jwt/rsa.go

package jwt

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
)

// Implements the RSA family of signing methods signing methods
type SigningMethodRSA struct {
	Name string
	Hash crypto.Hash
}

// Specific instances for RS256 and company
var (
	SigningMethodRS256 *SigningMethodRSA
	SigningMethodRS384 *SigningMethodRSA
	SigningMethodRS512 *SigningMethodRSA
)

func init() {
	// RS256
	SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
	RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
		return SigningMethodRS256
	})

	// RS384
	SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
	RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
		return SigningMethodRS384
	})

	// RS512
	SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
	RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
		return SigningMethodRS512
	})
}

func (m *SigningMethodRSA) Alg() string {
	return m.Name
}

// Implements the Verify method from SigningMethod
// For this signing method, must be an rsa.PublicKey structure.
func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
	var err error

	// Decode the signature
	var sig []byte
	if sig, err = DecodeSegment(signature); err != nil {
		return err
	}

	var rsaKey *rsa.PublicKey
	var ok bool

	if rsaKey, ok = key.(*rsa.PublicKey); !ok {
		return ErrInvalidKey
	}

	// Create hasher
	if !m.Hash.Available() {
		return ErrHashUnavailable
	}
	hasher := m.Hash.New()
	hasher.Write([]byte(signingString))

	// Verify the signature
	return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
}

// Implements the Sign method from SigningMethod
// For this signing method, must be an rsa.PrivateKey structure.
func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
	var rsaKey *rsa.PrivateKey
	var ok bool

	// Validate type of key
	if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
		return "", ErrInvalidKey
	}

	// Create the hasher
	if !m.Hash.Available() {
		return "", ErrHashUnavailable
	}

	hasher := m.Hash.New()
	hasher.Write([]byte(signingString))

	// Sign the string and return the encoded bytes
	if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
		return EncodeSegment(sigBytes), nil
	} else {
		return "", err
	}
}
starting to work on it 2012-04-18 03:49:21 +04:00			`package jwt`

almost working 2012-04-18 05:41:12 +04:00			`import (`
			`"crypto"`
gofmt 2012-07-07 04:02:20 +04:00			`"crypto/rand"`
almost working 2012-04-18 05:41:12 +04:00			`"crypto/rsa"`
			`)`

documentation 2014-08-27 02:30:37 +04:00			`// Implements the RSA family of signing methods signing methods`
Added support for RS384 and RS512 signing methods Renamed type SigningMethodRS256 to SigningMethodRSA Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods Added simple tests to support these new methods 2014-07-06 02:34:31 +04:00			`type SigningMethodRSA struct {`
			`Name string`
			`Hash crypto.Hash`
			`}`

documentation 2014-08-27 02:30:37 +04:00			`// Specific instances for RS256 and company`
Added support for RS384 and RS512 signing methods Renamed type SigningMethodRS256 to SigningMethodRSA Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods Added simple tests to support these new methods 2014-07-06 02:34:31 +04:00			`var (`
			`SigningMethodRS256 *SigningMethodRSA`
			`SigningMethodRS384 *SigningMethodRSA`
			`SigningMethodRS512 *SigningMethodRSA`
			`)`
starting to work on it 2012-04-18 03:49:21 +04:00
			`func init() {`
Added support for RS384 and RS512 signing methods Renamed type SigningMethodRS256 to SigningMethodRSA Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods Added simple tests to support these new methods 2014-07-06 02:34:31 +04:00			`// RS256`
			`SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}`
			`RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {`
			`return SigningMethodRS256`
			`})`

			`// RS384`
			`SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}`
			`RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {`
			`return SigningMethodRS384`
			`})`

			`// RS512`
			`SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}`
			`RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {`
			`return SigningMethodRS512`
starting to work on it 2012-04-18 03:49:21 +04:00			`})`
			`}`
framework 2012-04-18 03:58:52 +04:00
Added support for RS384 and RS512 signing methods Renamed type SigningMethodRS256 to SigningMethodRSA Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods Added simple tests to support these new methods 2014-07-06 02:34:31 +04:00			`func (m *SigningMethodRSA) Alg() string {`
			`return m.Name`
added signing support to RS256 and HS256 2012-07-07 02:43:17 +04:00			`}`

can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-07 11:45:21 +04:00			`// Implements the Verify method from SigningMethod`
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`// For this signing method, must be an rsa.PublicKey structure.`
pass keys as interface{} rather than []byte This will allow clients to pass, for example, their own instances of rsa.PublicKey if the key is not specified as some flavour of X509 cert. For example, Salesforce just specify the modulus and exponent (https://login.salesforce.com/id/keys) 2014-08-04 22:26:53 +04:00			`func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {`
cleaned up RS256 implementation. no functional changes 2014-07-06 02:50:46 +04:00			`var err error`

