Return error type when parsing keys to differentiate between public/private error

pkg.go

@@ -18,27 +18,73 @@ import (
 
 	// Standard
 	"crypto"
+	"encoding/json"
 	"fmt"
 	"time"
 )
 
+type KeyType int
+
+const (
+	KeyEd25519 KeyType = iota
+	KeyEcDSA
+)
+
 type Manager struct {
+	KeyType     KeyType
 	privKey     crypto.PrivateKey
 	PubKey      crypto.PublicKey
 	ExpireDays  int
 	Initialized bool
 }
 
-func NewManager(private, public string, expireDays int) (mngr Manager, err error) { // {{{
+type KeyError struct {
-	mngr.privKey, err = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
+	Err error
-	if err != nil {
+	KeyType string // PUBLIC or PRIVATE
+}
+
+func (kerr KeyError) Error() string {
+	return fmt.Sprintf("%s [%s]", kerr.Err.Error(), kerr.KeyType)
+}
+
+func NewManager(keyType KeyType, private, public string, expireDays int) (mngr Manager, err error) { // {{{
+	var errPriv, errPub error
+	mngr.KeyType = keyType
+
+	switch keyType {
+	case KeyEcDSA:
+		/*
+			openssl ecparam -genkey -name secp521r1 -noout >priv.pem
+			openssl pkey -in priv.pem -pubout >pub.pem
+		*/
+		mngr.privKey, errPriv = jwt.ParseECPrivateKeyFromPEM([]byte(private))
+		mngr.PubKey, errPub = jwt.ParseECPublicKeyFromPEM([]byte(public))
+
+	case KeyEd25519:
+		/*
+			openssl genpkey -algorithm ed25519 -out /tmp/priv.pem
+			openssl pkey -in priv.pem -pubout >pub.pem
+		*/
+		mngr.privKey, errPriv = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
+		mngr.PubKey, errPub = jwt.ParseEdPublicKeyFromPEM([]byte(public))
+	}
+
+	if errPriv != nil {
+		err = KeyError{
+			errPriv,
+			"PRIVATE",
+		}
 		return
 	}
 
-	mngr.PubKey, err = jwt.ParseEdPublicKeyFromPEM([]byte(public))
+	if errPub != nil {
-	if err != nil {
+		err = KeyError {
+			errPub,
+			"PUBLIC",
+		}
 		return
 	}
+
 	mngr.ExpireDays = expireDays
 	mngr.Initialized = true
 	return
@@ -62,10 +108,32 @@ func (mngr *Manager) GenerateToken(data map[string]any) (signedString string) {
 	data["iat"] = now.Unix()
 	data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
 
-	token := jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
+	var token *jwt.Token
+	switch mngr.KeyType {
+	case KeyEd25519:
+		token = jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
+	case KeyEcDSA:
+		token = jwt.NewWithClaims(jwt.SigningMethodES512, jwt.MapClaims(data))
+	}
 
 	// Sign and get the complete encoded token as a string using the secret.
-	signedString, _ = token.SignedString(mngr.privKey)
+	var err error
+	signedString, err = token.SignedString(mngr.privKey)
+	if err != nil {
+		j, _ := json.Marshal(struct {
+			Time  time.Time `json:"time"`
+			Level string
+			Msg   string
+			Error string
+		}{
+			time.Now(),
+			"ERROR",
+			"JWT",
+			err.Error(),
+		})
+		fmt.Printf("%s\n", j)
+	}
+
 	return
 } // }}}
 func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
@@ -75,8 +143,17 @@ func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { //
 	// to the callback, providing flexibility.
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
 		// Don't forget to validate the alg is what you expect:
-		if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
+
-			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+		switch mngr.KeyType {
+		case KeyEd25519:
+			if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
+				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+			}
+
+		case KeyEcDSA:
+			if _, ok := token.Method.(*jwt.SigningMethodECDSA); !ok {
+				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+			}
 		}
 
 		return mngr.PubKey, nil