]>
git.proxmox.com Git - proxmox.git/blob - proxmox-acme/src/eab.rs
1 use openssl
::hash
::MessageDigest
;
2 use openssl
::pkey
::{HasPrivate, PKeyRef}
;
3 use openssl
::sign
::Signer
;
4 use serde
::{Deserialize, Serialize}
;
7 use crate::{b64u, Error}
;
9 #[derive(Debug, Serialize)]
10 #[serde(rename_all = "camelCase")]
17 #[derive(Debug, Serialize, Deserialize, Clone)]
18 #[serde(rename_all = "camelCase")]
19 pub struct ExternalAccountBinding
{
25 impl ExternalAccountBinding
{
28 eab_hmac_key
: &PKeyRef
<P
>,
31 ) -> Result
<Self, Error
>
35 let protected
= Protected
{
37 kid
: eab_kid
.to_string(),
40 let payload
= b64u
::encode(serde_json
::to_string(&jwk
)?
.as_bytes());
41 let protected_data
= b64u
::encode(serde_json
::to_string(&protected
)?
.as_bytes());
43 let protected
= protected_data
.as_bytes();
44 let payload
= payload
.as_bytes();
45 Self::sign_hmac(eab_hmac_key
, protected
, payload
)?
48 let signature
= b64u
::encode(&signature
);
49 Ok(ExternalAccountBinding
{
50 protected
: protected_data
,
56 fn sign_hmac
<P
>(key
: &PKeyRef
<P
>, protected
: &[u8], payload
: &[u8]) -> Result
<Vec
<u8>, Error
>
60 let mut signer
= Signer
::new(MessageDigest
::sha256(), key
)?
;
61 signer
.update(protected
)?
;
63 signer
.update(payload
)?
;
64 Ok(signer
.sign_to_vec()?
)