68 lines
1.2 KiB
Go
68 lines
1.2 KiB
Go
package jose
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"fmt"
|
|
)
|
|
|
|
type VerifierRSA struct {
|
|
KeyID string
|
|
Hash crypto.Hash
|
|
PublicKey rsa.PublicKey
|
|
}
|
|
|
|
type SignerRSA struct {
|
|
PrivateKey rsa.PrivateKey
|
|
VerifierRSA
|
|
}
|
|
|
|
func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
|
|
if jwk.Alg != "" && jwk.Alg != "RS256" {
|
|
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
|
|
}
|
|
|
|
v := VerifierRSA{
|
|
KeyID: jwk.ID,
|
|
PublicKey: rsa.PublicKey{
|
|
N: jwk.Modulus,
|
|
E: jwk.Exponent,
|
|
},
|
|
Hash: crypto.SHA256,
|
|
}
|
|
|
|
return &v, nil
|
|
}
|
|
|
|
func NewSignerRSA(kid string, key rsa.PrivateKey) *SignerRSA {
|
|
return &SignerRSA{
|
|
PrivateKey: key,
|
|
VerifierRSA: VerifierRSA{
|
|
KeyID: kid,
|
|
PublicKey: key.PublicKey,
|
|
Hash: crypto.SHA256,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (v *VerifierRSA) ID() string {
|
|
return v.KeyID
|
|
}
|
|
|
|
func (v *VerifierRSA) Alg() string {
|
|
return "RS256"
|
|
}
|
|
|
|
func (v *VerifierRSA) Verify(sig []byte, data []byte) error {
|
|
h := v.Hash.New()
|
|
h.Write(data)
|
|
return rsa.VerifyPKCS1v15(&v.PublicKey, v.Hash, h.Sum(nil), sig)
|
|
}
|
|
|
|
func (s *SignerRSA) Sign(data []byte) ([]byte, error) {
|
|
h := s.Hash.New()
|
|
h.Write(data)
|
|
return rsa.SignPKCS1v15(rand.Reader, &s.PrivateKey, s.Hash, h.Sum(nil))
|
|
}
|