mirror of https://github.com/ory/hydra
49 lines
1.0 KiB
Go
49 lines
1.0 KiB
Go
// Copyright © 2022 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package jwk
|
|
|
|
import (
|
|
"crypto/x509"
|
|
|
|
"github.com/go-jose/go-jose/v3"
|
|
"github.com/gofrs/uuid"
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/ory/x/josex"
|
|
)
|
|
|
|
func GenerateJWK(alg jose.SignatureAlgorithm, kid, use string) (*jose.JSONWebKeySet, error) {
|
|
bits := 0
|
|
if alg == jose.RS256 || alg == jose.RS384 || alg == jose.RS512 {
|
|
bits = 4096
|
|
}
|
|
|
|
_, priv, err := josex.NewSigningKey(alg, bits)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(ErrUnsupportedKeyAlgorithm, "%s", err)
|
|
}
|
|
|
|
if len(kid) == 0 {
|
|
kid = uuid.Must(uuid.NewV4()).String()
|
|
}
|
|
|
|
if len(use) == 0 {
|
|
use = "sig"
|
|
}
|
|
|
|
return &jose.JSONWebKeySet{
|
|
Keys: []jose.JSONWebKey{
|
|
{
|
|
Algorithm: string(alg),
|
|
Key: priv,
|
|
Use: use,
|
|
KeyID: kid,
|
|
Certificates: []*x509.Certificate{},
|
|
CertificateThumbprintSHA256: []byte{},
|
|
CertificateThumbprintSHA1: []byte{},
|
|
},
|
|
},
|
|
}, nil
|
|
}
|