Skip to content

Commit

Permalink
reduce bug-available area
Browse files Browse the repository at this point in the history
  • Loading branch information
@efd6
efd6 committed Mar 19, 2024
1 parent cdfcfe4 commit eed73de
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 38 deletions.
12 changes: 1 addition & 11 deletions x-pack/filebeat/input/cel/config_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@
package cel

import (
"bytes"
"context"
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"io/fs"
Expand Down Expand Up @@ -343,14 +340,7 @@ func (o *oAuth2Config) validateOktaProvider() error {
}
// jwk_pem
if o.OktaJWKPEM != "" {
blk, rest := pem.Decode([]byte(o.OktaJWKPEM))
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return fmt.Errorf("okta validation error: PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return errors.New("okta validation error: no PEM data")
}
_, err := x509.ParsePKCS8PrivateKey(blk.Bytes)
_, err := pemPKCS8PrivateKey([]byte(o.OktaJWKPEM))
if err != nil {
return fmt.Errorf("okta validation error: %w", err)
}
Expand Down
20 changes: 12 additions & 8 deletions x-pack/filebeat/input/cel/config_okta_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,20 +161,24 @@ func (i *base64int) UnmarshalJSON(b []byte) error {
}

func generateOktaJWTPEM(pemdata string, cnf *oauth2.Config) (string, error) {
blk, rest := pem.Decode([]byte(pemdata))
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return "", fmt.Errorf("PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return "", errors.New("no PEM data")
}
key, err := x509.ParsePKCS8PrivateKey(blk.Bytes)
key, err := pemPKCS8PrivateKey([]byte(pemdata))
if err != nil {
return "", err
}
return signJWT(cnf, key)
}

func pemPKCS8PrivateKey(pemdata []byte) (any, error) {
blk, rest := pem.Decode(pemdata)
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return nil, fmt.Errorf("PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return nil, errors.New("no PEM data")
}
return x509.ParsePKCS8PrivateKey(blk.Bytes)
}

// signJWT creates a JWT token using required claims and sign it with the
// private key.
func signJWT(cnf *oauth2.Config, key any) (string, error) {
Expand Down
12 changes: 1 addition & 11 deletions x-pack/filebeat/input/httpjson/config_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@
package httpjson

import (
"bytes"
"context"
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"io/fs"
Expand Down Expand Up @@ -311,14 +308,7 @@ func (o *oAuth2Config) validateOktaProvider() error {
}
// jwk_pem
if o.OktaJWKPEM != "" {
blk, rest := pem.Decode([]byte(o.OktaJWKPEM))
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return fmt.Errorf("okta validation error: PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return errors.New("okta validation error: no PEM data")
}
_, err := x509.ParsePKCS8PrivateKey(blk.Bytes)
_, err := pemPKCS8PrivateKey([]byte(o.OktaJWKPEM))
if err != nil {
return fmt.Errorf("okta validation error: %w", err)
}
Expand Down
20 changes: 12 additions & 8 deletions x-pack/filebeat/input/httpjson/config_okta_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,20 +159,24 @@ func (i *base64int) UnmarshalJSON(b []byte) error {
}

func generateOktaJWTPEM(pemdata string, cnf *oauth2.Config) (string, error) {
blk, rest := pem.Decode([]byte(pemdata))
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return "", fmt.Errorf("PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return "", errors.New("no PEM data")
}
key, err := x509.ParsePKCS8PrivateKey(blk.Bytes)
key, err := pemPKCS8PrivateKey([]byte(pemdata))
if err != nil {
return "", err
}
return signJWT(cnf, key)
}

func pemPKCS8PrivateKey(pemdata []byte) (any, error) {
blk, rest := pem.Decode(pemdata)
if rest := bytes.TrimSpace(rest); len(rest) != 0 {
return nil, fmt.Errorf("PEM text has trailing data: %d bytes", len(rest))
}
if blk == nil {
return nil, errors.New("no PEM data")
}
return x509.ParsePKCS8PrivateKey(blk.Bytes)
}

// signJWT creates a JWT token using required claims and sign it with the private key.
func signJWT(cnf *oauth2.Config, key any) (string, error) {
now := time.Now()
Expand Down

0 comments on commit eed73de

Please sign in to comment.