mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
6f7364e48b
* FEATURE: RS512, RS384 and RS256 COSE algorithms These algorithms are not implemented by cose-ruby, but used in the web authentication API and were marked as supported. * FEATURE: Use all algorithms supported by cose-ruby Previously only a subset of the algorithms were allowed.
51 lines
1.2 KiB
Ruby
51 lines
1.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'cose'
|
|
require 'openssl/signature_algorithm/rsapkcs1'
|
|
|
|
# 'cose' gem does not implement all algorithms from the Web Authentication
|
|
# (WebAuthn) standard specification. This patch implements one of the missing
|
|
# ones, RSASSA-PKCS1-v1_5.
|
|
module COSE
|
|
module Algorithm
|
|
def self.registered_algorithm_ids
|
|
@registered_by_id.keys
|
|
end
|
|
|
|
class RSAPKCS1 < SignatureAlgorithm
|
|
attr_reader :hash_function
|
|
|
|
def initialize(*args, hash_function:)
|
|
super(*args)
|
|
|
|
@hash_function = hash_function
|
|
end
|
|
|
|
private
|
|
|
|
def valid_key?(key)
|
|
to_cose_key(key).is_a?(COSE::Key::RSA)
|
|
end
|
|
|
|
def signature_algorithm_class
|
|
OpenSSL::SignatureAlgorithm::RSAPKCS1
|
|
end
|
|
|
|
def to_pkey(key)
|
|
case key
|
|
when COSE::Key::RSA
|
|
key.to_pkey
|
|
when OpenSSL::PKey::RSA
|
|
key
|
|
else
|
|
raise(COSE::Error, 'Incompatible key for algorithm')
|
|
end
|
|
end
|
|
end
|
|
|
|
register(RSAPKCS1.new(-257, 'RS256', hash_function: 'SHA256'))
|
|
register(RSAPKCS1.new(-258, 'RS384', hash_function: 'SHA384'))
|
|
register(RSAPKCS1.new(-259, 'RS512', hash_function: 'SHA512'))
|
|
end
|
|
end
|