1package jwt 2 3import ( 4 "crypto" 5 "crypto/rand" 6 "crypto/rsa" 7) 8 9// SigningMethodRSA implements the RSA family of signing methods. 10// Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation 11type SigningMethodRSA struct { 12 Name string 13 Hash crypto.Hash 14} 15 16// Specific instances for RS256 and company 17var ( 18 SigningMethodRS256 *SigningMethodRSA 19 SigningMethodRS384 *SigningMethodRSA 20 SigningMethodRS512 *SigningMethodRSA 21) 22 23func init() { 24 // RS256 25 SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256} 26 RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod { 27 return SigningMethodRS256 28 }) 29 30 // RS384 31 SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384} 32 RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod { 33 return SigningMethodRS384 34 }) 35 36 // RS512 37 SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512} 38 RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod { 39 return SigningMethodRS512 40 }) 41} 42 43func (m *SigningMethodRSA) Alg() string { 44 return m.Name 45} 46 47// Verify implements token verification for the SigningMethod 48// For this signing method, must be an *rsa.PublicKey structure. 49func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error { 50 var err error 51 52 // Decode the signature 53 var sig []byte 54 if sig, err = DecodeSegment(signature); err != nil { 55 return err 56 } 57 58 var rsaKey *rsa.PublicKey 59 var ok bool 60 61 if rsaKey, ok = key.(*rsa.PublicKey); !ok { 62 return ErrInvalidKeyType 63 } 64 65 // Create hasher 66 if !m.Hash.Available() { 67 return ErrHashUnavailable 68 } 69 hasher := m.Hash.New() 70 hasher.Write([]byte(signingString)) 71 72 // Verify the signature 73 return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig) 74} 75 76// Sign implements token signing for the SigningMethod 77// For this signing method, must be an *rsa.PrivateKey structure. 78func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) { 79 var rsaKey *rsa.PrivateKey 80 var ok bool 81 82 // Validate type of key 83 if rsaKey, ok = key.(*rsa.PrivateKey); !ok { 84 return "", ErrInvalidKey 85 } 86 87 // Create the hasher 88 if !m.Hash.Available() { 89 return "", ErrHashUnavailable 90 } 91 92 hasher := m.Hash.New() 93 hasher.Write([]byte(signingString)) 94 95 // Sign the string and return the encoded bytes 96 if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil { 97 return EncodeSegment(sigBytes), nil 98 } else { 99 return "", err 100 } 101} 102