Versions in this module Expand all Collapse all v0 v0.9.0 Feb 13, 2024 Changes in this version + var ErrHashUnavailable = errors.New("hash unavailable") + var ErrInconsistentKeyValues = errors.New("inconsistent jwk values") + var ErrInvalidAlgorithm error = &InvalidFormat + var ErrInvalidCertificateHeader = errors.New("invalid certificate header") + var ErrInvalidDelegateEncoding error = &InvalidFormat + var ErrInvalidEncryption error = &InvalidFormat + var ErrInvalidExponent = errors.New("invalid exponent value") + var ErrInvalidExponentEncoding error = &InvalidFormat + var ErrInvalidJwkEncoding error = &InvalidFormat + var ErrInvalidJwsBase64BodyEncoding error = &InvalidFormat + var ErrInvalidJwsBase64HeaderEncoding error = &InvalidFormat + var ErrInvalidJwsBase64SignatureEncoding error = &InvalidFormat + var ErrInvalidJwsCompactEncoding error = &InvalidFormat + var ErrInvalidJwsHeaderEncoding error = &InvalidFormat + var ErrInvalidJwtEncoding error = &InvalidFormat + var ErrInvalidJwtTimeframe error = &InvalidFormat + var ErrInvalidKey = errors.New("invalid jwk") + var ErrInvalidKeyLength = errors.New("invalid jwk length") + var ErrInvalidKeySize error = &InvalidFormat + var ErrInvalidKeyType = errors.New("invalid jwk type") + var ErrInvalidKid error = &InvalidFormat + var ErrInvalidManifestEncoding error = &InvalidFormat + var ErrInvalidModulusEncoding error = &InvalidFormat + var ErrInvalidNonce = errors.New("invalid nonce") + var ErrInvalidOperations = errors.New("the jwk is invalid in this context") + var ErrInvalidSignature = errors.New("invalid signature") + var ErrInvalidSigningKeyURL = errors.New("invalid signing jwk url") + var ErrInvalidXEncoding error = &InvalidFormat + var ErrInvalidYEncoding error = &InvalidFormat + var ErrNoExpectedAudience error = &InvalidFormat + var ErrUnknownKey = errors.New("unknown jwk") + var ErrUnsupportedKeyType = errors.New("unsupported jwk type") + var ErrZipCompressionNotSupported error = &InvalidFormat + func CalculateKeyID(jwk jose.Jwk) (string, error) + func JwkFromPrivateKey(privateKey crypto.Signer, operations []jose.KeyOps, certs []*x509.Certificate) (jose.Jwk, error) + func JwkFromPublicKey(publicKey crypto.PublicKey, operations []jose.KeyOps, ...) (jose.Jwk, error) + func JwkFromSymmetric(key []byte, alg jose.Alg) (jwk *jose.OctSecretKey, err error) + func JwkToString(jwk jose.Jwk) (string, error) + func JwtToString(jwt jose.Jwt) (full string, err error) + func LoadJwk(reader io.ReadSeeker, required []jose.KeyOps) (jwk jose.Jwk, err error) + func LoadJwkFromFile(file string, required []jose.KeyOps) (jose.Jwk, error) + func LoadJws(jws string) (protectedHeader *jose.JwsHeader, header []byte, data []byte, payload []byte, ...) + func LoadPrivateKey(jwk jose.Jwk, required []jose.KeyOps) (crypto.Signer, error) + func LoadPublicKey(jwk jose.Jwk, required []jose.KeyOps) (crypto.PublicKey, error) + func LoadSymmetricAEAD(jwk jose.Jwk, required []jose.KeyOps) (a cipher.AEAD, err error) + func PublicFromPrivate(in jose.Jwk) (jose.Jwk, error) + type AeadEncryptionKey interface + GenerateNonce func() ([]byte, error) + Open func(operation jose.KeyOps, nonce, ciphertext, aad, tag []byte) (plaintext []byte, err error) + Seal func(operation jose.KeyOps, nonce, plaintext, aad []byte) (ciphertext, tag []byte, err error) + func NewAesGcmCryptor(aead cipher.AEAD, rng io.Reader, kid string, alg jose.Alg, ...) (AeadEncryptionKey, error) + func NewAesGcmCryptorFromJwk(jwk jose.Jwk, required []jose.KeyOps) (AeadEncryptionKey, error) + type AesCbcCryptor struct + func (cryptor *AesCbcCryptor) Algorithm() jose.Alg + func (cryptor *AesCbcCryptor) Kid() string + func (cryptor *AesCbcCryptor) Open(ciphertext []byte) []byte + func (cryptor *AesCbcCryptor) Seal(plaintext []byte) []byte + type AesGcmCryptor struct + func (cryptor *AesGcmCryptor) Algorithm() jose.Alg + func (cryptor *AesGcmCryptor) GenerateNonce() ([]byte, error) + func (cryptor *AesGcmCryptor) Kid() string + func (cryptor *AesGcmCryptor) Open(operation jose.KeyOps, nonce, ciphertext, aad, tag []byte) (plaintext []byte, err error) + func (cryptor *AesGcmCryptor) Seal(operation jose.KeyOps, nonce, plaintext, aad []byte) (ciphertext, tag []byte, err error) + type Algorithmed interface + Algorithm func() jose.Alg + type AsymmetricDecryptionKey interface + Decrypt func(jose.KeyOps, []byte) ([]byte, error) + Encryptor func() (AsymmetricEncryptionKey, error) + type AsymmetricDecryptionKeyStore interface + Get func(kid string) (k AsymmetricDecryptionKey, err error) + type AsymmetricDecryptionKeyStoreImpl struct + func NewAsymmetricDecryptionKeyStoreImpl(keys map[string]AsymmetricDecryptionKey) (*AsymmetricDecryptionKeyStoreImpl, error) + func (a *AsymmetricDecryptionKeyStoreImpl) Get(kid string) (k AsymmetricDecryptionKey, err error) + type AsymmetricEncryptionKey interface + Encrypt func(jose.KeyOps, []byte) ([]byte, error) + type AuthenticatedEncryptionKeyGenerator struct + func (g *AuthenticatedEncryptionKeyGenerator) Generate(alg jose.Alg, operations []jose.KeyOps) (AeadEncryptionKey, jose.Jwk, error) + type BlockEncryptionKey interface + Open func(ciphertext []byte) []byte + Seal func(plaintext []byte) []byte + func NewAesCbcCryptor(blockCipher cipher.BlockMode, kid string, alg jose.Alg) BlockEncryptionKey + type CertifiableKey interface + Certificates func() []*x509.Certificate + MarshalPem func() (string, error) + type ECDSAOptions struct + Hash crypto.Hash + func (opts *ECDSAOptions) HashFunc() crypto.Hash + type ECDSASigningKey struct + func (signer *ECDSASigningKey) Certificates() []*x509.Certificate + func (signer *ECDSASigningKey) Jwk() (jose.Jwk, error) + func (signer *ECDSASigningKey) Key() crypto.Signer + func (signer *ECDSASigningKey) Kid() string + func (signer *ECDSASigningKey) Marshal() (string, error) + func (signer *ECDSASigningKey) MarshalPem() (p string, err error) + func (signer *ECDSASigningKey) Sign(requested jose.KeyOps, data []byte) (signature []byte, err error) + func (signer *ECDSASigningKey) Verifier() (VerificationKey, error) + func (signer ECDSASigningKey) Algorithm() jose.Alg + type ECDSASigningKeyGenerator struct + func (g *ECDSASigningKeyGenerator) Generate(alg jose.Alg, operations []jose.KeyOps) (SigningKey, error) + type ECVerificationKeyImpl struct + func (verifier *ECVerificationKeyImpl) Algorithm() jose.Alg + func (verifier *ECVerificationKeyImpl) Certificates() []*x509.Certificate + func (verifier *ECVerificationKeyImpl) Jwk() (jose.Jwk, error) + func (verifier *ECVerificationKeyImpl) Kid() string + func (verifier *ECVerificationKeyImpl) Marshal() (string, error) + func (verifier *ECVerificationKeyImpl) MarshalPem() (string, error) + func (verifier *ECVerificationKeyImpl) Verify(operation jose.KeyOps, data []byte, signature []byte) bool + type HmacKey interface + Hash func(input []byte) []byte + func NewHmacShaCryptor(kid string, hash hash.Hash) HmacKey + type HmacShaCryptor struct + func (h HmacShaCryptor) Hash(input []byte) []byte + func (h HmacShaCryptor) Kid() string + type InvalidFormat struct + func (err *InvalidFormat) Error() string + type JweDecryptor interface + Decrypt func(jwe string) (plaintext, aad []byte, err error) + type JweDirectDecryptorAeadImpl struct + func NewJweDirectDecryptorAeadImpl(keys []AeadEncryptionKey) *JweDirectDecryptorAeadImpl + func (decryptor *JweDirectDecryptorAeadImpl) Decrypt(jwe string) (plaintext, aad []byte, err error) + type JweDirectDecryptorBlock struct + func NewJweDirectDecryptorBlock(aesKey BlockEncryptionKey, hmacKey HmacKey) *JweDirectDecryptorBlock + func (decryptor *JweDirectDecryptorBlock) Decrypt(marshalledJwe string) (plaintext, aad []byte, err error) + type JweDirectEncryptorAead struct + func NewJweDirectEncryptorAead(key AeadEncryptionKey, externalIV bool) *JweDirectEncryptorAead + func (encryptor *JweDirectEncryptorAead) Encrypt(plaintext, aad []byte) (string, error) + type JweDirectEncryptorBlock struct + func NewJweDirectEncryptorBlock(aesKey BlockEncryptionKey, hmacKey HmacKey, iv []byte) *JweDirectEncryptorBlock + func (encryptor *JweDirectEncryptorBlock) Encrypt(plaintext, aad []byte) (string, error) + type JweEncryptor interface + Encrypt func(plaintext, aad []byte) (string, error) + type JweHmacVerifier interface + ComputeHash func(aad []byte, iv []byte, ciphertext []byte) []byte + VerifyCompact func(jwe jose.JweRfc7516Compact) (result bool, err error) + type JweHmacVerifierImpl struct + func NewJweHmacVerifier(hmacKey HmacKey) *JweHmacVerifierImpl + func (verifier *JweHmacVerifierImpl) ComputeHash(aad []byte, iv []byte, ciphertext []byte) []byte + func (verifier *JweHmacVerifierImpl) VerifyCompact(jwe jose.JweRfc7516Compact) (result bool, err error) + type JweRsaKeyEncryptionDecryptorImpl struct + func NewJweRsaKeyEncryptionDecryptorImpl(keystore AsymmetricDecryptionKeyStore) *JweRsaKeyEncryptionDecryptorImpl + func (d *JweRsaKeyEncryptionDecryptorImpl) Decrypt(jwe string) (plaintext, aad []byte, err error) + type JweRsaKeyEncryptionEncryptorImpl struct + func NewJweRsaKeyEncryptionEncryptorImpl(recipient jose.Jwk, contentEncryptionAlg jose.Alg) (*JweRsaKeyEncryptionEncryptorImpl, error) + func (e *JweRsaKeyEncryptionEncryptorImpl) Encrypt(plaintext, aad []byte) (string, error) + type JwksTrustStore struct + func NewJwksKeyStore(issuerList, url string) *JwksTrustStore + func (store *JwksTrustStore) Add(issuer string, jwk jose.Jwk) error + func (store *JwksTrustStore) Get(issuer, kid string) (vk VerificationKey, err error) + func (store *JwksTrustStore) Remove(issuer, kid string) bool + type JwtSigner interface + Issuer func() string + Sign func(claims *jose.SettableJwtClaims, untyped map[string]interface{}) (string, error) + type JwtSignerImpl struct + func NewJwtSigner(issuer string, key SigningKey) *JwtSignerImpl + func (signer *JwtSignerImpl) Issuer() string + func (signer *JwtSignerImpl) Sign(claims *jose.SettableJwtClaims, untyped map[string]interface{}) (string, error) + type JwtVerifier interface + Verify func(jwt string, audience []string) (kid string, claims *jose.JwtClaims, err error) + type JwtVerifierImpl struct + func NewJwtVerifier(ks TrustStore) *JwtVerifierImpl + func (verifier *JwtVerifierImpl) Verify(jwt string, audience []string) (kid string, claims *jose.JwtClaims, err error) + type Key interface + Kid func() string + type MarshalableKey interface + Jwk func() (jose.Jwk, error) + Marshal func() (string, error) + type RsaKeyDecryptionKeyGenerator