#30 Implemented JWT KID

authmdl/jwtmdl/jwtmdl.go

@@ -2,6 +2,7 @@ package jwtmdl
 
 import (
 	"strings"
+	"sync"
 	"time"
 
 	"corelab.mkcl.org/MKCLOS/coredevelopmentplatform/corepkgv2/authmdl/sessionmdl"
@@ -10,12 +11,48 @@ import (
 	"github.com/tidwall/gjson"
 )
 
+// map to store kid
+type Jwtkid struct {
+	jwtKidMap map[string]string
+	mu        sync.Mutex
+}
+
+func (j *Jwtkid) Get(kid string) (string, bool) {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+	key, ok := j.jwtKidMap[kid]
+	return key, ok
+}
+func (j *Jwtkid) Set(kid, key string) {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+	j.jwtKidMap[kid] = key
+}
+
+// jwtKidStore - store to keep kid and jwtKey
+var jwtKidStore = Jwtkid{jwtKidMap: make(map[string]string)}
+
 // GlobalJWTKey - key to decode and encode token
 var GlobalJWTKey string
 
 var keyFunc = func(key string) jwt.Keyfunc {
-	return func(*jwt.Token) (interface{}, error) {
-		return []byte(key), nil
+	return func(token *jwt.Token) (interface{}, error) {
+		if kid, ok := token.Header["kid"].(string); ok {
+			if jwtKey, ok := jwtKidStore.Get(kid); ok && jwtKey == "DEFAULTKEY" {
+				return ([]byte(key)), nil
+			}
+			if jwtKey, exists := jwtKidStore.Get(kid); exists {
+				return ([]byte(jwtKey)), nil
+			}
+		}
+		b := ([]byte(key))
+		return b, nil
+	}
+}
+
+func InitJwtKidStore(kidConfig gjson.Result) {
+	for _, kid := range kidConfig.Array() {
+		jwtKidStore.Set(kid.Get("kid").String(), kid.Get("jwtKey").String())
 	}
 }
 
@@ -118,7 +155,7 @@ func GenerateTokenWithJWTKey(loginID string, groups []string, clientIP string, m
 	return generate(claims, JWTKey)
 }
 
-//GeneratePricipleObjUsingToken GeneratePricipleObjUsingToken
+// GeneratePricipleObjUsingToken GeneratePricipleObjUsingToken
 func GeneratePricipleObjUsingToken(tokenReq string, jwtKey string) (jwt.MapClaims, error) {
 
 	token, err := extract(tokenReq)