-
Notifications
You must be signed in to change notification settings - Fork 9
/
kid.go
51 lines (44 loc) · 1.45 KB
/
kid.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package authentication
import (
"crypto/sha1"
"encoding/base64"
"errors"
"fmt"
"io"
"strings"
)
func CalcKid(modulus string) (string, error) {
canonicalInput := fmt.Sprintf(`{"e":"AQAB","kty":"RSA","n":"%s"}`, modulus)
sumer := sha1.New()
_, err := io.WriteString(sumer, canonicalInput)
if err != nil {
return "", fmt.Errorf("authentication.CalcKid: io.WriteString(sumer, canonicalInput) failed: %w", err)
}
sum := sumer.Sum(nil)
sumBase64 := base64.RawURLEncoding.EncodeToString(sum)
sumBase64NoTrailingEquals := strings.TrimSuffix(sumBase64, "=")
return sumBase64NoTrailingEquals, nil
}
// GetKID determines the value of the JWS Key ID
func GetKID(ctx ContextInterface, modulus []byte) (string, error) {
modulusBase64 := base64.RawURLEncoding.EncodeToString(modulus)
kid, err := CalcKid(modulusBase64)
if err != nil {
return "", fmt.Errorf("authentication.GetKID: CalcKid(modulusBase64) failed: %w", err)
}
nonOBDirectory, exists := ctx.Get("nonOBDirectoryTPP")
if !exists {
return "", errors.New("authentication.GetKID: unable get nonOBDirectory value from context")
}
nonOBDirectoryAsBool, ok := nonOBDirectory.(bool)
if !ok {
return "", errors.New("authentication.GetKID: unable to cast nonOBDirectory value to bool")
}
if nonOBDirectoryAsBool {
kid, err = ctx.GetString("signingKid")
if err != nil {
return "", fmt.Errorf("authentication.GetKID: unable to retrieve signingKid from context: %w", err)
}
}
return kid, nil
}