Upgrade to golang-jwt 3.2.2 (#16590)
* Upgrade to golang-jwt 3.2.2 Upgrade to the latest version of golang-jwt Signed-off-by: Andrew Thornton <art27@cantab.net> * Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2. Further given golang-jwt/jwts stated policy of only supporting supported go versions we should just raise our minimal version of go to 1.16 for 1.16 as by time of release 1.15 will be out of support. Signed-off-by: Andrew Thornton <art27@cantab.net> * update minimal go required Signed-off-by: Andrew Thornton <art27@cantab.net> * update config.yaml Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>tokarchuk/v1.17
parent
80b7889fee
commit
35735bbef9
@ -1,11 +0,0 @@ |
||||
language: go |
||||
|
||||
script: |
||||
- go vet ./... |
||||
- go test -v ./... |
||||
|
||||
go: |
||||
- 1.7 |
||||
- 1.8 |
||||
- 1.9 |
||||
- 1.10 |
@ -0,0 +1,81 @@ |
||||
package jwt |
||||
|
||||
import ( |
||||
"errors" |
||||
|
||||
"crypto/ed25519" |
||||
) |
||||
|
||||
var ( |
||||
ErrEd25519Verification = errors.New("ed25519: verification error") |
||||
) |
||||
|
||||
// Implements the EdDSA family
|
||||
// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
|
||||
type SigningMethodEd25519 struct{} |
||||
|
||||
// Specific instance for EdDSA
|
||||
var ( |
||||
SigningMethodEdDSA *SigningMethodEd25519 |
||||
) |
||||
|
||||
func init() { |
||||
SigningMethodEdDSA = &SigningMethodEd25519{} |
||||
RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod { |
||||
return SigningMethodEdDSA |
||||
}) |
||||
} |
||||
|
||||
func (m *SigningMethodEd25519) Alg() string { |
||||
return "EdDSA" |
||||
} |
||||
|
||||
// Implements the Verify method from SigningMethod
|
||||
// For this verify method, key must be an ed25519.PublicKey
|
||||
func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error { |
||||
var err error |
||||
var ed25519Key ed25519.PublicKey |
||||
var ok bool |
||||
|
||||
if ed25519Key, ok = key.(ed25519.PublicKey); !ok { |
||||
return ErrInvalidKeyType |
||||
} |
||||
|
||||
if len(ed25519Key) != ed25519.PublicKeySize { |
||||
return ErrInvalidKey |
||||
} |
||||
|
||||
// Decode the signature
|
||||
var sig []byte |
||||
if sig, err = DecodeSegment(signature); err != nil { |
||||
return err |
||||
} |
||||
|
||||
// Verify the signature
|
||||
if !ed25519.Verify(ed25519Key, []byte(signingString), sig) { |
||||
return ErrEd25519Verification |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
|
||||
// Implements the Sign method from SigningMethod
|
||||
// For this signing method, key must be an ed25519.PrivateKey
|
||||
func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) { |
||||
var ed25519Key ed25519.PrivateKey |
||||
var ok bool |
||||
|
||||
if ed25519Key, ok = key.(ed25519.PrivateKey); !ok { |
||||
return "", ErrInvalidKeyType |
||||
} |
||||
|
||||
// ed25519.Sign panics if private key not equal to ed25519.PrivateKeySize
|
||||
// this allows to avoid recover usage
|
||||
if len(ed25519Key) != ed25519.PrivateKeySize { |
||||
return "", ErrInvalidKey |
||||
} |
||||
|
||||
// Sign the string and return the encoded result
|
||||
sig := ed25519.Sign(ed25519Key, []byte(signingString)) |
||||
return EncodeSegment(sig), nil |
||||
} |
@ -0,0 +1,64 @@ |
||||
package jwt |
||||
|
||||
import ( |
||||
"crypto" |
||||
"crypto/ed25519" |
||||
"crypto/x509" |
||||
"encoding/pem" |
||||
"errors" |
||||
) |
||||
|
||||
var ( |
||||
ErrNotEdPrivateKey = errors.New("Key is not a valid Ed25519 private key") |
||||
ErrNotEdPublicKey = errors.New("Key is not a valid Ed25519 public key") |
||||
) |
||||
|
||||
// Parse PEM-encoded Edwards curve private key
|
||||
func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) { |
||||
var err error |
||||
|
||||
// Parse PEM block
|
||||
var block *pem.Block |
||||
if block, _ = pem.Decode(key); block == nil { |
||||
return nil, ErrKeyMustBePEMEncoded |
||||
} |
||||
|
||||
// Parse the key
|
||||
var parsedKey interface{} |
||||
if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { |
||||
return nil, err |
||||
} |
||||
|
||||
var pkey ed25519.PrivateKey |
||||
var ok bool |
||||
if pkey, ok = parsedKey.(ed25519.PrivateKey); !ok { |
||||
return nil, ErrNotEdPrivateKey |
||||
} |
||||
|
||||
return pkey, nil |
||||
} |
||||
|
||||
// Parse PEM-encoded Edwards curve public key
|
||||
func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) { |
||||
var err error |
||||
|
||||
// Parse PEM block
|
||||
var block *pem.Block |
||||
if block, _ = pem.Decode(key); block == nil { |
||||
return nil, ErrKeyMustBePEMEncoded |
||||
} |
||||
|
||||
// Parse the key
|
||||
var parsedKey interface{} |
||||
if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil { |
||||
return nil, err |
||||
} |
||||
|
||||
var pkey ed25519.PublicKey |
||||
var ok bool |
||||
if pkey, ok = parsedKey.(ed25519.PublicKey); !ok { |
||||
return nil, ErrNotEdPublicKey |
||||
} |
||||
|
||||
return pkey, nil |
||||
} |
Loading…
Reference in new issue