예제 #1
0
파일: jws.go 프로젝트: nabeken/go-jwx
// VerifyWithJKU verifies the JWS message using a remote JWK
// file represented in the url.
func VerifyWithJKU(buf []byte, jwkurl string) ([]byte, error) {
	key, err := jwk.FetchHTTP(jwkurl)
	if err != nil {
		return nil, err
	}

	return VerifyWithJWK(buf, key)
}
예제 #2
0
func ExampleJWK() {
	set, err := jwk.FetchHTTP("https://foobar.domain/jwk.json")
	if err != nil {
		log.Printf("failed to parse JWK: %s", err)
		return
	}

	// If you KNOW you have exactly one key, you can just
	// use set.Keys[0]
	keys := set.LookupKeyID("mykey")
	if len(keys) == 0 {
		log.Printf("failed to lookup key: %s", err)
		return
	}

	key, err := keys[0].Materialize()
	if err != nil {
		log.Printf("failed to create public key: %s", err)
		return
	}

	// Use key for jws.Verify() or whatever
	_ = key
}
예제 #3
0
파일: jwx.go 프로젝트: lestrrat/go-jwx
func doJWK() int {
	c := JWKConfig{}
	flag.StringVar(&c.JWKLocation, "jwk", "", "JWK location, either a local file or a URL")
	flag.Parse()

	var key *jwk.Set
	if c.JWKLocation == "" {
		fmt.Printf("-jwk must be specified\n")
		return 1
	}

	if u, err := url.Parse(c.JWKLocation); err == nil && (u.Scheme == "http" || u.Scheme == "https") {
		var err error
		key, err = jwk.FetchHTTP(c.JWKLocation)
		if err != nil {
			log.Printf("Failed to fetch remote JWK: %s", err)
			return 0
		}
	} else {
		var err error
		key, err = jwk.FetchFile(c.JWKLocation)
		if err != nil {
			log.Printf("Failed to fetch remote JWK: %s", err)
			return 0
		}
	}

	keybuf, err := json.MarshalIndent(key, "", "  ")
	if err != nil {
		log.Printf("Failed to marshal JWK: %s", err)
		return 0
	}
	log.Printf("=== JWK ===")
	for _, l := range bytes.Split(keybuf, []byte{'\n'}) {
		log.Printf("%s", l)
	}

	// TODO make it flexible
	pubkey, err := (key.Keys[0]).(*jwk.RsaPublicKey).PublicKey()
	if err != nil {
		log.Printf("Failed to get public key from JWK: %s", err)
		return 0
	}

	var payload io.Reader
	if c.Payload == "" {
		payload = os.Stdin
	} else {
		f, err := os.Open(c.Payload)
		if err != nil {
			log.Printf("Failed to open file '%s': %s", c.Payload, err)
			return 1
		}
		payload = f
		defer f.Close()
	}

	buf, err := ioutil.ReadAll(payload)
	if err != nil {
		log.Printf("Failed to read payload: %s", err)
		return 0
	}

	message, err := jws.Parse(buf)
	if err != nil {
		log.Printf("Failed to parse JWS: %s", err)
		return 0
	}

	log.Printf("=== Payload ===")
	// See if this is JSON. if it is, display it nicely
	m := map[string]interface{}{}
	if err := json.Unmarshal(message.Payload, &m); err == nil {
		payloadbuf, err := json.MarshalIndent(m, "", "  ")
		if err != nil {
			log.Printf("Failed to marshal payload: %s", err)
			return 0
		}
		for _, l := range bytes.Split(payloadbuf, []byte{'\n'}) {
			log.Printf("%s", l)
		}
	} else {
		log.Printf("%s", message.Payload)
	}

	for i, sig := range message.Signatures {
		log.Printf("=== Signature %d ===", i)
		sigbuf, err := json.MarshalIndent(sig, "", "  ")
		if err != nil {
			log.Printf("ERROR: Failed to marshal signature %d as JSON: %s", i, err)
			return 0
		}
		for _, l := range bytes.Split(sigbuf, []byte{'\n'}) {
			log.Printf("%s", l)
		}

		v, err := jws.NewRsaVerify(sig.ProtectedHeader.Algorithm, pubkey)
		if err != nil {
			log.Printf("ERROR: Failed to create verifier: %s", err)
			continue
		}
		if err := v.Verify(message); err == nil {
			log.Printf("=== Verified with signature %d! ===", i)
		}
	}

	return 1
}