gitea/vendor/github.com/golang-jwt/jwt/ecdsa_go1.15.go

//+build go1.15

package jwt

import (
	"crypto/ecdsa"
	"crypto/rand"
)

// Implements the Sign method from SigningMethod
// For this signing method, key must be an ecdsa.PrivateKey struct
func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {
	// Get the key
	var ecdsaKey *ecdsa.PrivateKey
	switch k := key.(type) {
	case *ecdsa.PrivateKey:
		ecdsaKey = k
	default:
		return "", ErrInvalidKeyType
	}

	// Create the hasher
	if !m.Hash.Available() {
		return "", ErrHashUnavailable
	}

	hasher := m.Hash.New()
	hasher.Write([]byte(signingString))

	// Sign the string and return r, s
	if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
		curveBits := ecdsaKey.Curve.Params().BitSize

		if m.CurveBits != curveBits {
			return "", ErrInvalidKey
		}

		keyBytes := curveBits / 8
		if curveBits%8 > 0 {
			keyBytes += 1
		}

		// We serialize the outputs (r and s) into big-endian byte arrays
		// padded with zeros on the left to make sure the sizes work out.
		// Output must be 2*keyBytes long.
		out := make([]byte, 2*keyBytes)
		r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
		s.FillBytes(out[keyBytes:])  // s is assigned to the second half of output.

		return EncodeSegment(out), nil
	} else {
		return "", err
	}
}
Upgrade to latest version of golang-jwt (as forked for 1.14) (#16607) * Forcibly update the vendored versions using a replace Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-08-03 21:21:00 +00:00			`//+build go1.15`

			`package jwt`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/rand"`
			`)`

			`// Implements the Sign method from SigningMethod`
			`// For this signing method, key must be an ecdsa.PrivateKey struct`
			`func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {`
			`// Get the key`
			`var ecdsaKey *ecdsa.PrivateKey`
			`switch k := key.(type) {`
			`case *ecdsa.PrivateKey:`
			`ecdsaKey = k`
			`default:`
			`return "", ErrInvalidKeyType`
			`}`

			`// Create the hasher`
			`if !m.Hash.Available() {`
			`return "", ErrHashUnavailable`
			`}`

			`hasher := m.Hash.New()`
			`hasher.Write([]byte(signingString))`

			`// Sign the string and return r, s`
			`if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {`
			`curveBits := ecdsaKey.Curve.Params().BitSize`

			`if m.CurveBits != curveBits {`
			`return "", ErrInvalidKey`
			`}`

			`keyBytes := curveBits / 8`
			`if curveBits%8 > 0 {`
			`keyBytes += 1`
			`}`

			`// We serialize the outputs (r and s) into big-endian byte arrays`
			`// padded with zeros on the left to make sure the sizes work out.`
			`// Output must be 2*keyBytes long.`
			`out := make([]byte, 2*keyBytes)`
			`r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.`
			`s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output.`

			`return EncodeSegment(out), nil`
			`} else {`
			`return "", err`
			`}`
			`}`