Documentation
¶
Index ¶
Constants ¶
const MAX_TOKEN_DURATION = 300
MAX_TOKEN_DURATION is the maximum duration allowed on a signed token.
Variables ¶
This section is empty.
Functions ¶
func ParsePubkeySignedToken ¶
func ParsePubkeySignedToken(tokenString string, pubkeyFunc func(subject string) (pubkey string, err error)) (subject string, token *jwt.Token, err error)
ParsePubkeySignedToken takes a token string that has been signed by the ssh-agent (RS256) The Subject of the token (user authenticating) is part of the claims on the token. Subject in claim is used to retrieve the public key which is used to verify the signature of the token. The pubkeyFunc takes the subject, and produces a public key by some means. The subject is as trustworthy as your pubkeyFunc. If the subject (which came from the client) produces a different pubkey (as if the user set the wrong subject), validation will fail. If the claims are tampered with, the validation will fail Security of this method depends entirely on pubkeyFunc being able to produce a pubkey for the subject that corresponds to a private key held by the requestor.
func SignedJwtToken ¶
SignedJwtToken takes a subject, and a public key string (as provided by ssh-agent or ssh-keygen) and creates a signed JWT Token by asking the ssh-agent politely to sign the token claims. The token is good for MAX_TOKEN_DURATION seconds.
Types ¶
type SigningMethodRSAAgent ¶
SigningMethodRSAAgent is a JWT Signing method that produces RS256 signatures from a running ssh-agent.
func (*SigningMethodRSAAgent) Alg ¶
func (m *SigningMethodRSAAgent) Alg() string
Alg returns the name of the name of the algorithm used by the signing method
func (*SigningMethodRSAAgent) Sign ¶
func (m *SigningMethodRSAAgent) Sign(signingString string, key interface{}) (sig string, err error)
Sign sends a request to the running ssh-agent to sign the header and claims of the JWT. This is pretty much the normal RS256 mechanism, but it doesn't require the private key in order to sign. The private key is held by the ssh-agent.
func (*SigningMethodRSAAgent) Verify ¶
func (m *SigningMethodRSAAgent) Verify(signingString, signature string, key interface{}) (err error)
Verify verifies the signature on the JWT Token in the normal JWT RS256 fashion
type TestServer ¶
type TestServer struct {
Address string
Port int
PubkeyFunc func(username string) (pubkey string, err error)
}
TestServer an HTTP server demostrating JWT RSA Auth
func (*TestServer) RootHandler ¶
func (d *TestServer) RootHandler(w http.ResponseWriter, r *http.Request)
RootHandler The main HTTP handler for TestServer
func (*TestServer) RunTestServer ¶
func (d *TestServer) RunTestServer() (err error)
RunTestServer runs the test server.
Source Files