aboutsummaryrefslogtreecommitdiff
path: root/account.go
diff options
context:
space:
mode:
Diffstat (limited to 'account.go')
-rw-r--r--account.go49
1 files changed, 29 insertions, 20 deletions
diff --git a/account.go b/account.go
index 4fa8cec..fa3351b 100644
--- a/account.go
+++ b/account.go
@@ -18,16 +18,36 @@ const KeySize = 2048
type Account struct {
key crypto.PrivateKey
signer jose.Signer
+ thumb string
}
-func NewAccount(key crypto.PrivateKey) (*Account, error) {
- switch k := key.(type) {
+func NewAccount(privKey crypto.PrivateKey) (*Account, error) {
+ thumb := func(alg string, pubKey crypto.PublicKey) (string, error) {
+ wk := &jose.JsonWebKey{Key: pubKey, Algorithm: alg}
+ t, err := wk.Thumbprint(crypto.SHA256)
+ return base64.RawURLEncoding.EncodeToString(t), err
+ }
+ switch k := privKey.(type) {
case *rsa.PrivateKey:
- signer, err := jose.NewSigner(jose.RS256, k)
- return &Account{key: k, signer: signer}, err
+ s, err := jose.NewSigner(jose.RS256, k)
+ if err != nil {
+ return nil, err
+ }
+ t, err := thumb("RSA", k.Public())
+ if err != nil {
+ return nil, err
+ }
+ return &Account{key: k, signer: s, thumb: t}, nil
case *ecdsa.PrivateKey:
- signer, err := jose.NewSigner(jose.ES384, k)
- return &Account{key: k, signer: signer}, err
+ s, err := jose.NewSigner(jose.ES384, k)
+ if err != nil {
+ return nil, err
+ }
+ t, err := thumb("EC", k.Public())
+ if err != nil {
+ return nil, err
+ }
+ return &Account{key: k, signer: s, thumb: t}, nil
default:
return nil, errKeyType
}
@@ -36,7 +56,7 @@ func NewAccount(key crypto.PrivateKey) (*Account, error) {
// Signer describes a signing interface
type Signer interface {
Sign([]byte, jose.NonceSource) (io.Reader, error)
- KeyAuth(string) (string, error)
+ KeyAuth(string) string
}
// Sign implements Signer interface
@@ -49,17 +69,6 @@ func (a *Account) Sign(msg []byte, n jose.NonceSource) (io.Reader, error) {
return strings.NewReader(obj.FullSerialize()), nil
}
-func (a *Account) KeyAuth(token string) (string, error) {
- var wk *jose.JsonWebKey
- switch k := a.key.(type) {
- case *rsa.PrivateKey:
- wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "RSA"}
- case *ecdsa.PrivateKey:
- wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "EC"}
- }
- thumb, err := wk.Thumbprint(crypto.SHA256)
- if err != nil {
- return "", err
- }
- return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil
+func (a *Account) KeyAuth(token string) string {
+ return token + "." + a.thumb
}