Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
73 commits
Select commit Hold shift + click to select a range
a4baf18
types
battermann Aug 24, 2022
c79f021
API and basic test
battermann Aug 25, 2022
7309b66
updated swagger docs
battermann Aug 25, 2022
dbeaaa2
refine API
battermann Aug 26, 2022
d9656e4
ffi stub
battermann Aug 26, 2022
d8d9e79
call client API
battermann Aug 26, 2022
705989f
dummy error
battermann Aug 26, 2022
c178767
little fixes
battermann Aug 29, 2022
a4dfa6f
Update services/brig/src/Brig/API/Error.hs
battermann Aug 29, 2022
cdc25a4
wip
battermann Aug 29, 2022
d61a634
wip
battermann Aug 31, 2022
8ec6517
using pointer and storaable instance
battermann Sep 1, 2022
57fdbcf
return null terminated string
battermann Sep 1, 2022
9f25924
calling rust with c strings
battermann Sep 1, 2022
2188d52
used ExceptT
battermann Sep 1, 2022
c5e208c
re-added rust lib
battermann Sep 1, 2022
7fb0e80
error cases
battermann Sep 5, 2022
478292c
ffi as effect
battermann Sep 5, 2022
0d4d628
some impl
battermann Sep 5, 2022
2d63ccd
get domain and link
battermann Sep 6, 2022
17b0a78
add config values
battermann Sep 6, 2022
0fcd9d3
moved jwt tools from sem to effects
battermann Sep 7, 2022
eb2ed14
public key bundle
battermann Sep 7, 2022
3b5cb65
test for pemkeys
battermann Sep 7, 2022
4a9e65c
pem bundle interpreter and config
battermann Sep 7, 2022
337da59
removed comment
battermann Sep 7, 2022
fa95b4c
removed rust lib and references
battermann Sep 7, 2022
f4d3e82
rusty-jwt-tools via nix
battermann Sep 8, 2022
812a54d
move the test to the test project
battermann Sep 8, 2022
5cb80f4
better types
battermann Sep 8, 2022
6fe37ab
call ffi from brig
battermann Sep 8, 2022
e532650
free the resource
battermann Sep 9, 2022
853b1e0
completed error mapping
battermann Sep 9, 2022
c9ccf21
adressing PR comments, move cache control
battermann Sep 9, 2022
ce467bc
formatf
battermann Sep 9, 2022
b521d9c
removed old routes from nginx conf
battermann Sep 9, 2022
128b999
changelog
battermann Sep 9, 2022
332ba09
clean up
battermann Sep 9, 2022
610106f
rainy day tests
battermann Sep 9, 2022
883fd45
use updated version of the rust library
battermann Sep 13, 2022
24cd71a
error mapping
battermann Sep 14, 2022
e83415d
removed unused constructor
battermann Sep 14, 2022
6a737f4
better errors
battermann Sep 14, 2022
abfc6a1
mv changelog
battermann Sep 14, 2022
abe2b19
updated changelog
battermann Sep 14, 2022
037263c
wip
battermann Sep 14, 2022
e945ed9
set dpop sig bundle via secrets
battermann Sep 14, 2022
8fc0327
little clean up
battermann Sep 15, 2022
8b7c5f4
feature flag for cargo
battermann Sep 15, 2022
8cddb8f
removed print
battermann Sep 15, 2022
7b85126
fixed cargo cmd
battermann Sep 15, 2022
2e87b29
removed default value because it is ignored anyway
battermann Sep 15, 2022
7429d7b
revert formatting in docker file
battermann Sep 26, 2022
ea7ddfe
JSON roundtrip for Nonce
battermann Sep 26, 2022
4a67dd5
nix rust cargo.lock docs
battermann Sep 26, 2022
d5491b0
remove wire-server dependencies from jwt-tools
battermann Sep 26, 2022
b23f9dd
hi ci
battermann Sep 27, 2022
de93ec4
clean up
battermann Sep 28, 2022
ad751ba
clean up
battermann Sep 28, 2022
f1e8676
default dpop expiration time
battermann Sep 28, 2022
44e9717
clean up refactoring
battermann Sep 28, 2022
4154be7
renaming, add type annotation
battermann Sep 28, 2022
4816bf6
make proof header required
battermann Sep 28, 2022
1332f73
using bs version of readFile
battermann Sep 28, 2022
820aafc
removed dead in memory interpreter
battermann Sep 28, 2022
0e7e9d8
format
battermann Sep 28, 2022
3226c9c
cleanup (?)
fisx Sep 28, 2022
23a74cd
Revert "cleanup (?)"
fisx Sep 28, 2022
c2f604c
test for toResult
battermann Sep 28, 2022
f8aa6a9
using bounded enum for error mapping
battermann Sep 28, 2022
0322bd0
Merge remote-tracking branch 'origin/develop' into SQSERVICES-1722-ac…
fisx Sep 28, 2022
6f55e11
whitespace.
fisx Sep 28, 2022
3c51a60
Add a note of warning to the swagger description.
fisx Sep 28, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/ubuntu/Dockerfile.builder
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ RUN cd /tmp && \
git checkout 6370cd556f03f6834d0b8043615ffaf0044ef1fa && \
git rev-parse HEAD

RUN cd /tmp/rusty-jwt-tools && cargo build --release --target x86_64-unknown-linux-gnu
RUN cd /tmp/rusty-jwt-tools && cargo build --features haskell --release --target x86_64-unknown-linux-gnu

FROM ${prebuilder}

Expand Down
2 changes: 1 addition & 1 deletion build/ubuntu/Dockerfile.deps
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ RUN cd /tmp && \
git checkout 6370cd556f03f6834d0b8043615ffaf0044ef1fa && \
git rev-parse HEAD

