added tokenmanager

master v1.0.0
cheetah.cat 4 months ago
parent 4b4c7eefe6
commit 972e41e92d

@ -0,0 +1,89 @@
package client
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"time"
)
const tokenExpirationSeconds = 60
type TokenManager struct {
issuer string
privateKey string
}
func (t *TokenManager) CreateJwt() (string, error) {
if t.issuer == "" || t.privateKey == "" {
return "", errors.New("missing required field issuer or private key")
}
key, err := t.getRsaPrivateKey()
if err != nil {
return "", err
}
var header = struct {
Algorithm string `json:"alg"`
Type string `json:"typ"`
}{
"RS256",
"JWT",
}
var payload = struct {
Issuer string `json:"iss"`
Expiration int64 `json:"exp"`
}{
t.issuer,
time.Now().Unix() + tokenExpirationSeconds,
}
headerJson, _ := json.Marshal(&header)
payloadJson, _ := json.Marshal(&payload)
pkg := base64.RawURLEncoding.EncodeToString(headerJson) + "." + base64.RawURLEncoding.EncodeToString(payloadJson)
if signature, err := t.sign([]byte(pkg), key); err != nil {
return "", err
} else {
return pkg + "." + base64.RawURLEncoding.EncodeToString(signature), nil
}
}
func (t *TokenManager) sign(data []byte, privateKey *rsa.PrivateKey) ([]byte, error) {
h := sha256.New()
h.Write(data)
d := h.Sum(nil)
return rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, d)
}
func (t *TokenManager) getRsaPrivateKey() (*rsa.PrivateKey, error) {
block, _ := pem.Decode([]byte(t.privateKey))
if block == nil {
return nil, errors.New("invalid private key format")
}
switch block.Type {
case "PRIVATE KEY":
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return key.(*rsa.PrivateKey), nil
case "RSA PRIVATE KEY":
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return key, nil
default:
return nil, fmt.Errorf("unsupported key type %q", block.Type)
}
}
Loading…
Cancel
Save