nodece commented on code in PR #18336:
URL: https://github.com/apache/pulsar/pull/18336#discussion_r1106660384
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java:
##########
@@ -409,4 +445,134 @@ public String getHeader(String name) {
return super.getHeader(name);
}
}
+
+ private static final class TokenSigningKeyResolver implements
SigningKeyResolver {
+ private final JWK jwk;
+
+ public TokenSigningKeyResolver(String data) {
+ jwk = new JWK(data);
+ }
+
+ @Override
+ public Key resolveSigningKey(JwsHeader header, Claims claims) {
+ return jwk.get(header.getKeyId());
+ }
+
+ @Override
+ public Key resolveSigningKey(JwsHeader header, String plaintext) {
+ return jwk.get(header.getKeyId());
+ }
+ }
+
+ // https://datatracker.ietf.org/doc/html/rfc7517
+ @Slf4j
+ private static final class JWK {
+ private static final String ALGORITHM_RSA = "RSA";
+ private static final String ALGORITHM_EC = "EC";
+
+ private static final Map<String, String> CURVE_MAP = new HashMap<>();
+
+ static {
+ //
https://openid.net/specs/draft-jones-json-web-key-03.html#anchor7
+ //
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#parameterspec-names
+ CURVE_MAP.put("P-256", "secp256r1");
+ CURVE_MAP.put("P-384", "secp384r1");
+ CURVE_MAP.put("P-521", "secp521r1");
+ }
+
+ private final Map<String, Key> keyMap = new HashMap<>();
+
+ public JWK(String data) {
+ String json;
+ try {
+ byte[] bytes = AuthTokenUtils.readKeyFromUrl(data);
+ if (bytes == null || bytes.length == 0) {
+ throw new IOException("invalid JWKS");
+ }
+ json = new String(bytes, StandardCharsets.UTF_8);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e);
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("JWKS: {}", json);
+ }
+
+ JsonNode rootNode;
+ try {
+ rootNode = new ObjectMapper().readTree(json);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e);
+ }
+
+ if (rootNode == null) {
+ return;
+ }
+
+ JsonNode keysNode = rootNode.get("keys");
+ if (keysNode == null) {
+ return;
+ }
+
+ Iterator<JsonNode> elements = keysNode.elements();
+ while (elements.hasNext()) {
+ JsonNode node = elements.next();
+ String type = node.get("kty").textValue();
+ String kid = node.get("kid").textValue();
+ KeyFactory kf;
+ // Reference from:
+ //
https://github.com/auth0/jwks-rsa-java/blob/0.21.2/src/main/java/com/auth0/jwk/Jwk.java#L176
Review Comment:
We just use the `Jwk` class, and don't want to introduce the other
dependency.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
