summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/acme/jws.go
diff options
context:
space:
mode:
authorWim <wim@42.be>2021-05-30 00:25:30 +0200
committerGitHub <noreply@github.com>2021-05-30 00:25:30 +0200
commit4091b6f6b4fe01876f8720332675f9c69be39541 (patch)
tree07a1f2b2eeba6fb680b5edc19d2d38ec81243c0a /vendor/golang.org/x/crypto/acme/jws.go
parent766f35554e16ee5462370be714ef29b71745d478 (diff)
downloadmatterbridge-msglm-4091b6f6b4fe01876f8720332675f9c69be39541.tar.gz
matterbridge-msglm-4091b6f6b4fe01876f8720332675f9c69be39541.tar.bz2
matterbridge-msglm-4091b6f6b4fe01876f8720332675f9c69be39541.zip
Update vendor (#1498)
Diffstat (limited to 'vendor/golang.org/x/crypto/acme/jws.go')
-rw-r--r--vendor/golang.org/x/crypto/acme/jws.go54
1 files changed, 48 insertions, 6 deletions
diff --git a/vendor/golang.org/x/crypto/acme/jws.go b/vendor/golang.org/x/crypto/acme/jws.go
index 76e3fdac..8c3eccec 100644
--- a/vendor/golang.org/x/crypto/acme/jws.go
+++ b/vendor/golang.org/x/crypto/acme/jws.go
@@ -7,6 +7,7 @@ package acme
import (
"crypto"
"crypto/ecdsa"
+ "crypto/hmac"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
@@ -14,6 +15,7 @@ import (
"encoding/asn1"
"encoding/base64"
"encoding/json"
+ "errors"
"fmt"
"math/big"
)
@@ -31,6 +33,14 @@ const noKeyID = keyID("")
// See https://tools.ietf.org/html/rfc8555#section-6.3 for more details.
const noPayload = ""
+// jsonWebSignature can be easily serialized into a JWS following
+// https://tools.ietf.org/html/rfc7515#section-3.2.
+type jsonWebSignature struct {
+ Protected string `json:"protected"`
+ Payload string `json:"payload"`
+ Sig string `json:"signature"`
+}
+
// jwsEncodeJSON signs claimset using provided key and a nonce.
// The result is serialized in JSON format containing either kid or jwk
// fields based on the provided keyID value.
@@ -71,12 +81,7 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, ur
if err != nil {
return nil, err
}
-
- enc := struct {
- Protected string `json:"protected"`
- Payload string `json:"payload"`
- Sig string `json:"signature"`
- }{
+ enc := jsonWebSignature{
Protected: phead,
Payload: payload,
Sig: base64.RawURLEncoding.EncodeToString(sig),
@@ -84,6 +89,43 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, ur
return json.Marshal(&enc)
}
+// jwsWithMAC creates and signs a JWS using the given key and the HS256
+// algorithm. kid and url are included in the protected header. rawPayload
+// should not be base64-URL-encoded.
+func jwsWithMAC(key []byte, kid, url string, rawPayload []byte) (*jsonWebSignature, error) {
+ if len(key) == 0 {
+ return nil, errors.New("acme: cannot sign JWS with an empty MAC key")
+ }
+ header := struct {
+ Algorithm string `json:"alg"`
+ KID string `json:"kid"`
+ URL string `json:"url,omitempty"`
+ }{
+ // Only HMAC-SHA256 is supported.
+ Algorithm: "HS256",
+ KID: kid,
+ URL: url,
+ }
+ rawProtected, err := json.Marshal(header)
+ if err != nil {
+ return nil, err
+ }
+ protected := base64.RawURLEncoding.EncodeToString(rawProtected)
+ payload := base64.RawURLEncoding.EncodeToString(rawPayload)
+
+ h := hmac.New(sha256.New, key)
+ if _, err := h.Write([]byte(protected + "." + payload)); err != nil {
+ return nil, err
+ }
+ mac := h.Sum(nil)
+
+ return &jsonWebSignature{
+ Protected: protected,
+ Payload: payload,
+ Sig: base64.RawURLEncoding.EncodeToString(mac),
+ }, nil
+}
+
// jwkEncode encodes public part of an RSA or ECDSA key into a JWK.
// The result is also suitable for creating a JWK thumbprint.
// https://tools.ietf.org/html/rfc7517