提取公鑰從谷歌「的oauth2/V1 /證書」證書PEM格式使用轉到

Question

我拿來與谷歌證書：

https://www.googleapis.com/oauth2/v1/certs

，但我不知道如何解析證書在圍棋和提取公鑰並使其適用於rsa.VerifyPKCS1v15（）以驗證id令牌（openID連接）簽名。如果有人可以建議我，我將不勝感激。下面是代碼我已經有了：

res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs") 
if err != nil { 
    log.Fatal(err) 
    return 
} 

certs, err := ioutil.ReadAll(res.Body) 
res.Body.Close() 
if err != nil { 
    log.Fatal(err) 
    return 
} 
//extract kid from token header 
var header interface{} 
log.Printf("Oauth header: %v", headerOauth) 
err = json.Unmarshal([]byte(headerOauth), &header) 

token_kid := header.(map[string]interface{})["kid"] 
//get modulus and exponent from the cert 

var goCertificate interface{} 

err = json.Unmarshal(certs, &goCertificate)  

k := goCertificate.(map[string]interface{})[token_kid.(string)] 

google_cert := k.(string) 
block_pub, _ := pem.Decode([]byte(google_cert)) 
certInterface, err := x509.ParseCertificates(block_pub.Bytes) 
log.Printf("certInterface: %v", *certInterface.PublicKey) 
//I know the line below is wrong but thats how I usualy parse public keys 
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes) 
pKey, ok := pubkeyInterface.(*rsa.PublicKey) 

Answer 1

我可能是方式在這裏下車（不熟悉的X509/RSA），但ParseCertificates返回所有的按鍵：

func main() { 
    res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs") 
    if err != nil { 
     log.Fatal(err) 
     return 
    } 

    var header = map[string]string{ 
     "kid": "ef9007a67db85f13ed67462abe2df63145c09aaf", 
    } 

    token_kid := header["kid"] 

    defer res.Body.Close() 
    var certs map[string]string 
    dec := json.NewDecoder(res.Body) 
    dec.Decode(&certs) 
    // add error checking 
    google_cert := certs[token_kid] 
    block_pub, _ := pem.Decode([]byte(google_cert)) 
    certInterface, err := x509.ParseCertificates(block_pub.Bytes) 
    log.Printf("certInterface: %#v", certInterface) 
    pkey := certInterface[0].PublicKey.(*rsa.PublicKey) 
    log.Printf("pkey: %v", pkey) 
}