mirror
/
jwt
mirror of https://github.com/golang-jwt/jwt.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

Support x509 Certificates for JWT verification. 

If an attempt to parse the pubkey as PKIX fails, try again as
x509.Certificate. Some vendors are starting to use these to sign JWTs.
Example: https://www.googleapis.com/oauth2/v1/certs
This commit is contained in:
Dan Morrill 2012-12-21 23:27:41 -08:00
parent 32c540957a
commit 924b188e65
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rs256.go
View File

@ -29,13 +29,18 @@ func (m *SigningMethodRS256) Verify(signingString, signature string, key []byte)
var block *pem.Block
if block, _ = pem.Decode(key); block != nil {
var parsedKey interface{}
if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err == nil {
if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
parsedKey, err = x509.ParseCertificate(block.Bytes)
}
if err == nil {
if rsaKey, ok := parsedKey.(*rsa.PublicKey); ok {
hasher := sha256.New()
hasher.Write([]byte(signingString))
err = rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, hasher.Sum(nil), sig)
} else {
} else if cert, ok := parsedKey.(*x509.Certificate); ok {
err = cert.CheckSignature(x509.SHA256WithRSA, []byte(signingString), sig)
} else {
err = errors.New("Key is not a valid RSA public key")
}
}