2021-02-01 18:26:50 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2021 Gravitational, Inc.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
|
|
|
|
|
2021-02-04 15:50:18 +00:00
|
|
|
"github.com/gravitational/teleport/api/types"
|
2021-02-01 18:26:50 +00:00
|
|
|
"github.com/gravitational/teleport/lib/utils"
|
2021-02-04 15:50:18 +00:00
|
|
|
|
2021-02-01 18:26:50 +00:00
|
|
|
"github.com/gravitational/trace"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// UnmarshalWebSession unmarshals the WebSession resource from JSON.
|
2021-02-04 15:50:18 +00:00
|
|
|
func UnmarshalWebSession(bytes []byte, opts ...MarshalOption) (types.WebSession, error) {
|
2021-02-01 18:26:50 +00:00
|
|
|
cfg, err := CollectOptions(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var h ResourceHeader
|
|
|
|
|
err = json.Unmarshal(bytes, &h)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
switch h.Version {
|
|
|
|
|
case V2:
|
2021-02-04 15:50:18 +00:00
|
|
|
var ws types.WebSessionV2
|
2021-06-01 22:27:20 +00:00
|
|
|
if err := utils.FastUnmarshal(bytes, &ws); err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
2021-02-01 18:26:50 +00:00
|
|
|
}
|
|
|
|
|
utils.UTC(&ws.Spec.BearerTokenExpires)
|
|
|
|
|
utils.UTC(&ws.Spec.Expires)
|
|
|
|
|
|
|
|
|
|
if err := ws.CheckAndSetDefaults(); err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
if cfg.ID != 0 {
|
|
|
|
|
ws.SetResourceID(cfg.ID)
|
|
|
|
|
}
|
|
|
|
|
if !cfg.Expires.IsZero() {
|
|
|
|
|
ws.SetExpiry(cfg.Expires)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &ws, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil, trace.BadParameter("web session resource version %v is not supported", h.Version)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// MarshalWebSession marshals the WebSession resource to JSON.
|
2021-03-11 18:48:38 +00:00
|
|
|
func MarshalWebSession(webSession types.WebSession, opts ...MarshalOption) ([]byte, error) {
|
2021-02-01 18:26:50 +00:00
|
|
|
cfg, err := CollectOptions(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 18:48:38 +00:00
|
|
|
switch webSession := webSession.(type) {
|
2021-02-01 18:26:50 +00:00
|
|
|
case *WebSessionV2:
|
2021-03-11 18:48:38 +00:00
|
|
|
if version := webSession.GetVersion(); version != V2 {
|
|
|
|
|
return nil, trace.BadParameter("mismatched web session version %v and type %T", version, webSession)
|
|
|
|
|
}
|
2021-02-01 18:26:50 +00:00
|
|
|
if !cfg.PreserveResourceID {
|
|
|
|
|
// avoid modifying the original object
|
|
|
|
|
// to prevent unexpected data races
|
|
|
|
|
copy := *webSession
|
|
|
|
|
copy.SetResourceID(0)
|
|
|
|
|
webSession = ©
|
|
|
|
|
}
|
|
|
|
|
return utils.FastMarshal(webSession)
|
|
|
|
|
default:
|
2021-03-11 18:48:38 +00:00
|
|
|
return nil, trace.BadParameter("unrecognized web session version %T", webSession)
|
2021-02-01 18:26:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-04 15:50:18 +00:00
|
|
|
|
|
|
|
|
// MarshalWebToken serializes the web token as JSON-encoded payload
|
2021-03-11 18:48:38 +00:00
|
|
|
func MarshalWebToken(webToken types.WebToken, opts ...MarshalOption) ([]byte, error) {
|
2021-02-04 15:50:18 +00:00
|
|
|
cfg, err := CollectOptions(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
2021-03-11 18:48:38 +00:00
|
|
|
|
|
|
|
|
switch webToken := webToken.(type) {
|
|
|
|
|
case *types.WebTokenV3:
|
|
|
|
|
if version := webToken.GetVersion(); version != V3 {
|
|
|
|
|
return nil, trace.BadParameter("mismatched web token version %v and type %T", version, webToken)
|
2021-02-04 15:50:18 +00:00
|
|
|
}
|
|
|
|
|
if !cfg.PreserveResourceID {
|
|
|
|
|
// avoid modifying the original object
|
|
|
|
|
// to prevent unexpected data races
|
2021-03-11 18:48:38 +00:00
|
|
|
copy := *webToken
|
2021-02-04 15:50:18 +00:00
|
|
|
copy.SetResourceID(0)
|
2021-03-11 18:48:38 +00:00
|
|
|
webToken = ©
|
2021-02-04 15:50:18 +00:00
|
|
|
}
|
2021-03-11 18:48:38 +00:00
|
|
|
return utils.FastMarshal(webToken)
|
2021-02-04 15:50:18 +00:00
|
|
|
default:
|
2021-03-11 18:48:38 +00:00
|
|
|
return nil, trace.BadParameter("unrecognized web token version %T", webToken)
|
2021-02-04 15:50:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalWebToken interprets bytes as JSON-encoded web token value
|
|
|
|
|
func UnmarshalWebToken(bytes []byte, opts ...MarshalOption) (types.WebToken, error) {
|
|
|
|
|
config, err := CollectOptions(opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
var hdr ResourceHeader
|
|
|
|
|
err = json.Unmarshal(bytes, &hdr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
switch hdr.Version {
|
|
|
|
|
case V3:
|
|
|
|
|
var token types.WebTokenV3
|
2021-06-01 22:27:20 +00:00
|
|
|
if err := utils.FastUnmarshal(bytes, &token); err != nil {
|
2021-02-04 15:50:18 +00:00
|
|
|
return nil, trace.BadParameter("invalid web token: %v", err.Error())
|
|
|
|
|
}
|
|
|
|
|
if err := token.CheckAndSetDefaults(); err != nil {
|
|
|
|
|
return nil, trace.Wrap(err)
|
|
|
|
|
}
|
|
|
|
|
if config.ID != 0 {
|
|
|
|
|
token.SetResourceID(config.ID)
|
|
|
|
|
}
|
|
|
|
|
if !config.Expires.IsZero() {
|
|
|
|
|
token.Metadata.SetExpiry(config.Expires)
|
|
|
|
|
}
|
|
|
|
|
utils.UTC(token.Metadata.Expires)
|
|
|
|
|
return &token, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, trace.BadParameter("web token resource version %v is not supported", hdr.Version)
|
|
|
|
|
}
|
