2016-07-25 20:00:28 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
2017-03-08 18:33:19 +00:00
|
|
|
"context"
|
2016-07-25 20:00:28 +00:00
|
|
|
"crypto/rand"
|
|
|
|
"crypto/rsa"
|
|
|
|
"encoding/hex"
|
2017-07-19 17:19:20 +00:00
|
|
|
"errors"
|
2016-07-25 20:00:28 +00:00
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"gopkg.in/square/go-jose.v2"
|
|
|
|
|
2019-02-22 12:19:23 +00:00
|
|
|
"github.com/dexidp/dex/pkg/log"
|
2018-09-03 06:44:44 +00:00
|
|
|
"github.com/dexidp/dex/storage"
|
2016-07-25 20:00:28 +00:00
|
|
|
)
|
|
|
|
|
2017-07-19 17:19:20 +00:00
|
|
|
var errAlreadyRotated = errors.New("keys already rotated by another server instance")
|
|
|
|
|
2016-07-25 20:00:28 +00:00
|
|
|
// rotationStrategy describes a strategy for generating cryptographic keys, how
|
|
|
|
// often to rotate them, and how long they can validate signatures after rotation.
|
|
|
|
type rotationStrategy struct {
|
|
|
|
// Time between rotations.
|
2016-10-17 17:55:05 +00:00
|
|
|
rotationFrequency time.Duration
|
2016-07-25 20:00:28 +00:00
|
|
|
|
2017-03-01 20:03:28 +00:00
|
|
|
// After being rotated how long should the key be kept around for validating
|
|
|
|
// signatues?
|
|
|
|
idTokenValidFor time.Duration
|
2016-07-25 20:00:28 +00:00
|
|
|
|
|
|
|
// Keys are always RSA keys. Though cryptopasta recommends ECDSA keys, not every
|
|
|
|
// client may support these (e.g. github.com/coreos/go-oidc/oidc).
|
|
|
|
key func() (*rsa.PrivateKey, error)
|
|
|
|
}
|
|
|
|
|
|
|
|
// staticRotationStrategy returns a strategy which never rotates keys.
|
|
|
|
func staticRotationStrategy(key *rsa.PrivateKey) rotationStrategy {
|
|
|
|
return rotationStrategy{
|
|
|
|
// Setting these values to 100 years is easier than having a flag indicating no rotation.
|
2016-10-17 17:55:05 +00:00
|
|
|
rotationFrequency: time.Hour * 8760 * 100,
|
2017-03-01 20:03:28 +00:00
|
|
|
idTokenValidFor: time.Hour * 8760 * 100,
|
2016-10-17 17:55:05 +00:00
|
|
|
key: func() (*rsa.PrivateKey, error) { return key, nil },
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// defaultRotationStrategy returns a strategy which rotates keys every provided period,
|
|
|
|
// holding onto the public parts for some specified amount of time.
|
2017-03-01 20:03:28 +00:00
|
|
|
func defaultRotationStrategy(rotationFrequency, idTokenValidFor time.Duration) rotationStrategy {
|
2016-07-25 20:00:28 +00:00
|
|
|
return rotationStrategy{
|
2016-10-17 17:55:05 +00:00
|
|
|
rotationFrequency: rotationFrequency,
|
2017-03-01 20:03:28 +00:00
|
|
|
idTokenValidFor: idTokenValidFor,
|
2016-07-25 20:00:28 +00:00
|
|
|
key: func() (*rsa.PrivateKey, error) {
|
|
|
|
return rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-20 03:01:56 +00:00
|
|
|
type keyRotator struct {
|
2016-07-25 20:00:28 +00:00
|
|
|
storage.Storage
|
|
|
|
|
|
|
|
strategy rotationStrategy
|
2016-10-13 01:51:32 +00:00
|
|
|
now func() time.Time
|
2016-12-12 22:54:01 +00:00
|
|
|
|
2019-02-22 12:19:23 +00:00
|
|
|
logger log.Logger
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2016-10-13 01:51:32 +00:00
|
|
|
// startKeyRotation begins key rotation in a new goroutine, closing once the context is canceled.
|
|
|
|
//
|
|
|
|
// The method blocks until after the first attempt to rotate keys has completed. That way
|
|
|
|
// healthy storages will return from this call with valid keys.
|
2016-12-12 22:54:01 +00:00
|
|
|
func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy, now func() time.Time) {
|
2020-12-20 03:01:56 +00:00
|
|
|
rotator := keyRotator{s.storage, strategy, now, s.logger}
|
2016-07-25 20:00:28 +00:00
|
|
|
|
2016-10-13 01:51:32 +00:00
|
|
|
// Try to rotate immediately so properly configured storages will have keys.
