-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sso-proxy: sign upstream requests with a verifiable digital signature #106
Conversation
f0942e8
to
4a86464
Compare
3dd156b
to
1a37db1
Compare
internal/proxy/oauthproxy.go
Outdated
// used to sign each request. | ||
func (p *OAuthProxy) Certs(rw http.ResponseWriter, _ *http.Request) { | ||
rw.WriteHeader(http.StatusOK) | ||
fmt.Fprint(rw, p.publicCertsJSON) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to convert this to a string to use it here, nor do we have to call WriteHeader, we could just:
rw.Write(p.RawPublicCerts)
Which will default to 200
and write our string as bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, good suggestion. Thanks!
// hash value received through the `Octoboi-Signature` of the request. | ||
// | ||
// Any requests failing this check should be considered tampered with, and rejected. | ||
func (signer RequestSigner) Sign(req *http.Request) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this isn't a function pointer, does this create a new object when called?
Is that why we don't have to worry about concurrent and/or racey writes to the hasher
object below, since it's a new object on each Sign
invocation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or should this be a pointer handler and we do have worry about concurrent and racey writes to the hasher?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, this creates a new object, which I believe ought to avoid racey writes to the hasher
and signingKey
fields.
993e32d
to
e5f71c5
Compare
LGTM |
one nit but otherwise this looks great! |
4deead6
to
443a712
Compare
443a712
to
93ab018
Compare
Enable the signing of upstream requests using a digital signature, instead of requiring a shared secret for each upstream service. Work in progress.