go - 使用 Go 从 PEM 格式的 Google“oauth2/v1/certs”证书中提取公钥

Question

我从以下位置获取了 Google 证书：

https://www.googleapis.com/oauth2/v1/certs

但我不知道如何在 Go 中解析证书并提取公钥并使其适用于 rsa.VerifyPKCS1v15() 以验证 id 令牌（openID 连接）签名。如果有人可以建议我，我将不胜感激。这是我已经拥有的代码：

res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
if err != nil {
    log.Fatal(err)
    return 
}

certs, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
    log.Fatal(err)
    return 
}
//extract kid from token header
var header interface{}
log.Printf("Oauth header: %v", headerOauth)
err = json.Unmarshal([]byte(headerOauth), &header)

token_kid := header.(map[string]interface{})["kid"]
//get modulus and exponent from the cert

var goCertificate interface{}

err = json.Unmarshal(certs, &goCertificate)    

k := goCertificate.(map[string]interface{})[token_kid.(string)]

google_cert := k.(string)
block_pub, _ := pem.Decode([]byte(google_cert))
certInterface, err := x509.ParseCertificates(block_pub.Bytes)
log.Printf("certInterface: %v", *certInterface.PublicKey)
//I know the line below is wrong but thats how I usualy parse public keys
pubkeyInterface, err := x509.ParsePKIXPublicKey(certInterface.Bytes)
pKey, ok := pubkeyInterface.(*rsa.PublicKey)

Answer 1

我可能会离开这里（不熟悉 x509/rsa），但ParseCertificates会返回所有键：

func main() {
    res, err := http.Get("https://www.googleapis.com/oauth2/v1/certs")
    if err != nil {
        log.Fatal(err)
        return
    }

    var header = map[string]string{
        "kid": "ef9007a67db85f13ed67462abe2df63145c09aaf",
    }

    token_kid := header["kid"]

    defer res.Body.Close()
    var certs map[string]string
    dec := json.NewDecoder(res.Body)
    dec.Decode(&certs)
    // add error checking
    google_cert := certs[token_kid]
    block_pub, _ := pem.Decode([]byte(google_cert))
    certInterface, err := x509.ParseCertificates(block_pub.Bytes)
    log.Printf("certInterface: %#v", certInterface)
    pkey := certInterface[0].PublicKey.(*rsa.PublicKey)
    log.Printf("pkey: %v", pkey)
}