From c3ac36190d48dc9863db60f24e8886f9eee5f6eb Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Wed, 26 Jan 2022 11:10:11 +0100
Subject: [PATCH] Support more key formats in config

---
 Cargo.lock                  |  1 +
 crates/config/Cargo.toml    |  1 +
 crates/config/src/oauth2.rs | 15 ++++++++++-----
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 6c506a10..54e9394a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1892,6 +1892,7 @@ dependencies = [
  "lettre",
  "mas-jose",
  "p256",
+ "pem-rfc7468",
  "pkcs8",
  "rand",
  "rsa",
diff --git a/crates/config/Cargo.toml b/crates/config/Cargo.toml
index 6cf00e1b..c4282acc 100644
--- a/crates/config/Cargo.toml
+++ b/crates/config/Cargo.toml
@@ -29,6 +29,7 @@ rsa = { git = "https://github.com/RustCrypto/RSA.git" }
 p256 = { version = "0.10.1", features = ["ecdsa", "pem", "pkcs8"] }
 pkcs8 = { version = "0.8.0", features = ["pem"] }
 elliptic-curve = { version = "0.11.7", features = ["pem", "pkcs8"] }
+pem-rfc7468 = "0.3.1"
 
 indoc = "1.0.3"
 
diff --git a/crates/config/src/oauth2.rs b/crates/config/src/oauth2.rs
index 094208a5..6ccc13d2 100644
--- a/crates/config/src/oauth2.rs
+++ b/crates/config/src/oauth2.rs
@@ -15,7 +15,7 @@
 use anyhow::Context;
 use async_trait::async_trait;
 use mas_jose::{JsonWebKeySet, StaticJwksStore, StaticKeystore};
-use pkcs8::{DecodePrivateKey, EncodePrivateKey};
+use pkcs8::DecodePrivateKey;
 use rsa::{
     pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey},
     RsaPrivateKey,
@@ -146,11 +146,14 @@ impl OAuth2Config {
         for key in &self.keys {
             match key.r#type {
                 KeyType::Ecdsa => {
-                    let key = p256::SecretKey::from_pkcs8_pem(&key.key)?;
+                    let key = p256::SecretKey::from_pkcs1_pem(&key.key)
+                        .or_else(|_| p256::SecretKey::from_pkcs8_pem(&key.key))
+                        .or_else(|_| p256::SecretKey::from_sec1_pem(&key.key))?;
                     store.add_ecdsa_key(key.into())?;
                 }
                 KeyType::Rsa => {
-                    let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)?;
+                    let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)
+                        .or_else(|_| rsa::RsaPrivateKey::from_pkcs8_pem(&key.key))?;
                     store.add_rsa_key(key)?;
                 }
             }
@@ -183,7 +186,9 @@ impl ConfigurationSection<'_> for OAuth2Config {
         .context("could not join blocking task")??;
         let rsa_key = KeyConfig {
             r#type: KeyType::Rsa,
-            key: rsa_key.to_pkcs1_pem(pkcs8::LineEnding::LF)?.to_string(),
+            key: rsa_key
+                .to_pkcs1_pem(pem_rfc7468::LineEnding::LF)?
+                .to_string(),
         };
 
         let span = tracing::info_span!("ecdsa");
@@ -198,7 +203,7 @@ impl ConfigurationSection<'_> for OAuth2Config {
         .context("could not join blocking task")?;
         let ecdsa_key = KeyConfig {
             r#type: KeyType::Ecdsa,
-            key: ecdsa_key.to_pkcs8_pem(pkcs8::LineEnding::LF)?.to_string(),
+            key: ecdsa_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string(),
         };
 
         Ok(Self {