|
| 1 | +package sdk |
| 2 | + |
| 3 | +import ( |
| 4 | + "crypto/ecdsa" |
| 5 | + "crypto/elliptic" |
| 6 | + "crypto/rand" |
| 7 | + "crypto/rsa" |
| 8 | + "errors" |
| 9 | + "fmt" |
| 10 | + |
| 11 | + "github.com/lestrrat-go/jwx/v2/jwa" |
| 12 | + "github.com/lestrrat-go/jwx/v2/jwk" |
| 13 | +) |
| 14 | + |
| 15 | +// Supported DPoP algorithm identifiers (RFC 9449 §4.2). |
| 16 | +const ( |
| 17 | + dpopAlgES256 = "ES256" |
| 18 | + dpopAlgES384 = "ES384" |
| 19 | + dpopAlgES512 = "ES512" |
| 20 | + dpopAlgRS256 = "RS256" |
| 21 | + dpopAlgRS384 = "RS384" |
| 22 | + dpopAlgRS512 = "RS512" |
| 23 | +) |
| 24 | + |
| 25 | +const dpopAllowedAlgs = dpopAlgES256 + ", " + dpopAlgES384 + ", " + dpopAlgES512 + ", " + |
| 26 | + dpopAlgRS256 + ", " + dpopAlgRS384 + ", " + dpopAlgRS512 |
| 27 | + |
| 28 | +// generateDPoPKeyForAlg generates an ephemeral DPoP private key for the given algorithm. |
| 29 | +// Supported algorithms: ES256, ES384, ES512, RS256, RS384, RS512. |
| 30 | +func generateDPoPKeyForAlg(alg string) (jwk.Key, error) { |
| 31 | + switch alg { |
| 32 | + case dpopAlgES256: |
| 33 | + return generateECDSAKey(elliptic.P256(), jwa.ES256) |
| 34 | + case dpopAlgES384: |
| 35 | + return generateECDSAKey(elliptic.P384(), jwa.ES384) |
| 36 | + case dpopAlgES512: |
| 37 | + return generateECDSAKey(elliptic.P521(), jwa.ES512) |
| 38 | + case dpopAlgRS256: |
| 39 | + return generateRSAKey(jwa.RS256) |
| 40 | + case dpopAlgRS384: |
| 41 | + return generateRSAKey(jwa.RS384) |
| 42 | + case dpopAlgRS512: |
| 43 | + return generateRSAKey(jwa.RS512) |
| 44 | + default: |
| 45 | + return nil, fmt.Errorf("unsupported DPoP algorithm %q; allowed: %s", alg, dpopAllowedAlgs) |
| 46 | + } |
| 47 | +} |
| 48 | + |
| 49 | +func generateECDSAKey(curve elliptic.Curve, alg jwa.SignatureAlgorithm) (jwk.Key, error) { |
| 50 | + rawKey, err := ecdsa.GenerateKey(curve, rand.Reader) |
| 51 | + if err != nil { |
| 52 | + return nil, fmt.Errorf("failed to generate ECDSA key: %w", err) |
| 53 | + } |
| 54 | + key, err := jwk.FromRaw(rawKey) |
| 55 | + if err != nil { |
| 56 | + return nil, fmt.Errorf("failed to create JWK from ECDSA key: %w", err) |
| 57 | + } |
| 58 | + if err := key.Set(jwk.AlgorithmKey, alg); err != nil { |
| 59 | + return nil, fmt.Errorf("failed to set algorithm on ECDSA JWK: %w", err) |
| 60 | + } |
| 61 | + return key, nil |
| 62 | +} |
| 63 | + |
| 64 | +func generateRSAKey(alg jwa.SignatureAlgorithm) (jwk.Key, error) { |
| 65 | + const rsaBits = 2048 |
| 66 | + rawKey, err := rsa.GenerateKey(rand.Reader, rsaBits) |
| 67 | + if err != nil { |
| 68 | + return nil, fmt.Errorf("failed to generate RSA key: %w", err) |
| 69 | + } |
| 70 | + key, err := jwk.FromRaw(rawKey) |
| 71 | + if err != nil { |
| 72 | + return nil, fmt.Errorf("failed to create JWK from RSA key: %w", err) |
| 73 | + } |
| 74 | + if err := key.Set(jwk.AlgorithmKey, alg); err != nil { |
| 75 | + return nil, fmt.Errorf("failed to set algorithm on RSA JWK: %w", err) |
| 76 | + } |
| 77 | + return key, nil |
| 78 | +} |
| 79 | + |
| 80 | +// loadDPoPKeyFromPEM parses a PEM-encoded private key and returns it as a jwk.Key. |
| 81 | +// The DPoP algorithm is inferred from the key type: |
| 82 | +// - EC P-256 → ES256, P-384 → ES384, P-521 → ES512 |
| 83 | +// - RSA → RS256 |
| 84 | +func loadDPoPKeyFromPEM(pemBytes []byte) (jwk.Key, error) { |
| 85 | + key, err := jwk.ParseKey(pemBytes, jwk.WithPEM(true)) |
