From a090ebafb5e2c49a4e67f3b793c7293454f1307f Mon Sep 17 00:00:00 2001
From: Lyuben Penkovski <lyuben.penkovski@vereign.com>
Date: Mon, 4 Dec 2023 00:31:31 +0200
Subject: [PATCH] Fix ed25519 public key conversion to JWK

---
 internal/service/signer/service.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/internal/service/signer/service.go b/internal/service/signer/service.go
index 889dcfb..39178c2 100644
--- a/internal/service/signer/service.go
+++ b/internal/service/signer/service.go
@@ -631,11 +631,15 @@ func (s *Service) jwkFromKey(key *VaultKey) (*jose.JSONWebKey, error) {
 
 	switch key.Type {
 	case "ed25519":
-		k.Key = ed25519.PublicKey(key.PublicKey)
-	case "ecdsa-p256", "ecdsa-p384", "ecdsa-p521", "rsa-2048":
+		pk, err := base64.StdEncoding.DecodeString(key.PublicKey)
+		if err != nil {
+			return nil, fmt.Errorf("jwkFromKey: failed to decode ed25519 key: %v", err)
+		}
+		k.Key = ed25519.PublicKey(pk)
+	case "ecdsa-p256", "ecdsa-p384", "ecdsa-p521", "rsa-2048", "rsa-3072", "rsa-4096":
 		block, _ := pem.Decode([]byte(key.PublicKey))
 		if block == nil {
-			return nil, fmt.Errorf("no public key found during PEM decode")
+			return nil, fmt.Errorf("jwkFromKey: no public key found during PEM decode")
 		}
 
 		pub, err := x509.ParsePKIXPublicKey(block.Bytes)
@@ -644,7 +648,7 @@ func (s *Service) jwkFromKey(key *VaultKey) (*jose.JSONWebKey, error) {
 		}
 		k.Key = pub
 	default:
-		return nil, fmt.Errorf("unsupported key type: %s", key.Type)
+		return nil, fmt.Errorf("jwkFromKey: unsupported key type: %s", key.Type)
 	}
 
 	return k, nil
-- 
GitLab