jwt/rsa.go at fc86f5227737ce3a7422bf6abb47f280d3227ee6 · golang-jwt/jwt · GitHub

Name: jwt/rsa.go at fc86f5227737ce3a7422bf6abb47f280d3227ee6 · golang-jwt/jwt · GitHub
Rating: 4.5 (7436 reviews)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package jwt

import (
"crypto"
"crypto/rand"
"crypto/rsa"
)

// SigningMethodRSA implements the RSA family of signing methods.
// Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
typeSigningMethodRSAstruct {
Namestring
Hash crypto.Hash
}

// Specific instances for RS256 and company
var (
SigningMethodRS256*SigningMethodRSA
SigningMethodRS384*SigningMethodRSA
SigningMethodRS512*SigningMethodRSA
)

funcinit() {
// RS256
SigningMethodRS256=&SigningMethodRSA{"RS256", crypto.SHA256}
RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
returnSigningMethodRS256
 })

// RS384
SigningMethodRS384=&SigningMethodRSA{"RS384", crypto.SHA384}
RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
returnSigningMethodRS384
 })

// RS512
SigningMethodRS512=&SigningMethodRSA{"RS512", crypto.SHA512}
RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
returnSigningMethodRS512
 })
}

func (m*SigningMethodRSA) Alg() string {
returnm.Name
}

// Verify implements token verification for the SigningMethod
// For this signing method, must be an *rsa.PublicKey structure.
func (m*SigningMethodRSA) Verify(signingStringstring, sig []byte, keyinterface{}) error {
varrsaKey*rsa.PublicKey
varokbool

ifrsaKey, ok=key.(*rsa.PublicKey); !ok {
returnErrInvalidKeyType
 }

// Create hasher
if!m.Hash.Available() {
returnErrHashUnavailable
 }
hasher:=m.Hash.New()
hasher.Write([]byte(signingString))

// Verify the signature
returnrsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
}

// Sign implements token signing for the SigningMethod
// For this signing method, must be an *rsa.PrivateKey structure.
func (m*SigningMethodRSA) Sign(signingStringstring, keyinterface{}) ([]byte, error) {
varrsaKey*rsa.PrivateKey
varokbool

// Validate type of key
ifrsaKey, ok=key.(*rsa.PrivateKey); !ok {
returnnil, ErrInvalidKey
 }

// Create the hasher
if!m.Hash.Available() {
returnnil, ErrHashUnavailable
 }

hasher:=m.Hash.New()
hasher.Write([]byte(signingString))

// Sign the string and return the encoded bytes
ifsigBytes, err:=rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err==nil {
returnsigBytes, nil
 } else {
returnnil, err
 }
}