3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add signature algo support (RSA / EdDSA) (#1631)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2020-11-30 17:14:41 -08:00 committed by GitHub
parent 652e8bb3d3
commit 5bbd745934
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 376 additions and 269 deletions
Download patch file Download diff file Expand all files Collapse all files

6
authenticate/state.go
View file

@ -108,14 +108,16 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
state.sessionStore = cookieStore
state.sessionLoaders = []sessions.SessionLoader{headerStore, cookieStore}
if cfg.Options.SigningKeyAlgorithm == "" {
cfg.Options.SigningKeyAlgorithm = string(jose.ES256)
}
state.jwk = new(jose.JSONWebKeySet)
if cfg.Options.SigningKey != "" {
decodedCert, err := base64.StdEncoding.DecodeString(cfg.Options.SigningKey)
if err != nil {
return nil, fmt.Errorf("authenticate: failed to decode signing key: %w", err)
}
jwk, err := cryptutil.PublicJWKFromBytes(decodedCert, jose.ES256)
jwk, err := cryptutil.PublicJWKFromBytes(decodedCert, jose.SignatureAlgorithm(cfg.Options.SigningKeyAlgorithm))
if err != nil {
return nil, fmt.Errorf("authenticate: failed to convert jwks: %w", err)
}