hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.11.13

Browse Source
This commit is contained in:
Hatter Jiang
2025-03-29 16:38:26 +08:00
parent bb02c7c823
commit e6409174b6
4 changed files with 17 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -508,7 +508,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.11.12" version = "1.11.13"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.11.12" version = "1.11.13"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

20
src/cmd_sign_jwt.rs
View File

@@ -109,14 +109,7 @@ fn sign_jwt(
let claims = merge_payload_claims(payload, claims)?; let claims = merge_payload_claims(payload, claims)?;
let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes());
let raw_in = match jwt_algorithm { let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &tobe_signed)?;
AlgorithmType::Rs256 => {
rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(&tobe_signed))
}
AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed),
AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed),
_ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
};
let signed_data = opt_result!( let signed_data = opt_result!(
sign_data(yk, &raw_in, yk_algorithm, slot_id), sign_data(yk, &raw_in, yk_algorithm, slot_id),
@@ -133,6 +126,17 @@ fn sign_jwt(
Ok([&*header, &*claims, &signature].join(SEPARATOR)) Ok([&*header, &*claims, &signature].join(SEPARATOR))
} }
pub fn digest_by_jwt_algorithm(jwt_algorithm: AlgorithmType, tobe_signed: &[u8]) -> XResult<Vec<u8>> {
Ok(match jwt_algorithm {
AlgorithmType::Rs256 => {
rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(tobe_signed))
}
AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed),
AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed),
_ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
})
}
pub fn merge_header_claims(header: &[u8], claims: &[u8]) -> Vec<u8> { pub fn merge_header_claims(header: &[u8], claims: &[u8]) -> Vec<u8> {
let mut tobe_signed = vec![]; let mut tobe_signed = vec![];
tobe_signed.extend_from_slice(header); tobe_signed.extend_from_slice(header);

13
src/cmd_sign_jwt_soft.rs
View File

@@ -4,9 +4,9 @@ use rust_util::util_clap::{Command, CommandError};
use rust_util::XResult; use rust_util::XResult;
use serde_json::{Map, Value}; use serde_json::{Map, Value};
use crate::cmd_sign_jwt::{build_jwt_parts, merge_header_claims, merge_payload_claims, print_jwt_token}; use crate::cmd_sign_jwt::{build_jwt_parts, digest_by_jwt_algorithm, merge_header_claims, merge_payload_claims, print_jwt_token};
use crate::keychain::{KeychainKey, KeychainKeyValue}; use crate::keychain::{KeychainKey, KeychainKeyValue};
use crate::{cmd_sign_jwt, cmdutil, digestutil, ecdsautil, hmacutil, keychain, rsautil, util}; use crate::{cmd_sign_jwt, cmdutil, ecdsautil, hmacutil, keychain, util};
const SEPARATOR: &str = "."; const SEPARATOR: &str = ".";
@@ -82,14 +82,7 @@ fn sign_jwt(
let claims = merge_payload_claims(payload, claims)?; let claims = merge_payload_claims(payload, claims)?;
let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes());
let raw_in = match jwt_algorithm { let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &tobe_signed)?;
AlgorithmType::Rs256 => {
rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&digestutil::sha256_bytes(&tobe_signed))
}
AlgorithmType::Es256 => digestutil::sha256_bytes(&tobe_signed),
AlgorithmType::Es384 => digestutil::sha384_bytes(&tobe_signed),
_ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
};
let signed_data = match jwt_algorithm { let signed_data = match jwt_algorithm {
AlgorithmType::Es256 => ecdsautil::sign_p256_rs(&private_key_d, &raw_in)?, AlgorithmType::Es256 => ecdsautil::sign_p256_rs(&private_key_d, &raw_in)?,