jwk: add use parameter to generated JWKs - closes ory#279 (ory#280)

115100 · Oct 4, 2016 · 05b5f84 · 05b5f84
1 parent e33df89
commit 05b5f84
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
@@ -107,8 +107,8 @@ func (h *Handler) registerRoutes(router *httprouter.Router) {
 	h.Warden = warden.NewHandler(c, router)
 
 	// Create root account if new install
-	h.createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private")
-	h.createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private")
+	createRS256KeysIfNotExist(c, oauth2.ConsentEndpointKey, "private", "sig")
+	createRS256KeysIfNotExist(c, oauth2.ConsentChallengeKey, "private", "sig")
 
 	h.createRootIfNewInstall(c)
 }

diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
@@ -72,10 +72,12 @@ func newOAuth2Provider(c *config.Config, km jwk.Manager) fosite.OAuth2Provider {
 	var ctx = c.Context()
 	var store = ctx.FositeStore
 
+	createRS256KeysIfNotExist(c, oauth2.OpenIDConnectKeyName, "private", "sig")
 	keys, err := km.GetKey(oauth2.OpenIDConnectKeyName, "private")
 	if errors.Cause(err) == pkg.ErrNotFound {
 		logrus.Warnln("Could not find OpenID Connect signing keys. Generating a new keypair...")
 		keys, err = new(jwk.RS256Generator).Generate("")
+
 		pkg.Must(err, "Could not generate signing key for OpenID Connect")
 		km.AddKeySet(oauth2.OpenIDConnectKeyName, keys)
 		logrus.Infoln("Keypair generated.")

diff --git a/cmd/server/helper_keys.go b/cmd/server/helper_keys.go
@@ -11,16 +11,20 @@ import (
 	"github.com/ory-am/hydra/pkg"
 )
 
-func (h *Handler) createRS256KeysIfNotExist(c *config.Config, set, lookup string) {
+func createRS256KeysIfNotExist(c *config.Config, set, kid, use string) {
 	ctx := c.Context()
 	generator := jwk.RS256Generator{}
 
-	if _, err := ctx.KeyManager.GetKey(set, lookup); errors.Cause(err) == pkg.ErrNotFound {
+	if _, err := ctx.KeyManager.GetKey(set, kid); errors.Cause(err) == pkg.ErrNotFound {
 		logrus.Infof("Key pair for signing %s is missing. Creating new one.", set)
 
 		keys, err := generator.Generate("")
 		pkg.Must(err, "Could not generate %s key: %s", set, err)
 
+		for i, k := range keys.Keys {
+			k.Use = use
+			keys.Keys[i] = k
+		}
 		err = ctx.KeyManager.AddKeySet(set, keys)
 		pkg.Must(err, "Could not persist %s key: %s", set, err)
 	}