mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12628 Commits
17 Branches
Tree: 35c3553870
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '35c3553870'
${ noResults }
gitea/services/auth/source/oauth2/jwtsigningkey.go

jwtsigningkey.go 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package oauth2

  6. 

  7. import (

  8. 	"crypto/ecdsa"

  9. 	"crypto/ed25519"

  10. 	"crypto/elliptic"

  11. 	"crypto/rand"

  12. 	"crypto/rsa"

  13. 	"crypto/sha256"

  14. 	"crypto/x509"

  15. 	"encoding/base64"

  16. 	"encoding/pem"

  17. 	"fmt"

  18. 	"math/big"

  19. 	"os"

  20. 	"path/filepath"

  21. 	"strings"

  22. 

  23. 	"code.gitea.io/gitea/modules/generate"

  24. 	"code.gitea.io/gitea/modules/log"

  25. 	"code.gitea.io/gitea/modules/setting"

  26. 	"code.gitea.io/gitea/modules/util"

  27. 

  28. 	"github.com/golang-jwt/jwt/v4"

  29. 	ini "gopkg.in/ini.v1"

  30. )

  31. 

  32. // ErrInvalidAlgorithmType represents an invalid algorithm error.

  33. type ErrInvalidAlgorithmType struct {

  34. 	Algorightm string

  35. }

  36. 

  37. func (err ErrInvalidAlgorithmType) Error() string {

  38. 	return fmt.Sprintf("JWT signing algorithm is not supported: %s", err.Algorightm)

  39. }

  40. 

  41. // JWTSigningKey represents a algorithm/key pair to sign JWTs

  42. type JWTSigningKey interface {

  43. 	IsSymmetric() bool

  44. 	SigningMethod() jwt.SigningMethod

  45. 	SignKey() interface{}

  46. 	VerifyKey() interface{}

  47. 	ToJWK() (map[string]string, error)

  48. 	PreProcessToken(*jwt.Token)

  49. }

  50. 

  51. type hmacSigningKey struct {

  52. 	signingMethod jwt.SigningMethod

  53. 	secret        []byte

  54. }

  55. 

  56. func (key hmacSigningKey) IsSymmetric() bool {

  57. 	return true

  58. }

  59. 

  60. func (key hmacSigningKey) SigningMethod() jwt.SigningMethod {

  61. 	return key.signingMethod

  62. }

  63. 

  64. func (key hmacSigningKey) SignKey() interface{} {

  65. 	return key.secret

  66. }

  67. 

  68. func (key hmacSigningKey) VerifyKey() interface{} {

  69. 	return key.secret

  70. }

  71. 

  72. func (key hmacSigningKey) ToJWK() (map[string]string, error) {

  73. 	return map[string]string{

  74. 		"kty": "oct",

  75. 		"alg": key.SigningMethod().Alg(),

  76. 	}, nil

  77. }

  78. 

  79. func (key hmacSigningKey) PreProcessToken(*jwt.Token) {}

  80. 

  81. type rsaSingingKey struct {

  82. 	signingMethod jwt.SigningMethod

  83. 	key           *rsa.PrivateKey

  84. 	id            string

  85. }

  86. 

  87. func newRSASingingKey(signingMethod jwt.SigningMethod, key *rsa.PrivateKey) (rsaSingingKey, error) {

  88. 	kid, err := createPublicKeyFingerprint(key.Public().(*rsa.PublicKey))

  89. 	if err != nil {

  90. 		return rsaSingingKey{}, err

  91. 	}

  92. 

  93. 	return rsaSingingKey{

  94. 		signingMethod,

  95. 		key,

  96. 		base64.RawURLEncoding.EncodeToString(kid),

  97. 	}, nil

  98. }

  99. 

  100. func (key rsaSingingKey) IsSymmetric() bool {

  101. 	return false

  102. }

  103. 

  104. func (key rsaSingingKey) SigningMethod() jwt.SigningMethod {

  105. 	return key.signingMethod

  106. }

  107. 

  108. func (key rsaSingingKey) SignKey() interface{} {

  109. 	return key.key

  110. }

  111. 

  112. func (key rsaSingingKey) VerifyKey() interface{} {

  113. 	return key.key.Public()

  114. }

  115. 

  116. func (key rsaSingingKey) ToJWK() (map[string]string, error) {

  117. 	pubKey := key.key.Public().(*rsa.PublicKey)

  118. 

