-
Notifications
You must be signed in to change notification settings - Fork 2
/
parsec_engine.go
105 lines (85 loc) · 2.05 KB
/
parsec_engine.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package parsec
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"encoding/asn1"
"github.com/michaelquigley/pfxlog"
"github.com/openziti/identity/engines"
"github.com/parallaxsecond/parsec-client-go/parsec"
"github.com/parallaxsecond/parsec-client-go/parsec/algorithm"
"io"
"math/big"
"net/url"
"sync"
)
const EngineId = "parsec"
var parsecEngine = &engine{}
var log = pfxlog.ContextLogger("parsec")
func init() {
engines.RegisterEngine(parsecEngine)
}
type engine struct {
client *parsec.BasicClient
initer sync.Once
}
type parsecKey struct {
name string
pub crypto.PublicKey
}
func (e *engine) Id() string {
return EngineId
}
func (e *engine) LoadKey(key *url.URL) (crypto.PrivateKey, error) {
log.Infof("loadig key: %v", key)
keyName := key.Opaque
bc := e.getClient()
pubBytes, err := bc.PsaExportPublicKey(keyName)
if err != nil {
return nil, err
}
x, y := elliptic.Unmarshal(elliptic.P256(), pubBytes)
pub := &ecdsa.PublicKey{
Curve: elliptic.P256(),
X: x,
Y: y,
}
return &parsecKey{
name: keyName,
pub: pub,
}, nil
}
func (e *engine) getClient() *parsec.BasicClient {
e.initer.Do(func() {
log.Infof("initializing client")
config := parsec.NewClientConfig()
config.Authenticator(parsec.NewUnixPeerAuthenticator())
bc, err := parsec.CreateConfiguredClient(config)
if err != nil {
log.Fatal(err)
}
e.client = bc
})
return e.client
}
func (pk *parsecKey) Public() crypto.PublicKey {
return pk.pub
}
func (pk *parsecKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
log.Infof("key[%s] signing %d bytes", pk.name, len(digest))
bc := parsecEngine.getClient()
algo := algorithm.NewAsymmetricSignature().Ecdsa(algorithm.HashAlgorithmTypeSHA256).GetAsymmetricSignature()
sigBytes, err := bc.PsaSignHash(pk.name, digest, algo)
if err != nil {
return nil, err
}
var sig struct {
R, S *big.Int
}
n := len(sigBytes) / 2
sig.R = new(big.Int)
sig.R.SetBytes(sigBytes[:n])
sig.S = new(big.Int)
sig.S.SetBytes(sigBytes[n:])
return asn1.Marshal(sig)
}