reapply apple key fix

keratin · Mar 24, 2024 · 05cd2e0 · 05cd2e0
1 parent 471391a
commit 05cd2e0
Showing 1 changed file with 20 additions and 10 deletions.
diff --git a/lib/oauth/apple/pubkey.go b/lib/oauth/apple/pubkey.go
@@ -102,20 +102,21 @@ func (a *signingKeyStore) refresh() error {
 	newKeys := make(map[string]*rsa.PublicKey, len(keys.Keys))
 
 	for _, key := range keys.Keys {
+		var err error
 		// build key and place in new map
 		publicKey := new(rsa.PublicKey)
-		n := new(big.Int)
-		nbytes, _ := base64.URLEncoding.DecodeString(key.N + "=")
-		publicKey.N = n.SetBytes(nbytes)
-
-		var eInt int
-		ebytes, _ := base64.RawURLEncoding.DecodeString(key.E)
-		for _, v := range ebytes {
-			eInt = eInt << 8
-			eInt = eInt | int(v)
+		publicKey.N, err = decodeBase64BigInt(key.N)
+		if err != nil {
+			return fmt.Errorf("failed to decode N for key %s: %w", key.Kid, err)
 		}
 
-		publicKey.E = eInt
+		var e *big.Int
+		e, err = decodeBase64BigInt(key.E)
+		if err != nil {
+			return fmt.Errorf("failed to decode E for key %s: %w", key.Kid, err)
+		}
+
+		publicKey.E = int(e.Int64())
 
 		newKeys[key.Kid] = publicKey
 	}
@@ -124,3 +125,12 @@ func (a *signingKeyStore) refresh() error {
 
 	return nil
 }
+
+func decodeBase64BigInt(s string) (*big.Int, error) {
+	buffer, err := base64.URLEncoding.WithPadding(base64.NoPadding).DecodeString(s)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode base64: %v", err)
+	}
+
+	return big.NewInt(0).SetBytes(buffer), nil
+}