libp2p/autotls/acme/jws

Search:
Group by:
Source   Edit  

Minimal JSON Web Signature (JWS) producer for the ACME client.

libp2p only ever needs to issue RS256-signed requests to the ACME server, so this module implements just the flattened JWS JSON serialization (RFC 7515, section 7.2.2) using RSASSA-PKCS1-v1_5 with SHA-256. The signing reuses crypto/rsa, whose sign is already exactly an RS256 signer (same PKCS#1 v1.5 padding, SHA-256 digest and DigestInfo OID), so no signing code is vendored. This replaces the former nim-jwt dependency, of which only this slice was ever used.

Procs

proc toFlattenedJws(protectedHeader: JsonNode; payload: JsonNode;
                    key: rsa.RsaPrivateKey): JsonNode {....raises: [ACMEError],
    tags: [RootEffect], forbids: [].}

Signs protectedHeader/payload with key (RS256) and returns the flattened JWS JSON serialization: the base64url-encoded protected, payload and signature members.

The signature covers BASE64URL(protected) || '.' || BASE64URL(payload) exactly as transmitted, so the JSON key ordering of the inputs does not affect verification.

Source   Edit