[GitHub] [pulsar] tuteng commented on a diff in pull request #18336: [feat][authentication] Add JWKS support for AuthenticationProviderToken

Wed, 07 Dec 2022 06:57:20 -0800 


tuteng commented on code in PR #18336:
URL: https://github.com/apache/pulsar/pull/18336#discussion_r1042309159


##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java:
##########
@@ -409,4 +444,134 @@ public String getHeader(String name) {
             return super.getHeader(name);
         }
     }
+
+    private static final class TokenSigningKeyResolver implements 
SigningKeyResolver {
+        private final Jwk jwk;
+
+        public TokenSigningKeyResolver(String data) {
+            jwk = new Jwk(data);
+        }
+
+        @Override
+        public Key resolveSigningKey(JwsHeader header, Claims claims) {
+            return jwk.get(header.getKeyId());
+        }
+
+        @Override
+        public Key resolveSigningKey(JwsHeader header, String plaintext) {
+            return jwk.get(header.getKeyId());
+        }
+    }
+
+    // https://datatracker.ietf.org/doc/html/rfc7517
+    @Slf4j
+    private static final class Jwk {
+        private static final String ALGORITHM_RSA = "RSA";
+        private static final String ALGORITHM_EC = "EC";
+
+        private static final Map<String, String> CURVE_MAP = new HashMap<>();
+
+        static {
+            // 
https://openid.net/specs/draft-jones-json-web-key-03.html#anchor7
+            // 
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#parameterspec-names
+            CURVE_MAP.put("P-256", "secp256r1");
+            CURVE_MAP.put("P-384", "secp384r1");
+            CURVE_MAP.put("P-521", "secp521r1");
+        }
+
+        private final Map<String, Key> keyMap = new HashMap<>();
+
+        public Jwk(String data) {
+            String json;
+            try {
+                byte[] bytes = AuthTokenUtils.readKeyFromUrl(data);
+                if (bytes == null || bytes.length == 0) {
+                    throw new IOException("invalid JWKs data");
+                }
+                json = new String(AuthTokenUtils.readKeyFromUrl(data), 
StandardCharsets.UTF_8);

Review Comment:
   Why call this function `AuthTokenUtils.readKeyFromUrl(data)` again?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to