feat: initial commit

2023-04-24 20:52:12 +02:00
commit e66938f1d3
134 changed files with 8507 additions and 0 deletions
--- a/internal/jwk/jwk.go
+++ b/internal/jwk/jwk.go
@ -0,0 +1,140 @@
+package jwk
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"encoding/json"
+	"io/ioutil"
+	"os"
+
+	"github.com/btcsuite/btcd/btcutil/base58"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v2/jws"
+
+	"github.com/pkg/errors"
+)
+
+const DefaultKeySize = 2048
+
+type (
+	Key         = jwk.Key
+	Set         = jwk.Set
+	ParseOption = jwk.ParseOption
+)
+
+var (
+	FromRaw = jwk.FromRaw
+	NewSet  = jwk.NewSet
+)
+
+const AlgorithmKey = jwk.AlgorithmKey
+
+func Parse(src []byte, options ...jwk.ParseOption) (Set, error) {
+	return jwk.Parse(src, options...)
+}
+
+func PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
+	set := jwk.NewSet()
+
+	for _, k := range keys {
+		pubkey, err := k.PublicKey()
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		if err := pubkey.Set(jwk.AlgorithmKey, jwa.RS256); err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		if err := set.AddKey(pubkey); err != nil {
+			return nil, errors.WithStack(err)
+		}
+	}
+
+	return set, nil
+}
+
+func LoadOrGenerate(path string, size int) (jwk.Key, error) {
+	data, err := ioutil.ReadFile(path)
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		return nil, errors.WithStack(err)
+	}
+
+	if errors.Is(err, os.ErrNotExist) {
+		key, err := Generate(size)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		data, err = json.Marshal(key)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		if err := ioutil.WriteFile(path, data, 0o640); err != nil {
+			return nil, errors.WithStack(err)
+		}
+	}
+
+	key, err := jwk.ParseKey(data)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return key, nil
+}
+
+func Generate(size int) (jwk.Key, error) {
+	privKey, err := rsa.GenerateKey(rand.Reader, size)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	key, err := jwk.FromRaw(privKey)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return key, nil
+}
+
+func Sign(key jwk.Key, payload ...any) (string, error) {
+	json, err := json.Marshal(payload)
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	rawSignature, err := jws.Sign(
+		nil,
+		jws.WithKey(jwa.RS256, key),
+		jws.WithDetachedPayload(json),
+	)
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	signature := base58.Encode(rawSignature)
+
+	return signature, nil
+}
+
+func Verify(jwks jwk.Set, signature string, payload ...any) (bool, error) {
+	json, err := json.Marshal(payload)
+	if err != nil {
+		return false, errors.WithStack(err)
+	}
+
+	decoded := base58.Decode(signature)
+
+	_, err = jws.Verify(
+		decoded,
+		jws.WithKeySet(jwks, jws.WithRequireKid(false)),
+		jws.WithDetachedPayload(json),
+	)
+	if err != nil {
+		return false, errors.WithStack(err)
+	}
+
+	return true, nil
+}
--- a/internal/jwk/jwk_test.go
+++ b/internal/jwk/jwk_test.go
@ -0,0 +1,40 @@
+package jwk
+
+import (
+	"testing"
+
+	"github.com/pkg/errors"
+)
+
+func TestJWK(t *testing.T) {
+	privateKey, err := Generate(DefaultKeySize)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	keySet, err := PublicKeySet(privateKey)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	metadata := map[string]any{
+		"Foo":  "bar",
+		"Test": 1,
+	}
+
+	signature, err := Sign(privateKey, metadata)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	t.Logf("Signature: %s", signature)
+
+	matches, err := Verify(keySet, signature, metadata)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if !matches {
+		t.Error("signature should match")
+	}
+}