vendor/github.com/golang-jwt/jwt/v5/rsa_utils.go - voltha-lib-go - Gitiles

 package jwt

 import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
 )

 var (
 	ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
 	ErrNotRSAPrivateKey    = errors.New("key is not a valid RSA private key")
 	ErrNotRSAPublicKey     = errors.New("key is not a valid RSA public key")
 )

 // ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key
 func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) {
 	var err error

 	// Parse PEM block
 	var block *pem.Block
 	if block, _ = pem.Decode(key); block == nil {
 		return nil, ErrKeyMustBePEMEncoded
 	}

 	var parsedKey interface{}
 	if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
 		if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
 			return nil, err
 		}
 	}

 	var pkey *rsa.PrivateKey
 	var ok bool
 	if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
 		return nil, ErrNotRSAPrivateKey
 	}

 	return pkey, nil
 }

 // ParseRSAPrivateKeyFromPEMWithPassword parses a PEM encoded PKCS1 or PKCS8 private key protected with password
 //
 // Deprecated: This function is deprecated and should not be used anymore. It uses the deprecated x509.DecryptPEMBlock
 // function, which was deprecated since RFC 1423 is regarded insecure by design. Unfortunately, there is no alternative
 // in the Go standard library for now. See https://github.com/golang/go/issues/8860.
 func ParseRSAPrivateKeyFromPEMWithPassword(key []byte, password string) (*rsa.PrivateKey, error) {
 	var err error

 	// Parse PEM block
 	var block *pem.Block
 	if block, _ = pem.Decode(key); block == nil {
 		return nil, ErrKeyMustBePEMEncoded
 	}

 	var parsedKey interface{}

 	var blockDecrypted []byte
 	if blockDecrypted, err = x509.DecryptPEMBlock(block, []byte(password)); err != nil {
 		return nil, err
 	}

 	if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {
 		if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {
 			return nil, err
 		}
 	}

 	var pkey *rsa.PrivateKey
 	var ok bool
 	if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
 		return nil, ErrNotRSAPrivateKey
 	}

 	return pkey, nil
 }

 // ParseRSAPublicKeyFromPEM parses a certificate or a PEM encoded PKCS1 or PKIX public key
 func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) {
 	var err error

 	// Parse PEM block
 	var block *pem.Block
 	if block, _ = pem.Decode(key); block == nil {
 		return nil, ErrKeyMustBePEMEncoded
 	}

 	// Parse the key
 	var parsedKey interface{}
 	if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
 		if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
 			parsedKey = cert.PublicKey
 		} else {
 			if parsedKey, err = x509.ParsePKCS1PublicKey(block.Bytes); err != nil {
 				return nil, err
 			}
 		}
 	}

 	var pkey *rsa.PublicKey
 	var ok bool
 	if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {
 		return nil, ErrNotRSAPublicKey
 	}

 	return pkey, nil
 }
	package jwt

	import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"errors"
	)

	var (
	ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
	ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key")
	ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key")
	)

	// ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key
	func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) {
	var err error

	// Parse PEM block
	var block *pem.Block
	if block, _ = pem.Decode(key); block == nil {
	return nil, ErrKeyMustBePEMEncoded
	}

	var parsedKey interface{}
	if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
	if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
	return nil, err
	}
	}

	var pkey *rsa.PrivateKey
	var ok bool
	if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
	return nil, ErrNotRSAPrivateKey
	}

	return pkey, nil
	}

	// ParseRSAPrivateKeyFromPEMWithPassword parses a PEM encoded PKCS1 or PKCS8 private key protected with password
	//
	// Deprecated: This function is deprecated and should not be used anymore. It uses the deprecated x509.DecryptPEMBlock
	// function, which was deprecated since RFC 1423 is regarded insecure by design. Unfortunately, there is no alternative
	// in the Go standard library for now. See https://github.com/golang/go/issues/8860.
	func ParseRSAPrivateKeyFromPEMWithPassword(key []byte, password string) (*rsa.PrivateKey, error) {
	var err error

	// Parse PEM block
	var block *pem.Block
	if block, _ = pem.Decode(key); block == nil {
	return nil, ErrKeyMustBePEMEncoded
	}

	var parsedKey interface{}

	var blockDecrypted []byte
	if blockDecrypted, err = x509.DecryptPEMBlock(block, []byte(password)); err != nil {
	return nil, err
	}

	if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {
	if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {
	return nil, err
	}
	}

	var pkey *rsa.PrivateKey
	var ok bool
	if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
	return nil, ErrNotRSAPrivateKey
	}

	return pkey, nil
	}

	// ParseRSAPublicKeyFromPEM parses a certificate or a PEM encoded PKCS1 or PKIX public key
	func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) {
	var err error

	// Parse PEM block
	var block *pem.Block
	if block, _ = pem.Decode(key); block == nil {
	return nil, ErrKeyMustBePEMEncoded
	}

	// Parse the key
	var parsedKey interface{}
	if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
	if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
	parsedKey = cert.PublicKey
	} else {
	if parsedKey, err = x509.ParsePKCS1PublicKey(block.Bytes); err != nil {
	return nil, err
	}
	}
	}

	var pkey *rsa.PublicKey
	var ok bool
	if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {
	return nil, ErrNotRSAPublicKey
	}

	return pkey, nil
	}