authentication.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/json"
	"fmt"
	"log"
	"os"
	"time"

	"github.com/golang-jwt/jwt/v4"
	"github.com/smallstep/certificates/ca"
	"go.step.sm/crypto/jose"
)

const (
	URL         = "<ca URL>"
	fingerprint = "<fingerprint>"
)

type (
	Key struct {
		Use string `json:"use"`
		KTY string `json:"kty"`
		KID string `json:"kid"`
		CRV string `json:"crv"`
		ALG string `json:"alg"`
		X   string `json:"x"`
		Y   string `json:"y"`
	}

	JWK struct {
		Type         string `json:"type"`
		Name         string `json:"name"`
		Key          Key    `json:"key"`
		EncryptedKey string `json:"encryptedKey"`
	}
)

func main() {
	
	data, err := os.ReadFile("provisioner.jwk")
	if err != nil {
		log.Printf("failed to read file, reason %v", err)
		return
	}

	jwk := JWK{}
	json.Unmarshal(data, &jwk)

	log.Printf("%+v", jkw)

	token := getToken()
	signedToken, err := token.SignedString(hmac.New(sha256.New, data).Sum(nil))
	if err != nil {
		fmt.Printf("token signing error%v", err)
		panic(err)
	}

	fmt.Printf("token %v\n\n", signedToken)

	client, err := ca.NewClient(URL, ca.WithRootSHA256(fingerprint))
	if err != nil {
		log.Printf("failed to create step client: %v\n", err)
		panic(err)
	}

	request, pk, err := ca.CreateSignRequest(signedToken)
	if err != nil {
		log.Printf("failed to create sign request: %v\n", err)
		panic(err)
	}

	log.Printf("pk: %v\n\n", pk)

	response, err := client.Sign(request)
	if err != nil {
		log.Printf("failed to sign request: %v\n", err)
		panic(err)
	}

	log.Printf("response: %+v\n\n", response)

	
}

func getToken() *jwt.Token {
	claims := jwt.RegisteredClaims{
		ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 10)),
		Issuer:    URL,
		Subject:   "ca.example.com",
		ID:        "ca.example.com",
		IssuedAt:  jwt.NewNumericDate(time.Now()),
		NotBefore: jwt.NewNumericDate(time.Now()),
		Audience:  []string{URL},
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return token
}