diff --git a/env/web_env.go b/env/web_env.go index 4d77019..6672d0e 100644 --- a/env/web_env.go +++ b/env/web_env.go @@ -32,9 +32,9 @@ import ( "strings" "time" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwk" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwk" + "github.com/lestrrat-go/jwx/v3/jwt" ) const ( @@ -100,7 +100,7 @@ func getEnvValueFromHTTP(urlStr, envKey string) (string, string, string, error) return "", "", "", err } - skey, err := jwk.FromRaw([]byte(password)) + skey, err := jwk.Import([]byte(password)) if err != nil { return "", "", "", err } @@ -119,7 +119,7 @@ func getEnvValueFromHTTP(urlStr, envKey string) (string, string, string, error) return "", "", "", err } - signed, err := jwt.Sign(token, jwt.WithKey(jwa.HS512, skey)) + signed, err := jwt.Sign(token, jwt.WithKey(jwa.HS512(), skey)) if err != nil { return "", "", "", err } diff --git a/go.mod b/go.mod index b425ba5..22c4eb7 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/go-ldap/ldap/v3 v3.4.12 github.com/go-openapi/swag/conv v0.24.0 github.com/golang-jwt/jwt/v4 v4.5.2 - github.com/lestrrat-go/jwx/v2 v2.1.6 + github.com/lestrrat-go/jwx/v3 v3.0.12 github.com/mattn/go-colorable v0.1.14 github.com/mattn/go-isatty v0.0.20 github.com/minio/minio-go/v7 v7.0.97 @@ -32,8 +32,12 @@ require ( github.com/clipperhouse/uax29/v2 v2.3.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-openapi/swag/typeutils v0.24.0 // indirect + github.com/lestrrat-go/dsig v1.0.0 // indirect + github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect + github.com/lestrrat-go/httprc/v3 v3.0.1 // indirect + github.com/lestrrat-go/option/v2 v2.0.0 // indirect github.com/minio/md5-simd v1.1.2 // indirect - github.com/stretchr/testify v1.11.1 // indirect + github.com/valyala/fastjson v1.6.4 // indirect ) require ( @@ -53,8 +57,6 @@ require ( github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/lestrrat-go/blackmagic v1.0.4 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.6 // indirect - github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mattn/go-runewidth v0.0.19 // indirect github.com/philhofer/fwd v1.2.0 // indirect diff --git a/go.sum b/go.sum index 69aaf16..8ef834f 100644 --- a/go.sum +++ b/go.sum @@ -81,16 +81,20 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA= github.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw= +github.com/lestrrat-go/dsig v1.0.0 h1:OE09s2r9Z81kxzJYRn07TFM9XA4akrUdoMwr0L8xj38= +github.com/lestrrat-go/dsig v1.0.0/go.mod h1:dEgoOYYEJvW6XGbLasr8TFcAxoWrKlbQvmJgCR0qkDo= +github.com/lestrrat-go/dsig-secp256k1 v1.0.0 h1:JpDe4Aybfl0soBvoVwjqDbp+9S1Y2OM7gcrVVMFPOzY= +github.com/lestrrat-go/dsig-secp256k1 v1.0.0/go.mod h1:CxUgAhssb8FToqbL8NjSPoGQlnO4w3LG1P0qPWQm/NU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k= -github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= -github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= -github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVfecA= -github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU= +github.com/lestrrat-go/httprc/v3 v3.0.1 h1:3n7Es68YYGZb2Jf+k//llA4FTZMl3yCwIjFIk4ubevI= +github.com/lestrrat-go/httprc/v3 v3.0.1/go.mod h1:2uAvmbXE4Xq8kAUjVrZOq1tZVYYYs5iP62Cmtru00xk= +github.com/lestrrat-go/jwx/v3 v3.0.12 h1:p25r68Y4KrbBdYjIsQweYxq794CtGCzcrc5dGzJIRjg= +github.com/lestrrat-go/jwx/v3 v3.0.12/go.mod h1:HiUSaNmMLXgZ08OmGBaPVvoZQgJVOQphSrGr5zMamS8= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss= +github.com/lestrrat-go/option/v2 v2.0.0/go.mod h1:oSySsmzMoR0iRzCDCaUfsCzxQHUEuhOViQObyy7S6Vg= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= @@ -125,6 +129,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/tinylib/msgp v1.5.0 h1:GWnqAE54wmnlFazjq2+vgr736Akg58iiHImh+kPY2pc= github.com/tinylib/msgp v1.5.0/go.mod h1:cvjFkb4RiC8qSBOPMGPSzSAx47nAsfhLVTCZZNuHv5o= +github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= +github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= diff --git a/licverifier/verifier.go b/licverifier/verifier.go index 1614796..533d54c 100644 --- a/licverifier/verifier.go +++ b/licverifier/verifier.go @@ -19,7 +19,6 @@ package