let TJwtCrypt.Create accept a private key PEM/DER

as alternative to a public key
synopse · May 17, 2024 · 4dd41ad · 4dd41ad
1 parent dcedffe
commit 4dd41ad
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/src/crypt/mormot.crypt.jwt.pas b/src/crypt/mormot.crypt.jwt.pas
@@ -714,6 +714,8 @@   TJwtCrypt = class(TJwtAbstract)
     // - just a wrapper to check that CryptPublicKey[aAlgo] factory do exist
     class function Supports(aAlgo: TCryptAsymAlgo): boolean;
     /// initialize this JWT instance from a supplied public key and algorithm
+    // - aPublicKey is expected to be a public key in PEM or DER format, but
+    // a private key with no password encryption is also accepted here
     // - if no aPublicKey is supplied, it will generate a new key pair and the
     // PublicKey/PrivateKey properties could be used for proper persistence
     // (warning: generating a key pair could be very slow with RSA/RSAPSS)
@@ -1715,8 +1717,15 @@ constructor TJwtCrypt.Create(aAlgo: TCryptAsymAlgo;
               [self, ToText(fKeyAlgo)^]);
   end
   else if not fPublicKey.Load(fKeyAlgo, aPublicKey) then
-    EJwtException.RaiseUtf8('%.Create: impossible to load this % key',
-            [self, ToText(fKeyAlgo)^]);
+  begin
+    // is not a public key: try to load a private key here
+    fPrivateKey := CryptPrivateKey[fKeyAlgo].Create;
+    if not fPrivateKey.Load(fKeyAlgo, nil, aPublicKey, '') or
+       // and generate the associated public key from this private key
+       not fPublicKey.Load(fKeyAlgo, fPrivateKey.ToSubjectPublicKey) then
+      EJwtException.RaiseUtf8('%.Create: impossible to load this % key',
+        [self, ToText(fKeyAlgo)^]);
+  end;
   inherited Create(fAlgorithm, aClaims, aAudience, aExpirationMinutes,
     aIDIdentifier, aIDObfuscationKey, aIDObfuscationKeyNewKdf);
 end;

diff --git a/src/mormot.commit.inc b/src/mormot.commit.inc
@@ -1 +1 @@
-'2.2.7518'
+'2.2.7519'