feat: switch to PKCS8 for private key parsing and handling

- Add `github.com/youmark/pkcs8` import for handling PKCS8 private keys - Initialize `err` variable before reading the private key file - Separate the declaration and assignment of `filecontent` when reading the private key file - Replace `jwt.ParseRSAPrivateKeyFromPEMWithPassword` with `pkcs8.ParsePKCS8PrivateKey` for parsing private keys - Add type assertion to check if the parsed key is of type `*rsa.PrivateKey` - Return `ErrInvalidPrivKey` if the parsed key is not of type `*rsa.PrivateKey` - Update `go.mod` to include `github.com/youmark/pkcs8` dependency Signed-off-by: appleboy <[email protected]>
appleboy · Jan 7, 2025 · abfea8e · abfea8e
1 parent a46e1ec
commit abfea8e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/auth_jwt.go b/auth_jwt.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/youmark/pkcs8"
 )
 
 // MapClaims type that uses the map[string]interface{} for JSON decoding
@@ -248,27 +249,34 @@ func (mw *GinJWTMiddleware) readKeys() error {
 
 func (mw *GinJWTMiddleware) privateKey() error {
 	var keyData []byte
+	var err error
 	if mw.PrivKeyFile == "" {
 		keyData = mw.PrivKeyBytes
 	} else {
-		filecontent, err := os.ReadFile(mw.PrivKeyFile)
+		var filecontent []byte
+		filecontent, err = os.ReadFile(mw.PrivKeyFile)
 		if err != nil {
 			return ErrNoPrivKeyFile
 		}
 		keyData = filecontent
 	}
 
 	if mw.PrivateKeyPassphrase != "" {
-		//nolint:staticcheck
-		key, err := jwt.ParseRSAPrivateKeyFromPEMWithPassword(keyData, mw.PrivateKeyPassphrase)
+		var key interface{}
+		key, err = pkcs8.ParsePKCS8PrivateKey(keyData, []byte(mw.PrivateKeyPassphrase))
 		if err != nil {
 			return ErrInvalidPrivKey
 		}
-		mw.privKey = key
+		rsaKey, ok := key.(*rsa.PrivateKey)
+		if !ok {
+			return ErrInvalidPrivKey
+		}
+		mw.privKey = rsaKey
 		return nil
 	}
 
-	key, err := jwt.ParseRSAPrivateKeyFromPEM(keyData)
+	var key *rsa.PrivateKey
+	key, err = jwt.ParseRSAPrivateKeyFromPEM(keyData)
 	if err != nil {
 		return ErrInvalidPrivKey
 	}

diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.1
 	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/gjson v1.17.1
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -85,6 +85,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
+github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
 golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
 golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=