78 lines
1.6 KiB
Go
78 lines
1.6 KiB
Go
package op
|
|
|
|
import (
|
|
"encoding/json"
|
|
|
|
"golang.org/x/net/context"
|
|
"gopkg.in/square/go-jose.v2"
|
|
|
|
"github.com/caos/oidc/pkg/oidc"
|
|
)
|
|
|
|
type Signer interface {
|
|
SignIDToken(claims *oidc.IDTokenClaims) (string, error)
|
|
SignAccessToken(claims *oidc.AccessTokenClaims) (string, error)
|
|
SignatureAlgorithm() jose.SignatureAlgorithm
|
|
}
|
|
|
|
type idTokenSigner struct {
|
|
signer jose.Signer
|
|
storage AuthStorage
|
|
algorithm jose.SignatureAlgorithm
|
|
}
|
|
|
|
func NewDefaultSigner(ctx context.Context, storage AuthStorage) (Signer, error) {
|
|
s := &idTokenSigner{
|
|
storage: storage,
|
|
}
|
|
if err := s.initialize(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
return s, nil
|
|
}
|
|
|
|
func (s *idTokenSigner) initialize(ctx context.Context) error {
|
|
var key *jose.SigningKey
|
|
var err error
|
|
key, err = s.storage.GetSigningKey(ctx)
|
|
if err != nil {
|
|
key, err = s.storage.SaveKeyPair(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
s.signer, err = jose.NewSigner(*key, &jose.SignerOptions{})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
s.algorithm = key.Algorithm
|
|
return nil
|
|
}
|
|
|
|
func (s *idTokenSigner) SignIDToken(claims *oidc.IDTokenClaims) (string, error) {
|
|
payload, err := json.Marshal(claims)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return s.Sign(payload)
|
|
}
|
|
|
|
func (s *idTokenSigner) SignAccessToken(claims *oidc.AccessTokenClaims) (string, error) {
|
|
payload, err := json.Marshal(claims)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return s.Sign(payload)
|
|
}
|
|
|
|
func (s *idTokenSigner) Sign(payload []byte) (string, error) {
|
|
result, err := s.signer.Sign(payload)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return result.CompactSerialize()
|
|
}
|
|
|
|
func (s *idTokenSigner) SignatureAlgorithm() jose.SignatureAlgorithm {
|
|
return s.algorithm
|
|
}
|