go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/appengine/impl/utils/tokensigning/common.go (about) 1 // Copyright 2017 The LUCI Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package tokensigning implements utilities for RSA-signing of proto messages. 16 package tokensigning 17 18 import "time" 19 20 // Unwrapped carries a serialized token proto and its signature. 21 // 22 // It is then converted into some concrete proto, serialized, base64-encoded and 23 // returned to the clients. 24 // 25 // 'Wrap' may use Body, RsaSHA256Sig, SignerID and KeyID fields. 26 // 'Unwrap' must initialize Body, RsaSHA256Sig, KeyID. 27 type Unwrapped struct { 28 Body []byte // serialized proto that was signed 29 RsaSHA256Sig []byte // the actual signature 30 SignerID string // service account email that owns the signing key 31 KeyID string // identifier of the signing key 32 } 33 34 // Lifespan is a time interval when some token is valid. 35 type Lifespan struct { 36 NotBefore time.Time 37 NotAfter time.Time 38 } 39 40 // prependSigningContext prepends '<ctx>\x00' to the blob, if ctx != "". 41 // 42 // See SigningContext in Signer for more info. 43 func prependSigningContext(blob []byte, ctx string) []byte { 44 if ctx == "" { 45 return blob 46 } 47 b := make([]byte, len(blob)+len(ctx)+1) 48 copy(b, ctx) 49 copy(b[len(ctx)+1:], blob) 50 return b 51 }