mirror of
https://github.com/kataras/iris.git
synced 2025-12-19 19:07:06 +00:00
New builtin JWT middleware - this one supports encryption and ed25519
Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
This commit is contained in:
Gerasimos (Makis) Maropoulos
98
middleware/jwt/util.go
Normal file
98
middleware/jwt/util.go
Normal file
@@ -0,0 +1,98 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
)
|
||||
|
||||
// ErrNotPEM is a panic error of the MustParseXXX functions when the data are not PEM-encoded.
|
||||
var ErrNotPEM = errors.New("key must be PEM encoded")
|
||||
|
||||
// MustParseRSAPrivateKey encodes a PEM-encoded PKCS1 or PKCS8 private key protected with a password.
|
||||
func MustParseRSAPrivateKey(key, password []byte) *rsa.PrivateKey {
|
||||
block, _ := pem.Decode(key)
|
||||
if block == nil {
|
||||
panic(ErrNotPEM)
|
||||
}
|
||||
|
||||
var (
|
||||
parsedKey interface{}
|
||||
err error
|
||||
)
|
||||
|
||||
var blockDecrypted []byte
|
||||
if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {
|
||||
if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
privateKey, ok := parsedKey.(*rsa.PrivateKey)
|
||||
if !ok {
|
||||
panic("key is not of type *rsa.PrivateKey")
|
||||
}
|
||||
|
||||
return privateKey
|
||||
}
|
||||
|
||||
// MustParseRSAPublicKey encodes a PEM encoded PKCS1 or PKCS8 public key.
|
||||
func MustParseRSAPublicKey(key []byte) *rsa.PublicKey {
|
||||
var err error
|
||||
|
||||
// Parse PEM block
|
||||
var block *pem.Block
|
||||
if block, _ = pem.Decode(key); block == nil {
|
||||
panic(ErrNotPEM)
|
||||
}
|
||||
|
||||
// Parse the key
|
||||
var parsedKey interface{}
|
||||
if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
|
||||
if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
|
||||
parsedKey = cert.PublicKey
|
||||
} else {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
var pkey *rsa.PublicKey
|
||||
var ok bool
|
||||
if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {
|
||||
panic("key is not of type *rsa.PublicKey")
|
||||
}
|
||||
|
||||
return pkey
|
||||
}
|
||||
|
||||
/*
|
||||
// MustParseEd25519 PEM encoded Ed25519.
|
||||
func MustParseEd25519(key []byte) ed25519.PrivateKey {
|
||||
// Parse PEM block
|
||||
block, _ := pem.Decode(key)
|
||||
if block == nil {
|
||||
panic(ErrNotPEM)
|
||||
}
|
||||
|
||||
type ed25519PrivKey struct {
|
||||
Version int
|
||||
ObjectIdentifier struct {
|
||||
ObjectIdentifier asn1.ObjectIdentifier
|
||||
}
|
||||
PrivateKey []byte
|
||||
}
|
||||
|
||||
var asn1PrivKey ed25519PrivKey
|
||||
if _, err := asn1.Unmarshal(block.Bytes, &asn1PrivKey); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
privateKey := ed25519.NewKeyFromSeed(asn1PrivKey.PrivateKey[2:])
|
||||
return privateKey
|
||||
}
|
||||
*/
|
||||
Reference in New Issue
Block a user