mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ddea31193b
OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
84 lines
1.9 KiB
Go
84 lines
1.9 KiB
Go
package utils
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
)
|
|
|
|
// GenerateRsaKeyPair generate an RSA key pair.
|
|
// bits can be 2048 or 4096.
|
|
func GenerateRsaKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey) {
|
|
privkey, _ := rsa.GenerateKey(rand.Reader, bits)
|
|
return privkey, &privkey.PublicKey
|
|
}
|
|
|
|
// ExportRsaPrivateKeyAsPemStr marshal a rsa private key into PEM string.
|
|
func ExportRsaPrivateKeyAsPemStr(privkey *rsa.PrivateKey) string {
|
|
privkeyBytes := x509.MarshalPKCS1PrivateKey(privkey)
|
|
privkeyPem := pem.EncodeToMemory(
|
|
&pem.Block{
|
|
Type: "RSA PRIVATE KEY",
|
|
Bytes: privkeyBytes,
|
|
},
|
|
)
|
|
|
|
return string(privkeyPem)
|
|
}
|
|
|
|
// ParseRsaPrivateKeyFromPemStr parse a RSA private key from PEM string.
|
|
func ParseRsaPrivateKeyFromPemStr(privPEM string) (*rsa.PrivateKey, error) {
|
|
block, _ := pem.Decode([]byte(privPEM))
|
|
if block == nil {
|
|
return nil, errors.New("failed to parse PEM block containing the key")
|
|
}
|
|
|
|
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return priv, nil
|
|
}
|
|
|
|
// ExportRsaPublicKeyAsPemStr marshal a RSA public into a PEM string.
|
|
func ExportRsaPublicKeyAsPemStr(pubkey *rsa.PublicKey) (string, error) {
|
|
pubkeyBytes, err := x509.MarshalPKIXPublicKey(pubkey)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
pubkeyPem := pem.EncodeToMemory(
|
|
&pem.Block{
|
|
Type: "RSA PUBLIC KEY",
|
|
Bytes: pubkeyBytes,
|
|
},
|
|
)
|
|
|
|
return string(pubkeyPem), nil
|
|
}
|
|
|
|
// ParseRsaPublicKeyFromPemStr parse RSA public key from a PEM string.
|
|
func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
|
|
block, _ := pem.Decode([]byte(pubPEM))
|
|
if block == nil {
|
|
return nil, errors.New("failed to parse PEM block containing the key")
|
|
}
|
|
|
|
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch pub := pub.(type) {
|
|
case *rsa.PublicKey:
|
|
return pub, nil
|
|
default:
|
|
break // fall through
|
|
}
|
|
|
|
return nil, errors.New("Key type is not RSA")
|
|
}
|