aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--account.go29
-rw-r--r--crypto.go24
2 files changed, 41 insertions, 12 deletions
diff --git a/account.go b/account.go
index 75a5b1c..eebe2de 100644
--- a/account.go
+++ b/account.go
@@ -2,10 +2,12 @@ package acme
import (
"crypto"
+ "crypto/ecdsa"
"crypto/rand"
"crypto/rsa"
"encoding/base64"
"encoding/json"
+ "errors"
"io"
"strings"
@@ -17,7 +19,7 @@ const KeySize = 2048
// Account ...
type Account struct {
- key *rsa.PrivateKey
+ key crypto.PrivateKey
signer jose.Signer
}
@@ -37,12 +39,17 @@ func NewAccount(size int) (*Account, error) {
return newAccount(key)
}
-func newAccount(key *rsa.PrivateKey) (*Account, error) {
- signer, err := jose.NewSigner(jose.RS256, key)
- if err != nil {
- return nil, err
+func newAccount(key crypto.PrivateKey) (*Account, error) {
+ switch k := key.(type) {
+ case *rsa.PrivateKey:
+ signer, err := jose.NewSigner(jose.RS256, k)
+ return &Account{key: k, signer: signer}, err
+ case *ecdsa.PrivateKey:
+ signer, err := jose.NewSigner(jose.ES384, k)
+ return &Account{key: k, signer: signer}, err
+ default:
+ return nil, errors.New("unknown key type")
}
- return &Account{key: key, signer: signer}, nil
}
// Signer describes a signing interface
@@ -66,8 +73,14 @@ func (a *Account) Sign(v interface{}, n jose.NonceSource) (io.Reader, error) {
}
func (a *Account) KeyAuth(token string) (string, error) {
- k := &jose.JsonWebKey{Key: a.key.Public(), Algorithm: "RSA"}
- thumb, err := k.Thumbprint(crypto.SHA256)
+ var wk *jose.JsonWebKey
+ switch k := a.key.(type) {
+ case *rsa.PrivateKey:
+ wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "RSA"}
+ case *ecdsa.PrivateKey:
+ wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "EC"}
+ }
+ thumb, err := wk.Thumbprint(crypto.SHA256)
if err != nil {
return "", err
}
diff --git a/crypto.go b/crypto.go
index f857a78..cbe47fd 100644
--- a/crypto.go
+++ b/crypto.go
@@ -1,6 +1,8 @@
package acme
import (
+ "crypto"
+ "crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
@@ -28,10 +30,24 @@ func LoadKey(r io.Reader) (*rsa.PrivateKey, error) {
return x509.ParsePKCS1PrivateKey(block.Bytes)
}
-func SaveKey(w io.Writer, key *rsa.PrivateKey) error {
- block := &pem.Block{
- Type: "RSA PRIVATE KEY",
- Bytes: x509.MarshalPKCS1PrivateKey(key),
+func SaveKey(w io.Writer, key crypto.PrivateKey) error {
+ var block *pem.Block
+ switch k := key.(type) {
+ case *rsa.PrivateKey:
+ der := x509.MarshalPKCS1PrivateKey(k)
+ block = &pem.Block{
+ Type: "RSA PRIVATE KEY",
+ Bytes: der,
+ }
+ case *ecdsa.PrivateKey:
+ der, err := x509.MarshalECPrivateKey(k)
+ if err != nil {
+ return err
+ }
+ block = &pem.Block{
+ Type: "EC PRIVATE KEY",
+ Bytes: der,
+ }
}
return pem.Encode(w, block)
}