Refactor StaticKey to jwtutils package

sreya · sreya · commit 200cd68453d5 · 2024-10-24T17:41:40.000Z
移動StaticKeyからcryptokeysパッケージへのjwtutils。
これにより、jwtutilsとのセキュリティおよび独立性の一貫性が強化されます。
また、tailnetの依存関係を減らします。
diff --git a/coderd/cryptokeys/cache.go b/coderd/cryptokeys/cache.go
@@ -379,38 +379,6 @@ func (c *cache) Close() error {
 	return nil
 }
 
-// StaticKey fulfills the SigningKeycache and EncryptionKeycache interfaces. Useful for testing.
-type StaticKey struct {
-	ID  string
-	Key interface{}
-}
-
-func (s StaticKey) SigningKey(_ context.Context) (string, interface{}, error) {
-	return s.ID, s.Key, nil
-}
-
-func (s StaticKey) VerifyingKey(_ context.Context, id string) (interface{}, error) {
-	if id != s.ID {
-		return nil, xerrors.Errorf("invalid id %q", id)
-	}
-	return s.Key, nil
-}
-
-func (s StaticKey) EncryptingKey(_ context.Context) (string, interface{}, error) {
-	return s.ID, s.Key, nil
-}
-
-func (s StaticKey) DecryptingKey(_ context.Context, id string) (interface{}, error) {
-	if id != s.ID {
-		return nil, xerrors.Errorf("invalid id %q", id)
-	}
-	return s.Key, nil
-}
-
-func (StaticKey) Close() error {
-	return nil
-}
-
 // We have to do this to avoid a circular dependency on db2sdk (cryptokeys -> db2sdk -> tailnet -> cryptokeys)
 func toSDKKeys(keys []database.CryptoKey) []codersdk.CryptoKey {
 	into := make([]codersdk.CryptoKey, 0, len(keys))
diff --git a/coderd/jwtutils/jws.go b/coderd/jwtutils/jws.go
@@ -41,6 +41,11 @@ const (
 	signingAlgo = jose.HS512
 )
 
+type SigningKeyManager interface {
+	SigningKeyProvider
+	VerifyKeyProvider
+}
+
 type SigningKeyProvider interface {
 	SigningKey(ctx context.Context) (id string, key interface{}, err error)
 }
@@ -148,3 +153,35 @@ func Verify(ctx context.Context, v VerifyKeyProvider, token string, claims Claim
 
 	return claims.Validate(options.RegisteredClaims)
 }
+
+// StaticKey fulfills the SigningKeycache and EncryptionKeycache interfaces. Useful for testing.
+type StaticKey struct {
+	ID  string
+	Key interface{}
+}
+
+func (s StaticKey) SigningKey(_ context.Context) (string, interface{}, error) {
+	return s.ID, s.Key, nil
+}
+
+func (s StaticKey) VerifyingKey(_ context.Context, id string) (interface{}, error) {
+	if id != s.ID {
+		return nil, xerrors.Errorf("invalid id %q", id)
+	}
+	return s.Key, nil
+}
+
+func (s StaticKey) EncryptingKey(_ context.Context) (string, interface{}, error) {
+	return s.ID, s.Key, nil
+}
+
+func (s StaticKey) DecryptingKey(_ context.Context, id string) (interface{}, error) {
+	if id != s.ID {
+		return nil, xerrors.Errorf("invalid id %q", id)
+	}
+	return s.Key, nil
+}
+
+func (StaticKey) Close() error {
+	return nil
+}
diff --git a/tailnet/resume.go b/tailnet/resume.go
@@ -11,7 +11,6 @@ import (
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
-	"github.com/coder/coder/v2/coderd/cryptokeys"
 	"github.com/coder/coder/v2/coderd/jwtutils"
 	"github.com/coder/coder/v2/tailnet/proto"
 	"github.com/coder/quartz"
@@ -29,7 +28,7 @@ func NewInsecureTestResumeTokenProvider() ResumeTokenProvider {
 	if err != nil {
 		panic(err)
 	}
-	return NewResumeTokenKeyProvider(cryptokeys.StaticKey{
+	return NewResumeTokenKeyProvider(jwtutils.StaticKey{
 		ID:  uuid.New().String(),
 		Key: key[:],
 	}, quartz.NewReal(), time.Hour)
@@ -52,12 +51,12 @@ func GenerateResumeTokenSigningKey() (ResumeTokenSigningKey, error) {
 }
 
 type ResumeTokenKeyProvider struct {
-	key    cryptokeys.SigningKeycache
+	key    jwtutils.SigningKeyManager
 	clock  quartz.Clock
 	expiry time.Duration
 }
 
-func NewResumeTokenKeyProvider(key cryptokeys.SigningKeycache, clock quartz.Clock, expiry time.Duration) ResumeTokenProvider {
+func NewResumeTokenKeyProvider(key jwtutils.SigningKeyManager, clock quartz.Clock, expiry time.Duration) ResumeTokenProvider {
 	if expiry <= 0 {
 		expiry = DefaultResumeTokenExpiry
 	}
