Added support for EcDSA keys
This commit is contained in:
parent
4426c5f9e8
commit
06a6738a80
1 changed files with 46 additions and 4 deletions
46
pkg.go
46
pkg.go
|
|
@ -18,6 +18,7 @@ import (
|
||||||
|
|
||||||
// Standard
|
// Standard
|
||||||
"crypto"
|
"crypto"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
@ -30,6 +31,7 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Manager struct {
|
type Manager struct {
|
||||||
|
KeyType KeyType
|
||||||
privKey crypto.PrivateKey
|
privKey crypto.PrivateKey
|
||||||
PubKey crypto.PublicKey
|
PubKey crypto.PublicKey
|
||||||
ExpireDays int
|
ExpireDays int
|
||||||
|
|
@ -38,13 +40,22 @@ type Manager struct {
|
||||||
|
|
||||||
func NewManager(keyType KeyType, private, public string, expireDays int) (mngr Manager, err error) { // {{{
|
func NewManager(keyType KeyType, private, public string, expireDays int) (mngr Manager, err error) { // {{{
|
||||||
var errPriv, errPub error
|
var errPriv, errPub error
|
||||||
|
mngr.KeyType = keyType
|
||||||
|
|
||||||
switch keyType {
|
switch keyType {
|
||||||
case KeyEcDSA:
|
case KeyEcDSA:
|
||||||
|
/*
|
||||||
|
openssl ecparam -genkey -name secp521r1 -noout >priv.pem
|
||||||
|
openssl pkey -in priv.pem -pubout >pub.pem
|
||||||
|
*/
|
||||||
mngr.privKey, errPriv = jwt.ParseECPrivateKeyFromPEM([]byte(private))
|
mngr.privKey, errPriv = jwt.ParseECPrivateKeyFromPEM([]byte(private))
|
||||||
mngr.PubKey, errPub = jwt.ParseECPublicKeyFromPEM([]byte(public))
|
mngr.PubKey, errPub = jwt.ParseECPublicKeyFromPEM([]byte(public))
|
||||||
|
|
||||||
case KeyEd25519:
|
case KeyEd25519:
|
||||||
|
/*
|
||||||
|
openssl genpkey -algorithm ed25519 -out /tmp/priv.pem
|
||||||
|
openssl pkey -in priv.pem -pubout >pub.pem
|
||||||
|
*/
|
||||||
mngr.privKey, errPriv = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
|
mngr.privKey, errPriv = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
|
||||||
mngr.PubKey, errPub = jwt.ParseEdPublicKeyFromPEM([]byte(public))
|
mngr.PubKey, errPub = jwt.ParseEdPublicKeyFromPEM([]byte(public))
|
||||||
}
|
}
|
||||||
|
|
@ -82,10 +93,32 @@ func (mngr *Manager) GenerateToken(data map[string]any) (signedString string) {
|
||||||
data["iat"] = now.Unix()
|
data["iat"] = now.Unix()
|
||||||
data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
|
data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
|
||||||
|
|
||||||
token := jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
|
var token *jwt.Token
|
||||||
|
switch mngr.KeyType {
|
||||||
|
case KeyEd25519:
|
||||||
|
token = jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
|
||||||
|
case KeyEcDSA:
|
||||||
|
token = jwt.NewWithClaims(jwt.SigningMethodES512, jwt.MapClaims(data))
|
||||||
|
}
|
||||||
|
|
||||||
// Sign and get the complete encoded token as a string using the secret.
|
// Sign and get the complete encoded token as a string using the secret.
|
||||||
signedString, _ = token.SignedString(mngr.privKey)
|
var err error
|
||||||
|
signedString, err = token.SignedString(mngr.privKey)
|
||||||
|
if err != nil {
|
||||||
|
j, _ := json.Marshal(struct {
|
||||||
|
Time time.Time `json:"time"`
|
||||||
|
Level string
|
||||||
|
Msg string
|
||||||
|
Error string
|
||||||
|
}{
|
||||||
|
time.Now(),
|
||||||
|
"ERROR",
|
||||||
|
"JWT",
|
||||||
|
err.Error(),
|
||||||
|
})
|
||||||
|
fmt.Printf("%s\n", j)
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
} // }}}
|
} // }}}
|
||||||
func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
|
func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
|
||||||
|
|
@ -95,10 +128,19 @@ func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { //
|
||||||
// to the callback, providing flexibility.
|
// to the callback, providing flexibility.
|
||||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
||||||
// Don't forget to validate the alg is what you expect:
|
// Don't forget to validate the alg is what you expect:
|
||||||
|
|
||||||
|
switch mngr.KeyType {
|
||||||
|
case KeyEd25519:
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case KeyEcDSA:
|
||||||
|
if _, ok := token.Method.(*jwt.SigningMethodECDSA); !ok {
|
||||||
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return mngr.PubKey, nil
|
return mngr.PubKey, nil
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue