package Net::ACME2::JWTMaker;
#----------------------------------------------------------------------
# This module exists because of a desire to do these computations
# in environments where a compiler may not be available.
# (Otherwise, CryptX would be ideal.)
#----------------------------------------------------------------------
use strict;
use warnings;
use JSON ();
use MIME::Base64 ();
use Net::ACME2::X ();
BEGIN {
*_encode_b64u = *MIME::Base64::encode_base64url;
}
sub new {
my ($class, %opts) = @_;
die Net::ACME2::X->create('Generic', 'need “key”') if !$opts{'key'};
return bless \%opts, $class;
}
sub create_full_jws {
my ($self, %args) = @_;
local $args{'extra_headers'}{'jwk'} = $self->{'key'}->get_struct_for_public_jwk();
return $self->_create_jwt(%args);
}
sub create_key_id_jws {
my ($self, %args) = @_;
local $args{'extra_headers'}{'kid'} = $args{'key_id'};
return $self->_create_jwt(%args);
}
#----------------------------------------------------------------------
#expects:
# payload - unblessed string, arrayref, or hashref
# extra_headers - hashref
sub _create_jwt {
my ( $self, %args ) = @_;
my $alg = $self->_ALG();
my $signer_cr = $self->_get_signer();
my $key = $self->{'key'};
my $payload = $args{payload};
my $header = { %{$args{extra_headers}} };
# serialize payload
$payload = $self->_payload_enc($payload);
# encode payload
my $b64u_payload = _encode_b64u($payload);
# prepare header
$header->{alg} = $alg;
# encode header
my $json_header = $self->_encode_json($header);
my $b64u_header = _encode_b64u($json_header);
my $b64u_signature = _encode_b64u( $signer_cr->("$b64u_header.$b64u_payload") );
return $self->_encode_json(
{
protected => $b64u_header,
payload => $b64u_payload,
signature => $b64u_signature,
}
);
}
sub _encode_json {
my ($self, $payload) = @_;
#Always do a canonical encode so that we can test more easily.
#Note that JWS itself does NOT require this.
$self->{'_json'} ||= JSON->new()->canonical(1);
return $self->{'_json'}->encode($payload);
}
#Derived from Crypt::JWT
sub _payload_enc {
my ($self, $payload) = @_;
if (ref($payload) eq 'HASH' || ref($payload) eq 'ARRAY') {
$payload = $self->_encode_json($payload);
}
else {
utf8::downgrade($payload, 1) or do {
die Net::ACME2::X->create('Generic', "JWT: payload ($payload) cannot contain wide character");
};
}
return $payload;
}
1;