Implement git-lfs-authenticate

author: Rutger Broekhoff 2023-12-30 14:00:34 +0100
committer: Rutger Broekhoff 2023-12-30 14:00:34 +0100
commit: f6c92c5e2d87ab1334648b0d1293771de7aae4a5 (patch)
tree: 265c3a06accd398a1e0a173af56d7392a5f94a24 /vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
parent: 4f167c0fa991aa9ddb3f0252e23694b3aa6532b1 (diff)
download: gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.tar.gz
gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.zip
1 files changed, 135 insertions, 0 deletions
diff --git a/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
new file mode 100644
index 0000000..28c386e
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
@@ -0,0 +1,135 @@
+//go:build go1.4
+// +build go1.4
+package jwt
+import (
+        "crypto"
+        "crypto/rand"
+        "crypto/rsa"
+)
+// SigningMethodRSAPSS implements the RSAPSS family of signing methods signing methods
+type SigningMethodRSAPSS struct {
+        *SigningMethodRSA
+        Options *rsa.PSSOptions
+        // VerifyOptions is optional. If set overrides Options for rsa.VerifyPPS.
+        // Used to accept tokens signed with rsa.PSSSaltLengthAuto, what doesn't follow
+        // https://tools.ietf.org/html/rfc7518#section-3.5 but was used previously.
+        // See https://github.com/dgrijalva/jwt-go/issues/285#issuecomment-437451244 for details.
+        VerifyOptions *rsa.PSSOptions
+}
+// Specific instances for RS/PS and company.
+var (
+        SigningMethodPS256 *SigningMethodRSAPSS
+        SigningMethodPS384 *SigningMethodRSAPSS
+        SigningMethodPS512 *SigningMethodRSAPSS
+)
+func init() {
+        // PS256
+        SigningMethodPS256 = &SigningMethodRSAPSS{
+                SigningMethodRSA: &SigningMethodRSA{
+                        Name: "PS256",
+                        Hash: crypto.SHA256,
+                },
+                Options: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthEqualsHash,
+                },
+                VerifyOptions: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthAuto,
+                },
+        }
+        RegisterSigningMethod(SigningMethodPS256.Alg(), func() SigningMethod {
+                return SigningMethodPS256
+        })
+        // PS384
+        SigningMethodPS384 = &SigningMethodRSAPSS{
+                SigningMethodRSA: &SigningMethodRSA{
+                        Name: "PS384",
+                        Hash: crypto.SHA384,
+                },
+                Options: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthEqualsHash,
+                },
+                VerifyOptions: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthAuto,
+                },
+        }
+        RegisterSigningMethod(SigningMethodPS384.Alg(), func() SigningMethod {
+                return SigningMethodPS384
+        })
+        // PS512
+        SigningMethodPS512 = &SigningMethodRSAPSS{
+                SigningMethodRSA: &SigningMethodRSA{
+                        Name: "PS512",
+                        Hash: crypto.SHA512,
+                },
+                Options: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthEqualsHash,
+                },
+                VerifyOptions: &rsa.PSSOptions{
+                        SaltLength: rsa.PSSSaltLengthAuto,
+                },
+        }
+        RegisterSigningMethod(SigningMethodPS512.Alg(), func() SigningMethod {
+                return SigningMethodPS512
+        })
+}
+// Verify implements token verification for the SigningMethod.
+// For this verify method, key must be an rsa.PublicKey struct
+func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key interface{}) error {
+        var rsaKey *rsa.PublicKey
+        switch k := key.(type) {
+        case *rsa.PublicKey:
+                rsaKey = k
+        default:
+                return newError("RSA-PSS verify expects *rsa.PublicKey", ErrInvalidKeyType)
+        }
+        // Create hasher
+        if !m.Hash.Available() {
+                return ErrHashUnavailable
+        }
+        hasher := m.Hash.New()
+        hasher.Write([]byte(signingString))
+        opts := m.Options
+        if m.VerifyOptions != nil {
+                opts = m.VerifyOptions
+        }
+        return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, opts)
+}
+// Sign implements token signing for the SigningMethod.
+// For this signing method, key must be an rsa.PrivateKey struct
+func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byte, error) {
+        var rsaKey *rsa.PrivateKey
+        switch k := key.(type) {
+        case *rsa.PrivateKey:
+                rsaKey = k
+        default:
+                return nil, newError("RSA-PSS sign expects *rsa.PrivateKey", ErrInvalidKeyType)
+        }
+        // Create the hasher
+        if !m.Hash.Available() {
+                return nil, ErrHashUnavailable
+        }
+        hasher := m.Hash.New()
+        hasher.Write([]byte(signingString))
+        // Sign the string and return the encoded bytes
+        if sigBytes, err := rsa.SignPSS(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil), m.Options); err == nil {
+                return sigBytes, nil
+        } else {
+                return nil, err
+        }
+}
author	Rutger Broekhoff	2023-12-30 14:00:34 +0100
committer	Rutger Broekhoff	2023-12-30 14:00:34 +0100
commit	f6c92c5e2d87ab1334648b0d1293771de7aae4a5 (patch)
tree	265c3a06accd398a1e0a173af56d7392a5f94a24 /vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
parent	4f167c0fa991aa9ddb3f0252e23694b3aa6532b1 (diff)
download	gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.tar.gz gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.zip

diff --git a/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go new file mode 100644 index 0000000..28c386e --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
@@ -0,0 +1,135 @@
	1	//go:build go1.4
	2	// +build go1.4
	3
	4	package jwt
	5
	6	import (
	7	"crypto"
	8	"crypto/rand"
	9	"crypto/rsa"
	10	)
	11
	12	// SigningMethodRSAPSS implements the RSAPSS family of signing methods signing methods
	13	type SigningMethodRSAPSS struct {
	14	*SigningMethodRSA
	15	Options *rsa.PSSOptions
	16	// VerifyOptions is optional. If set overrides Options for rsa.VerifyPPS.
