feat(dgw): subkey tokens * chore(tokengen): support for subkey tokens * Code review
Devolutions · Aug 2, 2022 · bebee0e · bebee0e
1 parent f9b66c1
commit bebee0e
Show file tree

Hide file tree

Showing 15 changed files with 722 additions and 247 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/README.md b/README.md
@@ -126,7 +126,7 @@ If all the optional claims are provided RDP routing will start in **RDP-TLS** mo
 
 #### Token generation utilities
 
-JWT generation should be facilitated by a provider (such as the [WaykDen](https://github.com/Devolutions/WaykDen-ps)).
+JWT generation should be facilitated by a provisioner (such as the [WaykDen](https://github.com/Devolutions/WaykDen-ps)).
 However, you can easily generate a JWT for testing purposes by using CLI tools provided in `/tools` folder.
 
 ##### tokengen
@@ -142,13 +142,13 @@ The binary is produced inside a `target/release` folder.
 RDP-TCP example:
 
 ```
-$ ./tokengen --provider-private-key /path/to/provisioner/private/key.pem forward --dst-hst 192.168.122.70 --jet-ap rdp
+$ ./tokengen --provisioner-key /path/to/provisioner/private/key.pem forward --dst-hst 192.168.122.70 --jet-ap rdp
 ```
 
 RDP-TLS example:
 
 ```
-$ ./tokengen --provider-private-key /path/to/provisioner/private/key.pem --delegation-public-key /path/to/delegation/public/key.pem rdp-tls --dst-hst 192.168.122.70 --prx-usr proxy_username --prx-pwd proxy_password --dst-usr host_username --dst-pwd host_password
+$ ./tokengen --provisioner-key /path/to/provisioner/private/key.pem --delegation-key /path/to/delegation/public/key.pem rdp-tls --dst-hst 192.168.122.70 --prx-usr proxy_username --prx-pwd proxy_password --dst-usr host_username --dst-pwd host_password
 ```
 
 ##### rdp_token.sh

diff --git a/crates/devolutions-gateway-generators/src/lib.rs b/crates/devolutions-gateway-generators/src/lib.rs
@@ -180,3 +180,13 @@ pub fn session_info_fwd_only() -> impl Strategy<Value = GatewaySessionInfo> {
         )
     })
 }
+
+#[derive(Debug, Serialize, Clone)]
+pub struct SubkeyClaims {
+    pub kid: String,
+    pub kty: String,
+    pub jet_gw_id: Option<uuid::Uuid>,
+    pub iat: i64,
+    pub nbf: i64,
+    pub jti: uuid::Uuid,
+}
diff --git a/devolutions-gateway/Cargo.toml b/devolutions-gateway/Cargo.toml
@@ -56,13 +56,15 @@ focaccia = "1.1.2"
 native-tls = "0.2.8"
 zeroize = { version = "1.5.3", features = ["derive"] }
 rust-argon2 = "1.0.0"
-picky = { version = "7.0.0-rc.2", default-features = false, features = ["jose", "x509"] }
+picky = { version = "7.0.0-rc.3", default-features = false, features = ["jose", "x509"] }
 sspi = "0.3.2"
 ring = "0.16.20"
 # (unrequired if using `axum`)
 sha1 = "0.10.1"
 # (unrequired if using `axum`)
 base64 = "0.13.0"
+multihash = "0.16.2"
+multibase = "0.9.1"
 
 # logging
 tracing = "0.1.34"