struct + func (generator *RsaKeyDecryptionKeyGenerator) Generate(alg jose.Alg, bitLen int, operations []jose.KeyOps) (AsymmetricDecryptionKey, error) + type RsaPrivateKeyImpl struct + func NewRsaDecryptionKey(jwk jose.Jwk) (*RsaPrivateKeyImpl, error) + func (rsaKey *RsaPrivateKeyImpl) Algorithm() jose.Alg + func (rsaKey *RsaPrivateKeyImpl) Certificates() []*x509.Certificate + func (rsaKey *RsaPrivateKeyImpl) Decrypt(requested jose.KeyOps, ciphertext []byte) ([]byte, error) + func (rsaKey *RsaPrivateKeyImpl) Encryptor() (AsymmetricEncryptionKey, error) + func (rsaKey *RsaPrivateKeyImpl) Jwk() (jose.Jwk, error) + func (rsaKey *RsaPrivateKeyImpl) Key() crypto.Signer + func (rsaKey *RsaPrivateKeyImpl) Kid() string + func (rsaKey *RsaPrivateKeyImpl) Marshal() (string, error) + func (rsaKey *RsaPrivateKeyImpl) MarshalPem() (string, error) + func (rsaKey *RsaPrivateKeyImpl) Operations() []jose.KeyOps + func (rsaKey *RsaPrivateKeyImpl) Sign(requested jose.KeyOps, data []byte) ([]byte, error) + func (rsaKey *RsaPrivateKeyImpl) Verifier() (VerificationKey, error) + type RsaPublicKeyImpl struct + func NewRsaPublicKeyImpl(jwk jose.Jwk) (*RsaPublicKeyImpl, error) + func (k *RsaPublicKeyImpl) Algorithm() jose.Alg + func (k *RsaPublicKeyImpl) Certificates() []*x509.Certificate + func (k *RsaPublicKeyImpl) Encrypt(requested jose.KeyOps, data []byte) ([]byte, error) + func (k *RsaPublicKeyImpl) Jwk() (jose.Jwk, error) + func (k *RsaPublicKeyImpl) Kid() string + func (k *RsaPublicKeyImpl) Marshal() (string, error) + func (k *RsaPublicKeyImpl) MarshalPem() (string, error) + func (k *RsaPublicKeyImpl) Verify(operation jose.KeyOps, data []byte, signature []byte) bool + type RsaSigningKeyGenerator struct + func (generator *RsaSigningKeyGenerator) Generate(alg jose.Alg, bitLen int, operations []jose.KeyOps) (SigningKey, error) + type SigningKey interface + Key func() crypto.Signer + Sign func(jose.KeyOps, []byte) ([]byte, error) + Verifier func() (VerificationKey, error) + func NewSigningKey(jwk jose.Jwk, required []jose.KeyOps) (SigningKey, error) + type SigningKeyImpl struct + func (signer *SigningKeyImpl) Algorithm() jose.Alg + func (signer *SigningKeyImpl) Certificates() []*x509.Certificate + func (signer *SigningKeyImpl) Jwk() (jose.Jwk, error) + func (signer *SigningKeyImpl) Key() crypto.Signer + func (signer *SigningKeyImpl) Kid() string + func (signer *SigningKeyImpl) Marshal() (string, error) + func (signer *SigningKeyImpl) MarshalPem() (string, error) + func (signer *SigningKeyImpl) Operations() []jose.KeyOps + func (signer *SigningKeyImpl) Sign(requested jose.KeyOps, data []byte) ([]byte, error) + func (signer *SigningKeyImpl) Verifier() (VerificationKey, error) + type TrustKeyStoreImpl struct + func NewTrustKeyStore(rootData map[string]jose.Jwk) (store *TrustKeyStoreImpl, err error) + func NewTrustKeyStoreFromFile(root string) (store *TrustKeyStoreImpl, err error) + func (store *TrustKeyStoreImpl) Add(issuer string, jwk jose.Jwk) error + func (store *TrustKeyStoreImpl) Get(issuer, kid string) (vk VerificationKey, err error) + func (store *TrustKeyStoreImpl) Remove(issuer, kid string) bool + type TrustStore interface + Add func(issuer string, jwk jose.Jwk) error + Get func(issuer, kid string) (vk VerificationKey, err error) + Remove func(issuer, kid string) bool + type VerificationKey interface + Verify func(operation jose.KeyOps, data []byte, signature []byte) bool + func NewVerificationKey(jwk jose.Jwk) (VerificationKey, error)