Extract public key from Google "oauth2/v1/certs" cert in PEM format using Go

huangapple
go评论81阅读模式
英文:

Extract public key from Google "oauth2/v1/certs" cert in PEM format using Go

问题

我从以下网址获取了Google证书:

> https://www.googleapis.com/oauth2/v1/certs

但是我不知道如何在Go语言中解析证书并提取公钥,以便在rsa.VerifyPKCS1v15()中用于验证id token(OpenID Connect)的签名。如果有人能给我建议,我将不胜感激。以下是我已经编写的代码:

res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
    log.Fatal(err)
    return
}

certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
    log.Fatal(err)
    return
}
// 从令牌头中提取kid
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)

token_kid := header.(map[string]interface{})["kid"]
// 从证书中获取模数和指数

var goCertificate interface{}

err = json.Unmarshal(certs, &goCertificate)

k := goCertificate.(map[string]interface{})[token_kid.(string)]

google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
// 我知道下面这行是错误的,但这通常是我解析公钥的方式
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)

请注意,我只翻译了代码部分,其他内容不包括在内。

英文:

I fetched the Google cert from:

> https://www.googleapis.com/oauth2/v1/certs

but I don't know how to parse the cert in Go and extract the public key and make it aplicable for use in rsa.VerifyPKCS1v15() to verify id token (openID connect) signature. If someone could advise me I would appreciate it. Here is the code what I already have:

res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
	log.Fatal(err)
	return 
}

certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
	log.Fatal(err)
	return 
}
//extract kid from token header
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)

token_kid := header.(map[string]interface{})["kid"]
//get modulus and exponent from the cert

var goCertificate interface{}

err = json.Unmarshal(certs, &goCertificate)    

k := goCertificate.(map[string]interface{})[token_kid.(string)]

google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
//I know the line below is wrong but thats how I usualy parse public keys
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)

答案1

得分: 2

我可能完全不对(对x509/rsa不熟悉),但是ParseCertificates函数返回所有的密钥:

func main() {
    res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
    if err != nil {
        log.Fatal(err)
        return
    }

    var header = map[string]string{
        "kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
    }

    token_kid := header["kid"]

    defer res.Body.Close()
    var certs map[string]string
    dec := json.NewDecoder(res.Body)
    dec.Decode(&certs)
    // 添加错误检查
    google_cert := certs[token_kid]
    block_pub, _ := pem.Decode([]byte(google_cert))
    certInterface, err := x509.ParseCertificates(block_pub.Bytes)
    log.Printf("certInterface: %#v", certInterface)
    pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
    log.Printf("pkey: %v", pkey)
}
英文:

I might be way off here (not familiar with x509/rsa) but ParseCertificates returns all the keys:

func main() {
	res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
	if err != nil {
		log.Fatal(err)
		return
	}

	var header = map[string]string{
		"kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
	}

	token_kid := header["kid"]

	defer res.Body.Close()
	var certs map[string]string
	dec := json.NewDecoder(res.Body)
	dec.Decode(&certs)
	// add error checking
	google_cert := certs[token_kid]
	block_pub, _ := pem.Decode([]byte(google_cert))
	certInterface, err := x509.ParseCertificates(block_pub.Bytes)
	log.Printf("certInterface: %#v", certInterface)
	pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
	log.Printf("pkey: %v", pkey)
}

huangapple
  • 本文由 发表于 2014年10月7日 21:33:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/26237283.html
  • go
  • google-oauth
  • openid-connect
  • rsa
  • urlfetch
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定