2 // ========================LICENSE_START=================================
5 // Copyright (C) 2022-2023: Nordix Foundation
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
18 // ========================LICENSE_END===================================
30 "golang.org/x/crypto/ssh"
36 Keys []Key `json:"keys"`
39 Kid string `json:"kid,omitempty"`
40 Kty string `json:"kty"`
41 Alg string `json:"alg"`
42 Use string `json:"use"`
45 X5c []string `json:"x5c"`
46 X5t string `json:"x5t"`
49 func getKeyFromPrivate(key []byte) *rsa.PublicKey {
50 parsed, err := ssh.ParseRawPrivateKey(key)
55 // Convert back to an *rsa.PrivateKey
56 privateKey := parsed.(*rsa.PrivateKey)
58 publicKey := &privateKey.PublicKey
62 func getKeyFromPublic(key []byte) *rsa.PublicKey {
63 pubPem, _ := pem.Decode(key)
65 parsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
67 fmt.Println("Unable to parse RSA public key", err)
70 // Convert back to an *rsa.PublicKey
71 publicKey := parsed.(*rsa.PublicKey)
76 func getCert(cert []byte) *x509.Certificate {
77 certPem, _ := pem.Decode(cert)
79 panic("Failed to parse pem file")
83 certificate, err := x509.ParseCertificate(certPem.Bytes)
85 fmt.Println("Unable to parse Certificate", err)
91 func getPublicKeyFromCert(cert_bytes []byte) *rsa.PublicKey {
92 block, _ := pem.Decode([]byte(cert_bytes))
93 var cert *x509.Certificate
94 cert, _ = x509.ParseCertificate(block.Bytes)
95 rsaPublicKey := cert.PublicKey.(*rsa.PublicKey)
100 func CreateJWKS(certFile string) (string, string, string) {
101 var publicKey *rsa.PublicKey
102 var kid string = "SIGNING_KEY"
104 cert, err := ioutil.ReadFile(certFile)
108 publicKey = getPublicKeyFromCert(cert)
109 publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)
113 publicKeyPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY", Bytes: publicKeyBytes})
114 block, _ := pem.Decode(publicKeyPem)
115 publicKeyString := base64.StdEncoding.EncodeToString(block.Bytes)
117 certificate := getCert(cert)
118 // generate fingerprint with sha1
119 // you can also use md5, sha256, etc.
120 fingerprint := sha1.Sum(certificate.Raw)
127 N: base64.RawStdEncoding.EncodeToString(publicKey.N.Bytes()),
128 E: base64.RawStdEncoding.EncodeToString(big.NewInt(int64(publicKey.E)).Bytes()),
129 X5c: []string{base64.RawStdEncoding.EncodeToString(certificate.Raw)},
130 X5t: base64.RawStdEncoding.EncodeToString(fingerprint[:]),
132 jwksKeys := []Key{jwksKey}
133 jwks := Jwks{jwksKeys}
135 jwksJson, err := json.Marshal(jwks)
139 return string(jwksJson), publicKeyString, kid