  119. 	return map[string]string{

  120. 		"kty": "RSA",

  121. 		"alg": key.SigningMethod().Alg(),

  122. 		"kid": key.id,

  123. 		"e":   base64.RawURLEncoding.EncodeToString(big.NewInt(int64(pubKey.E)).Bytes()),

  124. 		"n":   base64.RawURLEncoding.EncodeToString(pubKey.N.Bytes()),

  125. 	}, nil

  126. }

  127. 

  128. func (key rsaSingingKey) PreProcessToken(token *jwt.Token) {

  129. 	token.Header["kid"] = key.id

  130. }

  131. 

  132. type eddsaSigningKey struct {

  133. 	signingMethod jwt.SigningMethod

  134. 	key           ed25519.PrivateKey

  135. 	id            string

  136. }

  137. 

  138. func newEdDSASingingKey(signingMethod jwt.SigningMethod, key ed25519.PrivateKey) (eddsaSigningKey, error) {

  139. 	kid, err := createPublicKeyFingerprint(key.Public().(ed25519.PublicKey))

  140. 	if err != nil {

  141. 		return eddsaSigningKey{}, err

  142. 	}

  143. 

  144. 	return eddsaSigningKey{

  145. 		signingMethod,

  146. 		key,

  147. 		base64.RawURLEncoding.EncodeToString(kid),

  148. 	}, nil

  149. }

  150. 

  151. func (key eddsaSigningKey) IsSymmetric() bool {

  152. 	return false

  153. }

  154. 

  155. func (key eddsaSigningKey) SigningMethod() jwt.SigningMethod {

  156. 	return key.signingMethod

  157. }

  158. 

  159. func (key eddsaSigningKey) SignKey() interface{} {

  160. 	return key.key

  161. }

  162. 

  163. func (key eddsaSigningKey) VerifyKey() interface{} {

  164. 	return key.key.Public()

  165. }

  166. 

  167. func (key eddsaSigningKey) ToJWK() (map[string]string, error) {

  168. 	pubKey := key.key.Public().(ed25519.PublicKey)

  169. 

  170. 	return map[string]string{

  171. 		"alg": key.SigningMethod().Alg(),

  172. 		"kid": key.id,

  173. 		"kty": "OKP",

  174. 		"crv": "Ed25519",

  175. 		"x":   base64.RawURLEncoding.EncodeToString(pubKey),

  176. 	}, nil

  177. }

  178. 

  179. func (key eddsaSigningKey) PreProcessToken(token *jwt.Token) {

  180. 	token.Header["kid"] = key.id

  181. }

  182. 

  183. type ecdsaSingingKey struct {

  184. 	signingMethod jwt.SigningMethod

  185. 	key           *ecdsa.PrivateKey

  186. 	id            string

  187. }

  188. 

  189. func newECDSASingingKey(signingMethod jwt.SigningMethod, key *ecdsa.PrivateKey) (ecdsaSingingKey, error) {

  190. 	kid, err := createPublicKeyFingerprint(key.Public().(*ecdsa.PublicKey))

  191. 	if err != nil {

  192. 		return ecdsaSingingKey{}, err

  193. 	}

  194. 

  195. 	return ecdsaSingingKey{

  196. 		signingMethod,

  197. 		key,

  198. 		base64.RawURLEncoding.EncodeToString(kid),

  199. 	}, nil

  200. }

  201. 

  202. func (key ecdsaSingingKey) IsSymmetric() bool {

  203. 	return false

  204. }

  205. 

  206. func (key ecdsaSingingKey) SigningMethod() jwt.SigningMethod {

  207. 	return key.signingMethod

  208. }

  209. 

  210. func (key ecdsaSingingKey) SignKey() interface{} {

  211. 	return key.key

  212. }

  213. 

  214. func (key ecdsaSingingKey) VerifyKey() interface{} {

  215. 	return key.key.Public()

  216. }

  217. 

  218. func (key ecdsaSingingKey) ToJWK() (map[string]string, error) {

  219. 	pubKey := key.key.Public().(*ecdsa.PublicKey)

  220. 

  221. 	return map[string]string{

  222. 		"kty": "EC",

  223. 		"alg": key.SigningMethod().Alg(),

  224. 		"kid": key.id,

  225. 		"crv": pubKey.Params().Name,

  226. 		"x":   base64.RawURLEncoding.EncodeToString(pubKey.X.Bytes()),

  227. 		"y":   base64.RawURLEncoding.EncodeToString(pubKey.Y.Bytes()),

  228. 	}, nil

  229. }

  230. 

