jwt.go

package bluesky

import (
	"github.com/ureeves/jwt-go-secp256k1"
	"github.com/golang-jwt/jwt/v5"
)

type es256k struct{}

// Verify verifies a signature generated by Sign.
//
// signingString is the concatenated header, payload, and separator.
// sig is the signature.
// key is the ECDSA private key in the PEM format.
//
// Returns an error if the signature cannot be verified.
func (e *es256k) Verify(signingString string, sig []byte, key interface{}) error {
	return secp256k1.SigningMethodES256K.Verify(signingString, string(sig), key)
}

// Sign signs a signingString with a key.
//
// signingString is the concatenated header, payload, and separator.
// key is the ECDSA private key in the PEM format.
//
// Returns the signature as a byte slice, or an error if there is a problem
// signing.
func (e *es256k) Sign(signingString string, key interface{}) ([]byte, error) {
	sig, err := secp256k1.SigningMethodES256K.Sign(signingString, key)
	if err != nil {
		return nil, err
	}
	return []byte(sig), nil
}

func (e *es256k) Alg() string {
	return "ES256K"
}

func init() {
	// Register ES256K signing method
	jwt.RegisterSigningMethod("ES256K", func() jwt.SigningMethod {
		return &es256k{}
	})
}