Support more key formats in config

2025-07-29 22:01:14 +03:00 · 2022-01-26 11:10:11 +01:00
parent 3d8d6f81b5
commit c3ac36190d
3 changed files with 12 additions and 5 deletions
--- a/crates/config/Cargo.toml
+++ b/crates/config/Cargo.toml
@ -29,6 +29,7 @@ rsa = { git = "https://github.com/RustCrypto/RSA.git" }
 p256 = { version = "0.10.1", features = ["ecdsa", "pem", "pkcs8"] }
 pkcs8 = { version = "0.8.0", features = ["pem"] }
 elliptic-curve = { version = "0.11.7", features = ["pem", "pkcs8"] }
+pem-rfc7468 = "0.3.1"

 indoc = "1.0.3"

--- a/crates/config/src/oauth2.rs
+++ b/crates/config/src/oauth2.rs
@ -15,7 +15,7 @@
 use anyhow::Context;
 use async_trait::async_trait;
 use mas_jose::{JsonWebKeySet, StaticJwksStore, StaticKeystore};
-use pkcs8::{DecodePrivateKey, EncodePrivateKey};
+use pkcs8::DecodePrivateKey;
 use rsa::{
    pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey},
    RsaPrivateKey,
@ -146,11 +146,14 @@ impl OAuth2Config {
        for key in &self.keys {
            match key.r#type {
                KeyType::Ecdsa => {
-                    let key = p256::SecretKey::from_pkcs8_pem(&key.key)?;
+                    let key = p256::SecretKey::from_pkcs1_pem(&key.key)
+                        .or_else(|_| p256::SecretKey::from_pkcs8_pem(&key.key))
+                        .or_else(|_| p256::SecretKey::from_sec1_pem(&key.key))?;
                    store.add_ecdsa_key(key.into())?;
                }
                KeyType::Rsa => {
-                    let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)?;
+                    let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)
+                        .or_else(|_| rsa::RsaPrivateKey::from_pkcs8_pem(&key.key))?;
                    store.add_rsa_key(key)?;
                }
            }
@ -183,7 +186,9 @@ impl ConfigurationSection<'_> for OAuth2Config {
        .context("could not join blocking task")??;
        let rsa_key = KeyConfig {
            r#type: KeyType::Rsa,
-            key: rsa_key.to_pkcs1_pem(pkcs8::LineEnding::LF)?.to_string(),
+            key: rsa_key
+                .to_pkcs1_pem(pem_rfc7468::LineEnding::LF)?
+                .to_string(),
        };

        let span = tracing::info_span!("ecdsa");
@ -198,7 +203,7 @@ impl ConfigurationSection<'_> for OAuth2Config {
        .context("could not join blocking task")?;
        let ecdsa_key = KeyConfig {
            r#type: KeyType::Ecdsa,
-            key: ecdsa_key.to_pkcs8_pem(pkcs8::LineEnding::LF)?.to_string(),
+            key: ecdsa_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string(),
        };

        Ok(Self {