fix: jwt profile request in op

pkg/rp/tockenexchange.go

@@ -2,9 +2,15 @@ package rp
 
 import (
 	"context"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
 
 	"golang.org/x/oauth2"
+	"gopkg.in/square/go-jose.v2"
 
+	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/oidc/grants/tokenexchange"
 )
 
@@ -37,3 +43,54 @@ func TokenExchange(ctx context.Context, request *tokenexchange.TokenExchangeRequ
 func DelegationTokenExchange(ctx context.Context, subjectToken string, rp RelayingParty, reqOpts ...tokenexchange.TokenExchangeOption) (newToken *oauth2.Token, err error) {
 	return TokenExchange(ctx, DelegationTokenRequest(subjectToken, reqOpts...), rp)
 }
+
+func JWTProfileExchange(ctx context.Context, assertion *oidc.JWTProfileAssertion, rp RelayingParty) (*oauth2.Token, error) {
+	token, err := generateJWTProfileToken(assertion)
+	if err != nil {
+		return nil, err
+	}
+	return CallJWTProfileEndpoint(token, rp)
+}
+
+func generateJWTProfileToken(assertion *oidc.JWTProfileAssertion) (string, error) {
+	privateKey, err := bytesToPrivateKey(assertion.PrivateKey)
+	if err != nil {
+		return "", err
+	}
+	key := jose.SigningKey{
+		Algorithm: jose.RS256,
+		Key:       &jose.JSONWebKey{Key: privateKey, KeyID: assertion.PrivateKeyID},
+	}
+	signer, err := jose.NewSigner(key, &jose.SignerOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	jsonadsk, err := json.Marshal(assertion)
+	if err != nil {
+		return "", err
+	}
+	signiert, err := signer.Sign(jsonadsk)
+	if err != nil {
+		return "", err
+	}
+	return signiert.CompactSerialize()
+}
+
+func bytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
+	block, _ := pem.Decode(priv)
+	enc := x509.IsEncryptedPEMBlock(block)
+	b := block.Bytes
+	var err error
+	if enc {
+		b, err = x509.DecryptPEMBlock(block, nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+	key, err := x509.ParsePKCS1PrivateKey(b)
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
+}