-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathtoken.go
126 lines (118 loc) · 2.55 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"encoding/base64"
"errors"
"math/big"
"time"
"github.com/golang-jwt/jwt/v5"
)
func parseBase64(k string, d map[string]interface{}) ([]byte, error) {
v, ok := d[k].(string)
if !ok {
return nil, errors.New("key " + k + " not found")
}
vv, err := base64.RawURLEncoding.DecodeString(v)
if err != nil {
return nil, err
}
return vv, nil
}
func parseKey(key map[string]interface{}) (string, interface{}, error) {
kty, ok := key["kty"].(string)
if !ok {
return "", nil, errors.New("kty not found")
}
alg, ok := key["alg"].(string)
if !ok {
return "", nil, errors.New("alg not found")
}
switch kty {
case "oct":
var length int
switch alg {
case "HS256":
length = 32
case "HS384":
length = 48
case "HS512":
length = 64
default:
return "", nil, errors.New("unknown alg")
}
k, err := parseBase64("k", key)
if err != nil {
return "", nil, err
}
if len(k) != length {
return "", nil, errors.New("bad length for key")
}
return alg, k, nil
case "EC":
if alg != "ES256" {
return "", nil, errors.New("uknown alg")
}
crv, ok := key["crv"].(string)
if !ok {
return "", nil, errors.New("crv not found")
}
if crv != "P-256" {
return "", nil, errors.New("unknown crv")
}
curve := elliptic.P256()
xbytes, err := parseBase64("x", key)
if err != nil {
return "", nil, err
}
var x big.Int
x.SetBytes(xbytes)
ybytes, err := parseBase64("y", key)
if err != nil {
return "", nil, err
}
var y big.Int
y.SetBytes(ybytes)
if !curve.IsOnCurve(&x, &y) {
return "", nil, errors.New("key is not on curve")
}
dbytes, err := parseBase64("d", key)
if err != nil {
return "", nil, err
}
var d big.Int
d.SetBytes(dbytes)
return alg, &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: curve,
X: &x,
Y: &y,
},
D: &d,
}, nil
default:
return "", nil, errors.New("unknown key type")
}
}
func makeToken(alg string, key interface{}, issuer, location, username, password string, permissions []string) (string, error) {
now := time.Now()
m := make(map[string]interface{})
if issuer != "" {
m["iss"] = issuer
}
if location != "" {
m["aud"] = location
}
if username != "" {
m["sub"] = username
}
m["permissions"] = permissions
m["iat"] = now.Add(-time.Second).Unix()
m["exp"] = now.Add(30 * time.Second).Unix()
method := jwt.GetSigningMethod(alg)
if method == nil {
return "", errors.New("unknown alg")
}
token := jwt.NewWithClaims(method, jwt.MapClaims(m))
return token.SignedString(key)
}