feat: support PKCS#8

pkg/crypto/key.go

@@ -1,22 +1,45 @@
 package crypto
 
 import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
+
+	"github.com/go-jose/go-jose/v4"
 )
 
-func BytesToPrivateKey(b []byte) (*rsa.PrivateKey, error) {
+var (
+	ErrPEMDecode             = errors.New("PEM decode failed")
+	ErrUnsupportedFormat     = errors.New("key is neither in PKCS#1 nor PKCS#8 format")
+	ErrUnsupportedPrivateKey = errors.New("unsupported key type, must be RSA, ECDSA or ED25519 private key")
+)
+
+func BytesToPrivateKey(b []byte) (crypto.PublicKey, jose.SignatureAlgorithm, error) {
 	block, _ := pem.Decode(b)
 	if block == nil {
-		return nil, errors.New("PEM decode failed")
+		return nil, "", ErrPEMDecode
 	}
 
-	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err == nil {
+		return privateKey, jose.RS256, nil
+	}
+	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
 	if err != nil {
-		return nil, err
+		return nil, "", ErrUnsupportedFormat
+	}
+	switch privateKey := key.(type) {
+	case *rsa.PrivateKey:
+		return privateKey, jose.RS256, nil
+	case ed25519.PrivateKey:
+		return privateKey, jose.EdDSA, nil
+	case *ecdsa.PrivateKey:
+		return privateKey, jose.ES256, nil
+	default:
+		return nil, "", ErrUnsupportedPrivateKey
 	}
-
-	return key, nil
 }