licverifier import ( - "context" "crypto/ecdsa" "crypto/x509" "encoding/pem" @@ -27,10 +26,10 @@ import ( "fmt" "time" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwk" - "github.com/lestrrat-go/jwx/v2/jws" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwk" + "github.com/lestrrat-go/jwx/v3/jws" + "github.com/lestrrat-go/jwx/v3/jwt" ) // LicenseVerifier needs an ECDSA public key in PEM format for initialization. @@ -103,11 +102,11 @@ func NewLicenseVerifier(pemBytes []byte) (*LicenseVerifier, error) { if err != nil { return nil, fmt.Errorf("failed to parse public key: %w", err) } - key, err := jwk.FromRaw(pbKey) + key, err := jwk.Import(pbKey) if err != nil { return nil, err } - key.Set(jwk.AlgorithmKey, jwa.ES384) + key.Set(jwk.AlgorithmKey, jwa.ES384()) keyset := jwk.NewSet() keyset.AddKey(key) return &LicenseVerifier{ @@ -118,61 +117,72 @@ func NewLicenseVerifier(pemBytes []byte) (*LicenseVerifier, error) { // toLicenseInfo extracts LicenseInfo from claims. It returns an error if any of // the claim values are invalid. func toLicenseInfo(license string, token jwt.Token) (LicenseInfo, error) { - claims, err := token.AsMap(context.Background()) - if err != nil { - return LicenseInfo{}, err - } - accID, ok := claims[accountID].(float64) - if !ok || ok && accID < 0 { + var accID float64 + err := token.Get(accountID, &accID) + if err != nil || accID < 0 { return LicenseInfo{}, errors.New("invalid accountId in claims") } // deployment id may not be present in older licenses. // so don't fail if it's not found. - depUUID, _ := claims[deploymentID].(string) + var depUUID string + _ = token.Get(deploymentID, &depUUID) // license id may not be present in older licenses. // so don't fail if it's not found. - licID, _ := claims[licenseID].(string) + var licID string + _ = token.Get(licenseID, &licID) - orgName, ok := claims[organization].(string) - if !ok { + var orgName string + err = token.Get(organization, &orgName) + if err != nil { return LicenseInfo{}, errors.New("invalid organization in claims") } - storageCap, ok := claims[capacity].(float64) - if !ok { + + var storageCap float64 + err = token.Get(capacity, &storageCap) + if err != nil { return LicenseInfo{}, errors.New("invalid storage capacity in claims") } - plan, ok := claims[plan].(string) - if !ok { + + var planVar string + err = token.Get(plan, &planVar) + if err != nil { return LicenseInfo{}, errors.New("invalid plan in claims") } - iAt, ok := claims[issuedAt].(time.Time) - if !ok { + + var iAt time.Time + err = token.Get(issuedAt, &iAt) + if err != nil { return LicenseInfo{}, errors.New("invalid issuedAt in claims") } // apiKey is optional as it's not present in older licenses - apiKey, _ := claims[apiKey].(string) + var apiKeyVar string + _ = token.Get(apiKey, &apiKeyVar) // isTrial is optional as it's not present in older licenses // default value = false - isTrial, _ := claims[trial].(bool) + var isTrial bool + _ = token.Get(trial, &isTrial) - return LicenseInfo{ + ret := LicenseInfo{ LicenseToken: license, LicenseID: licID, - Email: token.Subject(), Organization: orgName, AccountID: int64(accID), DeploymentID: depUUID, StorageCapacity: int64(storageCap), - Plan: plan, + Plan: planVar, IssuedAt: iAt, - ExpiresAt: token.Expiration(), - APIKey: apiKey, + APIKey: apiKeyVar, IsTrial: isTrial, - }, nil + } + + ret.Email, _ = token.Subject() + ret.ExpiresAt, _ = token.Expiration() + + return ret, nil } // Verify verifies the license key and validates the claims present in it. diff --git a/licverifier/verifier_test.go b/licverifier/verifier_test.go index 0e42e11..177e08c 100644 --- a/licverifier/verifier_test.go +++ b/licverifier/verifier_test.go @@ -22,7 +22,7 @@ import ( "testing" "time" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/lestrrat-go/jwx/v3/jwt" ) func areEqLicenseInfo(a, b LicenseInfo) bool { diff --git a/subnet/license.go b/subnet/license.go index 3c20a76..f3cdaef 100644 --- a/subnet/license.go +++ b/subnet/license.go @@ -27,7 +27,7 @@ import ( "strings" "time" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/lestrrat-go/jwx/v3/jwt" "github.com/minio/pkg/v3/licverifier" )