jwk: add use parameter to generated JWKs - closes #279 (#280)

arekkas · web-flow · commit 05b5f841ef24 · 2016-10-04T13:54:41.000+02:00
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
@@ -107,8 +107,8 @@ func (h *Handler) registerRoutes(router *httprouter.Router) {
 	h.Warden = warden.NewHandler(c, router)
 
 	// Create root account if new install
-	h.createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private")
-	h.createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private")
+	createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private", "sig")
+	createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private", "sig")
 
 	h.createRootIfNewInstall(c)
 }
diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
@@ -72,10 +72,12 @@ func newOAuth2Provider(c *config.Config, km jwk.Manager) fosite.OAuth2Provider {
 	var ctx = c.Context()
 	var store = ctx.FositeStore
 
+	createRS256KeysIfNotExist(c, oauth2.OpenIDConnectKeyName, "private", "sig")
 	keys, err := km.GetKey(oauth2.OpenIDConnectKeyName, "private")
 	if errors.Cause(err) == pkg.ErrNotFound {
 		logrus.Warnln("Could not find OpenID Connect signing keys. Generating a new keypair...")
 		keys, err = new(jwk.RS256Generator).Generate("")
+
 		pkg.Must(err, "Could not generate signing key for OpenID Connect")
 		km.AddKeySet(oauth2.OpenIDConnectKeyName, keys)
 		logrus.Infoln("Keypair generated.")
diff --git a/cmd/server/helper_keys.go b/cmd/server/helper_keys.go
@@ -11,16 +11,20 @@ import (
 	"github.com/ory-am/hydra/pkg"
 )
 
-func (h *Handler) createRS256KeysIfNotExist(c *config.Config, set, lookup string) {
+func createRS256KeysIfNotExist(c *config.Config, set, kid, use string) {
 	ctx := c.Context()
 	generator := jwk.RS256Generator{}
 
-	if _, err := ctx.KeyManager.GetKey(set, lookup); errors.Cause(err) == pkg.ErrNotFound {
+	if _, err := ctx.KeyManager.GetKey(set, kid); errors.Cause(err) == pkg.ErrNotFound {
 		logrus.Infof("Key pair for signing %s is missing. Creating new one.", set)
 
 		keys, err := generator.Generate("")
 		pkg.Must(err, "Could not generate %s key: %s", set, err)
 
+		for i, k := range keys.Keys {
+			k.Use = use
+			keys.Keys[i] = k
+		}
 		err = ctx.KeyManager.AddKeySet(set, keys)
 		pkg.Must(err, "Could not persist %s key: %s", set, err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,8 @@ func (h Handler) registerRoutes(router httprouter.Router) {`
`107`	`107`	`h.Warden = warden.NewHandler(c, router)`
`108`	`108`
`109`	`109`	`// Create root account if new install`
`110`		`- h.createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private")`
`111`		`- h.createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private")`
	`110`	`+ createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private", "sig")`
	`111`	`+ createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private", "sig")`
`112`	`112`
`113`	`113`	`h.createRootIfNewInstall(c)`
`114`	`114`	`}`