-
Notifications
You must be signed in to change notification settings - Fork 0
/
keycloak.go
75 lines (64 loc) · 1.43 KB
/
keycloak.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// Copyright 2018 Kodix LLC. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package main
import (
"crypto/rsa"
"encoding/json"
"fmt"
"github.com/gambol99/go-oidc/jose"
"io/ioutil"
"net/http"
"strings"
)
var openIDConfigPath = ".well-known/openid-configuration"
type openIDConfig struct {
JwksURI string `json:"jwks_uri"`
}
type keyCloakResponse struct {
Keys []jose.JWK `json:"keys"`
}
func loadJwksAddress(iss string) (string, error) {
var resp = new(openIDConfig)
r, err := http.Get(fmt.Sprintf("%s/%s", strings.TrimSuffix(iss, "/"), openIDConfigPath))
if err != nil {
return "", err
}
err = json.NewDecoder(r.Body).Decode(resp)
if err != nil {
return "", err
}
return resp.JwksURI, nil
}
// publicKeyFromKeyCloak - get RSA Public Key from external storage (KeyCloak)
func publicKeyFromKeyCloak(iss string) (*rsa.PublicKey, error) { // TODO: refactor
var (
certPath string
err error
)
certPath, _ = cfg.CertPath(iss)
if certPath == "" {
certPath, err = loadJwksAddress(iss)
if err != nil {
return nil, err
}
}
r, err := http.Get(certPath)
if err != nil {
return nil, err
}
b, err := ioutil.ReadAll(r.Body)
if err != nil {
return nil, err
}
k := keyCloakResponse{}
err = json.Unmarshal(b, &k)
if err != nil {
return nil, err
}
j := k.Keys[0]
return &rsa.PublicKey{
N: j.Modulus,
E: j.Exponent,
}, nil
}