casdoor/object/token_jwt_key.go

// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package object

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"fmt"
	"math/big"
	"time"

	"github.com/casbin/casdoor/util"
)

func generateRsaKeys(fileId string) {
	// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa
	// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key

	bitSize := 4096

	// Generate RSA key.
	key, err := rsa.GenerateKey(rand.Reader, bitSize)
	if err != nil {
		panic(err)
	}

	// Encode private key to PKCS#1 ASN.1 PEM.
	privateKeyPem := pem.EncodeToMemory(
		&pem.Block{
			Type:  "PRIVATE KEY",
			Bytes: x509.MarshalPKCS1PrivateKey(key),
		},
	)

	tml := x509.Certificate{
		// you can add any attr that you need
		NotBefore: time.Now(),
		NotAfter:  time.Now().AddDate(20, 0, 0),
		// you have to generate a different serial number each execution
		SerialNumber: big.NewInt(123456),
		Subject: pkix.Name{
			CommonName:   "Casdoor Cert",
			Organization: []string{"Casdoor Organization"},
		},
		BasicConstraintsValid: true,
	}
	cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
	if err != nil {
		panic(err)
	}

	// Generate a pem block with the certificate
	certPem := pem.EncodeToMemory(&pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert,
	})

	// Write private key to file.
	util.WriteBytesToPath(privateKeyPem, fmt.Sprintf("%s.key", fileId))

	// Write certificate (aka public key) to file.
	util.WriteBytesToPath(certPem, fmt.Sprintf("%s.pem", fileId))
}
Use RS256 to sign JWT token. 2021-10-15 16:27:10 +08:00			`// Copyright 2021 The casbin Authors. All Rights Reserved.`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package object`

			`import (`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/pem"`
			`"fmt"`
			`"math/big"`
			`"time"`

			`"github.com/casbin/casdoor/util"`
			`)`

			`func generateRsaKeys(fileId string) {`
			`// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa`
			`// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key`

			`bitSize := 4096`

			`// Generate RSA key.`
			`key, err := rsa.GenerateKey(rand.Reader, bitSize)`
			`if err != nil {`
			`panic(err)`
			`}`

			`// Encode private key to PKCS#1 ASN.1 PEM.`
			`privateKeyPem := pem.EncodeToMemory(`
			`&pem.Block{`
			`Type: "PRIVATE KEY",`
			`Bytes: x509.MarshalPKCS1PrivateKey(key),`
			`},`
			`)`

			`tml := x509.Certificate{`
			`// you can add any attr that you need`
			`NotBefore: time.Now(),`
			`NotAfter: time.Now().AddDate(20, 0, 0),`
			`// you have to generate a different serial number each execution`
			`SerialNumber: big.NewInt(123456),`
			`Subject: pkix.Name{`
			`CommonName: "Casdoor Cert",`
			`Organization: []string{"Casdoor Organization"},`
			`},`
			`BasicConstraintsValid: true,`
			`}`
			`cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)`
			`if err != nil {`
			`panic(err)`
			`}`

			`// Generate a pem block with the certificate`
			`certPem := pem.EncodeToMemory(&pem.Block{`
			`Type: "CERTIFICATE",`
			`Bytes: cert,`
			`})`

			`// Write private key to file.`
			`util.WriteBytesToPath(privateKeyPem, fmt.Sprintf("%s.key", fileId))`

			`// Write certificate (aka public key) to file.`
			`util.WriteBytesToPath(certPem, fmt.Sprintf("%s.pem", fileId))`
			`}`