You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Alexander Rojas <al...@mesosphere.io> on 2018/07/02 10:20:05 UTC

Re: Review Request 67425: [WIP] Implement a JWK Set parser converting JWKs into RSA keys.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67425/#review205633
-----------------------------------------------------------




3rdparty/libprocess/include/process/jwk_rsa.hpp
Lines 33 (patched)
<https://reviews.apache.org/r/67425/#comment288496>

    A while ago I was playing with a similar concept as this, and since both a `Signer` and a `Verifier` share many things, I came up with the following interface:
    
    ```c++
    class Hasher
    {
     public:
      /// Verifies that the signature matches the message based using
      /// the secrets known to this hasher instance. If there is an
      /// error during the process, an instance of Error should be
      /// returned.
      virtual Try<bool> verify(
          const std::string& message, const std::string& signature) const = 0;
    
      /// Computes the signature of the given message.
      virtual Try<std::string> sign(const std::string& message) const = 0;
    
      /// Returns the algorithm implemented by the hasher instance.
      virtual JWT::Alg algorithm() const = 0;
    };
    ```
    
    It works pretty well for symmetric algorithms, and for public/private key I returned error on the equivalent side if it was initialized with only one key.



3rdparty/libprocess/include/process/jwk_rsa.hpp
Lines 50 (patched)
<https://reviews.apache.org/r/67425/#comment288495>

    We don't use hungarian notation. If needed, rather follow google codestye (i.e. `privateKey_` instead of `m_privateKey`).



3rdparty/libprocess/include/process/jwk_rsa.hpp
Lines 75 (patched)
<https://reviews.apache.org/r/67425/#comment288497>

    Any reason why this is `shared_ptr` and not `unique_ptr`?



3rdparty/libprocess/include/process/jwk_set.hpp
Lines 46 (patched)
<https://reviews.apache.org/r/67425/#comment288499>

    if the constructor is only used through `parse()`, perhaps we should make it at least protected.



3rdparty/libprocess/include/process/jwk_set.hpp
Lines 72 (patched)
<https://reviews.apache.org/r/67425/#comment288500>

    I think mesos prefers to use `getSigners()` for accessors.



3rdparty/libprocess/src/jwk_set.cpp
Lines 40 (patched)
<https://reviews.apache.org/r/67425/#comment288502>

    I would break this as follows:
    
    ```c++
    using BIGNUMDeleter = void(*)(BIGNUM*);
    using BIGNUMPtr = std::unique_ptr<BIGNUM, BIGNUMDeleter>;
    ```
    
    However, I didn't find any single instance of this kind of alias anywhere in the code base.



3rdparty/libprocess/src/jwk_set.cpp
Lines 48 (patched)
<https://reviews.apache.org/r/67425/#comment288498>

    mixed `snake_style` and `camelStyle`. I think the project prefers `camelStyle` (except in stout)



3rdparty/libprocess/src/jwk_set.cpp
Lines 203 (patched)
<https://reviews.apache.org/r/67425/#comment288505>

    prefer to use `dp != nullptr && dq != nullptr…`



3rdparty/libprocess/src/jwk_set.cpp
Lines 262 (patched)
<https://reviews.apache.org/r/67425/#comment288504>

    we don't break on `else`



3rdparty/libprocess/src/jwk_set.cpp
Lines 272 (patched)
<https://reviews.apache.org/r/67425/#comment288503>

    add a `// namespace {` at the end.


- Alexander Rojas


On June 4, 2018, 3:27 p.m., Clement Michaud wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67425/
> -----------------------------------------------------------
> 
> (Updated June 4, 2018, 3:27 p.m.)
> 
> 
> Review request for mesos and Alexander Rojas.
> 
> 
> Bugs: MESOS-8974
>     https://issues.apache.org/jira/browse/MESOS-8974
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> JWT implementation can handle multiple type of keys for signing and
> validating JSON web tokens. IETF defined a JSON representation of those
> keys in
> https://tools.ietf.org/html/rfc7517. This review implements this RFC.
> 
> This commit adds a parser to convert a JSON into a JWK set containing
> RSA keys compatible with the implementation of RS256 in the JWT library.
> 
> The parser only supports parsing of  RSA keys for now but it can support
> multiple types of keys such as elliptic curve keys and symmetric keys
> as documented in the JWA RFC.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am d434001fbc49d337b6e29f6ac8c9c7475922a819 
>   3rdparty/libprocess/include/process/jwk.hpp PRE-CREATION 
>   3rdparty/libprocess/include/process/jwk_rsa.hpp PRE-CREATION 
>   3rdparty/libprocess/include/process/jwk_set.hpp PRE-CREATION 
>   3rdparty/libprocess/src/jwk_rsa.cpp PRE-CREATION 
>   3rdparty/libprocess/src/jwk_set.cpp PRE-CREATION 
>   3rdparty/libprocess/src/tests/jwk_set_tests.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/67425/diff/1/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Clement Michaud
> 
>