(orig *oauth2.Config, keyFile string, certFile string)
| 2003 | } |
| 2004 | |
| 2005 | func configureOIDCPKI(orig *oauth2.Config, keyFile string, certFile string) (*oauthpki.Config, error) { |
| 2006 | // Read the files |
| 2007 | keyData, err := os.ReadFile(keyFile) |
| 2008 | if err != nil { |
| 2009 | return nil, xerrors.Errorf("read oidc client key file: %w", err) |
| 2010 | } |
| 2011 | |
| 2012 | var certData []byte |
| 2013 | // According to the spec, this is not required. So do not require it on the initial loading |
| 2014 | // of the PKI config. |
| 2015 | if certFile != "" { |
| 2016 | certData, err = os.ReadFile(certFile) |
| 2017 | if err != nil { |
| 2018 | return nil, xerrors.Errorf("read oidc client cert file: %w", err) |
| 2019 | } |
| 2020 | } |
| 2021 | |
| 2022 | return oauthpki.NewOauth2PKIConfig(oauthpki.ConfigParams{ |
| 2023 | ClientID: orig.ClientID, |
| 2024 | TokenURL: orig.Endpoint.TokenURL, |
| 2025 | Scopes: orig.Scopes, |
| 2026 | PemEncodedKey: keyData, |
| 2027 | PemEncodedCert: certData, |
| 2028 | Config: orig, |
| 2029 | }) |
| 2030 | } |
| 2031 | |
| 2032 | func configureCAPool(tlsClientCAFile string, tlsConfig *tls.Config) error { |
| 2033 | if tlsClientCAFile != "" { |
no test coverage detected