我从以下位置获取了 Google 证书:
但我不知道如何在 Go 中解析证书并提取公钥并使其适用于 rsa.VerifyPKCS1v15() 以验证 ID token (openID 连接)签名。如果有人可以建议我,我将不胜感激。这是我已有的代码:
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
log.Fatal(err)
return
}
//extract kid from token header
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)
token_kid := header.(map[string]interface{})["kid"]
//get modulus and exponent from the cert
var goCertificate interface{}
err = json.Unmarshal(certs, &goCertificate)
k := goCertificate.(map[string]interface{})[token_kid.(string)]
google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
//I know the line below is wrong but thats how I usualy parse public keys
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)
最佳答案
我可能跑题了(不熟悉 x509/rsa)但是 ParseCertificates 返回了所有的键:
func main() {
res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
log.Fatal(err)
return
}
var header = map[string]string{
"kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
}
token_kid := header["kid"]
defer res.Body.Close()
var certs map[string]string
dec := json.NewDecoder(res.Body)
dec.Decode(&certs)
// add error checking
google_cert := certs[token_kid]
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %#v", certInterface)
pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
log.Printf("pkey: %v", pkey)
}
关于go - 使用 Go 从 PEM 格式的 Google "oauth2/v1/certs"证书中提取公钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26237283/