| 85 | } |
| 86 | |
| 87 | Status CreateSignature(RSA* private_key, StringPiece to_sign, |
| 88 | string* signature) { |
| 89 | if (!private_key || !signature) { |
| 90 | return errors::FailedPrecondition( |
| 91 | "'private_key' and 'signature' cannot be nullptr."); |
| 92 | } |
| 93 | |
| 94 | const auto md = EVP_sha256(); |
| 95 | if (!md) { |
| 96 | return errors::Internal("Could not get a sha256 encryptor."); |
| 97 | } |
| 98 | |
| 99 | // EVP_MD_CTX_destroy is renamed to EVP_MD_CTX_free in OpenSSL 1.1.0 but |
| 100 | // the old name is still retained as a compatibility macro. |
| 101 | // Keep this around until support is dropped for OpenSSL 1.0 |
| 102 | // https://www.openssl.org/news/cl110.txt |
| 103 | std::unique_ptr<EVP_MD_CTX, std::function<void(EVP_MD_CTX*)>> md_ctx( |
| 104 | EVP_MD_CTX_create(), [](EVP_MD_CTX* ptr) { EVP_MD_CTX_destroy(ptr); }); |
| 105 | if (!md_ctx) { |
| 106 | return errors::Internal("Could not create MD_CTX."); |
| 107 | } |
| 108 | |
| 109 | std::unique_ptr<EVP_PKEY, std::function<void(EVP_PKEY*)>> key( |
| 110 | EVP_PKEY_new(), [](EVP_PKEY* ptr) { EVP_PKEY_free(ptr); }); |
| 111 | EVP_PKEY_set1_RSA(key.get(), private_key); |
| 112 | |
| 113 | if (EVP_DigestSignInit(md_ctx.get(), nullptr, md, nullptr, key.get()) != 1) { |
| 114 | return errors::Internal("DigestInit failed."); |
| 115 | } |
| 116 | if (EVP_DigestSignUpdate(md_ctx.get(), to_sign.data(), to_sign.size()) != 1) { |
| 117 | return errors::Internal("DigestUpdate failed."); |
| 118 | } |
| 119 | size_t sig_len = 0; |
| 120 | if (EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len) != 1) { |
| 121 | return errors::Internal("DigestFinal (get signature length) failed."); |
| 122 | } |
| 123 | std::unique_ptr<unsigned char[]> sig(new unsigned char[sig_len]); |
| 124 | if (EVP_DigestSignFinal(md_ctx.get(), sig.get(), &sig_len) != 1) { |
| 125 | return errors::Internal("DigestFinal (signature compute) failed."); |
| 126 | } |
| 127 | return Base64Encode(StringPiece(reinterpret_cast<char*>(sig.get()), sig_len), |
| 128 | signature); |
| 129 | } |
| 130 | |
| 131 | /// Encodes a claim for a JSON web token (JWT) to make an OAuth request. |
| 132 | Status EncodeJwtClaim(StringPiece client_email, StringPiece scope, |
no test coverage detected