-
Notifications
You must be signed in to change notification settings - Fork 0
/
key.go
130 lines (120 loc) · 3.34 KB
/
key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
// Tideland Go JSON Web Token - Crypto
//
// Copyright (C) 2016-2021 Frank Mueller / Tideland / Oldenburg / Germany
//
// All rights reserved. Use of this source code is governed
// by the new BSD license.
package jwt // import "tideland.dev/go/jwt"
//--------------------
// IMPORTS
//--------------------
import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
)
//--------------------
// KEY
//--------------------
// Key is the used key to sign a token. The real implementation
// controls signing and verification.
type Key interface{}
// ReadECPrivateKey reads a PEM formated ECDSA private key
// from the passed reader.
func ReadECPrivateKey(r io.Reader) (Key, error) {
pemkey, err := ioutil.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("cannot read the PEM")
}
var block *pem.Block
if block, _ = pem.Decode(pemkey); block == nil {
return nil, fmt.Errorf("cannot decode the PEM")
}
var parsed *ecdsa.PrivateKey
if parsed, err = x509.ParseECPrivateKey(block.Bytes); err != nil {
return nil, fmt.Errorf("cannot parse the ECDSA: %v", err)
}
return parsed, nil
}
// ReadECPublicKey reads a PEM encoded ECDSA public key
// from the passed reader.
func ReadECPublicKey(r io.Reader) (Key, error) {
pemkey, err := ioutil.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("cannot read the PEM")
}
var block *pem.Block
if block, _ = pem.Decode(pemkey); block == nil {
return nil, fmt.Errorf("cannot decode the PEM")
}
var parsed interface{}
parsed, err = x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, fmt.Errorf("cannot parse the ECDSA: %v", err)
}
parsed = certificate.PublicKey
}
publicKey, ok := parsed.(*ecdsa.PublicKey)
if !ok {
return nil, fmt.Errorf("passed key is no ECDSA key")
}
return publicKey, nil
}
// ReadRSAPrivateKey reads a PEM encoded PKCS1 or PKCS8 private key
// from the passed reader.
func ReadRSAPrivateKey(r io.Reader) (Key, error) {
pemkey, err := ioutil.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("cannot read the PEM")
}
var block *pem.Block
if block, _ = pem.Decode(pemkey); block == nil {
return nil, fmt.Errorf("cannot decode the PEM")
}
var parsed interface{}
parsed, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
parsed, err = x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, fmt.Errorf("cannot parse the RSA: %v", err)
}
}
privateKey, ok := parsed.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("passed key is no RSA key")
}
return privateKey, nil
}
// ReadRSAPublicKey reads a PEM encoded PKCS1 or PKCS8 public key
// from the passed reader.
func ReadRSAPublicKey(r io.Reader) (Key, error) {
pemkey, err := ioutil.ReadAll(r)
if err != nil {
return nil, fmt.Errorf("cannot read the PEM")
}
var block *pem.Block
if block, _ = pem.Decode(pemkey); block == nil {
return nil, fmt.Errorf("cannot decode the PEM")
}
var parsed interface{}
parsed, err = x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, fmt.Errorf("cannot parse the RSA: %v", err)
}
parsed = certificate.PublicKey
}
publicKey, ok := parsed.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("passed key is no RSA key")
}
return publicKey, nil
}
// EOF