nodece commented on code in PR #22215:
URL: https://github.com/apache/pulsar/pull/22215#discussion_r1516404806
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java:
##########
@@ -458,4 +485,64 @@ public String getHeader(String name) {
return super.getHeader(name);
}
}
+
+ @Slf4j
+ private static final class JwkResolver implements SigningKeyResolver {
+ @Setter
+ @Getter
+ private static class JwksData {
+ private List<Map<String, Object>> keys;
+ }
+
+ private final Map<String, Jwk> jwks;
+
+ public JwkResolver(String configValue) {
+ try {
+ byte[] bytes = AuthTokenUtils.readKeyFromUrl(configValue);
+ ObjectMapper objectMapper = ObjectMapperFactory.create();
+ JwksData data = objectMapper.reader().readValue(bytes,
JwksData.class);
+ if (data == null || data.getKeys() == null ||
data.getKeys().isEmpty()) {
+ log.warn("No keys in " + data);
+ jwks = Collections.emptyMap();
+ return;
+ }
+ jwks = new LinkedHashMap<>();
+ data.getKeys().forEach((n) -> {
+ Jwk jwk = Jwk.fromValues(n);
+ jwks.put(jwk.getId(), jwk);
+ });
+ if (log.isDebugEnabled()) {
+ log.info("jwks: {}", jwks);
+ }
+ } catch (IOException e) {
+ log.error("Failed to get jwks from {}", configValue, e);
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ private Key get(String keyId) {
Review Comment:
Good idea!
> could supporting these type of keys and a JWKS file at the same time!
If the kid is null, and you only have one key in the JWKS file, we can use
this key to verify your token.
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
