blob: e4caf1ca4a1160aeca417e8a0c9413c6c3097c14 [file] [log] [blame]
khenaidooab1f7bd2019-11-14 14:00:27 -05001package jwt
2
3import (
4 "crypto"
5 "crypto/rand"
6 "crypto/rsa"
7)
8
9// Implements the RSA family of signing methods signing methods
10// Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
11type SigningMethodRSA struct {
12 Name string
13 Hash crypto.Hash
14}
15
16// Specific instances for RS256 and company
17var (
18 SigningMethodRS256 *SigningMethodRSA
19 SigningMethodRS384 *SigningMethodRSA
20 SigningMethodRS512 *SigningMethodRSA
21)
22
23func init() {
24 // RS256
25 SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
26 RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
27 return SigningMethodRS256
28 })
29
30 // RS384
31 SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
32 RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
33 return SigningMethodRS384
34 })
35
36 // RS512
37 SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
38 RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
39 return SigningMethodRS512
40 })
41}
42
43func (m *SigningMethodRSA) Alg() string {
44 return m.Name
45}
46
47// Implements the Verify method from SigningMethod
48// For this signing method, must be an *rsa.PublicKey structure.
49func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
50 var err error
51
52 // Decode the signature
53 var sig []byte
54 if sig, err = DecodeSegment(signature); err != nil {
55 return err
56 }
57
58 var rsaKey *rsa.PublicKey
59 var ok bool
60
61 if rsaKey, ok = key.(*rsa.PublicKey); !ok {
62 return ErrInvalidKeyType
63 }
64
65 // Create hasher
66 if !m.Hash.Available() {
67 return ErrHashUnavailable
68 }
69 hasher := m.Hash.New()
70 hasher.Write([]byte(signingString))
71
72 // Verify the signature
73 return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
74}
75
76// Implements the Sign method from SigningMethod
77// For this signing method, must be an *rsa.PrivateKey structure.
78func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
79 var rsaKey *rsa.PrivateKey
80 var ok bool
81
82 // Validate type of key
83 if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
84 return "", ErrInvalidKey
85 }
86
87 // Create the hasher
88 if !m.Hash.Available() {
89 return "", ErrHashUnavailable
90 }
91
92 hasher := m.Hash.New()
93 hasher.Write([]byte(signingString))
94
95 // Sign the string and return the encoded bytes
96 if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
97 return EncodeSegment(sigBytes), nil
98 } else {
99 return "", err
100 }
101}