123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 |
- package acme
- import (
- "crypto"
- "crypto/ecdsa"
- "crypto/rand"
- "crypto/rsa"
- "crypto/sha256"
- _ "crypto/sha512"
- "encoding/base64"
- "encoding/json"
- "fmt"
- "math/big"
- )
- type keyID string
- const noKeyID = keyID("")
- const noPayload = ""
- func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, url string) ([]byte, error) {
- alg, sha := jwsHasher(key.Public())
- if alg == "" || !sha.Available() {
- return nil, ErrUnsupportedKey
- }
- var phead string
- switch kid {
- case noKeyID:
- jwk, err := jwkEncode(key.Public())
- if err != nil {
- return nil, err
- }
- phead = fmt.Sprintf(`{"alg":%q,"jwk":%s,"nonce":%q,"url":%q}`, alg, jwk, nonce, url)
- default:
- phead = fmt.Sprintf(`{"alg":%q,"kid":%q,"nonce":%q,"url":%q}`, alg, kid, nonce, url)
- }
- phead = base64.RawURLEncoding.EncodeToString([]byte(phead))
- var payload string
- if claimset != noPayload {
- cs, err := json.Marshal(claimset)
- if err != nil {
- return nil, err
- }
- payload = base64.RawURLEncoding.EncodeToString(cs)
- }
- hash := sha.New()
- hash.Write([]byte(phead + "." + payload))
- sig, err := jwsSign(key, sha, hash.Sum(nil))
- if err != nil {
- return nil, err
- }
- enc := struct {
- Protected string `json:"protected"`
- Payload string `json:"payload"`
- Sig string `json:"signature"`
- }{
- Protected: phead,
- Payload: payload,
- Sig: base64.RawURLEncoding.EncodeToString(sig),
- }
- return json.Marshal(&enc)
- }
- func jwkEncode(pub crypto.PublicKey) (string, error) {
- switch pub := pub.(type) {
- case *rsa.PublicKey:
-
- n := pub.N
- e := big.NewInt(int64(pub.E))
-
-
- return fmt.Sprintf(`{"e":"%s","kty":"RSA","n":"%s"}`,
- base64.RawURLEncoding.EncodeToString(e.Bytes()),
- base64.RawURLEncoding.EncodeToString(n.Bytes()),
- ), nil
- case *ecdsa.PublicKey:
-
- p := pub.Curve.Params()
- n := p.BitSize / 8
- if p.BitSize%8 != 0 {
- n++
- }
- x := pub.X.Bytes()
- if n > len(x) {
- x = append(make([]byte, n-len(x)), x...)
- }
- y := pub.Y.Bytes()
- if n > len(y) {
- y = append(make([]byte, n-len(y)), y...)
- }
-
-
- return fmt.Sprintf(`{"crv":"%s","kty":"EC","x":"%s","y":"%s"}`,
- p.Name,
- base64.RawURLEncoding.EncodeToString(x),
- base64.RawURLEncoding.EncodeToString(y),
- ), nil
- }
- return "", ErrUnsupportedKey
- }
- func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte, error) {
- if key, ok := key.(*ecdsa.PrivateKey); ok {
-
-
-
- r, s, err := ecdsa.Sign(rand.Reader, key, digest)
- if err != nil {
- return nil, err
- }
- rb, sb := r.Bytes(), s.Bytes()
- size := key.Params().BitSize / 8
- if size%8 > 0 {
- size++
- }
- sig := make([]byte, size*2)
- copy(sig[size-len(rb):], rb)
- copy(sig[size*2-len(sb):], sb)
- return sig, nil
- }
- return key.Sign(rand.Reader, digest, hash)
- }
- func jwsHasher(pub crypto.PublicKey) (string, crypto.Hash) {
- switch pub := pub.(type) {
- case *rsa.PublicKey:
- return "RS256", crypto.SHA256
- case *ecdsa.PublicKey:
- switch pub.Params().Name {
- case "P-256":
- return "ES256", crypto.SHA256
- case "P-384":
- return "ES384", crypto.SHA384
- case "P-521":
- return "ES512", crypto.SHA512
- }
- }
- return "", 0
- }
- func JWKThumbprint(pub crypto.PublicKey) (string, error) {
- jwk, err := jwkEncode(pub)
- if err != nil {
- return "", err
- }
- b := sha256.Sum256([]byte(jwk))
- return base64.RawURLEncoding.EncodeToString(b[:]), nil
- }
|