RUN cd /tmp/rusty-jwt-tools && cargo build --release --target x86_64-unknown-linux-gnu
RUN cd /tmp/rusty-jwt-tools && cargo build --features haskell --release --target x86_64-unknown-linux-gnu


# Minimal dependencies for ubuntu-compiled, dynamically linked wire-server Haskell services
Expand Down
3 changes: 3 additions & 0 deletions cabal.project
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ packages:
, libs/gundeck-types/
, libs/hscim/
, libs/imports/
, libs/jwt-tools/
, libs/metrics-core/
, libs/metrics-wai/
, libs/polysemy-wire-zoo/
Expand Down Expand Up @@ -219,6 +220,8 @@ package hscim
ghc-options: -Werror
package imports
ghc-options: -Werror
package jwt-tools
ghc-options: -Werror
package metrics-core
ghc-options: -Werror
package metrics-wai
Expand Down
1 change: 1 addition & 0 deletions changelog.d/5-internal/pr-2652
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Skeleton implementation of new endpoint for JWT DPoP access token generation (#2652, #2686)
9 changes: 9 additions & 0 deletions charts/brig/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -287,5 +287,14 @@ data:
{{- if .setNonceTtlSecs }}
setNonceTtlSecs: {{ .setNonceTtlSecs }}
{{- end }}
{{- if .setDpopMaxSkewSecs }}
setDpopMaxSkewSecs: {{ .setDpopMaxSkewSecs }}
{{- end }}
{{- if .setDpopTokenExpirationTimeSecs }}
setDpopTokenExpirationTimeSecs: {{ .setDpopTokenExpirationTimeSecs }}
{{- end }}
{{- if $.Values.secrets.dpopSigKeyBundle }}
setPublicKeyBundle: /etc/wire/brig/secrets/dpop_sig_key_bundle.pem
{{- end }}
{{- end }}
{{- end }}
4 changes: 4 additions & 0 deletions charts/brig/templates/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,8 @@ data:
{{- if (not $.Values.config.useSES) }}
smtp-password.txt: {{ .smtpPassword | b64enc | quote }}
{{- end }}
{{- if .dpopSigKeyBundle }}
dpop_sig_key_bundle.pem: {{ .dpopSigKeyBundle | b64enc | quote }}
{{- end }}
{{- end }}

2 changes: 2 additions & 0 deletions charts/brig/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ config:
# - example.com
set2FACodeGenerationDelaySecs: 300 # 5 minutes
setNonceTtlSecs: 300 # 5 minutes
setDpopMaxSkewSecs: 1
setDpopTokenExpirationTimeSecs: 300 # 5 minutes
smtp:
passwordFile: /etc/wire/brig/secrets/smtp-password.txt
proxy: {}
Expand Down
3 changes: 0 additions & 3 deletions charts/nginz/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -484,9 +484,6 @@ nginx_conf:
- path: /mls/public-keys
envs:
- all
- path: /nonce/clients
envs:
- all
gundeck:
- path: /push/api-docs$
envs:
Expand Down
2 changes: 2 additions & 0 deletions deploy/services-demo/conf/brig.demo-docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,8 @@ optSettings:
setEmailVisibility: visible_to_self
setFederationDomain: example.com
setNonceTtlSecs: 300 # 5 minutes
setDpopMaxSkewSecs: 1
setDpopTokenExpirationTimeSecs: 300 # 5 minutes

logLevel: Debug
logNetStrings: false
3 changes: 3 additions & 0 deletions deploy/services-demo/conf/brig.demo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ optSettings:
setEmailVisibility: visible_to_self
setFederationDomain: example.com
setNonceTtlSecs: 300 # 5 minutes
setDpopMaxSkewSecs: 1
setDpopTokenExpirationTimeSecs: 300 # 5 minutes
setPublicKeyBundle: conf/jwt/ed25519_bundle.pem

logLevel: Debug
logNetStrings: false
6 changes: 6 additions & 0 deletions deploy/services-demo/conf/jwt/ed25519_bundle.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIFANnxZLNE4p+GDzWzR3wm/v8x/0bxZYkCyke1aTRucX
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEACPvhIdimF20tOPjbb+fXJrwS2RKDp7686T90AZ0+Th8=
-----END PUBLIC KEY-----
5 changes: 0 additions & 5 deletions deploy/services-demo/conf/nginz/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -286,11 +286,6 @@ http {
proxy_pass http://brig;
}

location /nonce/clients {
include common_response_with_zauth.conf;
proxy_pass http://brig;
}

# Cargohold Endpoints

rewrite ^/api-docs/assets /assets/api-docs?base_url=http://127.0.0.1:8080/ break;
Expand Down
9 changes: 9 additions & 0 deletions hack/helm_vars/wire-server/values.yaml.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ brig:
search_policy: full_search
set2FACodeGenerationDelaySecs: 5
setNonceTtlSecs: 300
setDpopMaxSkewSecs: 1
setDpopTokenExpirationTimeSecs: 300
aws:
sesEndpoint: http://fake-aws-ses:4569
sqsEndpoint: http://fake-aws-sqs:4568
Expand Down Expand Up @@ -111,6 +113,13 @@ brig:
key: "dummy"
secret: "dummy"
smtpPassword: dummy-smtp-password
dpopSigKeyBundle: |
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIFANnxZLNE4p+GDzWzR3wm/v8x/0bxZYkCyke1aTRucX
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEACPvhIdimF20tOPjbb+fXJrwS2RKDp7686T90AZ0+Th8=
-----END PUBLIC KEY-----
tests:
enableFederationTests: true
cannon:
Expand Down
Loading