feat: update parse_ecdsa_private_key
This commit is contained in:
@@ -10,6 +10,7 @@ use rust_util::XResult;
|
||||
use serde_json::Value;
|
||||
use std::collections::BTreeMap;
|
||||
use yubikey::piv::{sign_data, AlgorithmId};
|
||||
use crate::cmd_sign_jwt_soft::parse_ecdsa_private_key;
|
||||
|
||||
pub struct CommandImpl;
|
||||
|
||||
@@ -70,14 +71,14 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
|
||||
// FIXME Check Yubikey slot algorithm
|
||||
let jwt_algorithm = get_jwt_algorithm(&key, alg)?;
|
||||
|
||||
let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
|
||||
|
||||
if let Some(pin) = pin_opt {
|
||||
opt_result!(
|
||||
yk.verify_pin(pin.as_bytes()),
|
||||
"YubiKey verify pin failed: {}"
|
||||
);
|
||||
}
|
||||
|
||||
let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
|
||||
let signed_data = opt_result!(
|
||||
sign_data(&mut yk, &raw_in, key.algorithm, key.slot),
|
||||
"Sign YubiKey failed: {}"
|
||||
@@ -86,24 +87,14 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
|
||||
}
|
||||
KeyUri::YubikeyHmacEncSoftKey(key) => {
|
||||
let private_key = hmacutil::try_hmac_decrypt_to_string(&key.hmac_enc_private_key)?;
|
||||
|
||||
let p256_private_key_d = ecdsautil::parse_p256_private_key(&private_key).ok();
|
||||
let p384_private_key_d = ecdsautil::parse_p384_private_key(&private_key).ok();
|
||||
|
||||
let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
|
||||
(Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
|
||||
(None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
|
||||
_ => return simple_error!("Invalid private key: {}", private_key),
|
||||
};
|
||||
let (jwt_algorithm, private_key_d) = parse_ecdsa_private_key(&private_key)?;
|
||||
|
||||
let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
|
||||
|
||||
let signed_data = match jwt_algorithm {
|
||||
AlgorithmType::Es256 => ecdsautil::sign_p256_der(&private_key_d, &raw_in)?,
|
||||
AlgorithmType::Es384 => ecdsautil::sign_p384_der(&private_key_d, &raw_in)?,
|
||||
_ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
|
||||
};
|
||||
|
||||
Ok(signed_data)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,14 +65,7 @@ fn sign_jwt(
|
||||
payload: &Option<String>,
|
||||
claims: &Map<String, Value>,
|
||||
) -> XResult<String> {
|
||||
let p256_private_key_d = ecdsautil::parse_p256_private_key(private_key).ok();
|
||||
let p384_private_key_d = ecdsautil::parse_p384_private_key(private_key).ok();
|
||||
|
||||
let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
|
||||
(Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
|
||||
(None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
|
||||
_ => return simple_error!("Invalid private key: {}", private_key),
|
||||
};
|
||||
let (jwt_algorithm, private_key_d) = parse_ecdsa_private_key(private_key)?;
|
||||
|
||||
header.algorithm = jwt_algorithm;
|
||||
debugging!("Header: {:?}", header);
|
||||
@@ -94,3 +87,15 @@ fn sign_jwt(
|
||||
|
||||
Ok([&*header, &*claims, &signature].join(SEPARATOR))
|
||||
}
|
||||
|
||||
pub fn parse_ecdsa_private_key(private_key: &str) -> XResult<(AlgorithmType, Vec<u8>)> {
|
||||
let p256_private_key_d = ecdsautil::parse_p256_private_key(private_key).ok();
|
||||
let p384_private_key_d = ecdsautil::parse_p384_private_key(private_key).ok();
|
||||
|
||||
let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
|
||||
(Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
|
||||
(None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
|
||||
_ => return simple_error!("Invalid private key: {}", private_key),
|
||||
};
|
||||
Ok((jwt_algorithm, private_key_d))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user