  231. func (key ecdsaSingingKey) PreProcessToken(token *jwt.Token) {

  232. 	token.Header["kid"] = key.id

  233. }

  234. 

  235. // createPublicKeyFingerprint creates a fingerprint of the given key.

  236. // The fingerprint is the sha256 sum of the PKIX structure of the key.

  237. func createPublicKeyFingerprint(key interface{}) ([]byte, error) {

  238. 	bytes, err := x509.MarshalPKIXPublicKey(key)

  239. 	if err != nil {

  240. 		return nil, err

  241. 	}

  242. 

  243. 	checksum := sha256.Sum256(bytes)

  244. 

  245. 	return checksum[:], nil

  246. }

  247. 

  248. // CreateJWTSigningKey creates a signing key from an algorithm / key pair.

  249. func CreateJWTSigningKey(algorithm string, key interface{}) (JWTSigningKey, error) {

  250. 	var signingMethod jwt.SigningMethod

  251. 	switch algorithm {

  252. 	case "HS256":

  253. 		signingMethod = jwt.SigningMethodHS256

  254. 	case "HS384":

  255. 		signingMethod = jwt.SigningMethodHS384

  256. 	case "HS512":

  257. 		signingMethod = jwt.SigningMethodHS512

  258. 

  259. 	case "RS256":

  260. 		signingMethod = jwt.SigningMethodRS256

  261. 	case "RS384":

  262. 		signingMethod = jwt.SigningMethodRS384

  263. 	case "RS512":

  264. 		signingMethod = jwt.SigningMethodRS512

  265. 

  266. 	case "ES256":

  267. 		signingMethod = jwt.SigningMethodES256

  268. 	case "ES384":

  269. 		signingMethod = jwt.SigningMethodES384

  270. 	case "ES512":

  271. 		signingMethod = jwt.SigningMethodES512

  272. 	case "EdDSA":

  273. 		signingMethod = jwt.SigningMethodEdDSA

  274. 	default:

  275. 		return nil, ErrInvalidAlgorithmType{algorithm}

  276. 	}

  277. 

  278. 	switch signingMethod.(type) {

  279. 	case *jwt.SigningMethodEd25519:

  280. 		privateKey, ok := key.(ed25519.PrivateKey)

  281. 		if !ok {

  282. 			return nil, jwt.ErrInvalidKeyType

  283. 		}

  284. 		return newEdDSASingingKey(signingMethod, privateKey)

  285. 	case *jwt.SigningMethodECDSA:

  286. 		privateKey, ok := key.(*ecdsa.PrivateKey)

  287. 		if !ok {

  288. 			return nil, jwt.ErrInvalidKeyType

  289. 		}

  290. 		return newECDSASingingKey(signingMethod, privateKey)

  291. 	case *jwt.SigningMethodRSA:

  292. 		privateKey, ok := key.(*rsa.PrivateKey)

  293. 		if !ok {

  294. 			return nil, jwt.ErrInvalidKeyType

  295. 		}

  296. 		return newRSASingingKey(signingMethod, privateKey)

  297. 	default:

  298. 		secret, ok := key.([]byte)

  299. 		if !ok {

  300. 			return nil, jwt.ErrInvalidKeyType

  301. 		}

  302. 		return hmacSigningKey{signingMethod, secret}, nil

  303. 	}

  304. }

  305. 

  306. // DefaultSigningKey is the default signing key for JWTs.

  307. var DefaultSigningKey JWTSigningKey

  308. 

  309. // InitSigningKey creates the default signing key from settings or creates a random key.

  310. func InitSigningKey() error {

  311. 	var err error

  312. 	var key interface{}

  313. 

  314. 	switch setting.OAuth2.JWTSigningAlgorithm {

  315. 	case "HS256":

  316. 		fallthrough

  317. 	case "HS384":

  318. 		fallthrough

  319. 	case "HS512":

  320. 		key, err = loadOrCreateSymmetricKey()

  321. 

  322. 	case "RS256":

  323. 		fallthrough

  324. 	case "RS384":

  325. 		fallthrough

  326. 	case "RS512":

  327. 		fallthrough

  328. 	case "ES256":

  329. 		fallthrough

  330. 	case "ES384":

  331. 		fallthrough

  332. 	case "ES512":

  333. 		fallthrough

  334. 	case "EdDSA":

  335. 		key, err = loadOrCreateAsymmetricKey()

  336. 

