Merge branch 'master' into jwt-profile-storage

# Conflicts: # pkg/op/verifier_jwt_profile.go
2021-06-23 13:51:20 +02:00 · 2021-06-23 13:51:20 +02:00 · e9fc710b1f
commit e9fc710b1f
parent 39fef3e7fb 850faa159d
11 changed files with 175 additions and 55 deletions
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -272,20 +272,16 @@ type openIDKeySet struct {
 //VerifySignature implements the oidc.KeySet interface
 //providing an implementation for the keys stored in the OP Storage interface
 func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error) {
-	keyID := ""
-	for _, sig := range jws.Signatures {
-		keyID = sig.Header.KeyID
-		break
-	}
 	keySet, err := o.Storage.GetKeySet(ctx)
 	if err != nil {
 		return nil, errors.New("error fetching keys")
 	}
-	payload, err, ok := oidc.CheckKey(keyID, jws, keySet.Keys...)
+	keyID, alg := oidc.GetKeyIDAndAlg(jws)
+	key, ok := oidc.FindKey(keyID, oidc.KeyUseSignature, alg, keySet.Keys...)
 	if !ok {
 		return nil, errors.New("invalid kid")
 	}
-	return payload, err
+	return jws.Verify(key)
 }

 type Option func(o *openidProvider) error
--- a/pkg/op/verifier_jwt_profile.go
+++ b/pkg/op/verifier_jwt_profile.go
@ -95,18 +95,13 @@ type jwtProfileKeySet struct {

 //VerifySignature implements oidc.KeySet by getting the public key from Storage implementation
 func (k *jwtProfileKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error) {
-	keyID := ""
-	for _, sig := range jws.Signatures {
-		keyID = sig.Header.KeyID
-		break
-	}
+	keyID, alg := oidc.GetKeyIDAndAlg(jws)
 	key, err := k.storage.GetKeyByIDAndUserID(ctx, keyID, k.userID)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching keys: %w", err)
 	}
-	payload, err, ok := oidc.CheckKey(keyID, jws, *key)
-	if !ok {
-		return nil, errors.New("invalid kid")
+	if key.Algorithm != alg {
+
 	}
-	return payload, err
+	return jws.Verify(&key)
 }