我从以下网站获取了Google证书:
但我不知道如何在Go中解析证书并提取公钥并使其适用于rsa.VerifyPKCS1v15()以验证id令牌(openID connect)签名。如果有人可以告诉我,我会很感激。这是我已经拥有的代码:
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
log.Fatal(err)
return
}
//extract kid from token header
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)
token_kid := header.(map[string]interface{})["kid"]
//get modulus and exponent from the cert
var goCertificate interface{}
err = json.Unmarshal(certs, &goCertificate)
k := goCertificate.(map[string]interface{})[token_kid.(string)]
google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
//I know the line below is wrong but thats how I usualy parse public keys
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)
答案 0 :(得分:2)
我可能离这里(不熟悉x509 / rsa)但ParseCertificates会返回所有键:
func main() {
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
var header = map[string]string{
"kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
}
token_kid := header["kid"]
defer res.Body.Close()
var certs map[string]string
dec := json.NewDecoder(res.Body)
dec.Decode(&certs)
// add error checking
google_cert := certs[token_kid]
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %#v", certInterface)
pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
log.Printf("pkey: %v", pkey)
}