-
Notifications
You must be signed in to change notification settings - Fork 14
/
module.go
55 lines (41 loc) · 1.21 KB
/
module.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package keystore
import (
"crypto/rand"
"crypto/rsa"
"github.com/rs/zerolog"
"go.uber.org/fx"
"github.com/dadrus/heimdall/internal/config"
"github.com/dadrus/heimdall/internal/heimdall"
"github.com/dadrus/heimdall/internal/x/errorchain"
)
// nolint
var Module = fx.Options(
fx.Provide(NewKeyStore),
)
func NewKeyStore(conf config.Configuration, logger zerolog.Logger) (KeyStore, error) {
const rsa2048 = 2048
var (
ks KeyStore
err error
)
if len(conf.Signer.KeyStore) == 0 {
logger.Warn().Msg("Key store is not configured. NEVER DO IT IN PRODUCTION!!!! Generating an RSA key pair.")
var privateKey *rsa.PrivateKey
privateKey, err = rsa.GenerateKey(rand.Reader, rsa2048)
if err != nil {
return nil, errorchain.NewWithMessage(heimdall.ErrInternal,
"failed to generate RSA-2048 key pair").CausedBy(err)
}
ks, err = NewKeyStoreFromKey(privateKey)
} else {
ks, err = NewKeyStoreFromPEMFile(conf.Signer.KeyStore, conf.Signer.Password)
}
if err != nil {
return nil, err
}
logger.Info().Msg("Key store contains following entries")
for _, entry := range ks.Entries() {
logger.Info().Msgf("key_id: %s, algorithm: %s, size: %d", entry.KeyID, entry.Alg, entry.KeySize)
}
return ks, nil
}