| package libtrust |
| |
| import ( |
| "crypto" |
| _ "crypto/sha256" // Registrer SHA224 and SHA256 |
| _ "crypto/sha512" // Registrer SHA384 and SHA512 |
| "fmt" |
| ) |
| |
| type signatureAlgorithm struct { |
| algHeaderParam string |
| hashID crypto.Hash |
| } |
| |
| func (h *signatureAlgorithm) HeaderParam() string { |
| return h.algHeaderParam |
| } |
| |
| func (h *signatureAlgorithm) HashID() crypto.Hash { |
| return h.hashID |
| } |
| |
| var ( |
| rs256 = &signatureAlgorithm{"RS256", crypto.SHA256} |
| rs384 = &signatureAlgorithm{"RS384", crypto.SHA384} |
| rs512 = &signatureAlgorithm{"RS512", crypto.SHA512} |
| es256 = &signatureAlgorithm{"ES256", crypto.SHA256} |
| es384 = &signatureAlgorithm{"ES384", crypto.SHA384} |
| es512 = &signatureAlgorithm{"ES512", crypto.SHA512} |
| ) |
| |
| func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) { |
| switch { |
| case alg == "RS256": |
| return rs256, nil |
| case alg == "RS384": |
| return rs384, nil |
| case alg == "RS512": |
| return rs512, nil |
| default: |
| return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg) |
| } |
| } |
| |
| func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm { |
| switch { |
| case hashID == crypto.SHA512: |
| return rs512 |
| case hashID == crypto.SHA384: |
| return rs384 |
| case hashID == crypto.SHA256: |
| fallthrough |
| default: |
| return rs256 |
| } |
| } |