josep! runs jose without json parsing the output

2024-08-28 08:13:50 +01:00 · 2024-08-28 08:13:50 +01:00 · 74093b7ee3
commit 74093b7ee3
parent 41733e58d6
1 changed files with 15 additions and 10 deletions
--- a/pkgs/tangc/tangc.fnl
+++ b/pkgs/tangc/tangc.fnl
@ -39,8 +39,20 @@
        (error (%% "jose %q failed (exit=%d): %q"
                   (table.concat params " ") exitcode out)))))
 (fn josep! [params inputstr]
  (let [(exitcode out) (jose params inputstr)]
    (if (= exitcode 0)
        out
        (error (%% "jose %q failed (exit=%d): %q"
                   (table.concat params " ") exitcode out)))))
 (fn has-key? [keys kid alg]
  (jose! ["jose" "jwk" "thp" "-i-" "-f" kid "-a" alg] (json.encode keys)))
 (fn search-key [keys kid]
  (accumulate [ret nil
               _ alg (ipairs thumbprint-algs)
               &until ret]
    (or ret (has-key? keys kid alg))))
 (fn jwk-generate [crv]
  (jose! ["jose" "jwk" "gen" "-i" (%% "{\"alg\":\"ECMR\",\"crv\":%q}" crv)] ""))
@ -57,22 +69,15 @@
         (.. (json.encode clt) " " (json.encode eph))))
 (fn jwe-dec [jwk ph undigested]
-  (let [(exitcode plaintext)
+  (josep! [ "jwe" "dec" "-k-" "-i-"]
-        (jose ["jose" "jwe" "dec" "-k-" "-i-"]
+          (.. (json.encode jwk) ph "." undigested)))
              (.. (json.encode jwk) ph "." undigested))]
    (if (= exitcode 0)
        plaintext
        (error (.. "Error calling jwe dec: " exitcode " / " plaintext )))))
 (fn parse-jwe [jwe]
  (assert (= jwe.clevis.pin "tang") "invalid clevis.pin")
  (assert jwe.clevis.tang.adv "no advertised keys")
  (assert (>= (# jwe.kid) CLEVIS_DEFAULT_THP_LEN)
          "tang using a deprecated hash for the JWK thumbprints")
-  (let [srv (accumulate [ret nil
+  (let [srv (search-key jwe.clevis.tang.adv jwe.kid)]
                         _ alg (ipairs thumbprint-algs)
                         &until ret]
              (or ret (has-key? jwe.clevis.tang.adv jwe.kid alg)))]
    {
     :kid jwe.kid
     :clt (assert jwe.epk)