| 86 | + if err != nil { |
| 87 | + return nil, fmt.Errorf("failed to parse DPoP key PEM: %w", err) |
| 88 | + } |
| 89 | + |
| 90 | + // Infer algorithm when not already set in the PEM |
| 91 | + if key.Algorithm() == jwa.NoSignature || key.Algorithm().String() == "" { |
| 92 | + alg, err := inferDPoPAlgorithm(key) |
| 93 | + if err != nil { |
| 94 | + return nil, err |
| 95 | + } |
| 96 | + if err := key.Set(jwk.AlgorithmKey, alg); err != nil { |
| 97 | + return nil, fmt.Errorf("failed to set inferred algorithm on DPoP JWK: %w", err) |
| 98 | + } |
| 99 | + } |
| 100 | + |
| 101 | + return key, nil |
| 102 | +} |
| 103 | + |
| 104 | +func inferDPoPAlgorithm(key jwk.Key) (jwa.SignatureAlgorithm, error) { |
| 105 | + switch key.KeyType() { //nolint:exhaustive // only EC and RSA are valid for DPoP (RFC 9449 §4.2) |
| 106 | + case jwa.EC: |
| 107 | + var rawKey ecdsa.PrivateKey |
| 108 | + if err := key.Raw(&rawKey); err != nil { |
| 109 | + return "", fmt.Errorf("failed to get raw EC key for algorithm inference: %w", err) |
| 110 | + } |
| 111 | + switch rawKey.Curve { |
| 112 | + case elliptic.P256(): |
| 113 | + return jwa.ES256, nil |
| 114 | + case elliptic.P384(): |
| 115 | + return jwa.ES384, nil |
| 116 | + case elliptic.P521(): |
| 117 | + return jwa.ES512, nil |
| 118 | + default: |
| 119 | + return "", errors.New("unsupported EC curve for DPoP") |
| 120 | + } |
| 121 | + case jwa.RSA: |
| 122 | + return jwa.RS256, nil |
| 123 | + default: |
| 124 | + return "", fmt.Errorf("unsupported key type %q for DPoP; only EC and RSA keys are supported", key.KeyType()) |
| 125 | + } |
| 126 | +} |
| 127 | + |
| 128 | +// resolveDPoPKey returns the jwk.Key to use for DPoP based on the config. |
| 129 | +// Priority: dpopJWK (already set/cached) → dpopKeyPEM (load from PEM) → dpopAlgorithm (generate). |
| 130 | +// The resolved key is cached in c.dpopJWK after first resolution. |
| 131 | +// Returns (nil, nil) when no custom DPoP key is configured; callers fall back to auto-generated RSA. |
| 132 | +// |
| 133 | +//nolint:nilnil // nil key signals "use auto-generated RSA path" — not an error condition |
| 134 | +func resolveDPoPKey(c *config) (jwk.Key, error) { |
| 135 | + if c.dpopJWK != nil { |
| 136 | + return c.dpopJWK, nil |
| 137 | + } |
| 138 | + if len(c.dpopKeyPEM) > 0 { //nolint:nestif // linear priority chain with nested error handling — complexity is inherent |
| 139 | + key, err := loadDPoPKeyFromPEM(c.dpopKeyPEM) |
| 140 | + if err != nil { |
| 141 | + return nil, fmt.Errorf("failed to load DPoP key from PEM: %w", err) |
| 142 | + } |
| 143 | + if c.dpopAlgorithm != "" { |
| 144 | + var algVal jwa.SignatureAlgorithm |
| 145 | + if err := algVal.Accept(c.dpopAlgorithm); err != nil { |
| 146 | + return nil, fmt.Errorf("invalid DPoP algorithm override %q: %w", c.dpopAlgorithm, err) |
| 147 | + } |
| 148 | + if err := key.Set(jwk.AlgorithmKey, algVal); err != nil { |
| 149 | + return nil, fmt.Errorf("failed to apply DPoP algorithm override: %w", err) |
| 150 | + } |
| 151 | + } |
| 152 | + c.dpopJWK = key |
| 153 | + return key, nil |
| 154 | + } |
| 155 | + if c.dpopAlgorithm != "" { |
| 156 | + key, err := generateDPoPKeyForAlg(c.dpopAlgorithm) |
| 157 | + if err != nil { |
| 158 | + return nil, fmt.Errorf("failed to generate DPoP key: %w", err) |
| 159 | + } |
| 160 | + c.dpopJWK = key |
| 161 | + return key, nil |
| 162 | + } |
| 163 | + return nil, nil |
| 164 | +} |
0 commit comments