package acme import ( "crypto" "crypto/rand" "crypto/rsa" "encoding/base64" "encoding/json" "io" "strings" "github.com/square/go-jose" ) // KeySize is a default RSA key size const KeySize = 2048 // Account ... type Account struct { key *rsa.PrivateKey signer jose.Signer } func LoadAccount(fname string) (*Account, error) { key, err := LoadKeyFile(fname) if err != nil { return nil, err } return newAccount(key) } func NewAccount(size int) (*Account, error) { key, err := rsa.GenerateKey(rand.Reader, size) if err != nil { return nil, err } return newAccount(key) } func newAccount(key *rsa.PrivateKey) (*Account, error) { signer, err := jose.NewSigner(jose.RS256, key) if err != nil { return nil, err } return &Account{key: key, signer: signer}, nil } // Signer describes a signing interface type Signer interface { Sign(interface{}, jose.NonceSource) (io.Reader, error) KeyAuth(string) (string, error) } // Sign implements Signer interface func (a *Account) Sign(v interface{}, n jose.NonceSource) (io.Reader, error) { msg, err := json.Marshal(v) if err != nil { return nil, err } a.signer.SetNonceSource(n) obj, err := a.signer.Sign(msg) if err != nil { return nil, err } return strings.NewReader(obj.FullSerialize()), nil } func (a *Account) KeyAuth(token string) (string, error) { k := &jose.JsonWebKey{Key: a.key.Public(), Algorithm: "RSA"} thumb, err := k.Thumbprint(crypto.SHA256) if err != nil { return "", err } return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil } func (a *Account) SaveKey(fname string) error { fd, err := CreatePrivFile(fname) if err != nil { return err } defer fd.Close() return SaveKey(fd, a.key) }