jwtResolverMaterial builds operator + account JWTs for a MEMORY resolver. Follows the NATS JWT tutorial: self-signed account, then operator re-sign, with the account identity key listed as a signing key so MintWorkerJWT can use the account seed.
()
| 85 | // Follows the NATS JWT tutorial: self-signed account, then operator re-sign, with the |
| 86 | // account identity key listed as a signing key so MintWorkerJWT can use the account seed. |
| 87 | func jwtResolverMaterial() (operatorJWT, accountJWT, accountSeed string, err error) { |
| 88 | okp, err := nkeys.CreateOperator() |
| 89 | if err != nil { |
| 90 | return "", "", "", err |
| 91 | } |
| 92 | opk, err := okp.PublicKey() |
| 93 | if err != nil { |
| 94 | return "", "", "", err |
| 95 | } |
| 96 | oc := jwt.NewOperatorClaims(opk) |
| 97 | oc.Name = "localai-test-operator" |
| 98 | oskp, err := nkeys.CreateOperator() |
| 99 | if err != nil { |
| 100 | return "", "", "", err |
| 101 | } |
| 102 | ospk, err := oskp.PublicKey() |
| 103 | if err != nil { |
| 104 | return "", "", "", err |
| 105 | } |
| 106 | oc.SigningKeys.Add(ospk) |
| 107 | operatorJWT, err = oc.Encode(okp) |
| 108 | if err != nil { |
| 109 | return "", "", "", err |
| 110 | } |
| 111 | |
| 112 | akp, err := nkeys.CreateAccount() |
| 113 | if err != nil { |
| 114 | return "", "", "", err |
| 115 | } |
| 116 | seed, err := akp.Seed() |
| 117 | if err != nil { |
| 118 | return "", "", "", err |
| 119 | } |
| 120 | accountSeed = string(seed) |
| 121 | |
| 122 | apk, err := akp.PublicKey() |
| 123 | if err != nil { |
| 124 | return "", "", "", err |
| 125 | } |
| 126 | ac := jwt.NewAccountClaims(apk) |
| 127 | ac.Name = "localai-test-account" |
| 128 | ac.SigningKeys.Add(apk) |
| 129 | accountJWT, err = ac.Encode(akp) |
| 130 | if err != nil { |
| 131 | return "", "", "", err |
| 132 | } |
| 133 | ac, err = jwt.DecodeAccountClaims(accountJWT) |
| 134 | if err != nil { |
| 135 | return "", "", "", err |
| 136 | } |
| 137 | accountJWT, err = ac.Encode(oskp) |
| 138 | if err != nil { |
| 139 | return "", "", "", err |
| 140 | } |
| 141 | return operatorJWT, accountJWT, accountSeed, nil |
| 142 | } |
| 143 | |
| 144 | func accountPublicKeyFromSeed(accountSeed string) string { |
no test coverage detected