Return error type when parsing keys to differentiate between public/private error

Added support for EcDSA keys
2025-06-09 09:00:30 +02:00 · 2025-06-01 09:54:22 +02:00
1 changed files with 63 additions and 6 deletions
--- a/pkg.go
+++ b/pkg.go
@ -18,6 +18,7 @@ import (
 	// Standard
 	"crypto"
 	"encoding/json"
 	"fmt"
 	"time"
 )
@ -30,32 +31,57 @@ const (
 )
 type Manager struct {
 	KeyType     KeyType
 	privKey     crypto.PrivateKey
 	PubKey      crypto.PublicKey
 	ExpireDays  int
 	Initialized bool
 }
 type KeyError struct {
 	Err error
 	KeyType string // PUBLIC or PRIVATE
 }
 func (kerr KeyError) Error() string {
 	return fmt.Sprintf("%s [%s]", kerr.Err.Error(), kerr.KeyType)
 }
 func NewManager(keyType KeyType, private, public string, expireDays int) (mngr Manager, err error) { // {{{
 	var errPriv, errPub error
 	mngr.KeyType = keyType
 	switch keyType {
 	case KeyEcDSA:
 		/*
 			openssl ecparam -genkey -name secp521r1 -noout >priv.pem
 			openssl pkey -in priv.pem -pubout >pub.pem
 		*/
 		mngr.privKey, errPriv = jwt.ParseECPrivateKeyFromPEM([]byte(private))
 		mngr.PubKey, errPub = jwt.ParseECPublicKeyFromPEM([]byte(public))
 	case KeyEd25519:
 		/*
 			openssl genpkey -algorithm ed25519 -out /tmp/priv.pem
 			openssl pkey -in priv.pem -pubout >pub.pem
 		*/
 		mngr.privKey, errPriv = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
 		mngr.PubKey, errPub = jwt.ParseEdPublicKeyFromPEM([]byte(public))
 	}
 	if errPriv != nil {
-		err = errPriv
+		err = KeyError{
 			errPriv,
 			"PRIVATE",
 		}
 		return
 	}
 	if errPub != nil {
-		err = errPub
+		err = KeyError {
 			errPub,
 			"PUBLIC",
 		}
 		return
 	}
@ -82,10 +108,32 @@ func (mngr *Manager) GenerateToken(data map[string]any) (signedString string) {
 	data["iat"] = now.Unix()
 	data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
-	token := jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
+	var token *jwt.Token
 	switch mngr.KeyType {
 	case KeyEd25519:
 		token = jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
 	case KeyEcDSA:
 		token = jwt.NewWithClaims(jwt.SigningMethodES512, jwt.MapClaims(data))
 	}
 	// Sign and get the complete encoded token as a string using the secret.
-	signedString, _ = token.SignedString(mngr.privKey)
+	var err error
 	signedString, err = token.SignedString(mngr.privKey)
 	if err != nil {
 		j, _ := json.Marshal(struct {
 			Time  time.Time `json:"time"`
 			Level string
 			Msg   string
 			Error string
 		}{
 			time.Now(),
 			"ERROR",
 			"JWT",
 			err.Error(),
 		})
 		fmt.Printf("%s\n", j)
 	}
 	return
 } // }}}
 func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
@ -95,8 +143,17 @@ func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { //
 	// to the callback, providing flexibility.
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
 		// Don't forget to validate the alg is what you expect:
-		if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
+
-			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+		switch mngr.KeyType {
 		case KeyEd25519:
 			if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
 				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
 			}
 		case KeyEcDSA:
 			if _, ok := token.Method.(*jwt.SigningMethodECDSA); !ok {
 				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
 			}
 		}
 		return mngr.PubKey, nil
Author	SHA1	Message	Date
Magnus Åhall	9a5bab8524	Return error type when parsing keys to differentiate between public/private error	2025-06-09 09:00:30 +02:00
Magnus Åhall	06a6738a80	Added support for EcDSA keys	2025-06-01 09:54:22 +02:00