Hardware Security Module support

ory · Jul 7, 2021 · 5c2f79b · 5c2f79b
1 parent a4ce354
commit 5c2f79b
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/token/jwt/jwt.go b/token/jwt/jwt.go
@@ -51,7 +51,7 @@ var SHA256HashSize = crypto.SHA256.Size()
 
 // RS256JWTStrategy is responsible for generating and validating JWT challenges
 type RS256JWTStrategy struct {
-	PrivateKey *rsa.PrivateKey
+	PrivateKey interface{}
 }
 
 // Generate generates a new authorize code or returns an error. set secret
@@ -61,12 +61,26 @@ func (j *RS256JWTStrategy) Generate(ctx context.Context, claims MapClaims, heade
 
 // Validate validates a token and returns its signature or an error if the token is not valid.
 func (j *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error) {
-	return validateToken(token, &j.PrivateKey.PublicKey)
+	switch t := j.PrivateKey.(type) {
+	case *rsa.PrivateKey:
+		return validateToken(token, t.PublicKey)
+	case jose.OpaqueSigner:
+		return validateToken(token, t.Public().Key)
+	default:
+		return "", errors.New("Unable to validate token. Invalid PrivateKey type")
+	}
 }
 
 // Decode will decode a JWT token
 func (j *RS256JWTStrategy) Decode(ctx context.Context, token string) (*Token, error) {
-	return decodeToken(token, &j.PrivateKey.PublicKey)
+	switch t := j.PrivateKey.(type) {
+	case *rsa.PrivateKey:
+		return decodeToken(token, t.PublicKey)
+	case jose.OpaqueSigner:
+		return decodeToken(token, t.Public().Key)
+	default:
+		return nil, errors.New("Unable to decode token. Invalid PrivateKey type")
+	}
 }
 
 // GetSignature will return the signature of a token