I fetched the Google cert from:
but I don't know how to parse the cert in Go and extract the public key and make it aplicable for use in rsa.VerifyPKCS1v15() to verify id token (openID connect) signature. If someone could advise me I would appreciate it. Here is the code what I already have:
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
log.Fatal(err)
return
}
//extract kid from token header
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)
token_kid := header.(map[string]interface{})["kid"]
//get modulus and exponent from the cert
var goCertificate interface{}
err = json.Unmarshal(certs, &goCertificate)
k := goCertificate.(map[string]interface{})[token_kid.(string)]
google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
//I know the line below is wrong but thats how I usualy parse public keys
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)
I might be way off here (not familiar with x509/rsa) but ParseCertificates returns all the keys:
func main() {
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
var header = map[string]string{
"kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
}
token_kid := header["kid"]
defer res.Body.Close()
var certs map[string]string
dec := json.NewDecoder(res.Body)
dec.Decode(&certs)
// add error checking
google_cert := certs[token_kid]
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %#v", certInterface)
pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
log.Printf("pkey: %v", pkey)
}