From e6409174b65b4382b3a41464980a7f879fa11615 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 29 Mar 2025 16:38:26 +0800 Subject: [PATCH] feat: v1.11.13 --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/cmd_sign_jwt.rs | 20 ++++++++++++-------- src/cmd_sign_jwt_soft.rs | 13 +++---------- 4 files changed, 17 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 03319e6..37557db 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -508,7 +508,7 @@ dependencies = [ [[package]] name = "card-cli" -version = "1.11.12" +version = "1.11.13" dependencies = [ "aes-gcm-stream", "authenticator 0.3.1", diff --git a/Cargo.toml b/Cargo.toml index d24da85..6bd4f8d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "card-cli" -version = "1.11.12" +version = "1.11.13" authors = ["Hatter Jiang "] edition = "2018" diff --git a/src/cmd_sign_jwt.rs b/src/cmd_sign_jwt.rs index be0083a..962b7f1 100644 --- a/src/cmd_sign_jwt.rs +++ b/src/cmd_sign_jwt.rs @@ -109,14 +109,7 @@ fn sign_jwt( let claims = merge_payload_claims(payload, claims)?; let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); - let raw_in = match jwt_algorithm { - AlgorithmType::Rs256 => { - rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(&tobe_signed)) - } - AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed), - AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed), - _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm), - }; + let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &tobe_signed)?; let signed_data = opt_result!( sign_data(yk, &raw_in, yk_algorithm, slot_id), @@ -133,6 +126,17 @@ fn sign_jwt( Ok([&*header, &*claims, &signature].join(SEPARATOR)) } +pub fn digest_by_jwt_algorithm(jwt_algorithm: AlgorithmType, tobe_signed: &[u8]) -> XResult> { + Ok(match jwt_algorithm { + AlgorithmType::Rs256 => { + rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(tobe_signed)) + } + AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed), + AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed), + _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm), + }) +} + pub fn merge_header_claims(header: &[u8], claims: &[u8]) -> Vec { let mut tobe_signed = vec![]; tobe_signed.extend_from_slice(header); diff --git a/src/cmd_sign_jwt_soft.rs b/src/cmd_sign_jwt_soft.rs index 7440844..afc5382 100644 --- a/src/cmd_sign_jwt_soft.rs +++ b/src/cmd_sign_jwt_soft.rs @@ -4,9 +4,9 @@ use rust_util::util_clap::{Command, CommandError}; use rust_util::XResult; use serde_json::{Map, Value}; -use crate::cmd_sign_jwt::{build_jwt_parts, merge_header_claims, merge_payload_claims, print_jwt_token}; +use crate::cmd_sign_jwt::{build_jwt_parts, digest_by_jwt_algorithm, merge_header_claims, merge_payload_claims, print_jwt_token}; use crate::keychain::{KeychainKey, KeychainKeyValue}; -use crate::{cmd_sign_jwt, cmdutil, digestutil, ecdsautil, hmacutil, keychain, rsautil, util}; +use crate::{cmd_sign_jwt, cmdutil, ecdsautil, hmacutil, keychain, util}; const SEPARATOR: &str = "."; @@ -82,14 +82,7 @@ fn sign_jwt( let claims = merge_payload_claims(payload, claims)?; let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); - let raw_in = match jwt_algorithm { - AlgorithmType::Rs256 => { - rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(&tobe_signed)) - } - AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed), - AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed), - _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm), - }; + let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &tobe_signed)?; let signed_data = match jwt_algorithm { AlgorithmType::Es256 => ecdsautil::sign_p256_rs(&private_key_d, &raw_in)?,