generic.go at 889817709de75a13c2904df820c5942f86d9a24b · hailey.at/atproto-oauth-golang

this repo has no description
atproto-oauth-golang / generic.go
at 889817709de75a13c2904df820c5942f86d9a24b 2.1 kB view raw
  1package oauth
  2
  3import (
  4	"crypto/ecdsa"
  5	"crypto/elliptic"
  6	"crypto/rand"
  7	"crypto/sha256"
  8	"encoding/base64"
  9	"encoding/hex"
 10	"fmt"
 11	"net/url"
 12	"time"
 13
 14	"github.com/lestrrat-go/jwx/v2/jwk"
 15)
 16
 17func GenerateKey(kidPrefix *string) (jwk.Key, error) {
 18	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 19	if err != nil {
 20		return nil, err
 21	}
 22
 23	key, err := jwk.FromRaw(privKey)
 24	if err != nil {
 25		return nil, err
 26	}
 27
 28	var kid string
 29	if kidPrefix != nil {
 30		kid = fmt.Sprintf("%s-%d", *kidPrefix, time.Now().Unix())
 31
 32	} else {
 33		kid = fmt.Sprintf("%d", time.Now().Unix())
 34	}
 35
 36	if err := key.Set(jwk.KeyIDKey, kid); err != nil {
 37		return nil, err
 38	}
 39	return key, nil
 40}
 41
 42func isSafeAndParsed(ustr string) (*url.URL, error) {
 43	u, err := url.Parse(ustr)
 44	if err != nil {
 45		return nil, err
 46	}
 47
 48	if u.Scheme != "https" {
 49		return nil, fmt.Errorf("input url is not https")
 50	}
 51
 52	if u.Hostname() == "" {
 53		return nil, fmt.Errorf("url hostname was empty")
 54	}
 55
 56	if u.User != nil {
 57		return nil, fmt.Errorf("url user was not empty")
 58	}
 59
 60	if u.Port() != "" {
 61		return nil, fmt.Errorf("url port was not empty")
 62	}
 63
 64	return u, nil
 65}
 66
 67func getPrivateKey(key jwk.Key) (*ecdsa.PrivateKey, error) {
 68	var pkey ecdsa.PrivateKey
 69	if err := key.Raw(&pkey); err != nil {
 70		return nil, err
 71	}
 72
 73	return &pkey, nil
 74}
 75
 76func getPublicKey(key jwk.Key) (*ecdsa.PublicKey, error) {
 77	var pkey ecdsa.PublicKey
 78	if err := key.Raw(&pkey); err != nil {
 79		return nil, err
 80	}
 81
 82	return &pkey, nil
 83}
 84
 85type JwksResponseObject struct {
 86	Keys []jwk.Key `json:"keys"`
 87}
 88
 89func CreateJwksResponseObject(key jwk.Key) *JwksResponseObject {
 90	return &JwksResponseObject{
 91		Keys: []jwk.Key{key},
 92	}
 93}
 94
 95func ParseJWKFromBytes(b []byte) (jwk.Key, error) {
 96	return jwk.ParseKey(b)
 97}
 98
 99func generateToken(len int) (string, error) {
100	b := make([]byte, len)
101	if _, err := rand.Read(b); err != nil {
102		return "", err
103	}
104
105	return hex.EncodeToString(b), nil
106}
107
108func generateCodeChallenge(pkceVerifier string) string {
109	h := sha256.New()
110	h.Write([]byte(pkceVerifier))
111	hash := h.Sum(nil)
112	return base64.RawURLEncoding.EncodeToString(hash)
113}