From 58e27e8073cfd02c7a632d062ffd7772171c84b6 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Wed, 30 Jun 2021 14:10:38 +0200
Subject: [PATCH] simplify KeyProvider interface

---
 pkg/op/keys.go                 | 7 +++++--
 pkg/op/op.go                   | 4 ++--
 pkg/op/verifier_jwt_profile.go | 7 ++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/op/keys.go b/pkg/op/keys.go
index 4b8d607..c4b11d4 100644
--- a/pkg/op/keys.go
+++ b/pkg/op/keys.go
@@ -1,13 +1,16 @@
 package op
 
 import (
+	"context"
 	"net/http"
 
+	"gopkg.in/square/go-jose.v2"
+
 	"github.com/caos/oidc/pkg/utils"
 )
 
 type KeyProvider interface {
-	Storage() Storage
+	GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
 }
 
 func keysHandler(k KeyProvider) func(http.ResponseWriter, *http.Request) {
@@ -17,7 +20,7 @@ func keysHandler(k KeyProvider) func(http.ResponseWriter, *http.Request) {
 }
 
 func Keys(w http.ResponseWriter, r *http.Request, k KeyProvider) {
-	keySet, err := k.Storage().GetKeySet(r.Context())
+	keySet, err := k.GetKeySet(r.Context())
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		utils.MarshalJSON(w, err)
diff --git a/pkg/op/op.go b/pkg/op/op.go
index 518ffdf..241f0ce 100644
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@@ -74,7 +74,7 @@ func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router
 	router.HandleFunc(o.IntrospectionEndpoint().Relative(), introspectionHandler(o))
 	router.HandleFunc(o.UserinfoEndpoint().Relative(), userinfoHandler(o))
 	router.Handle(o.EndSessionEndpoint().Relative(), intercept(endSessionHandler(o)))
-	router.HandleFunc(o.KeysEndpoint().Relative(), keysHandler(o))
+	router.HandleFunc(o.KeysEndpoint().Relative(), keysHandler(o.Storage()))
 	return router
 }
 
@@ -281,7 +281,7 @@ func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 	if !ok {
 		return nil, errors.New("invalid kid")
 	}
-	return jws.Verify(key)
+	return jws.Verify(&key)
 }
 
 type Option func(o *openidProvider) error
diff --git a/pkg/op/verifier_jwt_profile.go b/pkg/op/verifier_jwt_profile.go
index 24b1e7c..e7784b5 100644
--- a/pkg/op/verifier_jwt_profile.go
+++ b/pkg/op/verifier_jwt_profile.go
@@ -122,13 +122,10 @@ type jwtProfileKeySet struct {
 
 //VerifySignature implements oidc.KeySet by getting the public key from Storage implementation
 func (k *jwtProfileKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error) {
-	keyID, alg := oidc.GetKeyIDAndAlg(jws)
+	keyID, _ := oidc.GetKeyIDAndAlg(jws)
 	key, err := k.storage.GetKeyByIDAndUserID(ctx, keyID, k.userID)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching keys: %w", err)
 	}
-	if key.Algorithm != alg {
-
-	}
-	return jws.Verify(&key)
+	return jws.Verify(key)
 }