diff --git a/internal/controlplane/http.go b/internal/controlplane/http.go index 90c693509..85ce1b4a0 100644 --- a/internal/controlplane/http.go +++ b/internal/controlplane/http.go @@ -53,7 +53,7 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er return fmt.Errorf("invalid authenticate URL: %w", err) } - rawSigningKey, err := cfg.Options.GetSigningKey() + signingKey, err := cfg.Options.GetSigningKey() if err != nil { return fmt.Errorf("invalid signing key: %w", err) } @@ -68,6 +68,6 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er root.HandleFunc("/ping", handlers.HealthCheck) root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL)) root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL)) - root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(rawSigningKey, hpkePublicKey)) + root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(signingKey, hpkePublicKey)) return nil } diff --git a/pkg/cryptutil/jose.go b/pkg/cryptutil/jose.go index 940954fde..3334050d7 100644 --- a/pkg/cryptutil/jose.go +++ b/pkg/cryptutil/jose.go @@ -78,18 +78,19 @@ func loadKeys(data []byte, unmarshal func([]byte) (any, error)) ([]*jose.JSONWeb func loadPrivateKey(b []byte) (interface{}, error) { var wrappedErr error var err error + var key any - if key, err := x509.ParseECPrivateKey(b); err == nil { + if key, err = x509.ParseECPrivateKey(b); err == nil { return key, nil } wrappedErr = multierror.Append(wrappedErr, err) - if key, err := x509.ParsePKCS1PrivateKey(b); err == nil { + if key, err = x509.ParsePKCS1PrivateKey(b); err == nil { return key, nil } wrappedErr = multierror.Append(wrappedErr, err) - if key, err := x509.ParsePKCS8PrivateKey(b); err == nil { + if key, err = x509.ParsePKCS8PrivateKey(b); err == nil { return key, nil } wrappedErr = multierror.Append(wrappedErr, err) @@ -101,8 +102,9 @@ func loadPrivateKey(b []byte) (interface{}, error) { func loadPublicKey(b []byte) (interface{}, error) { var wrappedErr error var err error + var key any - if key, err := loadPrivateKey(b); err == nil { + if key, err = loadPrivateKey(b); err == nil { switch k := key.(type) { case *rsa.PrivateKey: return k.Public(), nil @@ -114,12 +116,12 @@ func loadPublicKey(b []byte) (interface{}, error) { } wrappedErr = multierror.Append(wrappedErr, err) - if key, err := x509.ParsePKIXPublicKey(b); err == nil { + if key, err = x509.ParsePKIXPublicKey(b); err == nil { return key, nil } wrappedErr = multierror.Append(wrappedErr, err) - if key, err := x509.ParseCertificate(b); err == nil { + if key, err = x509.ParseCertificate(b); err == nil { return key, nil } wrappedErr = multierror.Append(wrappedErr, err)