123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- package jwt
-
- import (
- "crypto/ecdsa"
- "crypto/x509"
- "encoding/pem"
- "errors"
- )
-
- var (
- ErrNotECPublicKey = errors.New("key is not a valid ECDSA public key")
- ErrNotECPrivateKey = errors.New("key is not a valid ECDSA private key")
- )
-
- // ParseECPrivateKeyFromPEM parses a PEM encoded Elliptic Curve Private Key Structure
- func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
- var err error
-
- // Parse PEM block
- var block *pem.Block
- if block, _ = pem.Decode(key); block == nil {
- return nil, ErrKeyMustBePEMEncoded
- }
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParseECPrivateKey(block.Bytes); err != nil {
- if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
- return nil, err
- }
- }
-
- var pkey *ecdsa.PrivateKey
- var ok bool
- if pkey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
- return nil, ErrNotECPrivateKey
- }
-
- return pkey, nil
- }
-
- // ParseECPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
- func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error) {
- var err error
-
- // Parse PEM block
- var block *pem.Block
- if block, _ = pem.Decode(key); block == nil {
- return nil, ErrKeyMustBePEMEncoded
- }
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
- if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
- parsedKey = cert.PublicKey
- } else {
- return nil, err
- }
- }
-
- var pkey *ecdsa.PublicKey
- var ok bool
- if pkey, ok = parsedKey.(*ecdsa.PublicKey); !ok {
- return nil, ErrNotECPublicKey
- }
-
- return pkey, nil
- }
|