cmd/cmd_import_jwk.go
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package cmd
import (
"bytes"
"encoding/json"
"fmt"
"io"
"os"
"github.com/gofrs/uuid"
"github.com/spf13/cobra"
hydra "github.com/ory/hydra-client-go/v2"
"github.com/ory/hydra/v2/cmd/cli"
"github.com/ory/hydra/v2/cmd/cliclient"
"github.com/ory/x/cmdx"
"github.com/ory/x/flagx"
"github.com/ory/x/josex"
)
func NewKeysImportCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "jwk set-id file-1 [file-2] [file-n]",
Args: cobra.MinimumNArgs(1),
Example: `{{ .CommandPath }} my-set ./path/to/jwk.json ./path/to/jwk-2.json --format json
{{ .CommandPath }} my-set ./path/to/rsa.key ./path/to/rsa.pub --use enc`,
Short: "Imports JSON Web Keys from one or more JSON files.",
Long: `This command allows you to import JSON Web Keys from one or more JSON files or STDIN to the JSON Web Key Store.
Currently supported formats are raw JSON Web Keys or PEM/DER encoded data. If the JSON Web Key Set exists already,
the imported keys will be added to that set. Otherwise, a new set will be created.`,
RunE: func(cmd *cobra.Command, args []string) error {
m, _, err := cliclient.NewClient(cmd)
if err != nil {
return err
}
set := args[0]
streams := map[string]io.Reader{}
if len(args) == 1 {
streams["STDIN"] = cmd.InOrStdin()
} else {
for _, path := range args[1:] {
contents, err := os.ReadFile(path)
if err != nil {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not open file %s: %s", path, err)
return cmdx.FailSilently(cmd)
}
streams[path] = bytes.NewReader(contents)
}
}
keys := map[string][]hydra.JsonWebKey{}
for src, stream := range streams {
content, err := io.ReadAll(stream)
if err != nil {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not read from %s: %s", src, err)
return cmdx.FailSilently(cmd)
}
var key interface{}
if priv, privErr := josex.LoadPrivateKey(content); privErr == nil {
key = priv
} else if pub, pubErr := josex.LoadPublicKey(content); pubErr == nil {
key = pub
} else {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not decode key from `%s` to public nor private keys: %s; %s", src, privErr, pubErr)
}
key = cli.ToSDKFriendlyJSONWebKey(key, "", "")
type jwk hydra.JsonWebKey // opt out of OpenAPI-generated UnmarshalJSON
var (
buf bytes.Buffer
jsonWebKey jwk
)
if err := json.NewEncoder(&buf).Encode(key); err != nil {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not encode key from `%s` to JSON: %s", src, err)
return cmdx.FailSilently(cmd)
}
if err := json.NewDecoder(&buf).Decode(&jsonWebKey); err != nil {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not decode key from `%s` from JSON: %s", src, err)
return cmdx.FailSilently(cmd)
}
if len(jsonWebKey.Kid) == 0 {
jsonWebKey.Kid = uuid.Must(uuid.NewV4()).String()
}
if len(jsonWebKey.Alg) == 0 {
jsonWebKey.Alg = flagx.MustGetString(cmd, "alg")
}
if len(jsonWebKey.Alg) == 0 {
_, _ = fmt.Fprint(cmd.ErrOrStderr(), "Flag `--alg` is required when imported key does not define the `alg` field itself.")
return cmdx.FailSilently(cmd)
}
if len(jsonWebKey.Use) == 0 {
jsonWebKey.Use = flagx.MustGetString(cmd, "use")
}
if len(jsonWebKey.Use) == 0 {
_, _ = fmt.Fprint(cmd.ErrOrStderr(), "Flag `--use` is required when imported key does not define the `use` field itself.")
return cmdx.FailSilently(cmd)
}
keys[src] = append(keys[src], hydra.JsonWebKey(jsonWebKey))
}
imported := make([]hydra.JsonWebKey, 0, len(keys))
failed := make(map[string]error)
for src, kk := range keys {
for _, k := range kk {
result, _, err := m.JwkApi.SetJsonWebKey(cmd.Context(), set, k.Kid).JsonWebKey(k).Execute() //nolint:bodyclose
if err != nil {
failed[src] = cmdx.PrintOpenAPIError(cmd, err)
continue
}
imported = append(imported, *result)
}
}
cmdx.PrintTable(cmd, &outputJSONWebKeyCollection{Set: set, Keys: imported})
if len(failed) != 0 {
cmdx.PrintErrors(cmd, failed)
return cmdx.FailSilently(cmd)
}
return nil
},
}
cmd.Flags().String("use", "sig", "Sets the \"use\" value of the JSON Web Key if no \"use\" value was defined by the key itself. Required when importing PEM/DER encoded data.")
cmd.Flags().String("alg", "", "Sets the \"alg\" value of the JSON Web Key if not \"alg\" value was defined by the key itself. Required when importing PEM/DER encoded data.")
return cmd
}