Fork to maintain patches against the official gitea for https://code.ceondo.com https://github.com/go-gitea/gitea

rsa.go 2.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. package jwt
  2. import (
  3. "crypto"
  4. "crypto/rand"
  5. "crypto/rsa"
  6. )
  7. // Implements the RSA family of signing methods signing methods
  8. type SigningMethodRSA struct {
  9. Name string
  10. Hash crypto.Hash
  11. }
  12. // Specific instances for RS256 and company
  13. var (
  14. SigningMethodRS256 *SigningMethodRSA
  15. SigningMethodRS384 *SigningMethodRSA
  16. SigningMethodRS512 *SigningMethodRSA
  17. )
  18. func init() {
  19. // RS256
  20. SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
  21. RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
  22. return SigningMethodRS256
  23. })
  24. // RS384
  25. SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
  26. RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
  27. return SigningMethodRS384
  28. })
  29. // RS512
  30. SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
  31. RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
  32. return SigningMethodRS512
  33. })
  34. }
  35. func (m *SigningMethodRSA) Alg() string {
  36. return m.Name
  37. }
  38. // Implements the Verify method from SigningMethod
  39. // For this signing method, must be an rsa.PublicKey structure.
  40. func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
  41. var err error
  42. // Decode the signature
  43. var sig []byte
  44. if sig, err = DecodeSegment(signature); err != nil {
  45. return err
  46. }
  47. var rsaKey *rsa.PublicKey
  48. var ok bool
  49. if rsaKey, ok = key.(*rsa.PublicKey); !ok {
  50. return ErrInvalidKeyType
  51. }
  52. // Create hasher
  53. if !m.Hash.Available() {
  54. return ErrHashUnavailable
  55. }
  56. hasher := m.Hash.New()
  57. hasher.Write([]byte(signingString))
  58. // Verify the signature
  59. return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
  60. }
  61. // Implements the Sign method from SigningMethod
  62. // For this signing method, must be an rsa.PrivateKey structure.
  63. func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
  64. var rsaKey *rsa.PrivateKey
  65. var ok bool
  66. // Validate type of key
  67. if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
  68. return "", ErrInvalidKey
  69. }
  70. // Create the hasher
  71. if !m.Hash.Available() {
  72. return "", ErrHashUnavailable
  73. }
  74. hasher := m.Hash.New()
  75. hasher.Write([]byte(signingString))
  76. // Sign the string and return the encoded bytes
  77. if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
  78. return EncodeSegment(sigBytes), nil
  79. } else {
  80. return "", err
  81. }
  82. }