3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-06 03:18:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

options: support multiple signing keys

Browse source
This commit is contained in:
Caleb Doxsey 2022-12-20 11:11:52 -07:00
parent c048af7523
commit 41b51d04ef
12 changed files with 223 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

13
authenticate/state.go
View file

@ -2,7 +2,6 @@ package authenticate
import (
"crypto/cipher"
"encoding/base64"
"fmt"
"net/url"
@ -115,16 +114,14 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
if err != nil {
return nil, err
}
if signingKey != "" {
decodedCert, err := base64.StdEncoding.DecodeString(cfg.Options.SigningKey)
if err != nil {
return nil, fmt.Errorf("authenticate: failed to decode signing key: %w", err)
}
jwk, err := cryptutil.PublicJWKFromBytes(decodedCert)
if len(signingKey) > 0 {
ks, err := cryptutil.PublicJWKsFromBytes(signingKey)
if err != nil {
return nil, fmt.Errorf("authenticate: failed to convert jwks: %w", err)
}
state.jwk.Keys = append(state.jwk.Keys, *jwk)
for _, k := range ks {
state.jwk.Keys = append(state.jwk.Keys, *k)
}
}
sharedKey, err := cfg.Options.GetSharedKey()