module LetsCert::JWKIOPluginMixin

Mixin for IOPlugin subclasses that handle JWK @author Sylvain Daubert

Public Instance Methods

dump_jwk(key) click to toggle source

Dump crypto data (key) to a JSON-encoded string @param [OpenSSL::PKey] key @return [String] @raise [Error] unsupported key type

# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 77
def dump_jwk(key)
  h = {}
  return h.to_json if key.nil?

  case key
  when OpenSSL::PKey::RSA
    h['kty'] = 'RSA'
    h['e'] = urlsafe_encode64(key.e.to_s(2)) if key.e
    h['n'] = urlsafe_encode64(key.n.to_s(2)) if key.n
    if key.private?
      h['d'] = urlsafe_encode64(key.d.to_s(2))
      h['p'] = urlsafe_encode64(key.p.to_s(2))
      h['q'] = urlsafe_encode64(key.q.to_s(2))
    end
  else
    raise Error, 'only RSA keys are supported'
  end
  h.to_json
end
load_jwk(data) click to toggle source

Load crypto data from JSON-encoded file @param [String] data JSON-encoded data @return [OpenSSL::PKey::PKey,nil] @raise [Error] unsupported key type

# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 54
def load_jwk(data)
  return nil if data.empty?

  h = JSON.parse(data)
  case h['kty']
  when 'RSA'
    pkey = OpenSSL::PKey::RSA.new
    %w(e n d p q).collect do |key|
      next if h[key].nil?
      value = OpenSSL::BN.new(urlsafe_decode64(h[key]), 2)
      pkey.send "#{key}=".to_sym, value
    end
  else
    raise Error, "unknown account key type '#{k['kty']}'"
  end

  pkey
end
urlsafe_decode64(data) click to toggle source

Decode base64 string data @param [String] data @return [String]

# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 40
def urlsafe_decode64(data)
  # Ruby < 2.3.0 urlsafe_decode64 use struct_decode64. So the string
  # is rejected if padding is removed (which JWK do)
  # So, we have to reinject padding
  if !data.end_with?('=') && (data.length % 4).nonzero?
    data = data.ljust((data.length + 3) & ~3, '=')
  end
  Base64.urlsafe_decode64(data)
end
urlsafe_encode64(data) click to toggle source

Encode string data to base64 @param [String] data @return [String]

# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 33
def urlsafe_encode64(data)
  Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
end