From ffc9370ca400b5a100a7c2d24ff8e6b117e49168 Mon Sep 17 00:00:00 2001 From: xmdhs Date: Tue, 12 Sep 2023 21:37:40 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=AF=81=E4=B9=A6=E6=A0=BC?= =?UTF-8?q?=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/provide.go | 2 +- service/yggdrasil/user.go | 2 +- utils/sign/rsa.go | 48 +++++++++++++++++++++++---------------- utils/sign/rsa_test.go | 2 +- 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/server/provide.go b/server/provide.go index e693cfc..1c0b8f1 100644 --- a/server/provide.go +++ b/server/provide.go @@ -89,7 +89,7 @@ func ProvidePriKey(c config.Config) (*rsa.PrivateKey, error) { } func ProvidePubKey(pri *rsa.PrivateKey) (yggdrasil.PubRsaKey, error) { - s, err := sign.NewAuthlibSignWithKey(pri).GetPubKey() + s, err := sign.NewAuthlibSignWithKey(pri).GetPKIXPubKeyWithOutRsa() if err != nil { return "", fmt.Errorf("ProvidePubKey: %w", err) } diff --git a/service/yggdrasil/user.go b/service/yggdrasil/user.go index 766099c..34af0a4 100644 --- a/service/yggdrasil/user.go +++ b/service/yggdrasil/user.go @@ -279,7 +279,7 @@ func (y *Yggdrasil) PlayerCertificates(ctx context.Context, token string) (yggdr s := sign.NewAuthlibSignWithKey(rsa2048) priKey := lo.Must(s.GetPriKey()) - pubKey := lo.Must(s.GetPubKey()) + pubKey := lo.Must(s.GetPKIXPubKey()) expiresAt := time.Now().Add(24 * time.Hour) expiresAtUnix := expiresAt.UnixMilli() diff --git a/utils/sign/rsa.go b/utils/sign/rsa.go index 7b854f1..5e58c50 100644 --- a/utils/sign/rsa.go +++ b/utils/sign/rsa.go @@ -1,7 +1,6 @@ package sign import ( - "bytes" "crypto" "crypto/rsa" "crypto/sha1" @@ -23,10 +22,14 @@ func NewAuthlibSign(prikey []byte) (*AuthlibSign, error) { if b == nil { return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem) } - priv, err := x509.ParsePKCS1PrivateKey(b.Bytes) + p, err := x509.ParsePKCS8PrivateKey(b.Bytes) if err != nil { return nil, fmt.Errorf("NewAuthlibSign: %w", err) } + priv, ok := p.(*rsa.PrivateKey) + if !ok { + return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem) + } return &AuthlibSign{ key: priv, }, nil @@ -42,32 +45,39 @@ func (a *AuthlibSign) GetKey() *rsa.PrivateKey { return a.key } -func (a *AuthlibSign) GetPubKey() (string, error) { - derBytes := x509.MarshalPKCS1PublicKey(&a.key.PublicKey) +func (a *AuthlibSign) getPKIXPubKey(typeStr string) (string, error) { + derBytes, err := x509.MarshalPKIXPublicKey(&a.key.PublicKey) + if err != nil { + return "", fmt.Errorf("getPKIXPubKey: %w", err) + } pemKey := &pem.Block{ - Type: "PUBLIC KEY", + Type: typeStr, Bytes: derBytes, } - bw := &bytes.Buffer{} - err := pem.Encode(bw, pemKey) - if err != nil { - return "", fmt.Errorf("GetPubKey: %w", err) - } - return bw.String(), nil + return string(pem.EncodeToMemory(pemKey)), nil } +// PKIX PUBLIC KEY +func (a *AuthlibSign) GetPKIXPubKeyWithOutRsa() (string, error) { + return a.getPKIXPubKey("PUBLIC KEY") +} + +// PKIX RSA PUBLIC KEY +func (a *AuthlibSign) GetPKIXPubKey() (string, error) { + return a.getPKIXPubKey("RSA PUBLIC KEY") +} + +// PKCS #8 func (a *AuthlibSign) GetPriKey() (string, error) { - derBytes := x509.MarshalPKCS1PrivateKey(a.key) + derBytes, err := x509.MarshalPKCS8PrivateKey(a.key) + if err != nil { + return "", fmt.Errorf("GetPriKey: %w", err) + } pemKey := &pem.Block{ - Type: "PRIVATE KEY", + Type: "RSA PRIVATE KEY", Bytes: derBytes, } - bw := &bytes.Buffer{} - err := pem.Encode(bw, pemKey) - if err != nil { - return "", fmt.Errorf("GetPubKey: %w", err) - } - return bw.String(), nil + return string(pem.EncodeToMemory(pemKey)), nil } func (a *AuthlibSign) Sign(data []byte) (string, error) { diff --git a/utils/sign/rsa_test.go b/utils/sign/rsa_test.go index b924a49..eefde36 100644 --- a/utils/sign/rsa_test.go +++ b/utils/sign/rsa_test.go @@ -24,7 +24,7 @@ func TestAuthlibSign(t *testing.T) { if err != nil { t.Fatal(err) } - pub, err := as.GetPubKey() + pub, err := as.GetPKIXPubKey() if err != nil { t.Fatal(err) }