mjwt/issuer.go

51 lines
1.2 KiB
Go
Raw Normal View History

package mjwt
import (
"crypto/rand"
"crypto/rsa"
"github.com/golang-jwt/jwt/v4"
"time"
)
type Issuer struct {
issuer string
kid string
2024-07-27 19:25:56 +01:00
signing jwt.SigningMethod
keystore *KeyStore
}
2024-07-27 19:25:56 +01:00
func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
}
2024-07-27 19:25:56 +01:00
func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
i := &Issuer{name, kid, signing, keystore}
if i.keystore.HasPrivateKey(kid) {
return i, nil
}
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, err
}
i.keystore.LoadPrivateKey(kid, key)
return i, i.keystore.SaveSingleKey(kid)
}
func (i *Issuer) GenerateJwt(sub, id string, aud jwt.ClaimStrings, dur time.Duration, claims Claims) (string, error) {
return i.SignJwt(wrapClaims[Claims](sub, id, i.issuer, aud, dur, claims))
}
func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
key, err := i.PrivateKey()
if err != nil {
return "", err
}
2024-07-27 19:25:56 +01:00
token := jwt.NewWithClaims(i.signing, wrapped)
token.Header["kid"] = i.kid
return token.SignedString(key)
}
func (i *Issuer) PrivateKey() (*rsa.PrivateKey, error) {
return i.keystore.GetPrivateKey(i.kid)
}