3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-04 02:18:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix controlplane method, errors

Browse source
This commit is contained in:
Caleb Doxsey 2022-12-20 11:23:29 -07:00
parent 41b51d04ef
commit c26cee9514
2 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/controlplane/http.go
View file

@ -53,7 +53,7 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er
return fmt.Errorf("invalid authenticate URL: %w", err) return fmt.Errorf("invalid authenticate URL: %w", err)
} }
rawSigningKey, err := cfg.Options.GetSigningKey() signingKey, err := cfg.Options.GetSigningKey()
if err != nil { if err != nil {
return fmt.Errorf("invalid signing key: %w", err) return fmt.Errorf("invalid signing key: %w", err)
} }
@ -68,6 +68,6 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er
root.HandleFunc("/ping", handlers.HealthCheck) root.HandleFunc("/ping", handlers.HealthCheck)
root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL)) root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL))
root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL)) root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL))
root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(rawSigningKey, hpkePublicKey)) root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(signingKey, hpkePublicKey))
return nil return nil
} }

14
pkg/cryptutil/jose.go
View file

@ -78,18 +78,19 @@ func loadKeys(data []byte, unmarshal func([]byte) (any, error)) ([]*jose.JSONWeb
func loadPrivateKey(b []byte) (interface{}, error) { func loadPrivateKey(b []byte) (interface{}, error) {
var wrappedErr error var wrappedErr error
var err error var err error
var key any
if key, err := x509.ParseECPrivateKey(b); err == nil { if key, err = x509.ParseECPrivateKey(b); err == nil {
return key, nil return key, nil
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)
if key, err := x509.ParsePKCS1PrivateKey(b); err == nil { if key, err = x509.ParsePKCS1PrivateKey(b); err == nil {
return key, nil return key, nil
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)
if key, err := x509.ParsePKCS8PrivateKey(b); err == nil { if key, err = x509.ParsePKCS8PrivateKey(b); err == nil {
return key, nil return key, nil
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)
@ -101,8 +102,9 @@ func loadPrivateKey(b []byte) (interface{}, error) {
func loadPublicKey(b []byte) (interface{}, error) { func loadPublicKey(b []byte) (interface{}, error) {
var wrappedErr error var wrappedErr error
var err error var err error
var key any
if key, err := loadPrivateKey(b); err == nil { if key, err = loadPrivateKey(b); err == nil {
switch k := key.(type) { switch k := key.(type) {
case *rsa.PrivateKey: case *rsa.PrivateKey:
return k.Public(), nil return k.Public(), nil
@ -114,12 +116,12 @@ func loadPublicKey(b []byte) (interface{}, error) {
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)
if key, err := x509.ParsePKIXPublicKey(b); err == nil { if key, err = x509.ParsePKIXPublicKey(b); err == nil {
return key, nil return key, nil
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)
if key, err := x509.ParseCertificate(b); err == nil { if key, err = x509.ParseCertificate(b); err == nil {
return key, nil return key, nil
} }
wrappedErr = multierror.Append(wrappedErr, err) wrappedErr = multierror.Append(wrappedErr, err)