hyung-hwan/hodu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hodu/jwt.go

125 lines
2.9 KiB
Go
Raw Normal View History

added code to export metrics
2025-01-28 00:44:02 +09:00
package hodu
import "crypto"
import "crypto/hmac"
import "crypto/rand"
import "crypto/rsa"
import "encoding/base64"
import "encoding/json"
import "fmt"
import "hash"
import "strings"
func Sign(data []byte, privkey *rsa.PrivateKey) ([]byte, error) {
var h hash.Hash
h = crypto.SHA512.New()
h.Write(data)
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
//fmt.Printf("%+v\n", h.Sum(nil))
added code to export metrics
2025-01-28 00:44:02 +09:00
return rsa.SignPKCS1v15(rand.Reader, privkey, crypto.SHA512, h.Sum(nil))
}
func Verify(data []byte, pubkey *rsa.PublicKey, sig []byte) error {
var h hash.Hash
h = crypto.SHA512.New()
h.Write(data)
return rsa.VerifyPKCS1v15(pubkey, crypto.SHA512, h.Sum(nil), sig)
}
func SignHS512(data []byte, key string) ([]byte, error) {
var h hash.Hash
h = hmac.New(crypto.SHA512.New, []byte(key))
h.Write(data)
return h.Sum(nil), nil
}
func VerifyHS512(data []byte, key string, sig []byte) error {
var h hash.Hash
h = crypto.SHA512.New()
h.Write(data)
if !hmac.Equal(h.Sum(nil), sig) { return fmt.Errorf("invalid signature") }
return nil
}
type JWT struct {
}
type JWTHeader struct {
Algo string `json:"alg"`
Type string `json:"typ"`
}
type JWTClaimMap map[string]interface{}
func (j *JWT) Sign(claims interface{}) (string, error) {
var h JWTHeader
var hb []byte
var cb []byte
var ss string
var sb []byte
var err error
h.Algo = "HS512"
h.Type = "JWT"
hb, err = json.Marshal(h)
if err != nil { return "", err }
cb, err = json.Marshal(claims)
if err != nil { return "", err }
ss = base64.RawURLEncoding.EncodeToString(hb) + "." + base64.RawURLEncoding.EncodeToString(cb)
sb, err = SignHS512([]byte(ss), "hello")
if err != nil { return "", err }
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
//fmt.Printf ("%+v %+v %s\n", string(hb), string(cb), (ss + "." + base64.RawURLEncoding.EncodeToString(sb)))
added code to export metrics
2025-01-28 00:44:02 +09:00
return ss + "." + base64.RawURLEncoding.EncodeToString(sb), nil
}
func (j *JWT) Verify(tok string) error {
var segs []string
var hb []byte
var cb []byte
var sb []byte
var jh JWTHeader
var jcm JWTClaimMap
var x string
var err error
segs = strings.Split(tok, ".")
if len(segs) != 3 { return fmt.Errorf("invalid token") }
hb, err = base64.RawURLEncoding.DecodeString(segs[0])
if err != nil { return fmt.Errorf("invalid header - %s", err.Error()) }
err = json.Unmarshal(hb, &jh)
if err != nil { return fmt.Errorf("invalid header - %s", err.Error()) }
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
//fmt.Printf ("DECODED HEADER [%+v]\n", jh)
added code to export metrics
2025-01-28 00:44:02 +09:00
cb, err = base64.RawURLEncoding.DecodeString(segs[1])
if err != nil { return fmt.Errorf("invalid claims - %s", err.Error()) }
err = json.Unmarshal(cb, &jcm)
if err != nil { return fmt.Errorf("invalid header - %s", err.Error()) }
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
//fmt.Printf ("DECODED CLAIMS [%+v]\n", jcm)
added code to export metrics
2025-01-28 00:44:02 +09:00
x, err = j.Sign(jcm)
if err != nil { return err }
if x != tok { return fmt.Errorf("signature mismatch") }
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
//fmt.Printf ("VERIFICATION OK...[%s] [%s]\n", x, tok)
added code to export metrics
2025-01-28 00:44:02 +09:00
// sb, err = base64.RawURLEncoding.DecodeString(segs[2])
// if err != nil { return fmt.Errorf("invalid signature - %s", err.Error()) }
added some code for control channel authentication
2025-01-28 23:50:28 +09:00
// TODO: check expiry and others...
added code to export metrics
2025-01-28 00:44:02 +09:00
_ = sb
return nil
}
Reference in New Issue Copy Permalink