| 275 | } |
| 276 | |
| 277 | func (k *Kontrol) HandleGetKey(r *kite.Request) (interface{}, error) { |
| 278 | // Only accept requests with kiteKey because we need this info |
| 279 | // for checking if the key is valid and needs to be regenerated |
| 280 | if r.Auth.Type != "kiteKey" { |
| 281 | return nil, fmt.Errorf("Unexpected authentication type: %s", r.Auth.Type) |
| 282 | } |
| 283 | |
| 284 | ex := &kitekey.Extractor{ |
| 285 | Claims: &kitekey.KiteClaims{}, |
| 286 | } |
| 287 | |
| 288 | if _, err := jwt.ParseWithClaims(r.Auth.Key, ex.Claims, ex.Extract); err != nil { |
| 289 | return nil, err |
| 290 | } |
| 291 | |
| 292 | if ex.Claims.KontrolKey == "" { |
| 293 | return nil, errors.New("public key is not passed") |
| 294 | } |
| 295 | |
| 296 | switch k.keyPair.IsValid(ex.Claims.KontrolKey) { |
| 297 | case nil: |
| 298 | // everything is ok, just return the old one |
| 299 | return ex.Claims.KontrolKey, nil |
| 300 | case ErrKeyDeleted: |
| 301 | // client is using old key, update to current |
| 302 | if kp, err := k.KeyPair(); err == nil { |
| 303 | return kp.Public, nil |
| 304 | } |
| 305 | } |
| 306 | |
| 307 | keyPair, err := k.pickKey(r) |
| 308 | if err != nil { |
| 309 | return nil, err |
| 310 | } |
| 311 | |
| 312 | return keyPair.Public, nil |
| 313 | } |
| 314 | |
| 315 | func (k *Kontrol) HandleVerify(r *kite.Request) (interface{}, error) { |
| 316 | return nil, nil |