|
2020-12-20 03:01:56 +00:00
|
|
|
if err := rotator.rotate(); err != nil {
|
2017-07-19 17:19:20 +00:00
|
|
|
if err == errAlreadyRotated {
|
|
|
|
s.logger.Infof("Key rotation not needed: %v", err)
|
|
|
|
} else {
|
|
|
|
s.logger.Errorf("failed to rotate keys: %v", err)
|
|
|
|
}
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
go func() {
|
2016-10-13 01:51:32 +00:00
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
|
|
|
return
|
2016-10-17 17:47:47 +00:00
|
|
|
case <-time.After(time.Second * 30):
|
2020-12-20 03:01:56 +00:00
|
|
|
if err := rotator.rotate(); err != nil {
|
2016-12-12 22:54:01 +00:00
|
|
|
s.logger.Errorf("failed to rotate keys: %v", err)
|
2016-10-13 01:51:32 +00:00
|
|
|
}
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
2020-12-20 03:01:56 +00:00
|
|
|
func (k keyRotator) rotate() error {
|
2016-07-25 20:00:28 +00:00
|
|
|
keys, err := k.GetKeys()
|
|
|
|
if err != nil && err != storage.ErrNotFound {
|
|
|
|
return fmt.Errorf("get keys: %v", err)
|
|
|
|
}
|
|
|
|
if k.now().Before(keys.NextRotation) {
|
|
|
|
return nil
|
|
|
|
}
|
2016-12-12 22:54:01 +00:00
|
|
|
k.logger.Infof("keys expired, rotating")
|
2016-07-25 20:00:28 +00:00
|
|
|
|
|
|
|
// Generate the key outside of a storage transaction.
|
|
|
|
key, err := k.strategy.key()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("generate key: %v", err)
|
|
|
|
}
|
|
|
|
b := make([]byte, 20)
|
|
|
|
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
keyID := hex.EncodeToString(b)
|
|
|
|
priv := &jose.JSONWebKey{
|
|
|
|
Key: key,
|
|
|
|
KeyID: keyID,
|
|
|
|
Algorithm: "RS256",
|
|
|
|
Use: "sig",
|
|
|
|
}
|
|
|
|
pub := &jose.JSONWebKey{
|
|
|
|
Key: key.Public(),
|
|
|
|
KeyID: keyID,
|
|
|
|
Algorithm: "RS256",
|
|
|
|
Use: "sig",
|
|
|
|
}
|
|
|
|
|
|
|
|
var nextRotation time.Time
|
|
|
|
err = k.Storage.UpdateKeys(func(keys storage.Keys) (storage.Keys, error) {
|
|
|
|
tNow := k.now()
|
2017-04-11 17:48:08 +00:00
|
|
|
|
|
|
|
// if you are running multiple instances of dex, another instance
|
|
|
|
// could have already rotated the keys.
|
2016-07-25 20:00:28 +00:00
|
|
|
if tNow.Before(keys.NextRotation) {
|
2017-07-19 17:19:20 +00:00
|
|
|
return storage.Keys{}, errAlreadyRotated
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2017-03-01 20:03:28 +00:00
|
|
|
expired := func(key storage.VerificationKey) bool {
|
|
|
|
return tNow.After(key.Expiry)
|
|
|
|
}
|
2017-01-09 18:46:16 +00:00
|
|
|
|
2017-03-01 20:03:28 +00:00
|
|
|
// Remove any verification keys that have expired.
|
|
|
|
i := 0
|
2016-07-25 20:00:28 +00:00
|
|
|
for _, key := range keys.VerificationKeys {
|
2017-03-01 20:03:28 +00:00
|
|
|
if !expired(key) {
|
2016-07-25 20:00:28 +00:00
|
|
|
keys.VerificationKeys[i] = key
|
|
|
|
i++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
keys.VerificationKeys = keys.VerificationKeys[:i]
|
|
|
|
|
|
|
|
if keys.SigningKeyPub != nil {
|
2017-03-01 20:03:28 +00:00
|
|
|
// Move current signing key to a verification only key, throwing
|
|
|
|
// away the private part.
|
2016-07-25 20:00:28 +00:00
|
|
|
verificationKey := storage.VerificationKey{
|
|
|
|
PublicKey: keys.SigningKeyPub,
|
2017-03-01 20:03:28 +00:00
|
|
|
// After demoting the signing key, keep the token around for at least
|
|
|
|
// the amount of time an ID Token is valid for. This ensures the
|
|
|
|
// verification key won't expire until all ID Tokens it's signed
|
|
|
|
// expired as well.
|
|
|
|
Expiry: tNow.Add(k.strategy.idTokenValidFor),
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
keys.VerificationKeys = append(keys.VerificationKeys, verificationKey)
|
|
|
|
}
|
|
|
|
|
2016-10-17 17:55:05 +00:00
|
|
|
nextRotation = k.now().Add(k.strategy.rotationFrequency)
|
2016-07-25 20:00:28 +00:00
|
|
|
keys.SigningKey = priv
|
|
|
|
keys.SigningKeyPub = pub
|
|
|
|
keys.NextRotation = nextRotation
|
|
|
|
return keys, nil
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-12-12 22:54:01 +00:00
|
|
|
k.logger.Infof("keys rotated, next rotation: %s", nextRotation)
|
2016-07-25 20:00:28 +00:00
|
|
|
return nil
|
|
|
|
}
|