package acme import ( "crypto" "crypto/rsa" "encoding/base64" "encoding/json" "io" "strings" "github.com/square/go-jose" ) // KeySize is a default RSA key size const KeySize = 2048 // Account ... type Account struct { key *rsa.PrivateKey signer jose.Signer nonce chan string } // NewAccount ... func NewAccount(key *rsa.PrivateKey) (*Account, error) { signer, err := jose.NewSigner(jose.RS256, key) if err != nil { return nil, err } return &Account{key: key, signer: signer}, nil } // Signer describes a signing interface type Signer interface { Sign(interface{}, jose.NonceSource) (io.Reader, error) } type Thumber interface { Thumb() (string, error) } type ThumbSigner interface { Signer Thumber } // Sign implements Signer interface func (a *Account) Sign(v interface{}, n jose.NonceSource) (io.Reader, error) { msg, err := json.Marshal(v) if err != nil { return nil, err } a.signer.SetNonceSource(n) obj, err := a.signer.Sign(msg) if err != nil { return nil, err } return strings.NewReader(obj.FullSerialize()), nil } func (a *Account) Thumb() (string, error) { k := &jose.JsonWebKey{Key: a.key.Public(), Algorithm: "RSA"} thumb, err := k.Thumbprint(crypto.SHA256) if err != nil { return "", err } return base64.RawURLEncoding.EncodeToString(thumb), nil } func KeyAuthorization(s Thumber, token string) (string, error) { thumb, err := s.Thumb() if err != nil { return "", err } return token + "." + thumb, nil } func (a *Account) Save(fname string) error { fd, err := CreateKeyFile(fname) if err != nil { return err } defer fd.Close() return SaveKey(fd, a.key) }