	17	// Used to accept tokens signed with rsa.PSSSaltLengthAuto, what doesn't follow
	18	// https://tools.ietf.org/html/rfc7518#section-3.5 but was used previously.
	19	// See https://github.com/dgrijalva/jwt-go/issues/285#issuecomment-437451244 for details.
	20	VerifyOptions *rsa.PSSOptions
	21	}
	22
	23	// Specific instances for RS/PS and company.
	24	var (
	25	SigningMethodPS256 *SigningMethodRSAPSS
	26	SigningMethodPS384 *SigningMethodRSAPSS
	27	SigningMethodPS512 *SigningMethodRSAPSS
	28	)
	29
	30	func init() {
	31	// PS256
	32	SigningMethodPS256 = &SigningMethodRSAPSS{
	33	SigningMethodRSA: &SigningMethodRSA{
	34	Name: "PS256",
	35	Hash: crypto.SHA256,
	36	},
	37	Options: &rsa.PSSOptions{
	38	SaltLength: rsa.PSSSaltLengthEqualsHash,
	39	},
	40	VerifyOptions: &rsa.PSSOptions{
	41	SaltLength: rsa.PSSSaltLengthAuto,
	42	},
	43	}
	44	RegisterSigningMethod(SigningMethodPS256.Alg(), func() SigningMethod {
	45	return SigningMethodPS256
	46	})
	47
	48	// PS384
	49	SigningMethodPS384 = &SigningMethodRSAPSS{
	50	SigningMethodRSA: &SigningMethodRSA{
	51	Name: "PS384",
	52	Hash: crypto.SHA384,
	53	},
	54	Options: &rsa.PSSOptions{
	55	SaltLength: rsa.PSSSaltLengthEqualsHash,
	56	},
	57	VerifyOptions: &rsa.PSSOptions{
	58	SaltLength: rsa.PSSSaltLengthAuto,
	59	},
	60	}
	61	RegisterSigningMethod(SigningMethodPS384.Alg(), func() SigningMethod {
	62	return SigningMethodPS384
	63	})
	64
	65	// PS512
	66	SigningMethodPS512 = &SigningMethodRSAPSS{
	67	SigningMethodRSA: &SigningMethodRSA{
	68	Name: "PS512",
	69	Hash: crypto.SHA512,
	70	},
	71	Options: &rsa.PSSOptions{
	72	SaltLength: rsa.PSSSaltLengthEqualsHash,
	73	},
	74	VerifyOptions: &rsa.PSSOptions{
	75	SaltLength: rsa.PSSSaltLengthAuto,
	76	},
	77	}
	78	RegisterSigningMethod(SigningMethodPS512.Alg(), func() SigningMethod {
	79	return SigningMethodPS512
	80	})
	81	}
	82
	83	// Verify implements token verification for the SigningMethod.
	84	// For this verify method, key must be an rsa.PublicKey struct
	85	func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key interface{}) error {
	86	var rsaKey *rsa.PublicKey
	87	switch k := key.(type) {
	88	case *rsa.PublicKey:
	89	rsaKey = k
	90	default:
	91	return newError("RSA-PSS verify expects *rsa.PublicKey", ErrInvalidKeyType)
	92	}
	93
	94	// Create hasher
	95	if !m.Hash.Available() {
	96	return ErrHashUnavailable
	97	}
	98	hasher := m.Hash.New()
	99	hasher.Write([]byte(signingString))
	100
	101	opts := m.Options
	102	if m.VerifyOptions != nil {
	103	opts = m.VerifyOptions
	104	}
	105
	106	return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, opts)
	107	}
	108
	109	// Sign implements token signing for the SigningMethod.
	110	// For this signing method, key must be an rsa.PrivateKey struct
	111	func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byte, error) {
	112	var rsaKey *rsa.PrivateKey
	113
	114	switch k := key.(type) {
	115	case *rsa.PrivateKey:
	116	rsaKey = k
	117	default:
	118	return nil, newError("RSA-PSS sign expects *rsa.PrivateKey", ErrInvalidKeyType)
	119	}
	120
	121	// Create the hasher
	122	if !m.Hash.Available() {
	123	return nil, ErrHashUnavailable
	124	}
	125
	126	hasher := m.Hash.New()
	127	hasher.Write([]byte(signingString))
	128
	129	// Sign the string and return the encoded bytes
	130	if sigBytes, err := rsa.SignPSS(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil), m.Options); err == nil {
	131	return sigBytes, nil
	132	} else {
	133	return nil, err
	134	}
	135	}