3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-07 20:08:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

options: support multiple signing keys

Browse source
This commit is contained in:
Caleb Doxsey 2022-12-20 11:11:52 -07:00
parent c048af7523
commit 41b51d04ef
12 changed files with 223 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

8
authorize/evaluator/evaluator.go
View file

@ -223,7 +223,7 @@ func (e *Evaluator) updateStore(cfg *evaluatorConfig) error {
func getJWK(cfg *evaluatorConfig) (*jose.JSONWebKey, error) {
var decodedCert []byte
// if we don't have a signing key, generate one
if cfg.signingKey == "" {
if len(cfg.signingKey) == 0 {
key, err := cryptutil.NewSigningKey()
if err != nil {
return nil, fmt.Errorf("couldn't generate signing key: %w", err)
@ -233,11 +233,7 @@ func getJWK(cfg *evaluatorConfig) (*jose.JSONWebKey, error) {
return nil, fmt.Errorf("bad signing key: %w", err)
}
} else {
var err error
decodedCert, err = base64.StdEncoding.DecodeString(cfg.signingKey)
if err != nil {
return nil, fmt.Errorf("bad signing key: %w", err)
}
decodedCert = cfg.signingKey
}
jwk, err := cryptutil.PrivateJWKFromBytes(decodedCert)