-
Notifications
You must be signed in to change notification settings - Fork 7
/
sign.go
42 lines (35 loc) · 1.18 KB
/
sign.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// Copyright (c) 2018 Timo Savola. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package authorization
import (
"encoding/base64"
"encoding/json"
"github.com/tsavola/gate/webapi"
"golang.org/x/crypto/ed25519"
)
// BearerEd25519 creates a signed JWT token (JWS). TokenHeader must have been
// encoded beforehand.
func BearerEd25519(privateKey ed25519.PrivateKey, encodedTokenHeader []byte, claims *webapi.Claims) (string, error) {
claimsJSON, err := json.Marshal(claims)
if err != nil {
return "", err
}
const authType = webapi.AuthorizationTypeBearer
var enc = base64.RawURLEncoding
var sigLen = enc.EncodedLen(ed25519.SignatureSize)
var claimsLen = enc.EncodedLen(len(claimsJSON))
b := make([]byte, 0, len(authType)+1+len(encodedTokenHeader)+1+claimsLen+1+sigLen)
b = append(b, (authType + " ")...)
b = append(b, encodedTokenHeader...)
b = append(b, '.')
claimsOff := len(b)
b = b[:claimsOff+claimsLen]
enc.Encode(b[claimsOff:], claimsJSON)
sig := ed25519.Sign(privateKey, b[len(authType)+1:])
b = append(b, '.')
sigOff := len(b)
b = b[:cap(b)]
enc.Encode(b[sigOff:], sig)
return string(b), nil
}