module LetsCert::JWKIOPluginMixin
Mixin for IOPlugin
subclasses that handle JWK @author Sylvain Daubert
Public Instance Methods
dump_jwk(key)
click to toggle source
Dump crypto data (key) to a JSON-encoded string @param [OpenSSL::PKey] key @return [String] @raise [Error] unsupported key type
# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 77 def dump_jwk(key) h = {} return h.to_json if key.nil? case key when OpenSSL::PKey::RSA h['kty'] = 'RSA' h['e'] = urlsafe_encode64(key.e.to_s(2)) if key.e h['n'] = urlsafe_encode64(key.n.to_s(2)) if key.n if key.private? h['d'] = urlsafe_encode64(key.d.to_s(2)) h['p'] = urlsafe_encode64(key.p.to_s(2)) h['q'] = urlsafe_encode64(key.q.to_s(2)) end else raise Error, 'only RSA keys are supported' end h.to_json end
load_jwk(data)
click to toggle source
Load crypto data from JSON-encoded file @param [String] data JSON-encoded data @return [OpenSSL::PKey::PKey,nil] @raise [Error] unsupported key type
# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 54 def load_jwk(data) return nil if data.empty? h = JSON.parse(data) case h['kty'] when 'RSA' pkey = OpenSSL::PKey::RSA.new %w(e n d p q).collect do |key| next if h[key].nil? value = OpenSSL::BN.new(urlsafe_decode64(h[key]), 2) pkey.send "#{key}=".to_sym, value end else raise Error, "unknown account key type '#{k['kty']}'" end pkey end
urlsafe_decode64(data)
click to toggle source
Decode base64 string data
@param [String] data @return [String]
# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 40 def urlsafe_decode64(data) # Ruby < 2.3.0 urlsafe_decode64 use struct_decode64. So the string # is rejected if padding is removed (which JWK do) # So, we have to reinject padding if !data.end_with?('=') && (data.length % 4).nonzero? data = data.ljust((data.length + 3) & ~3, '=') end Base64.urlsafe_decode64(data) end
urlsafe_encode64(data)
click to toggle source
Encode string data
to base64 @param [String] data @return [String]
# File lib/letscert/io_plugins/jwk_io_plugin_mixin.rb, line 33 def urlsafe_encode64(data) Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '') end