debian-mirror-gitlab/app/controllers/jwks_controller.rb

# frozen_string_literal: true

class JwksController < Doorkeeper::OpenidConnect::DiscoveryController
  def index
    render json: { keys: payload }
  end

  def keys
    index
  end

  private

  def payload
    [
      # We keep openid_connect_signing_key so that we can seamlessly
      # replace it with ci_jwt_signing_key and remove it on the next release.
      # TODO: Remove openid_connect_signing_key in 13.7
      # https://gitlab.com/gitlab-org/gitlab/-/issues/221031
      Rails.application.secrets.openid_connect_signing_key,
      Gitlab::CurrentSettings.ci_jwt_signing_key
    ].compact.map do |key_data|
      OpenSSL::PKey::RSA.new(key_data)
        .public_key
        .to_jwk
        .slice(:kty, :kid, :e, :n)
        .merge(use: 'sig', alg: 'RS256')
    end
  end
end
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`# frozen_string_literal: true`

New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`class JwksController < Doorkeeper::OpenidConnect::DiscoveryController`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def index`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`render json: { keys: payload }`
			`end`

			`def keys`
			`index`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`end`

			`private`

New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`def payload`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`[`
			`# We keep openid_connect_signing_key so that we can seamlessly`
			`# replace it with ci_jwt_signing_key and remove it on the next release.`
			`# TODO: Remove openid_connect_signing_key in 13.7`
			`# https://gitlab.com/gitlab-org/gitlab/-/issues/221031`
			`Rails.application.secrets.openid_connect_signing_key,`
			`Gitlab::CurrentSettings.ci_jwt_signing_key`
			`].compact.map do \|key_data\|`
			`OpenSSL::PKey::RSA.new(key_data)`
			`.public_key`
			`.to_jwk`
			`.slice(:kty, :kid, :e, :n)`
			`.merge(use: 'sig', alg: 'RS256')`
			`end`
			`end`
			`end`