| 216 | } |
| 217 | |
| 218 | func (a *AuthMeta) GetSignedToken(privateKeyFile string, |
| 219 | expireAfter time.Duration) (string, error) { |
| 220 | claims := clientCustomClaims{ |
| 221 | a.Namespace, |
| 222 | a.AuthVars, |
| 223 | jwt.RegisteredClaims{ |
| 224 | Issuer: "test", |
| 225 | }, |
| 226 | } |
| 227 | if expireAfter != -1 { |
| 228 | claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(expireAfter)) |
| 229 | } |
| 230 | |
| 231 | var signedString string |
| 232 | var err error |
| 233 | if a.Algo == "HS256" { |
| 234 | token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) |
| 235 | signedString, err = token.SignedString([]byte(a.PublicKey)) |
| 236 | return signedString, err |
| 237 | } |
| 238 | if a.Algo != "RS256" { |
| 239 | return signedString, err |
| 240 | |
| 241 | } |
| 242 | keyData, err := os.ReadFile(privateKeyFile) |
| 243 | if err != nil { |
| 244 | return signedString, errors.Errorf("unable to read private key file: %v", err) |
| 245 | } |
| 246 | |
| 247 | privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(keyData) |
| 248 | if err != nil { |
| 249 | return signedString, errors.Errorf("unable to parse private key: %v", err) |
| 250 | } |
| 251 | token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) |
| 252 | signedString, err = token.SignedString(privateKey) |
| 253 | return signedString, err |
| 254 | } |
| 255 | |
| 256 | func (a *AuthMeta) AddClaimsToContext(ctx context.Context) (context.Context, error) { |
| 257 | token, err := a.GetSignedToken("../e2e/auth/sample_private_key.pem", 5*time.Minute) |