bouncer/internal/integration/kubernetes/keyset.go

package kubernetes

import (
	"bytes"
	"crypto"
	"crypto/sha256"
	"fmt"
	"slices"

	"forge.cadoles.com/cadoles/bouncer/internal/jwk"
	"github.com/pkg/errors"
)

func getKeySetThumbprint(set jwk.Set) (string, error) {
	data := make([][]byte, 0, set.Len())

	for i := 0; i < set.Len(); i++ {
		key, exists := set.Key(i)
		if !exists {
			continue
		}

		thumbprint, err := key.Thumbprint(crypto.SHA256)
		if err != nil {
			return "", errors.WithStack(err)
		}

		data = append(data, thumbprint)
	}

	slices.SortFunc(data, bytes.Compare)

	hash := sha256.New()
	for _, d := range data {
		if _, err := hash.Write(d); err != nil {
			return "", errors.WithStack(err)
		}
	}

	return fmt.Sprintf("%x", hash.Sum(nil)), nil
}
feat(k8s): use secret as shared source for admin private key 2024-03-28 15:53:40 +01:00			`package kubernetes`

			`import (`
			`"bytes"`
			`"crypto"`
			`"crypto/sha256"`
			`"fmt"`
			`"slices"`

			`"forge.cadoles.com/cadoles/bouncer/internal/jwk"`
			`"github.com/pkg/errors"`
			`)`

			`func getKeySetThumbprint(set jwk.Set) (string, error) {`
			`data := make([][]byte, 0, set.Len())`

			`for i := 0; i < set.Len(); i++ {`
			`key, exists := set.Key(i)`
			`if !exists {`
			`continue`
			`}`

			`thumbprint, err := key.Thumbprint(crypto.SHA256)`
			`if err != nil {`
			`return "", errors.WithStack(err)`
			`}`

			`data = append(data, thumbprint)`
			`}`

			`slices.SortFunc(data, bytes.Compare)`

			`hash := sha256.New()`
			`for _, d := range data {`
			`if _, err := hash.Write(d); err != nil {`
			`return "", errors.WithStack(err)`
			`}`
			`}`

			`return fmt.Sprintf("%x", hash.Sum(nil)), nil`
			`}`