jwx

package
v0.0.4-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 10, 2023 License: Apache-2.0 Imports: 21 Imported by: 11

Documentation

Index

Constants

View Source
const (
	DilithiumMode2Alg jwa.SignatureAlgorithm = "CRYDI2"
	DilithiumMode3Alg jwa.SignatureAlgorithm = "CRYDI3"
	DilithiumMode5Alg jwa.SignatureAlgorithm = "CRYDI5"
)
View Source
const (
	DilithiumKTY = "LWE"
)

Variables

This section is empty.

Functions

func AlgFromKeyAndCurve

func AlgFromKeyAndCurve(kty, crv string) (string, error)

AlgFromKeyAndCurve returns the supported JSON Web Algorithm for signing for a given key type and curve pair The curve parameter is optional (e.g. "") as in the case of RSA.

func GetExperimentalJWXSigningVerificationAlgorithms

func GetExperimentalJWXSigningVerificationAlgorithms() []string

GetExperimentalJWXSigningVerificationAlgorithms returns a list of experimental signing and verifying algorithms for JWXs

func GetJWSHeaders

func GetJWSHeaders(token []byte) (jws.Headers, error)

GetJWSHeaders returns the headers of a JWS signed object, assuming there is only one signature.

func GetSupportedJWXSigningVerificationAlgorithms

func GetSupportedJWXSigningVerificationAlgorithms() []string

GetSupportedJWXSigningVerificationAlgorithms returns a list of supported signing and verifying algorithms for JWXs

func IsExperimentalJWXSigningVerificationAlgorithm

func IsExperimentalJWXSigningVerificationAlgorithm(algorithm string) bool

IsExperimentalJWXSigningVerificationAlgorithm returns true if the algorithm is supported for experimental signing or verifying JWXs

func IsSupportedJWXSigningVerificationAlgorithm

func IsSupportedJWXSigningVerificationAlgorithm(algorithm string) bool

IsSupportedJWXSigningVerificationAlgorithm returns true if the algorithm is supported for signing or verifying JWXs

func NewDilithiumMode2Signer

func NewDilithiumMode2Signer() (jws.Signer, error)

NewDilithiumMode2Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 2

func NewDilithiumMode2Verifier

func NewDilithiumMode2Verifier() (jws.Verifier, error)

NewDilithiumMode2Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 2

func NewDilithiumMode3Signer

func NewDilithiumMode3Signer() (jws.Signer, error)

NewDilithiumMode3Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 3

func NewDilithiumMode3Verifier

func NewDilithiumMode3Verifier() (jws.Verifier, error)

NewDilithiumMode3Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 3

func NewDilithiumMode5Signer

func NewDilithiumMode5Signer() (jws.Signer, error)

NewDilithiumMode5Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 5

func NewDilithiumMode5Verifier

func NewDilithiumMode5Verifier() (jws.Verifier, error)

NewDilithiumMode5Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 5

func PrivateKeyToPrivateKeyJWK

func PrivateKeyToPrivateKeyJWK(keyID string, key gocrypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)

PrivateKeyToPrivateKeyJWK converts a private key to a PrivateKeyJWK

Types

type DilithiumSignerVerifier

type DilithiumSignerVerifier struct {
	// contains filtered or unexported fields
}

DilithiumSignerVerifier implements the jws.Signer and jws.Verifier interfaces for use with the jwx library

func (DilithiumSignerVerifier) Algorithm

Algorithm returns the jwa.SignatureAlgorithm value for the configured Dilithium mode

func (DilithiumSignerVerifier) Sign

func (s DilithiumSignerVerifier) Sign(payload []byte, keyif any) ([]byte, error)

Sign signs the payload using the provided key

func (DilithiumSignerVerifier) Verify

func (s DilithiumSignerVerifier) Verify(payload []byte, signature []byte, keyif any) error

Verify verifies the signature against the payload using the provided key

type PrivateKeyJWK

type PrivateKeyJWK struct {
	KTY    string `json:"kty,omitempty" validate:"required"`
	CRV    string `json:"crv,omitempty"`
	X      string `json:"x,omitempty"`
	Y      string `json:"y,omitempty"`
	N      string `json:"n,omitempty"`
	E      string `json:"e,omitempty"`
	Use    string `json:"use,omitempty"`
	KeyOps string `json:"key_ops,omitempty"`
	ALG    string `json:"alg,omitempty"`
	KID    string `json:"kid,omitempty"`
	D      string `json:"d,omitempty"`
	DP     string `json:"dp,omitempty"`
	DQ     string `json:"dq,omitempty"`
	P      string `json:"p,omitempty"`
	Q      string `json:"q,omitempty"`
	QI     string `json:"qi,omitempty"`
}

PrivateKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517

func (*PrivateKeyJWK) IsEmpty

func (k *PrivateKeyJWK) IsEmpty() bool

func (*PrivateKeyJWK) ToPrivateKey

func (k *PrivateKeyJWK) ToPrivateKey() (gocrypto.PrivateKey, error)

ToPrivateKey converts a PrivateKeyJWK to a PrivateKeyJWK

func (*PrivateKeyJWK) ToPublicKeyJWK

func (k *PrivateKeyJWK) ToPublicKeyJWK() PublicKeyJWK

ToPublicKeyJWK converts a PrivateKeyJWK to a PublicKeyJWK

type PublicKeyJWK

type PublicKeyJWK struct {
	KTY    string `json:"kty,omitempty" validate:"required"`
	CRV    string `json:"crv,omitempty"`
	X      string `json:"x,omitempty"`
	Y      string `json:"y,omitempty"`
	N      string `json:"n,omitempty"`
	E      string `json:"e,omitempty"`
	Use    string `json:"use,omitempty"`
	KeyOps string `json:"key_ops,omitempty"`
	ALG    string `json:"alg,omitempty"`
	KID    string `json:"kid,omitempty"`
}

PublicKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517

func PublicKeyToPublicKeyJWK

func PublicKeyToPublicKeyJWK(kid string, key gocrypto.PublicKey) (*PublicKeyJWK, error)

PublicKeyToPublicKeyJWK converts a public key to a PublicKeyJWK

func (*PublicKeyJWK) IsEmpty

func (k *PublicKeyJWK) IsEmpty() bool

func (*PublicKeyJWK) ToPublicKey

func (k *PublicKeyJWK) ToPublicKey() (gocrypto.PublicKey, error)

ToPublicKey converts a PublicKeyJWK to a PublicKey

type Signer

type Signer struct {
	ID string
	PrivateKeyJWK
	gocrypto.PrivateKey
}

Signer is a struct that contains the key and algorithm used to sign JWTs and produce JWS values

func NewJWXSigner

func NewJWXSigner(id, kid string, key gocrypto.PrivateKey) (*Signer, error)

NewJWXSigner creates a new signer from a private key to sign and produce JWS values

func NewJWXSignerFromJWK

func NewJWXSignerFromJWK(id string, key PrivateKeyJWK) (*Signer, error)

NewJWXSignerFromJWK creates a new signer from a private key to sign and produce JWS values

func (*Signer) Parse

func (*Signer) Parse(token string) (jws.Headers, jwt.Token, error)

Parse attempts to turn a string into a jwt.Token

func (*Signer) SignJWS

func (s *Signer) SignJWS(payload []byte) ([]byte, error)

SignJWS takes a set of payload and signs it with the key defined in the signer

func (*Signer) SignWithDefaults

func (s *Signer) SignWithDefaults(kvs map[string]any) ([]byte, error)

SignWithDefaults takes a set of JWT keys and values to add to a JWT before singing them with the key defined in the signer. Automatically sets iss and iat

func (*Signer) ToVerifier

func (s *Signer) ToVerifier(verifierID string) (*Verifier, error)

ToVerifier converts a signer to a verifier, where the passed in verifiedID is the intended ID of the verifier for `aud` validation

type Verifier

type Verifier struct {
	ID string
	PublicKeyJWK
	// contains filtered or unexported fields
}

Verifier is a struct that contains the key and algorithm used to verify JWTs and JWS signatures

func NewJWXVerifier

func NewJWXVerifier(id, kid string, key gocrypto.PublicKey) (*Verifier, error)

NewJWXVerifier creates a new verifier from a public key to verify JWTs and JWS signatures

func NewJWXVerifierFromJWK

func NewJWXVerifierFromJWK(id string, key PublicKeyJWK) (*Verifier, error)

NewJWXVerifierFromJWK creates a new verifier from a public key to verify JWTs and JWS signatures

func (*Verifier) Parse

func (*Verifier) Parse(token string) (jws.Headers, jwt.Token, error)

Parse attempts to turn a string into a jwt.Token

func (*Verifier) ParseJWS

func (*Verifier) ParseJWS(token string) (*jws.Signature, error)

ParseJWS attempts to pull of a single signature from a token, containing its headers

func (*Verifier) Verify

func (v *Verifier) Verify(token string) error

Verify parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success

func (*Verifier) VerifyAndParse

func (v *Verifier) VerifyAndParse(token string) (jws.Headers, jwt.Token, error)

VerifyAndParse attempts to turn a string into a jwt.Token and verify its signature using the verifier

func (*Verifier) VerifyJWS

func (v *Verifier) VerifyJWS(token string) error

VerifyJWS parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL