aboutsummaryrefslogtreecommitdiffstats
path: root/kube2msb/src/kube2msb/vendor/github.com/coreos/go-oidc/jose/sig_rsa.go
blob: 004e45dd835c02b1c3a0566d7c73f924113e4cf9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

package jose

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"fmt"
)

type VerifierRSA struct {
	KeyID     string
	Hash      crypto.Hash
	PublicKey rsa.PublicKey
}

type SignerRSA struct {
	PrivateKey rsa.PrivateKey
	VerifierRSA
}

func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
	if jwk.Alg != "" && jwk.Alg != "RS256" {
		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
	}

	v := VerifierRSA{
		KeyID: jwk.ID,
		PublicKey: rsa.PublicKey{
			N: jwk.Modulus,
			E: jwk.Exponent,
		},
		Hash: crypto.SHA256,
	}

	return &v, nil
}

func NewSignerRSA(kid string, key rsa.PrivateKey) *SignerRSA {
	return &SignerRSA{
		PrivateKey: key,
		VerifierRSA: VerifierRSA{
			KeyID:     kid,
			PublicKey: key.PublicKey,
			Hash:      crypto.SHA256,
		},
	}
}

func (v *VerifierRSA) ID() string {
	return v.KeyID
}

func (v *VerifierRSA) Alg() string {
	return "RS256"
}

func (v *VerifierRSA) Verify(sig []byte, data []byte) error {
	h := v.Hash.New()
	h.Write(data)
	return rsa.VerifyPKCS1v15(&v.PublicKey, v.Hash, h.Sum(nil), sig)
}

func (s *SignerRSA) Sign(data []byte) ([]byte, error) {
	h := s.Hash.New()
	h.Write(data)
	return rsa.SignPKCS1v15(rand.Reader, &s.PrivateKey, s.Hash, h.Sum(nil))
}