0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-23 22:27:38 -05:00
caddy/vendor/gopkg.in/square/go-jose.v1/jose-util/main.go
Matthew Holt 6fde3632ef
Vendor all dependencies (Warning: Huge changeset.)
The vendor/ folder was created with the help of @FiloSottile's gvt and
vendorcheck.

Any dependencies of Caddy plugins outside this repo are not vendored.

We do not remove any unused, vendored packages because vendorcheck -u
only checks using the current build configuration; i.e. packages that
may be imported by files toggled by build tags of other systems.

CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is
released, a few of the go commands should be revised to again use ./...
as it will ignore the vendor folder by default.
2017-05-27 13:30:11 -06:00

189 lines
5.2 KiB
Go

/*-
* Copyright 2014 Square Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package main
import (
"fmt"
"io/ioutil"
"os"
"gopkg.in/alecthomas/kingpin.v2"
"gopkg.in/square/go-jose.v1"
)
var (
app = kingpin.New("jose-util", "A command-line utility for dealing with JOSE objects.")
keyFile = app.Flag("key", "Path to key file (PEM or DER-encoded)").ExistingFile()
inFile = app.Flag("in", "Path to input file (stdin if missing)").ExistingFile()
outFile = app.Flag("out", "Path to output file (stdout if missing)").ExistingFile()
encryptCommand = app.Command("encrypt", "Encrypt a plaintext, output ciphertext.")
algFlag = encryptCommand.Flag("alg", "Key management algorithm (e.g. RSA-OAEP)").Required().String()
encFlag = encryptCommand.Flag("enc", "Content encryption algorithm (e.g. A128GCM)").Required().String()
decryptCommand = app.Command("decrypt", "Decrypt a ciphertext, output plaintext.")
signCommand = app.Command("sign", "Sign a payload, output signed message.")
sigAlgFlag = signCommand.Flag("alg", "Key management algorithm (e.g. RSA-OAEP)").Required().String()
verifyCommand = app.Command("verify", "Verify a signed message, output payload.")
expandCommand = app.Command("expand", "Expand JOSE object to full serialization format.")
formatFlag = expandCommand.Flag("format", "Type of message to expand (JWS or JWE, defaults to JWE)").String()
full = app.Flag("full", "Use full serialization format (instead of compact)").Bool()
)
func main() {
app.Version("v1")
command := kingpin.MustParse(app.Parse(os.Args[1:]))
var keyBytes []byte
var err error
if command != "expand" {
keyBytes, err = ioutil.ReadFile(*keyFile)
exitOnError(err, "unable to read key file")
}
switch command {
case "encrypt":
pub, err := jose.LoadPublicKey(keyBytes)
exitOnError(err, "unable to read public key")
alg := jose.KeyAlgorithm(*algFlag)
enc := jose.ContentEncryption(*encFlag)
crypter, err := jose.NewEncrypter(alg, enc, pub)
exitOnError(err, "unable to instantiate encrypter")
obj, err := crypter.Encrypt(readInput(*inFile))
exitOnError(err, "unable to encrypt")
var msg string
if *full {
msg = obj.FullSerialize()
} else {
msg, err = obj.CompactSerialize()
exitOnError(err, "unable to serialize message")
}
writeOutput(*outFile, []byte(msg))
case "decrypt":
priv, err := jose.LoadPrivateKey(keyBytes)
exitOnError(err, "unable to read private key")
obj, err := jose.ParseEncrypted(string(readInput(*inFile)))
exitOnError(err, "unable to parse message")
plaintext, err := obj.Decrypt(priv)
exitOnError(err, "unable to decrypt message")
writeOutput(*outFile, plaintext)
case "sign":
signingKey, err := jose.LoadPrivateKey(keyBytes)
exitOnError(err, "unable to read private key")
alg := jose.SignatureAlgorithm(*sigAlgFlag)
signer, err := jose.NewSigner(alg, signingKey)
exitOnError(err, "unable to make signer")
obj, err := signer.Sign(readInput(*inFile))
exitOnError(err, "unable to sign")
var msg string
if *full {
msg = obj.FullSerialize()
} else {
msg, err = obj.CompactSerialize()
exitOnError(err, "unable to serialize message")
}
writeOutput(*outFile, []byte(msg))
case "verify":
verificationKey, err := jose.LoadPublicKey(keyBytes)
exitOnError(err, "unable to read private key")
obj, err := jose.ParseSigned(string(readInput(*inFile)))
exitOnError(err, "unable to parse message")
plaintext, err := obj.Verify(verificationKey)
exitOnError(err, "invalid signature")
writeOutput(*outFile, plaintext)
case "expand":
input := string(readInput(*inFile))
var serialized string
var err error
switch *formatFlag {
case "", "JWE":
var jwe *jose.JsonWebEncryption
jwe, err = jose.ParseEncrypted(input)
if err == nil {
serialized = jwe.FullSerialize()
}
case "JWS":
var jws *jose.JsonWebSignature
jws, err = jose.ParseSigned(input)
if err == nil {
serialized = jws.FullSerialize()
}
}
exitOnError(err, "unable to expand message")
writeOutput(*outFile, []byte(serialized))
writeOutput(*outFile, []byte("\n"))
}
}
// Exit and print error message if we encountered a problem
func exitOnError(err error, msg string) {
if err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", msg, err)
os.Exit(1)
}
}
// Read input from file or stdin
func readInput(path string) []byte {
var bytes []byte
var err error
if path != "" {
bytes, err = ioutil.ReadFile(path)
} else {
bytes, err = ioutil.ReadAll(os.Stdin)
}
exitOnError(err, "unable to read input")
return bytes
}
// Write output to file or stdin
func writeOutput(path string, data []byte) {
var err error
if path != "" {
err = ioutil.WriteFile(path, data, 0644)
} else {
_, err = os.Stdout.Write(data)
}
exitOnError(err, "unable to write output")
}