Remove JWT private key

2020-06-25 22:36:57 +02:00 · 2020-06-25 22:36:57 +02:00 · d2d6f8cacd
commit d2d6f8cacd
parent ff16f2516f
3 changed files with 3 additions and 36 deletions
--- a/go.mod
+++ b/go.mod
@ -55,6 +55,7 @@ require (
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/ory/fosite v0.32.2
 	github.com/pelletier/go-toml v1.4.0 // indirect
+	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.2.0
 	github.com/prometheus/client_golang v1.7.0
 	github.com/samedi/caldav-go v3.0.0+incompatible
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -18,9 +18,6 @@ package config

 import (
 	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
 	"fmt"
 	"log"
 	"os"
@ -39,7 +36,6 @@ type Key string
 const (
 	// #nosec
 	ServiceJWTSecret             Key = `service.JWTSecret`
-	ServiceJWTPrivateKey         Key = `service.JWTPrivateKey`
 	ServiceInterface             Key = `service.interface`
 	ServiceFrontendurl           Key = `service.frontendurl`
 	ServiceEnableCaldav          Key = `service.enablecaldav`
@ -175,18 +171,8 @@ func InitDefaultConfig() {
 		log.Fatal(err.Error())
 	}

-	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
-	if err != nil {
-		log.Fatal(err.Error())
-	}
-	pemData := pem.EncodeToMemory(&pem.Block{
-		Type:  "RSA PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
-	})
-
 	// Service
 	ServiceJWTSecret.setDefault(random)
-	ServiceJWTPrivateKey.setDefault(string(pemData))
 	ServiceInterface.setDefault(":3456")
 	ServiceFrontendurl.setDefault("")
 	ServiceEnableCaldav.setDefault(true)
--- a/pkg/oauth/provider.go
+++ b/pkg/oauth/provider.go
@ -18,37 +18,18 @@ package oauth

 import (
 	"code.vikunja.io/api/pkg/config"
-	"crypto/x509"
-	"encoding/pem"
 	"github.com/ory/fosite"
 	"github.com/ory/fosite/compose"
-	"github.com/ory/fosite/token/jwt"
 )

-var provider fosite.OAuth2Provider
-
-func Provider() fosite.OAuth2Provider {
-	return provider
-}
-
-func InitProvider() error {
+func NewProvider() fosite.OAuth2Provider {
 	storage := newStorage()
 	cfg := &compose.Config{}
-
-	block, _ := pem.Decode([]byte(config.ServiceJWTPrivateKey.GetString()))
-	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
-	if err != nil {
-		return err
-	}
-
-	provider = compose.Compose(
+	return compose.Compose(
 		cfg,
 		storage,
 		&compose.CommonStrategy{
 			CoreStrategy: compose.NewOAuth2HMACStrategy(cfg, []byte(config.ServiceJWTSecret.GetString()), nil),
-			JWTStrategy: &jwt.RS256JWTStrategy{
-				PrivateKey: privateKey,
-			},
 		},
 		nil,

@ -62,5 +43,4 @@ func InitProvider() error {

 		compose.OAuth2PKCEFactory,
 	)
-	return nil
 }