MCPcopy
hub / github.com/golang-jwt/jwt / Sign

Method Sign

ecdsa.go:92–134  ·  view source on GitHub ↗

Sign implements token signing for the SigningMethod. For this signing method, key must be an ecdsa.PrivateKey struct

(signingString string, key any)

Source from the content-addressed store, hash-verified

90// Sign implements token signing for the SigningMethod.
91// For this signing method, key must be an ecdsa.PrivateKey struct
92func (m *SigningMethodECDSA) Sign(signingString string, key any) ([]byte, error) {
93 // Get the key
94 var ecdsaKey *ecdsa.PrivateKey
95 switch k := key.(type) {
96 case *ecdsa.PrivateKey:
97 ecdsaKey = k
98 default:
99 return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType)
100 }
101
102 // Create the hasher
103 if !m.Hash.Available() {
104 return nil, ErrHashUnavailable
105 }
106
107 hasher := m.Hash.New()
108 hasher.Write([]byte(signingString))
109
110 // Sign the string and return r, s
111 if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
112 curveBits := ecdsaKey.Curve.Params().BitSize
113
114 if m.CurveBits != curveBits {
115 return nil, ErrInvalidKey
116 }
117
118 keyBytes := curveBits / 8
119 if curveBits%8 > 0 {
120 keyBytes += 1
121 }
122
123 // We serialize the outputs (r and s) into big-endian byte arrays
124 // padded with zeros on the left to make sure the sizes work out.
125 // Output must be 2*keyBytes long.
126 out := make([]byte, 2*keyBytes)
127 r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
128 s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output.
129
130 return out, nil
131 } else {
132 return nil, err
133 }
134}

Callers

nothing calls this directly

Calls 2

newErrorFunction · 0.85
SignMethod · 0.65

Tested by

no test coverage detected