blob: 5a8efbf3b03967425ea86cdd6f53061e733b191f [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package server
import (
"crypto/ecdsa"
"crypto/x509"
"encoding/base64"
"fmt"
"math/big"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"v.io/v23/security"
"v.io/x/ref/services/identity/internal/signer/v1"
)
func DecodePublicKey(k *signer.PublicKey) (*ecdsa.PublicKey, error) {
bytes, err := base64.URLEncoding.DecodeString(k.Base64)
if err != nil {
return nil, err
}
key, err := x509.ParsePKIXPublicKey(bytes)
if err != nil {
return nil, err
}
pub, ok := key.(*ecdsa.PublicKey)
if !ok {
return nil, fmt.Errorf("Not an ECDSA public key")
}
return pub, nil
}
func DecodeSignature(sig *signer.VSignature) (r, s *big.Int, err error) {
r, s = new(big.Int), new(big.Int)
if _, ok := r.SetString(sig.R, 0); !ok {
return nil, nil, fmt.Errorf("unable to parse big.Int %s", sig.R)
}
if _, ok := s.SetString(sig.S, 0); !ok {
return nil, nil, fmt.Errorf("unable to parse big.Int %s", sig.S)
}
return
}
func NewRestSigner() (security.Signer, error) {
client, err := signer.New(oauth2.NewClient(oauth2.NoContext, google.ComputeTokenSource("")))
if err != nil {
return nil, err
}
jkey, err := client.PublicKey().Do()
if err != nil {
return nil, err
}
key, err := DecodePublicKey(jkey)
if err != nil {
return nil, err
}
sign := func(message []byte) (r, s *big.Int, err error) {
msgBase64 := base64.URLEncoding.EncodeToString(message)
jsig, err := client.Sign(msgBase64).Do()
if err != nil {
return nil, nil, err
}
return DecodeSignature(jsig)
}
return security.NewECDSASigner(key, sign), nil
}