本站源代码
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.

102 líneas
2.4KB

  1. package jwt
  2. import (
  3. "crypto"
  4. "crypto/rand"
  5. "crypto/rsa"
  6. )
  7. // Implements the RSA family of signing methods signing methods
  8. // Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
  9. type SigningMethodRSA struct {
  10. Name string
  11. Hash crypto.Hash
  12. }
  13. // Specific instances for RS256 and company
  14. var (
  15. SigningMethodRS256 *SigningMethodRSA
  16. SigningMethodRS384 *SigningMethodRSA
  17. SigningMethodRS512 *SigningMethodRSA
  18. )
  19. func init() {
  20. // RS256
  21. SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
  22. RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
  23. return SigningMethodRS256
  24. })
  25. // RS384
  26. SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
  27. RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
  28. return SigningMethodRS384
  29. })
  30. // RS512
  31. SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
  32. RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
  33. return SigningMethodRS512
  34. })
  35. }
  36. func (m *SigningMethodRSA) Alg() string {
  37. return m.Name
  38. }
  39. // Implements the Verify method from SigningMethod
  40. // For this signing method, must be an *rsa.PublicKey structure.
  41. func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
  42. var err error
  43. // Decode the signature
  44. var sig []byte
  45. if sig, err = DecodeSegment(signature); err != nil {
  46. return err
  47. }
  48. var rsaKey *rsa.PublicKey
  49. var ok bool
  50. if rsaKey, ok = key.(*rsa.PublicKey); !ok {
  51. return ErrInvalidKeyType
  52. }
  53. // Create hasher
  54. if !m.Hash.Available() {
  55. return ErrHashUnavailable
  56. }
  57. hasher := m.Hash.New()
  58. hasher.Write([]byte(signingString))
  59. // Verify the signature
  60. return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
  61. }
  62. // Implements the Sign method from SigningMethod
  63. // For this signing method, must be an *rsa.PrivateKey structure.
  64. func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
  65. var rsaKey *rsa.PrivateKey
  66. var ok bool
  67. // Validate type of key
  68. if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
  69. return "", ErrInvalidKey
  70. }
  71. // Create the hasher
  72. if !m.Hash.Available() {
  73. return "", ErrHashUnavailable
  74. }
  75. hasher := m.Hash.New()
  76. hasher.Write([]byte(signingString))
  77. // Sign the string and return the encoded bytes
  78. if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
  79. return EncodeSegment(sigBytes), nil
  80. } else {
  81. return "", err
  82. }
  83. }
上海开阖软件有限公司 沪ICP备12045867号-1