登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

powerpaas/machine

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
util.go 6.35 KB
一键复制 编辑 原始数据 按行查看 历史
Ben Firshman 提交于 2014-12-10 09:08 . Update libtrust
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
package libtrust



import (

	"bytes"

	"crypto"

	"crypto/elliptic"

	"crypto/x509"

	"encoding/base32"

	"encoding/base64"

	"encoding/binary"

	"encoding/pem"

	"errors"

	"fmt"

	"math/big"

	"strings"

)



// joseBase64UrlEncode encodes the given data using the standard base64 url

// encoding format but with all trailing '=' characters ommitted in accordance

// with the jose specification.

// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2

func joseBase64UrlEncode(b []byte) string {

	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")

}



// joseBase64UrlDecode decodes the given string using the standard base64 url

// decoder but first adds the appropriate number of trailing '=' characters in

// accordance with the jose specification.

// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2

func joseBase64UrlDecode(s string) ([]byte, error) {

	switch len(s) % 4 {

	case 0:

	case 2:

		s += "=="

	case 3:

		s += "="

	default:

		return nil, errors.New("illegal base64url string")

	}

	return base64.URLEncoding.DecodeString(s)

}



func keyIDEncode(b []byte) string {

	s := strings.TrimRight(base32.StdEncoding.EncodeToString(b), "=")

	var buf bytes.Buffer

	var i int

	for i = 0; i < len(s)/4-1; i++ {

		start := i * 4

		end := start + 4

		buf.WriteString(s[start:end] + ":")

	}

	buf.WriteString(s[i*4:])

	return buf.String()

}



func keyIDFromCryptoKey(pubKey PublicKey) string {

	// Generate and return a 'libtrust' fingerprint of the public key.

	// For an RSA key this should be:

	//   SHA256(DER encoded ASN1)

	// Then truncated to 240 bits and encoded into 12 base32 groups like so:

	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP

	derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())

	if err != nil {

		return ""

	}

	hasher := crypto.SHA256.New()

	hasher.Write(derBytes)

	return keyIDEncode(hasher.Sum(nil)[:30])

}



func stringFromMap(m map[string]interface{}, key string) (string, error) {

	val, ok := m[key]

	if !ok {

		return "", fmt.Errorf("%q value not specified", key)

	}



	str, ok := val.(string)

	if !ok {

		return "", fmt.Errorf("%q value must be a string", key)

	}

	delete(m, key)



	return str, nil

}



func parseECCoordinate(cB64Url string, curve elliptic.Curve) (*big.Int, error) {

	curveByteLen := (curve.Params().BitSize + 7) >> 3



	cBytes, err := joseBase64UrlDecode(cB64Url)

	if err != nil {

		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)

	}

	cByteLength := len(cBytes)

	if cByteLength != curveByteLen {

		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", cByteLength, curveByteLen)

	}

	return new(big.Int).SetBytes(cBytes), nil

}



func parseECPrivateParam(dB64Url string, curve elliptic.Curve) (*big.Int, error) {

	dBytes, err := joseBase64UrlDecode(dB64Url)

	if err != nil {

		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)

	}



	// The length of this octet string MUST be ceiling(log-base-2(n)/8)

	// octets (where n is the order of the curve). This is because the private

	// key d must be in the interval [1, n-1] so the bitlength of d should be

	// no larger than the bitlength of n-1. The easiest way to find the octet

	// length is to take bitlength(n-1), add 7 to force a carry, and shift this

	// bit sequence right by 3, which is essentially dividing by 8 and adding

	// 1 if there is any remainder. Thus, the private key value d should be

	// output to (bitlength(n-1)+7)>>3 octets.

	n := curve.Params().N

	octetLength := (new(big.Int).Sub(n, big.NewInt(1)).BitLen() + 7) >> 3

	dByteLength := len(dBytes)



	if dByteLength != octetLength {

		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", dByteLength, octetLength)

	}



	return new(big.Int).SetBytes(dBytes), nil

}



func parseRSAModulusParam(nB64Url string) (*big.Int, error) {

	nBytes, err := joseBase64UrlDecode(nB64Url)

	if err != nil {

		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)

	}



	return new(big.Int).SetBytes(nBytes), nil

}



func serializeRSAPublicExponentParam(e int) []byte {

	// We MUST use the minimum number of octets to represent E.

	// E is supposed to be 65537 for performance and security reasons

	// and is what golang's rsa package generates, but it might be

	// different if imported from some other generator.

	buf := make([]byte, 4)

	binary.BigEndian.PutUint32(buf, uint32(e))

	var i int

	for i = 0; i < 8; i++ {

		if buf[i] != 0 {

			break

		}

	}

	return buf[i:]

}



func parseRSAPublicExponentParam(eB64Url string) (int, error) {

	eBytes, err := joseBase64UrlDecode(eB64Url)

	if err != nil {

		return 0, fmt.Errorf("invalid base64 URL encoding: %s", err)

	}

	// Only the minimum number of bytes were used to represent E, but

	// binary.BigEndian.Uint32 expects at least 4 bytes, so we need

	// to add zero padding if necassary.

	byteLen := len(eBytes)

	buf := make([]byte, 4-byteLen, 4)

	eBytes = append(buf, eBytes...)



	return int(binary.BigEndian.Uint32(eBytes)), nil

}



func parseRSAPrivateKeyParamFromMap(m map[string]interface{}, key string) (*big.Int, error) {

	b64Url, err := stringFromMap(m, key)

	if err != nil {

		return nil, err

	}



	paramBytes, err := joseBase64UrlDecode(b64Url)

	if err != nil {

		return nil, fmt.Errorf("invaled base64 URL encoding: %s", err)

	}



	return new(big.Int).SetBytes(paramBytes), nil

}



func createPemBlock(name string, derBytes []byte, headers map[string]interface{}) (*pem.Block, error) {

	pemBlock := &pem.Block{Type: name, Bytes: derBytes, Headers: map[string]string{}}

	for k, v := range headers {

		switch val := v.(type) {

		case string:

			pemBlock.Headers[k] = val

		case []string:

			if k == "hosts" {

				pemBlock.Headers[k] = strings.Join(val, ",")

			} else {

				// Return error, non-encodable type

			}

		default:

			// Return error, non-encodable type

		}

	}



	return pemBlock, nil

}



func pubKeyFromPEMBlock(pemBlock *pem.Block) (PublicKey, error) {

	cryptoPublicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)

	if err != nil {

		return nil, fmt.Errorf("unable to decode Public Key PEM data: %s", err)

	}



	pubKey, err := FromCryptoPublicKey(cryptoPublicKey)

	if err != nil {

		return nil, err

	}



	addPEMHeadersToKey(pemBlock, pubKey)



	return pubKey, nil

}



func addPEMHeadersToKey(pemBlock *pem.Block, pubKey PublicKey) {

	for key, value := range pemBlock.Headers {

		var safeVal interface{}

		if key == "hosts" {

			safeVal = strings.Split(value, ",")

		} else {

			safeVal = value

		}

		pubKey.AddExtendedField(key, safeVal)

	}

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/powerpaas/machine.git
git@gitee.com:powerpaas/machine.git
powerpaas
machine
machine
v0.1.0-rc2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
Cb406eda 1850385 E526c682 1850385