From a0b6481c53439a3a6121b8c0f7b468f8b4338644 Mon Sep 17 00:00:00 2001 From: Kosuke Saigusa Date: Fri, 9 Feb 2024 18:57:10 +0900 Subject: [PATCH 1/3] build: add pointycastle package to dependency --- packages/dart_firebase_admin/pubspec.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/dart_firebase_admin/pubspec.yaml b/packages/dart_firebase_admin/pubspec.yaml index 3d13093..3913338 100644 --- a/packages/dart_firebase_admin/pubspec.yaml +++ b/packages/dart_firebase_admin/pubspec.yaml @@ -17,6 +17,7 @@ dependencies: http: ^1.0.0 intl: ^0.19.0 meta: ^1.9.1 + pointycastle: ^3.7.4 dev_dependencies: build_runner: ^2.4.7 From 963adf2b4a31f8d8a834bdd9953150020c83827d Mon Sep 17 00:00:00 2001 From: Kosuke Saigusa Date: Fri, 9 Feb 2024 18:59:11 +0900 Subject: [PATCH 2/3] feat: fix _ServiceAccountSigner sign method to correctly sign token --- .../lib/src/utils/crypto_signer.dart | 32 ++++++++++++++++--- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/packages/dart_firebase_admin/lib/src/utils/crypto_signer.dart b/packages/dart_firebase_admin/lib/src/utils/crypto_signer.dart index 2c89ae9..d3c1af9 100644 --- a/packages/dart_firebase_admin/lib/src/utils/crypto_signer.dart +++ b/packages/dart_firebase_admin/lib/src/utils/crypto_signer.dart @@ -1,10 +1,10 @@ import 'dart:convert'; import 'dart:typed_data'; -import 'package:crypto/crypto.dart'; import 'package:googleapis_auth/googleapis_auth.dart' as auth; import 'package:http/http.dart' as http; import 'package:meta/meta.dart'; +import 'package:pointycastle/pointycastle.dart'; import '../../dart_firebase_admin.dart'; @@ -107,11 +107,33 @@ class _ServiceAccountSigner implements CryptoSigner { @override Future sign(Uint8List buffer) async { - final key = utf8.encode(credential.privateKey); - final hmac = Hmac(sha256, key); - final digest = hmac.convert(buffer); + final rsaPrivateKey = _parsePrivateKeyFromPem(); + final signer = Signer('SHA-256/RSA') + ..init(true, PrivateKeyParameter(rsaPrivateKey)); + final signature = signer.generateSignature(buffer) as RSASignature; + return signature.bytes; + } + + RSAPrivateKey _parsePrivateKeyFromPem() { + final privateKeyString = credential.privateKey + .replaceAll('-----BEGIN PRIVATE KEY-----', '') + .replaceAll('-----END PRIVATE KEY-----', '') + .replaceAll('\n', ''); + final privateKeyDER = base64Decode(privateKeyString); + + final asn1Parser = ASN1Parser(Uint8List.fromList(privateKeyDER)); + final topLevelSequence = asn1Parser.nextObject() as ASN1Sequence; + final privateKeyOctet = topLevelSequence.elements![2] as ASN1OctetString; + + final privateKeyParser = ASN1Parser(privateKeyOctet.valueBytes); + final privatekeySequence = privateKeyParser.nextObject() as ASN1Sequence; + + final modulus = (privatekeySequence.elements![1] as ASN1Integer).integer!; + final exponent = (privatekeySequence.elements![3] as ASN1Integer).integer!; + final p = (privatekeySequence.elements![4] as ASN1Integer).integer; + final q = (privatekeySequence.elements![5] as ASN1Integer).integer; - return Uint8List.fromList(digest.bytes); + return RSAPrivateKey(modulus, exponent, p, q); } } From 45f2109361be993e7c527a71dedb4e5d79c1a8a9 Mon Sep 17 00:00:00 2001 From: Kosuke Saigusa Date: Fri, 9 Feb 2024 19:13:50 +0900 Subject: [PATCH 3/3] build: remove crypto package from dependency --- packages/dart_firebase_admin/pubspec.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/dart_firebase_admin/pubspec.yaml b/packages/dart_firebase_admin/pubspec.yaml index 3913338..6c4584f 100644 --- a/packages/dart_firebase_admin/pubspec.yaml +++ b/packages/dart_firebase_admin/pubspec.yaml @@ -9,7 +9,6 @@ environment: dependencies: collection: ^1.18.0 - crypto: ^3.0.3 dart_jsonwebtoken: ^2.11.0 firebaseapis: ^0.2.0 freezed_annotation: ^2.4.1