  337. 	default:

  338. 		return ErrInvalidAlgorithmType{setting.OAuth2.JWTSigningAlgorithm}

  339. 	}

  340. 

  341. 	if err != nil {

  342. 		return fmt.Errorf("Error while loading or creating JWT key: %v", err)

  343. 	}

  344. 

  345. 	signingKey, err := CreateJWTSigningKey(setting.OAuth2.JWTSigningAlgorithm, key)

  346. 	if err != nil {

  347. 		return err

  348. 	}

  349. 

  350. 	DefaultSigningKey = signingKey

  351. 

  352. 	return nil

  353. }

  354. 

  355. // loadOrCreateSymmetricKey checks if the configured secret is valid.

  356. // If it is not valid a new secret is created and saved in the configuration file.

  357. func loadOrCreateSymmetricKey() (interface{}, error) {

  358. 	key := make([]byte, 32)

  359. 	n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64))

  360. 	if err != nil || n != 32 {

  361. 		key, err = generate.NewJwtSecret()

  362. 		if err != nil {

  363. 			log.Fatal("error generating JWT secret: %v", err)

  364. 			return nil, err

  365. 		}

  366. 

  367. 		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {

  368. 			secretBase64 := base64.RawURLEncoding.EncodeToString(key)

  369. 			cfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)

  370. 		})

  371. 	}

  372. 

  373. 	return key, nil

  374. }

  375. 

  376. // loadOrCreateAsymmetricKey checks if the configured private key exists.

  377. // If it does not exist a new random key gets generated and saved on the configured path.

  378. func loadOrCreateAsymmetricKey() (interface{}, error) {

  379. 	keyPath := setting.OAuth2.JWTSigningPrivateKeyFile

  380. 

  381. 	isExist, err := util.IsExist(keyPath)

  382. 	if err != nil {

  383. 		log.Fatal("Unable to check if %s exists. Error: %v", keyPath, err)

  384. 	}

  385. 	if !isExist {

  386. 		err := func() error {

  387. 			key, err := func() (interface{}, error) {

  388. 				switch {

  389. 				case strings.HasPrefix(setting.OAuth2.JWTSigningAlgorithm, "RS"):

  390. 					return rsa.GenerateKey(rand.Reader, 4096)

  391. 				case setting.OAuth2.JWTSigningAlgorithm == "EdDSA":

  392. 					_, pk, err := ed25519.GenerateKey(rand.Reader)

  393. 					return pk, err

  394. 				default:

  395. 					return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

  396. 				}

  397. 			}()

  398. 			if err != nil {

  399. 				return err

  400. 			}

  401. 

  402. 			bytes, err := x509.MarshalPKCS8PrivateKey(key)

  403. 			if err != nil {

  404. 				return err

  405. 			}

  406. 

  407. 			privateKeyPEM := &pem.Block{Type: "PRIVATE KEY", Bytes: bytes}

  408. 

  409. 			if err := os.MkdirAll(filepath.Dir(keyPath), os.ModePerm); err != nil {

  410. 				return err

  411. 			}

  412. 

  413. 			f, err := os.OpenFile(keyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)

  414. 			if err != nil {

  415. 				return err

  416. 			}

  417. 			defer func() {

  418. 				if err = f.Close(); err != nil {

  419. 					log.Error("Close: %v", err)

  420. 				}

  421. 			}()

  422. 

  423. 			return pem.Encode(f, privateKeyPEM)

  424. 		}()

  425. 		if err != nil {

  426. 			log.Fatal("Error generating private key: %v", err)

  427. 			return nil, err

  428. 		}

  429. 	}

  430. 

  431. 	bytes, err := os.ReadFile(keyPath)

  432. 	if err != nil {

  433. 		return nil, err

  434. 	}

  435. 

  436. 	block, _ := pem.Decode(bytes)

  437. 	if block == nil {

  438. 		return nil, fmt.Errorf("no valid PEM data found in %s", keyPath)

  439. 	} else if block.Type != "PRIVATE KEY" {

  440. 		return nil, fmt.Errorf("expected PRIVATE KEY, got %s in %s", block.Type, keyPath)

  441. 	}

  442. 

  443. 	return x509.ParsePKCS8PrivateKey(block.Bytes)

  444. }