			`// Decode the signature`
almost working 2012-04-18 05:41:12 +04:00			`var sig []byte`
cleaned up RS256 implementation. no functional changes 2014-07-06 02:50:46 +04:00			`if sig, err = DecodeSegment(signature); err != nil {`
			`return err`
almost working 2012-04-18 05:41:12 +04:00			`}`
cleaned up RS256 implementation. no functional changes 2014-07-06 02:50:46 +04:00
can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-07 11:45:21 +04:00			`var rsaKey *rsa.PublicKey`
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`var ok bool`
can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-07 11:45:21 +04:00
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`if rsaKey, ok = key.(*rsa.PublicKey); !ok {`
pass keys as interface{} rather than []byte This will allow clients to pass, for example, their own instances of rsa.PublicKey if the key is not specified as some flavour of X509 cert. For example, Salesforce just specify the modulus and exponent (https://login.salesforce.com/id/keys) 2014-08-04 22:26:53 +04:00			`return ErrInvalidKey`
			`}`
can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-07 11:45:21 +04:00
			`// Create hasher`
return an error if the requested hash method hasn't been compiled in 2014-08-27 02:00:15 +04:00			`if !m.Hash.Available() {`
			`return ErrHashUnavailable`
			`}`
can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-07 11:45:21 +04:00			`hasher := m.Hash.New()`
			`hasher.Write([]byte(signingString))`

			`// Verify the signature`
			`return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)`
framework 2012-04-18 03:58:52 +04:00			`}`

documentation about key requirements 2014-06-28 22:31:26 +04:00			`// Implements the Sign method from SigningMethod`
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`// For this signing method, must be an rsa.PrivateKey structure.`
pass keys as interface{} rather than []byte This will allow clients to pass, for example, their own instances of rsa.PublicKey if the key is not specified as some flavour of X509 cert. For example, Salesforce just specify the modulus and exponent (https://login.salesforce.com/id/keys) 2014-08-04 22:26:53 +04:00			`func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {`
can now pass a PrivateKey to SigningMethodRSA.Sign Conflicts: rsa.go 2014-08-06 14:13:23 +04:00			`var rsaKey *rsa.PrivateKey`
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`var ok bool`
cleaned up RS256 implementation. no functional changes 2014-07-06 02:50:46 +04:00
drop support for []byte keys in RSA signing methods 2015-07-20 20:23:11 +03:00			`// Validate type of key`
			`if rsaKey, ok = key.(*rsa.PrivateKey); !ok {`
can now pass a PrivateKey to SigningMethodRSA.Sign Conflicts: rsa.go 2014-08-06 14:13:23 +04:00			`return "", ErrInvalidKey`
added signing support to RS256 and HS256 2012-07-07 02:43:17 +04:00			`}`
return an error if the requested hash method hasn't been compiled in 2014-08-27 02:00:15 +04:00
can now pass a PrivateKey to SigningMethodRSA.Sign Conflicts: rsa.go 2014-08-06 14:13:23 +04:00			`// Create the hasher`
return an error if the requested hash method hasn't been compiled in 2014-08-27 02:00:15 +04:00			`if !m.Hash.Available() {`
			`return "", ErrHashUnavailable`
			`}`

can now pass a PrivateKey to SigningMethodRSA.Sign Conflicts: rsa.go 2014-08-06 14:13:23 +04:00			`hasher := m.Hash.New()`
			`hasher.Write([]byte(signingString))`
cleaned up RS256 implementation. no functional changes 2014-07-06 02:50:46 +04:00
can now pass a PrivateKey to SigningMethodRSA.Sign Conflicts: rsa.go 2014-08-06 14:13:23 +04:00			`// Sign the string and return the encoded bytes`
			`if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {`
			`return EncodeSegment(sigBytes), nil`
			`} else {`
			`return "", err`
			`}`
gofmt 2012-04-18 23:59:37 +04:00			`}`