Domů Procházet Nápověda
Přihlásit se
tzeneto
/
custom-kube-scheduler
Sledovat 1
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: 49c7532939
Větve Značky
custom-kube-...
/
kubernetes
/
vendor
/
gopkg.in
/
square
/
go-jose.v2
/
opaque.go

opaque.go 2.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. /*-
    2. 

  2.  * Copyright 2018 Square Inc.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.  * you may not use this file except in compliance with the License.
    6. 

  6.  * You may obtain a copy of the License at
    7. 

  7.  *
    8. 

  8.  *     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9.  *
    10. 

  10.  * Unless required by applicable law or agreed to in writing, software
    11. 

  11.  * distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.  * See the License for the specific language governing permissions and
    14. 

  14.  * limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. package jose
    18. 

  18. 

  19. // OpaqueSigner is an interface that supports signing payloads with opaque
    20. 

  20. // private key(s). Private key operations preformed by implementors may, for
    21. 

  21. // example, occur in a hardware module. An OpaqueSigner may rotate signing keys
    22. 

  22. // transparently to the user of this interface.
    23. 

  23. type OpaqueSigner interface {
    24. 

  24. 	// Public returns the public key of the current signing key.
    25. 

  25. 	Public() *JSONWebKey
    26. 

  26. 	// Algs returns a list of supported signing algorithms.
    27. 

  27. 	Algs() []SignatureAlgorithm
    28. 

  28. 	// SignPayload signs a payload with the current signing key using the given
    29. 

  29. 	// algorithm.
    30. 

  30. 	SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error)
    31. 

  31. }
    32. 

  32. 

  33. type opaqueSigner struct {
    34. 

  34. 	signer OpaqueSigner
    35. 

  35. }
    36. 

  36. 

  37. func newOpaqueSigner(alg SignatureAlgorithm, signer OpaqueSigner) (recipientSigInfo, error) {
    38. 

  38. 	var algSupported bool
    39. 

  39. 	for _, salg := range signer.Algs() {
    40. 

  40. 		if alg == salg {
    41. 

  41. 			algSupported = true
    42. 

  42. 			break
    43. 

  43. 		}
    44. 

  44. 	}
    45. 

  45. 	if !algSupported {
    46. 

  46. 		return recipientSigInfo{}, ErrUnsupportedAlgorithm
    47. 

  47. 	}
    48. 

  48. 

  49. 	return recipientSigInfo{
    50. 

  50. 		sigAlg:    alg,
    51. 

  51. 		publicKey: signer.Public,
    52. 

  52. 		signer: &opaqueSigner{
    53. 

  53. 			signer: signer,
    54. 

  54. 		},
    55. 

  55. 	}, nil
    56. 

  56. }
    57. 

  57. 

  58. func (o *opaqueSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
    59. 

  59. 	out, err := o.signer.SignPayload(payload, alg)
    60. 

  60. 	if err != nil {
    61. 

  61. 		return Signature{}, err
    62. 

  62. 	}
    63. 

  63. 

  64. 	return Signature{
    65. 

  65. 		Signature: out,
    66. 

  66. 		protected: &rawHeader{},
    67. 

  67. 	}, nil
    68. 

  68. }
    69. 

  69. 

  70. // OpaqueVerifier is an interface that supports verifying payloads with opaque
    71. 

  71. // public key(s). An OpaqueSigner may rotate signing keys transparently to the
    72. 

  72. // user of this interface.
    73. 

  73. type OpaqueVerifier interface {
    74. 

  74. 	VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
    75. 

  75. }
    76. 

  76. 

  77. type opaqueVerifier struct {
    78. 

  78. 	verifier OpaqueVerifier
    79. 

  79. }
    80. 

  80. 

  81. func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
    82. 

  82. 	return o.verifier.VerifyPayload(payload, signature, alg)
    83. 

  83. }
    84. 

  84.