CR changes #3 - cosmetics

microsoft · Jun 7, 2024 · 3cd6faf · 3cd6faf
1 parent 6f1f1e8
commit 3cd6faf
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 18 deletions.
diff --git a/doc/schemas/gov_openapi.json b/doc/schemas/gov_openapi.json
@@ -415,7 +415,7 @@
         },
         "type": "array"
       },
-      "KeyMetadata": {
+      "OpenIDJWKMetadata": {
         "properties": {
           "cert": {
             "$ref": "#/components/schemas/base64string"
@@ -433,9 +433,9 @@
         ],
         "type": "object"
       },
-      "KeyMetadata_array": {
+      "OpenIDJWKMetadata_array": {
         "items": {
-          "$ref": "#/components/schemas/KeyMetadata"
+          "$ref": "#/components/schemas/OpenIDJWKMetadata"
         },
         "type": "array"
       },
@@ -1298,9 +1298,9 @@
         },
         "type": "object"
       },
-      "string_to_KeyMetadata_array": {
+      "string_to_OpenIDJWKMetadata_array": {
         "additionalProperties": {
-          "$ref": "#/components/schemas/KeyMetadata_array"
+          "$ref": "#/components/schemas/OpenIDJWKMetadata_array"
         },
         "type": "object"
       },
@@ -1831,7 +1831,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/string_to_KeyMetadata_array"
+                  "$ref": "#/components/schemas/string_to_OpenIDJWKMetadata_array"
                 }
               }
             },

diff --git a/include/ccf/service/tables/jwt.h b/include/ccf/service/tables/jwt.h
@@ -58,18 +58,18 @@ namespace ccf
   using JwtKeyId = std::string;
   using Cert = std::vector<uint8_t>;
 
-  struct KeyMetadata
+  struct OpenIDJWKMetadata
   {
     Cert cert;
     JwtIssuer issuer;
     std::optional<JwtIssuer> constraint;
   };
-  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(KeyMetadata);
-  DECLARE_JSON_REQUIRED_FIELDS(KeyMetadata, cert, issuer);
-  DECLARE_JSON_OPTIONAL_FIELDS(KeyMetadata, constraint);
+  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(OpenIDJWKMetadata);
+  DECLARE_JSON_REQUIRED_FIELDS(OpenIDJWKMetadata, cert, issuer);
+  DECLARE_JSON_OPTIONAL_FIELDS(OpenIDJWKMetadata, constraint);
 
   using JwtIssuers = ServiceMap<JwtIssuer, JwtIssuerMetadata>;
-  using JwtPublicSigningKeys = ServiceMap<JwtKeyId, std::vector<KeyMetadata>>;
+  using JwtPublicSigningKeys = ServiceMap<JwtKeyId, std::vector<OpenIDJWKMetadata>>;
 
   namespace Tables
   {

diff --git a/src/endpoints/authentication/jwt_auth.cpp b/src/endpoints/authentication/jwt_auth.cpp
@@ -47,8 +47,9 @@ namespace ccf
     const auto issuer_url = http::parse_url_full(constraint);
     if (issuer_url.host != microsoft_entra_domain)
     {
-      return iss == constraint && !tid; // tid is a MSFT-specific claim and
-                                        // shoudn't be set for a non-AAD issuer.
+      return iss == constraint &&
+        !tid; // tid is a MSFT-specific claim and
+              // shoudn't be set for a non-Entra issuer.
     }
 
     // Specify tenant if working with multi-tenant endpoint.
@@ -70,6 +71,9 @@ namespace ccf
     // https://domain.com/tenant_id/something_else
     //
     // Here url.path == "/tenant_id/something_else".
+    //
+    // Check for details here:
+    // https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens#validate-the-issuer.
 
     const auto url = http::parse_url_full(iss);
     const auto tenant_id = first_non_empty_chunk(nonstd::split(url.path, "/"));
@@ -141,7 +145,7 @@ namespace ccf
       auto fallback_key = fallback_keys->get(key_id);
       if (fallback_key)
       {
-        token_keys = std::vector<KeyMetadata>{KeyMetadata{
+        token_keys = std::vector<OpenIDJWKMetadata>{OpenIDJWKMetadata{
           .cert = *fallback_key,
           .issuer = *fallback_issuers->get(key_id),
           .constraint = std::nullopt}};

diff --git a/src/node/gov/handlers/service_state.h b/src/node/gov/handlers/service_state.h
@@ -470,7 +470,7 @@ namespace ccf::gov::endpoints
 
             jwt_keys_handle->foreach(
               [&keys](
-                const ccf::JwtKeyId& k, const std::vector<KeyMetadata>& v) {
+                const ccf::JwtKeyId& k, const std::vector<OpenIDJWKMetadata>& v) {
                 auto keys_info = nlohmann::json::array();
                 for (const auto& metadata : v)
                 {

diff --git a/src/node/rpc/jwt_management.h b/src/node/rpc/jwt_management.h
@@ -86,7 +86,7 @@ namespace ccf
 
       if (it != v.end())
       {
-        std::vector<KeyMetadata> updated(v.begin(), it);
+        std::vector<OpenIDJWKMetadata> updated(v.begin(), it);
         updated.insert(updated.end(), ++it, v.end());
 
         if (!updated.empty())
@@ -290,7 +290,7 @@ namespace ccf
 
     for (auto& [kid, der] : new_keys)
     {
-      KeyMetadata value{der, issuer, std::nullopt};
+      OpenIDJWKMetadata value{der, issuer, std::nullopt};
       const auto it = issuer_constraints.find(kid);
       if (it != issuer_constraints.end())
       {
@@ -343,7 +343,7 @@ namespace ccf
       }
       else
       {
-        keys->put(kid, std::vector<KeyMetadata>{value});
+        keys->put(kid, std::vector<OpenIDJWKMetadata>{value});
       }
     }