cognito_public_key.go

import (
	"encoding/base64"
	"encoding/binary"
	"encoding/json"
	"io/ioutil"

	"github.com/dgrijalva/jwt-go"
)

const jwkKeyID = "hoge"

type jwkKey struct {
	Alg string `json:"alg"`
	E   string `json:"e"`
	Kid string `json:"kid"`
	Kty string `json:"kty"`
	N   string `json:"n"`
	Use string `json:"use"`
}

func getPublicKey() (string, error) {
	verifyBytes, err := ioutil.ReadFile("./key.pem.pub.pkcs8")
	if err != nil {
		return "", err
	}
	verifyKey, err := jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
	if err != nil {
		return "", err
	}

	encodedN := base64.RawURLEncoding.EncodeToString(verifyKey.N.Bytes())

	bytesE := make([]byte, 4)
	binary.BigEndian.PutUint32(bytesE, uint32(verifyKey.E))

	encodedE := base64.RawURLEncoding.EncodeToString(bytesE)

	pubKey, err := json.Marshal(jwkKey{
		Alg: jwt.SigningMethodRS256.Alg(),
		E:   encodedE,
		Kid: jwkKeyID,
		Kty: "RSA",
		N:   encodedN,
		Use: "sig",
	})
	if err != nil {
		return "", err
	}
	return string(pubKey), nil
}