matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Support more key formats in config

Browse Source
This commit is contained in:
Quentin Gliech
2022-01-26 11:10:11 +01:00
parent 3d8d6f81b5
commit c3ac36190d
3 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@ -1892,6 +1892,7 @@ dependencies = [
"lettre", "lettre",
"mas-jose", "mas-jose",
"p256", "p256",
"pem-rfc7468",
"pkcs8", "pkcs8",
"rand", "rand",
"rsa", "rsa",

1
crates/config/Cargo.toml
View File

@ -29,6 +29,7 @@ rsa = { git = "https://github.com/RustCrypto/RSA.git" }
p256 = { version = "0.10.1", features = ["ecdsa", "pem", "pkcs8"] } p256 = { version = "0.10.1", features = ["ecdsa", "pem", "pkcs8"] }
pkcs8 = { version = "0.8.0", features = ["pem"] } pkcs8 = { version = "0.8.0", features = ["pem"] }
elliptic-curve = { version = "0.11.7", features = ["pem", "pkcs8"] } elliptic-curve = { version = "0.11.7", features = ["pem", "pkcs8"] }
pem-rfc7468 = "0.3.1"
indoc = "1.0.3" indoc = "1.0.3"

15
crates/config/src/oauth2.rs
View File

@ -15,7 +15,7 @@
use anyhow::Context; use anyhow::Context;
use async_trait::async_trait; use async_trait::async_trait;
use mas_jose::{JsonWebKeySet, StaticJwksStore, StaticKeystore}; use mas_jose::{JsonWebKeySet, StaticJwksStore, StaticKeystore};
use pkcs8::{DecodePrivateKey, EncodePrivateKey}; use pkcs8::DecodePrivateKey;
use rsa::{ use rsa::{
pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey}, pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey},
RsaPrivateKey, RsaPrivateKey,
@ -146,11 +146,14 @@ impl OAuth2Config {
for key in &self.keys { for key in &self.keys {
match key.r#type { match key.r#type {
KeyType::Ecdsa => { KeyType::Ecdsa => {
let key = p256::SecretKey::from_pkcs8_pem(&key.key)?; let key = p256::SecretKey::from_pkcs1_pem(&key.key)
.or_else(|_| p256::SecretKey::from_pkcs8_pem(&key.key))
.or_else(|_| p256::SecretKey::from_sec1_pem(&key.key))?;
store.add_ecdsa_key(key.into())?; store.add_ecdsa_key(key.into())?;
} }
KeyType::Rsa => { KeyType::Rsa => {
let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)?; let key = rsa::RsaPrivateKey::from_pkcs1_pem(&key.key)
.or_else(|_| rsa::RsaPrivateKey::from_pkcs8_pem(&key.key))?;
store.add_rsa_key(key)?; store.add_rsa_key(key)?;
} }
} }
@ -183,7 +186,9 @@ impl ConfigurationSection<'_> for OAuth2Config {
.context("could not join blocking task")??; .context("could not join blocking task")??;
let rsa_key = KeyConfig { let rsa_key = KeyConfig {
r#type: KeyType::Rsa, r#type: KeyType::Rsa,
key: rsa_key.to_pkcs1_pem(pkcs8::LineEnding::LF)?.to_string(), key: rsa_key
.to_pkcs1_pem(pem_rfc7468::LineEnding::LF)?
.to_string(),
}; };
let span = tracing::info_span!("ecdsa"); let span = tracing::info_span!("ecdsa");
@ -198,7 +203,7 @@ impl ConfigurationSection<'_> for OAuth2Config {
.context("could not join blocking task")?; .context("could not join blocking task")?;
let ecdsa_key = KeyConfig { let ecdsa_key = KeyConfig {
r#type: KeyType::Ecdsa, r#type: KeyType::Ecdsa,
key: ecdsa_key.to_pkcs8_pem(pkcs8::LineEnding::LF)?.to_string(), key: ecdsa_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string(),
}; };
Ok(Self { Ok(Self {