]>
git.proxmox.com Git - proxmox.git/blob - proxmox-acme/src/eab.rs
f3221904e705ab1c453d6c507f03e1edd8c052c3
1 use openssl
::hash
::MessageDigest
;
2 use openssl
::pkey
::{HasPrivate, PKeyRef}
;
3 use openssl
::sign
::Signer
;
4 use serde
::{Deserialize, Serialize}
;
7 use crate::{b64u, Error}
;
9 #[derive(Debug, Serialize)]
10 #[serde(rename_all = "camelCase")]
17 #[cfg_attr(feature = "api-types", proxmox_schema::api())]
18 /// External Account Bindings
19 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
20 #[serde(rename_all = "camelCase")]
21 pub struct ExternalAccountBinding
{
22 /// JOSE Header (see RFC 7515)
30 impl ExternalAccountBinding
{
33 eab_hmac_key
: &PKeyRef
<P
>,
36 ) -> Result
<Self, Error
>
40 let protected
= Protected
{
42 kid
: eab_kid
.to_string(),
45 let payload
= b64u
::encode(serde_json
::to_string(&jwk
)?
.as_bytes());
46 let protected_data
= b64u
::encode(serde_json
::to_string(&protected
)?
.as_bytes());
48 let protected
= protected_data
.as_bytes();
49 let payload
= payload
.as_bytes();
50 Self::sign_hmac(eab_hmac_key
, protected
, payload
)?
53 let signature
= b64u
::encode(&signature
);
54 Ok(ExternalAccountBinding
{
55 protected
: protected_data
,
61 fn sign_hmac
<P
>(key
: &PKeyRef
<P
>, protected
: &[u8], payload
: &[u8]) -> Result
<Vec
<u8>, Error
>
65 let mut signer
= Signer
::new(MessageDigest
::sha256(), key
)?
;
66 signer
.update(protected
)?
;
68 signer
.update(payload
)?
;
69 Ok(signer
.sign_to_vec()?
)