iris/middleware/jwt/util.go

package jwt

import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"errors"
)

// ErrNotPEM is a panic error of the MustParseXXX functions when the data are not PEM-encoded.
var ErrNotPEM = errors.New("key must be PEM encoded")

// MustParseRSAPrivateKey encodes a PEM-encoded PKCS1 or PKCS8 private key protected with a password.
func MustParseRSAPrivateKey(key, password []byte) *rsa.PrivateKey {
	block, _ := pem.Decode(key)
	if block == nil {
		panic(ErrNotPEM)
	}

	var (
		parsedKey interface{}
		err       error
	)

	var blockDecrypted []byte
	if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {
		panic(err)
	}

	if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {
		if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {
			panic(err)
		}
	}

	privateKey, ok := parsedKey.(*rsa.PrivateKey)
	if !ok {
		panic("key is not of type *rsa.PrivateKey")
	}

	return privateKey
}

// MustParseRSAPublicKey encodes a PEM encoded PKCS1 or PKCS8 public key.
func MustParseRSAPublicKey(key []byte) *rsa.PublicKey {
	var err error

	// Parse PEM block
	var block *pem.Block
	if block, _ = pem.Decode(key); block == nil {
		panic(ErrNotPEM)
	}

	// Parse the key
	var parsedKey interface{}
	if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
		if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
			parsedKey = cert.PublicKey
		} else {
			panic(err)
		}
	}

	var pkey *rsa.PublicKey
	var ok bool
	if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {
		panic("key is not of type *rsa.PublicKey")
	}

	return pkey
}

/*
// MustParseEd25519 PEM encoded Ed25519.
func MustParseEd25519(key []byte) ed25519.PrivateKey {
	// Parse PEM block
	block, _ := pem.Decode(key)
	if block == nil {
		panic(ErrNotPEM)
	}

	type ed25519PrivKey struct {
		Version          int
		ObjectIdentifier struct {
			ObjectIdentifier asn1.ObjectIdentifier
		}
		PrivateKey []byte
	}

	var asn1PrivKey ed25519PrivKey
	if _, err := asn1.Unmarshal(block.Bytes, &asn1PrivKey); err != nil {
		panic(err)
	}

	privateKey := ed25519.NewKeyFromSeed(asn1PrivKey.PrivateKey[2:])
	return privateKey
}
*/
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc 2020-05-27 11:02:17 +02:00			`package jwt`

			`import (`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
			`"errors"`
			`)`

			`// ErrNotPEM is a panic error of the MustParseXXX functions when the data are not PEM-encoded.`
			`var ErrNotPEM = errors.New("key must be PEM encoded")`

			`// MustParseRSAPrivateKey encodes a PEM-encoded PKCS1 or PKCS8 private key protected with a password.`
			`func MustParseRSAPrivateKey(key, password []byte) *rsa.PrivateKey {`
			`block, _ := pem.Decode(key)`
			`if block == nil {`
			`panic(ErrNotPEM)`
			`}`

			`var (`
			`parsedKey interface{}`
			`err error`
			`)`

			`var blockDecrypted []byte`
			`if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {`
			`panic(err)`
			`}`

			`if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {`
			`if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {`
			`panic(err)`
			`}`
			`}`

			`privateKey, ok := parsedKey.(*rsa.PrivateKey)`
			`if !ok {`
			`panic("key is not of type *rsa.PrivateKey")`
			`}`

			`return privateKey`
			`}`

			`// MustParseRSAPublicKey encodes a PEM encoded PKCS1 or PKCS8 public key.`
			`func MustParseRSAPublicKey(key []byte) *rsa.PublicKey {`
			`var err error`

			`// Parse PEM block`
			`var block *pem.Block`
			`if block, _ = pem.Decode(key); block == nil {`
			`panic(ErrNotPEM)`
			`}`

			`// Parse the key`
			`var parsedKey interface{}`
			`if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {`
			`if cert, err := x509.ParseCertificate(block.Bytes); err == nil {`
			`parsedKey = cert.PublicKey`
			`} else {`
			`panic(err)`
			`}`
			`}`

			`var pkey *rsa.PublicKey`
			`var ok bool`
			`if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {`
			`panic("key is not of type *rsa.PublicKey")`
			`}`

			`return pkey`
			`}`

			`/*`
			`// MustParseEd25519 PEM encoded Ed25519.`
			`func MustParseEd25519(key []byte) ed25519.PrivateKey {`
			`// Parse PEM block`
			`block, _ := pem.Decode(key)`
			`if block == nil {`
			`panic(ErrNotPEM)`
			`}`

			`type ed25519PrivKey struct {`
			`Version int`
			`ObjectIdentifier struct {`
			`ObjectIdentifier asn1.ObjectIdentifier`
			`}`
			`PrivateKey []byte`
			`}`

			`var asn1PrivKey ed25519PrivKey`
			`if _, err := asn1.Unmarshal(block.Bytes, &asn1PrivKey); err != nil {`
			`panic(err)`
			`}`

			`privateKey := ed25519.NewKeyFromSeed(asn1PrivKey.PrivateKey[2:])`
			`return privateKey`
			`}`
			`*/`