|
@@ -32,6 +32,9 @@
|
|
#define PATH_MAX 4096
|
|
#define PATH_MAX 4096
|
|
#endif
|
|
#endif
|
|
|
|
|
|
|
|
+/* Default hash to use with JWK thumbprints (S256 = SHA-256). */
|
|
|
|
+#define DEFAULT_THP_HASH "S256"
|
|
|
|
+
|
|
static const char**
|
|
static const char**
|
|
supported_hashes(void)
|
|
supported_hashes(void)
|
|
{
|
|
{
|
|
@@ -233,21 +236,11 @@ jwk_sign(const json_t* to_sign, const json_t* sig_keys)
|
|
json_auto_t* sig_template = json_pack("{s:{s:s}}",
|
|
json_auto_t* sig_template = json_pack("{s:{s:s}}",
|
|
"protected", "cty", "jwk-set+json");
|
|
"protected", "cty", "jwk-set+json");
|
|
|
|
|
|
- /* Use the template with the signing keys. */
|
|
|
|
- json_auto_t* sig_template_arr = json_array();
|
|
|
|
- size_t arr_size = json_array_size(sig_keys);
|
|
|
|
- for (size_t i = 0; i < arr_size; i++) {
|
|
|
|
- if (json_array_append(sig_template_arr, sig_template) == -1) {
|
|
|
|
- fprintf(stderr, "Unable to append sig template to array\n");
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
__attribute__ ((__cleanup__(cleanup_str))) char* data_to_sign = json_dumps(payload, 0);
|
|
__attribute__ ((__cleanup__(cleanup_str))) char* data_to_sign = json_dumps(payload, 0);
|
|
json_auto_t* jws = json_pack("{s:o}", "payload",
|
|
json_auto_t* jws = json_pack("{s:o}", "payload",
|
|
jose_b64_enc(data_to_sign, strlen(data_to_sign)));
|
|
jose_b64_enc(data_to_sign, strlen(data_to_sign)));
|
|
|
|
|
|
- if (!jose_jws_sig(NULL, jws, sig_template_arr, sig_keys)) {
|
|
|
|
|
|
+ if (!jose_jws_sig(NULL, jws, sig_template, sig_keys)) {
|
|
fprintf(stderr, "Error trying to jose_jws_sign\n");
|
|
fprintf(stderr, "Error trying to jose_jws_sign\n");
|
|
return NULL;
|
|
return NULL;
|
|
}
|
|
}
|
|
@@ -324,7 +317,6 @@ prepare_payload_and_sign(struct tang_keys_info* tki)
|
|
static int
|
|
static int
|
|
create_new_keys(const char* jwkdir)
|
|
create_new_keys(const char* jwkdir)
|
|
{
|
|
{
|
|
- const char** hashes = supported_hashes();
|
|
|
|
const char* alg[] = {"ES512", "ECMR", NULL};
|
|
const char* alg[] = {"ES512", "ECMR", NULL};
|
|
char path[PATH_MAX];
|
|
char path[PATH_MAX];
|
|
for (int i = 0; alg[i] != NULL; i++) {
|
|
for (int i = 0; alg[i] != NULL; i++) {
|
|
@@ -332,7 +324,7 @@ create_new_keys(const char* jwkdir)
|
|
if (!jwk) {
|
|
if (!jwk) {
|
|
return 0;
|
|
return 0;
|
|
}
|
|
}
|
|
- __attribute__ ((__cleanup__(cleanup_str))) char* thp = jwk_thumbprint(jwk, hashes[0]);
|
|
|
|
|
|
+ __attribute__ ((__cleanup__(cleanup_str))) char* thp = jwk_thumbprint(jwk, DEFAULT_THP_HASH);
|
|
if (!thp) {
|
|
if (!thp) {
|
|
return 0;
|
|
return 0;
|
|
}
|
|
}
|
|
@@ -392,12 +384,15 @@ load_keys(const char* jwkdir)
|
|
json_t* arr = tki->m_keys;
|
|
json_t* arr = tki->m_keys;
|
|
if (d->d_name[0] == '.') {
|
|
if (d->d_name[0] == '.') {
|
|
arr = tki->m_rotated_keys;
|
|
arr = tki->m_rotated_keys;
|
|
|
|
+ tki->m_rotated_keys_count++;
|
|
|
|
+ } else {
|
|
|
|
+ tki->m_keys_count++;
|
|
}
|
|
}
|
|
|
|
+
|
|
if (json_array_append(arr, json) == -1) {
|
|
if (json_array_append(arr, json) == -1) {
|
|
fprintf(stderr, "Unable to append JSON (%s) to array; skipping\n", d->d_name);
|
|
fprintf(stderr, "Unable to append JSON (%s) to array; skipping\n", d->d_name);
|
|
continue;
|
|
continue;
|
|
}
|
|
}
|
|
- tki->m_keys_count++;
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
closedir(dir);
|
|
closedir(dir);
|