embed insecure private key in main package

4 files changed, 35 insertions, 38 deletions

diff --git a/pkg/web/templates/insecure.pem b/cmd/server/insecure.pem
index 2c2d50c..2c2d50c 100644
--- a/pkg/web/templates/insecure.pem
+++ b/cmd/server/insecure.pem
diff --git a/cmd/server/main.go b/cmd/server/main.go
index ebe9673..ea48d57 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	_ "embed"
 	"log"
 	"net/http"
 	"os"
@@ -8,6 +9,9 @@ import (
 	"mokhan.ca/xlgmokha/oauth/pkg/web"
 )
 
+//go:embed insecure.pem
+var privateKey []byte
+
 func main() {
 	log.Println("Starting server, listening on port 8282.")
 	issuer, ok := os.LookupEnv("ISSUER")
@@ -16,7 +20,7 @@ func main() {
 	}
 	server := &http.Server{
 		Addr:         ":8282",
-		Handler:      web.NewHandler(issuer),
+		Handler:      web.NewHandler(issuer, privateKey),
 		ReadTimeout:  0,
 		WriteTimeout: 0,
 		IdleTimeout:  0,
diff --git a/pkg/web/http_mux.go b/pkg/web/http_mux.go
index c99ebfa..11f9f83 100644
--- a/pkg/web/http_mux.go
+++ b/pkg/web/http_mux.go
@@ -1,53 +1,17 @@
 package web
 
 import (
-	_ "embed"
 	"log"
 	"net/http"
-	"time"
-
-	"github.com/golang-jwt/jwt"
-	"github.com/hashicorp/uuid"
 )
 
-//go:embed templates/insecure.pem
-var privateKey string
-
-var (
-	tokens = map[string]string{}
-)
-
-type IdTokenFactory func(clientId string) string
-
-func (h *HttpContext) createIdToken(clientId string) string {
-	now := time.Now()
-	if clientId == "" {
-		clientId = "clientId"
-	}
-	expiresAt := now.Add(time.Hour * time.Duration(1))
-	idToken := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
-		Issuer:    h.issuer,
-		Subject:   "1",
-		Audience:  clientId,
-		ExpiresAt: expiresAt.Unix(),
-		NotBefore: now.Unix(),
-		IssuedAt:  now.Unix(),
-		Id:        uuid.GenerateUUID(),
-	})
-
-	key, _ := jwt.ParseRSAPrivateKeyFromPEM(h.keyData)
-	signedIdToken, _ := idToken.SignedString(key)
-	return signedIdToken
-}
-
 type HttpContext struct {
 	issuer  string
 	keyData []byte
 	log     *log.Logger
 }
 
-func NewHandler(issuer string) http.Handler {
-	keyData := []byte(privateKey)
+func NewHandler(issuer string, keyData []byte) http.Handler {
 	h := &HttpContext{
 		issuer:  issuer,
 		keyData: keyData,
diff --git a/pkg/web/token.go b/pkg/web/token.go
index d6fbdfb..41b6c37 100644
--- a/pkg/web/token.go
+++ b/pkg/web/token.go
@@ -3,6 +3,14 @@ package web
 import (
 	"fmt"
 	"net/http"
+	"time"
+
+	"github.com/golang-jwt/jwt"
+	"github.com/hashicorp/uuid"
+)
+
+var (
+	tokens = map[string]string{}
 )
 
 type TokenRequest struct {
@@ -46,3 +54,24 @@ func (h *HttpContext) Token(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 }
+
+func (h *HttpContext) createIdToken(clientId string) string {
+	now := time.Now()
+	if clientId == "" {
+		clientId = "clientId"
+	}
+	expiresAt := now.Add(time.Hour * time.Duration(1))
+	idToken := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
+		Issuer:    h.issuer,
+		Subject:   "1",
+		Audience:  clientId,
+		ExpiresAt: expiresAt.Unix(),
+		NotBefore: now.Unix(),
+		IssuedAt:  now.Unix(),
+		Id:        uuid.GenerateUUID(),
+	})
+
+	key, _ := jwt.ParseRSAPrivateKeyFromPEM(h.keyData)
+	signedIdToken, _ := idToken.SignedString(key)
+	return signedIdToken
+}