summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/acme
diff options
context:
space:
mode:
authorDuco van Amstel <helcaraxan@gmail.com>2018-11-18 00:28:29 +0000
committerDuco van Amstel <helcaraxan@gmail.com>2018-11-18 01:10:15 +0000
commit692bb8faa7c4000953b0622a77126193f8fd0383 (patch)
treeb0966b9aa86eb8d02d423221bed21893959de4eb /vendor/golang.org/x/crypto/acme
parent455a0fc2394ea52955ed386663ded9a9dceab83f (diff)
downloadmatterbridge-msglm-692bb8faa7c4000953b0622a77126193f8fd0383.tar.gz
matterbridge-msglm-692bb8faa7c4000953b0622a77126193f8fd0383.tar.bz2
matterbridge-msglm-692bb8faa7c4000953b0622a77126193f8fd0383.zip
Upgrade logrus / testify to stable versions
Diffstat (limited to 'vendor/golang.org/x/crypto/acme')
-rw-r--r--vendor/golang.org/x/crypto/acme/acme.go4
-rw-r--r--vendor/golang.org/x/crypto/acme/jws.go29
2 files changed, 20 insertions, 13 deletions
diff --git a/vendor/golang.org/x/crypto/acme/acme.go b/vendor/golang.org/x/crypto/acme/acme.go
index 7df64764..c6fd9989 100644
--- a/vendor/golang.org/x/crypto/acme/acme.go
+++ b/vendor/golang.org/x/crypto/acme/acme.go
@@ -77,6 +77,10 @@ const (
type Client struct {
// Key is the account key used to register with a CA and sign requests.
// Key.Public() must return a *rsa.PublicKey or *ecdsa.PublicKey.
+ //
+ // The following algorithms are supported:
+ // RS256, ES256, ES384 and ES512.
+ // See RFC7518 for more details about the algorithms.
Key crypto.Signer
// HTTPClient optionally specifies an HTTP client to use
diff --git a/vendor/golang.org/x/crypto/acme/jws.go b/vendor/golang.org/x/crypto/acme/jws.go
index 6cbca25d..1093b503 100644
--- a/vendor/golang.org/x/crypto/acme/jws.go
+++ b/vendor/golang.org/x/crypto/acme/jws.go
@@ -25,7 +25,7 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, nonce string) ([]byt
if err != nil {
return nil, err
}
- alg, sha := jwsHasher(key)
+ alg, sha := jwsHasher(key.Public())
if alg == "" || !sha.Available() {
return nil, ErrUnsupportedKey
}
@@ -97,13 +97,16 @@ func jwkEncode(pub crypto.PublicKey) (string, error) {
}
// jwsSign signs the digest using the given key.
-// It returns ErrUnsupportedKey if the key type is unknown.
-// The hash is used only for RSA keys.
+// The hash is unused for ECDSA keys.
+//
+// Note: non-stdlib crypto.Signer implementations are expected to return
+// the signature in the format as specified in RFC7518.
+// See https://tools.ietf.org/html/rfc7518 for more details.
func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte, error) {
- switch key := key.(type) {
- case *rsa.PrivateKey:
- return key.Sign(rand.Reader, digest, hash)
- case *ecdsa.PrivateKey:
+ if key, ok := key.(*ecdsa.PrivateKey); ok {
+ // The key.Sign method of ecdsa returns ASN1-encoded signature.
+ // So, we use the package Sign function instead
+ // to get R and S values directly and format the result accordingly.
r, s, err := ecdsa.Sign(rand.Reader, key, digest)
if err != nil {
return nil, err
@@ -118,18 +121,18 @@ func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte, error)
copy(sig[size*2-len(sb):], sb)
return sig, nil
}
- return nil, ErrUnsupportedKey
+ return key.Sign(rand.Reader, digest, hash)
}
// jwsHasher indicates suitable JWS algorithm name and a hash function
// to use for signing a digest with the provided key.
// It returns ("", 0) if the key is not supported.
-func jwsHasher(key crypto.Signer) (string, crypto.Hash) {
- switch key := key.(type) {
- case *rsa.PrivateKey:
+func jwsHasher(pub crypto.PublicKey) (string, crypto.Hash) {
+ switch pub := pub.(type) {
+ case *rsa.PublicKey:
return "RS256", crypto.SHA256
- case *ecdsa.PrivateKey:
- switch key.Params().Name {
+ case *ecdsa.PublicKey:
+ switch pub.Params().Name {
case "P-256":
return "ES256", crypto.SHA256
case "P-384":