Skip to content

Commit

Permalink
update key signer algo
Browse files Browse the repository at this point in the history
  • Loading branch information
duytiennguyen-okta committed Sep 21, 2023
1 parent af9d5a2 commit 20a67e0
Showing 1 changed file with 32 additions and 12 deletions.
44 changes: 32 additions & 12 deletions .generator/templates/client.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ package {{packageName}}
import (
"bytes"
"context"
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/json"
"encoding/pem"
Expand Down Expand Up @@ -233,27 +235,45 @@ func (a *JWTAuth) Authorize() error {
}

func createKeySigner(privateKey, privateKeyID string) (jose.Signer, error) {
var signerOptions *jose.SignerOptions
if privateKeyID != "" {
signerOptions = (&jose.SignerOptions{}).WithHeader("kid", privateKeyID)
}

priv := []byte(strings.ReplaceAll(privateKey, `\n`, "\n"))

privPem, _ := pem.Decode(priv)
if privPem == nil {
return nil, errors.New("invalid private key")
}
if privPem.Type != "RSA PRIVATE KEY" {
return nil, fmt.Errorf("RSA private key is of the wrong type")
}

parsedKey, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
if err != nil {
return nil, err
if privPem.Type == "RSA PRIVATE KEY" {
parsedKey, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
if err != nil {
return nil, err
}
return jose.NewSigner(jose.SigningKey{Algorithm: jose.RS256, Key: parsedKey}, signerOptions)
}

var signerOptions *jose.SignerOptions
if privateKeyID != "" {
signerOptions = (&jose.SignerOptions{}).WithHeader("kid", privateKeyID)
if privPem.Type == "PRIVATE KEY" {
parsedKey, err := x509.ParsePKCS8PrivateKey(privPem.Bytes)
if err != nil {
return nil, err
}
var alg jose.SignatureAlgorithm
switch parsedKey.(type) {
case *rsa.PrivateKey:
alg = jose.RS256
case *ecdsa.PrivateKey:
alg = jose.ES256 // TODO handle ES384 or ES512 ?
default:
// TODO are either of these also valid?
// ed25519.PrivateKey:
// *ecdh.PrivateKey
return nil, fmt.Errorf("private key %q is unknown pkcs#8 format type", privPem.Type)
}
return jose.NewSigner(jose.SigningKey{Algorithm: alg, Key: parsedKey}, signerOptions)
}

return jose.NewSigner(jose.SigningKey{Algorithm: jose.RS256, Key: parsedKey}, signerOptions)
return nil, fmt.Errorf("private key %q is not pkcs#1 or pkcs#8 format", privPem.Type)
}

func createClientAssertion(orgURL, clientID string, privateKeySinger jose.Signer) (clientAssertion string, err error) {
Expand Down

0 comments on commit 20a67e0

Please sign in to comment.