Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds support for v5 of the golang-jwt library #15

Merged
merged 3 commits into from
Apr 18, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
go-version: 1.18

- name: Build
run: go build -v ./...
Expand Down
14 changes: 7 additions & 7 deletions example/example.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (

"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/kms"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/matelang/jwt-go-aws-kms/v2/jwtkms"
)

Expand All @@ -21,13 +21,13 @@ func main() {
}

now := time.Now()
jwtToken := jwt.NewWithClaims(jwtkms.SigningMethodECDSA256, &jwt.StandardClaims{
Audience: "api.example.com",
ExpiresAt: now.Add(1 * time.Hour * 24).Unix(),
Id: "1234-5678",
IssuedAt: now.Unix(),
jwtToken := jwt.NewWithClaims(jwtkms.SigningMethodECDSA256, &jwt.RegisteredClaims{
Audience: jwt.ClaimStrings{"api.example.com"},
ExpiresAt: jwt.NewNumericDate(now.Add(1 * time.Hour * 24)),
ID: "1234-5678",
IssuedAt: jwt.NewNumericDate(now),
Issuer: "sso.example.com",
NotBefore: now.Unix(),
NotBefore: jwt.NewNumericDate(now),
Subject: "john.doe@example.com",
})

Expand Down
17 changes: 15 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,11 +1,24 @@
module github.com/matelang/jwt-go-aws-kms/v2

go 1.16
go 1.18

require (
github.com/aws/aws-sdk-go-v2 v1.17.7
github.com/aws/aws-sdk-go-v2/config v1.18.19
github.com/aws/aws-sdk-go-v2/service/kms v1.20.8
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/golang-jwt/jwt/v5 v5.0.0-rc.2
github.com/google/uuid v1.3.0
)

require (
github.com/aws/aws-sdk-go-v2/credentials v1.13.18 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
)
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.18.7/go.mod h1:JuTnSoeePXmMVe9G8Ncjj
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v5 v5.0.0-rc.2 h1:hXPcSazn8wKOfSb9y2m1bdgUMlDxVDarxh3lJVbC6JE=
github.com/golang-jwt/jwt/v5 v5.0.0-rc.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
Expand Down
3 changes: 2 additions & 1 deletion jwtkms/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@ package jwtkms

import (
"crypto"

"github.com/aws/aws-sdk-go-v2/service/kms/types"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

var (
Expand Down
28 changes: 12 additions & 16 deletions jwtkms/kms_signing_method.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"math/big"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/kms"
"github.com/aws/aws-sdk-go-v2/service/kms/types"
"github.com/golang-jwt/jwt/v4"
"math/big"
"github.com/golang-jwt/jwt/v5"
)

type fallbackSigningMethodCompatibilityCheckerFunc func(keyConfig interface{}) bool
Expand Down Expand Up @@ -94,7 +95,7 @@ func (m *KMSSigningMethod) Alg() string {
return m.fallbackSigningMethod.Alg()
}

func (m *KMSSigningMethod) Verify(signingString string, signature string, keyConfig interface{}) error {
func (m *KMSSigningMethod) Verify(signingString string, sig []byte, keyConfig interface{}) (err error) {
// Expecting a jwtkms.Config as the keyConfig to use AWS KMS to Verify tokens.
cfg, ok := keyConfig.(*Config)

Expand All @@ -104,17 +105,12 @@ func (m *KMSSigningMethod) Verify(signingString string, signature string, keyCon
keyConfigIsForFallbackSigningMethod := m.fallbackSigningMethodKeyConfigCheckerFunc(keyConfig)

if keyConfigIsForFallbackSigningMethod {
return m.fallbackSigningMethod.Verify(signingString, signature, keyConfig)
return m.fallbackSigningMethod.Verify(signingString, sig, keyConfig)
}

return jwt.ErrInvalidKeyType
}

sig, err := jwt.DecodeSegment(signature)
if err != nil {
return err
}

if !m.hash.Available() {
return jwt.ErrHashUnavailable
}
Expand Down Expand Up @@ -169,10 +165,10 @@ func (m *KMSSigningMethod) Verify(signingString string, signature string, keyCon
pubkeyCache.Add(cfg.kmsKeyID, cachedKey)
}

return m.fallbackSigningMethod.Verify(signingString, signature, cachedKey)
return m.fallbackSigningMethod.Verify(signingString, sig, cachedKey)
}

func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (string, error) {
func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) ([]byte, error) {
// Expecting a jwtkms.Config as the keyConfig to use AWS KMS to Sign tokens.
cfg, ok := keyConfig.(*Config)

Expand All @@ -185,11 +181,11 @@ func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (st
return m.fallbackSigningMethod.Sign(signingString, keyConfig)
}

return "", jwt.ErrInvalidKeyType
return nil, jwt.ErrInvalidKeyType
}

if !m.hash.Available() {
return "", jwt.ErrHashUnavailable
return nil, jwt.ErrHashUnavailable
}

hasher := m.hash.New()
Expand All @@ -205,16 +201,16 @@ func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (st

signOutput, err := cfg.kmsClient.Sign(cfg.ctx, signInput)
if err != nil {
return "", err
return nil, err
}

formattedSig := signOutput.Signature
if m.postSignatureSigFormatterFunc != nil {
formattedSig, err = m.postSignatureSigFormatterFunc(signOutput.Signature)
if err != nil {
return "", err
return nil, err
}
}

return jwt.EncodeSegment(formattedSig), nil
return formattedSig, nil
}
2 changes: 1 addition & 1 deletion jwtkms/kms_signingmethod_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package jwtkms
import (
"testing"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/matelang/jwt-go-aws-kms/v2/jwtkms/internal/mockkms"
)

Expand Down