3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 03:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

options: support multiple signing keys (#3828)

Browse source 
* options: support multiple signing keys

* fix controlplane method, errors
This commit is contained in:
Caleb Doxsey 2022-12-22 09:31:09 -07:00 committed by GitHub
parent 753eeff12f
commit 3e892a8533
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 233 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

13
authenticate/state.go
View file

@ -2,7 +2,6 @@ package authenticate
import (
"crypto/cipher"
"encoding/base64"
"fmt"
"net/url"
@ -115,16 +114,14 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
if err != nil {
return nil, err
}
if signingKey != "" {
decodedCert, err := base64.StdEncoding.DecodeString(cfg.Options.SigningKey)
if err != nil {
return nil, fmt.Errorf("authenticate: failed to decode signing key: %w", err)
}
jwk, err := cryptutil.PublicJWKFromBytes(decodedCert)
if len(signingKey) > 0 {
ks, err := cryptutil.PublicJWKsFromBytes(signingKey)
if err != nil {
return nil, fmt.Errorf("authenticate: failed to convert jwks: %w", err)
}
state.jwk.Keys = append(state.jwk.Keys, *jwk)
for _, k := range ks {
state.jwk.Keys = append(state.jwk.Keys, *k)
}
}
sharedKey, err := cfg.Options.GetSharedKey()