Skip to content

Commit

Permalink
feat: add flag to export public keys (#3684)
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr authored Dec 28, 2023
1 parent f9cee32 commit 62c006b
Show file tree
Hide file tree
Showing 7 changed files with 452 additions and 5 deletions.
12 changes: 11 additions & 1 deletion cmd/cmd_create_jwks.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ package cmd
import (
"context"

"github.com/ory/hydra/v2/jwk"

"github.com/spf13/cobra"

hydra "github.com/ory/hydra-client-go/v2"
Expand Down Expand Up @@ -46,12 +48,20 @@ func NewCreateJWKSCmd() *cobra.Command {
return cmdx.PrintOpenAPIError(cmd, err)
}

if flagx.MustGetBool(cmd, "public") {
jwks.Keys, err = jwk.OnlyPublicSDKKeys(jwks.Keys)
if err != nil {
return err
}
}

cmdx.PrintTable(cmd, &outputJSONWebKeyCollection{Keys: jwks.Keys, Set: args[0]})
return nil
},
}
cmd.Root().Name()

cmd.Flags().String(alg, "RS256", "The algorithm to be used to generated they key. Supports: RS256, RS512, ES256, ES512, EdDSA")
cmd.Flags().String(use, "sig", "The intended use of this key. Supports: sig, enc")
cmd.Flags().Bool("public", false, "Only return public keys")
return cmd
}
8 changes: 8 additions & 0 deletions cmd/cmd_create_jwks_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,12 @@ func TestCreateJWKS(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, expected.Keys[0].KeyID, actual.Get("keys.0.kid").String())
})

t.Run("case=gets jwks public", func(t *testing.T) {
set := uuid.Must(uuid.NewV4()).String()
actual := gjson.Parse(cmdx.ExecNoErr(t, c, set, "--use", "enc", "--alg", "RS256", "--public"))

assert.NotEmptyf(t, actual.Get("keys.0.kid").String(), "Expected kid to be set but got: %s", actual.Raw)
assert.Empty(t, actual.Get("keys.0.p").String(), "public key should not contain private key components: %s", actual.Raw)
})
}
23 changes: 20 additions & 3 deletions cmd/cmd_get_jwks.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,28 @@ package cmd
import (
"github.com/spf13/cobra"

"github.com/ory/hydra/v2/jwk"
"github.com/ory/x/flagx"

"github.com/ory/hydra/v2/cmd/cliclient"
"github.com/ory/x/cmdx"
)

func NewGetJWKSCmd() *cobra.Command {
return &cobra.Command{
cmd := &cobra.Command{
Use: "jwk set-1 [set-2] ...",
Aliases: []string{"jwks"},
Args: cobra.MinimumNArgs(1),
Short: "Get one or more JSON Web Key Set by its ID(s)",
Long: `This command gets all the details about an JSON Web Key. You can use this command in combination with jq.`,
Example: `To get the JSON Web Key Set's secret, run:
Example: `To get the JSON Web Key Set's use, run:
{{ .CommandPath }} <set-id> | jq -r '.[].use'
{{ .CommandPath }} <set-id> | jq -r '.[].use'`,
To get the JSON Web Key Set as only public keys:
{{ .CommandPath }} --public <set-id>'
`,
RunE: func(cmd *cobra.Command, args []string) error {
m, _, err := cliclient.NewClient(cmd)
if err != nil {
Expand All @@ -36,6 +44,13 @@ func NewGetJWKSCmd() *cobra.Command {
sets.Keys = append(sets.Keys, key.Keys...)
}

if flagx.MustGetBool(cmd, "public") {
sets.Keys, err = jwk.OnlyPublicSDKKeys(sets.Keys)
if err != nil {
return err
}
}

if len(sets.Keys) == 1 {
cmdx.PrintRow(cmd, outputJsonWebKey{Set: args[0], JsonWebKey: sets.Keys[0]})
} else if len(sets.Keys) > 1 {
Expand All @@ -45,4 +60,6 @@ func NewGetJWKSCmd() *cobra.Command {
return nil
},
}
cmd.Flags().Bool("public", false, "Only return public keys")
return cmd
}
14 changes: 13 additions & 1 deletion cmd/cmd_get_jwks_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (
"github.com/ory/x/cmdx"
)

func TestGetJwks(t *testing.T) {
func TestGetJWKS(t *testing.T) {
ctx := context.Background()
c := cmd.NewGetJWKSCmd()
reg := setup(t, c)
Expand All @@ -34,4 +34,16 @@ func TestGetJwks(t *testing.T) {

assert.Equal(t, expected.Keys[0].KeyID, actual.Get("kid").String())
})

t.Run("case=gets jwks public", func(t *testing.T) {
actual := gjson.Parse(cmdx.ExecNoErr(t, c, set, "--public"))

expected, err := reg.KeyManager().GetKeySet(ctx, set)
require.NoError(t, err)

assert.Equal(t, expected.Keys[0].KeyID, actual.Get("kid").String())

assert.NotEmptyf(t, actual.Get("kid").String(), "Expected kid to be set but got: %s", actual.Raw)
assert.Empty(t, actual.Get("p").String(), "public key should not contain private key components: %s", actual.Raw)
})
}
Loading

0 comments on commit 62c006b

Please sign in to comment.