Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support `ECDSA P-256` public keys in Nebula token validation

Browse Source
pull/1662/head
Herman Slatman 4 months ago
parent 26248e8f8e
commit c3c4287010
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File

11
authority/provisioner/nebula.go
Unescape Escape View File

@ -2,6 +2,7 @@ package provisioner
import (
"context"
"crypto/ecdh"
"crypto/ed25519"
"crypto/x509"
"encoding/base64"
@ -338,9 +339,15 @@ func (p *Nebula) authorizeToken(token string, audiences []string) (*nebula.Nebul
}
var pub interface{}
if c.Details.IsCA {
switch {
case c.Details.Curve == nebula.Curve_P256:
// When Nebula is used with ECDSA P-256 keys, both CAs and clients use the same type.
if pub, err = ecdh.P256().NewPublicKey(c.Details.PublicKey); err != nil {
return nil, nil, errs.UnauthorizedErr(err, errs.WithMessage("failed to parse nebula public key"))
}
case c.Details.IsCA:
pub = ed25519.PublicKey(c.Details.PublicKey)
} else {
default:
pub = x25519.PublicKey(c.Details.PublicKey)
}

Write Preview
Loading…
Cancel
Save