diff --git a/server/provide.go b/server/provide.go index e693cfc..1c0b8f1 100644 --- a/server/provide.go +++ b/server/provide.go @@ -89,7 +89,7 @@ func ProvidePriKey(c config.Config) (*rsa.PrivateKey, error) { } func ProvidePubKey(pri *rsa.PrivateKey) (yggdrasil.PubRsaKey, error) { - s, err := sign.NewAuthlibSignWithKey(pri).GetPubKey() + s, err := sign.NewAuthlibSignWithKey(pri).GetPKIXPubKeyWithOutRsa() if err != nil { return "", fmt.Errorf("ProvidePubKey: %w", err) } diff --git a/service/yggdrasil/user.go b/service/yggdrasil/user.go index 766099c..34af0a4 100644 --- a/service/yggdrasil/user.go +++ b/service/yggdrasil/user.go @@ -279,7 +279,7 @@ func (y *Yggdrasil) PlayerCertificates(ctx context.Context, token string) (yggdr s := sign.NewAuthlibSignWithKey(rsa2048) priKey := lo.Must(s.GetPriKey()) - pubKey := lo.Must(s.GetPubKey()) + pubKey := lo.Must(s.GetPKIXPubKey()) expiresAt := time.Now().Add(24 * time.Hour) expiresAtUnix := expiresAt.UnixMilli() diff --git a/utils/sign/rsa.go b/utils/sign/rsa.go index 7b854f1..5e58c50 100644 --- a/utils/sign/rsa.go +++ b/utils/sign/rsa.go @@ -1,7 +1,6 @@ package sign import ( - "bytes" "crypto" "crypto/rsa" "crypto/sha1" @@ -23,10 +22,14 @@ func NewAuthlibSign(prikey []byte) (*AuthlibSign, error) { if b == nil { return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem) } - priv, err := x509.ParsePKCS1PrivateKey(b.Bytes) + p, err := x509.ParsePKCS8PrivateKey(b.Bytes) if err != nil { return nil, fmt.Errorf("NewAuthlibSign: %w", err) } + priv, ok := p.(*rsa.PrivateKey) + if !ok { + return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem) + } return &AuthlibSign{ key: priv, }, nil @@ -42,32 +45,39 @@ func (a *AuthlibSign) GetKey() *rsa.PrivateKey { return a.key } -func (a *AuthlibSign) GetPubKey() (string, error) { - derBytes := x509.MarshalPKCS1PublicKey(&a.key.PublicKey) +func (a *AuthlibSign) getPKIXPubKey(typeStr string) (string, error) { + derBytes, err := x509.MarshalPKIXPublicKey(&a.key.PublicKey) + if err != nil { + return "", fmt.Errorf("getPKIXPubKey: %w", err) + } pemKey := &pem.Block{ - Type: "PUBLIC KEY", + Type: typeStr, Bytes: derBytes, } - bw := &bytes.Buffer{} - err := pem.Encode(bw, pemKey) - if err != nil { - return "", fmt.Errorf("GetPubKey: %w", err) - } - return bw.String(), nil + return string(pem.EncodeToMemory(pemKey)), nil } +// PKIX PUBLIC KEY +func (a *AuthlibSign) GetPKIXPubKeyWithOutRsa() (string, error) { + return a.getPKIXPubKey("PUBLIC KEY") +} + +// PKIX RSA PUBLIC KEY +func (a *AuthlibSign) GetPKIXPubKey() (string, error) { + return a.getPKIXPubKey("RSA PUBLIC KEY") +} + +// PKCS #8 func (a *AuthlibSign) GetPriKey() (string, error) { - derBytes := x509.MarshalPKCS1PrivateKey(a.key) + derBytes, err := x509.MarshalPKCS8PrivateKey(a.key) + if err != nil { + return "", fmt.Errorf("GetPriKey: %w", err) + } pemKey := &pem.Block{ - Type: "PRIVATE KEY", + Type: "RSA PRIVATE KEY", Bytes: derBytes, } - bw := &bytes.Buffer{} - err := pem.Encode(bw, pemKey) - if err != nil { - return "", fmt.Errorf("GetPubKey: %w", err) - } - return bw.String(), nil + return string(pem.EncodeToMemory(pemKey)), nil } func (a *AuthlibSign) Sign(data []byte) (string, error) { diff --git a/utils/sign/rsa_test.go b/utils/sign/rsa_test.go index b924a49..eefde36 100644 --- a/utils/sign/rsa_test.go +++ b/utils/sign/rsa_test.go @@ -24,7 +24,7 @@ func TestAuthlibSign(t *testing.T) { if err != nil { t.Fatal(err) } - pub, err := as.GetPubKey() + pub, err := as.GetPKIXPubKey() if err != nil { t.Fatal(err) }