3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 09:57:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

cryptutil: move to pkg dir, add token generator (#1029)

Browse source 
* cryptutil: move to pkg dir, add token generator

* add gitignored files

* add tests
This commit is contained in:
Caleb Doxsey 2020-06-30 15:55:33 -06:00 committed by GitHub
parent b90885b4c1
commit fae02791f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
48 changed files with 175 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

66
pkg/cryptutil/jose.go Normal file
View file

@ -0,0 +1,66 @@
package cryptutil
import (
"crypto"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"errors"
"fmt"
"gopkg.in/square/go-jose.v2"
)
// PrivateJWKFromBytes returns a jose JSON Web _Private_ Key from bytes.
func PrivateJWKFromBytes(data []byte, alg jose.SignatureAlgorithm) (*jose.JSONWebKey, error) {
return loadKey(data, alg, func(b []byte) (interface{}, error) {
switch alg {
case jose.ES256, jose.ES384, jose.ES512:
return x509.ParseECPrivateKey(b)
case jose.RS256, jose.RS384, jose.RS512:
return x509.ParsePKCS1PrivateKey(b)
default:
return nil, errors.New("unsupported signature algorithm")
}
})
}
// PublicJWKFromBytes returns a jose JSON Web _Public_ Key from bytes.
func PublicJWKFromBytes(data []byte, alg jose.SignatureAlgorithm) (*jose.JSONWebKey, error) {
return loadKey(data, alg, func(b []byte) (interface{}, error) {
switch alg {
case jose.ES256, jose.ES384, jose.ES512:
key, err := x509.ParseECPrivateKey(b)
if err != nil {
return nil, err
}
return key.Public(), nil
case jose.RS256, jose.RS384, jose.RS512:
key, err := x509.ParsePKCS1PrivateKey(b)
if err != nil {
return nil, err
}
return key.Public(), nil
default:
return nil, errors.New("unsupported signature algorithm")
}
})
}
func loadKey(data []byte, alg jose.SignatureAlgorithm, unmarshal func([]byte) (interface{}, error)) (*jose.JSONWebKey, error) {
block, _ := pem.Decode(data)
if block == nil {
return nil, fmt.Errorf("file contained no PEM encoded data")
}
priv, err := unmarshal(block.Bytes)
if err != nil {
return nil, fmt.Errorf("unmarshal key: %w", err)
}
key := &jose.JSONWebKey{Key: priv, Use: "sig", Algorithm: string(alg)}
thumbprint, err := key.Thumbprint(crypto.SHA256)
if err != nil {
return nil, fmt.Errorf("computing thumbprint: %w", err)
}
key.KeyID = hex.EncodeToString(thumbprint)
return key, nil
}