Documentation ¶
Index ¶
- Constants
- Variables
- func MarshalJws(body string, signature []byte) string
- type Alg
- type Audiences
- type AutomaticJwtClaims
- type BigNum
- type Blob
- type Certificate
- type Crv
- type Enc
- type Fingerprint
- type Jwe
- type JweCustomHeaderFields
- type JweHeader
- type Jwk
- type Jwks
- type Jws
- type JwsHeader
- type JwsType
- type Jwt
- type JwtClaims
- type KeyOps
- type KeyUse
- type Kty
- type OctSecretKey
- func (j *OctSecretKey) Alg() Alg
- func (j *OctSecretKey) CheckConsistency() error
- func (j *OctSecretKey) Kid() string
- func (k *OctSecretKey) Kty() Kty
- func (k *OctSecretKey) MarshalJSON() (dst []byte, err error)
- func (j *OctSecretKey) Ops() []KeyOps
- func (j *OctSecretKey) SetAlg(alg Alg)
- func (j *OctSecretKey) SetKid(kid string)
- func (j *OctSecretKey) SetOps(ops []KeyOps)
- func (j *OctSecretKey) SetUse(use KeyUse)
- func (j *OctSecretKey) SetX5C(x5c []*x509.Certificate)
- func (j *OctSecretKey) SetX5T(blob *Fingerprint)
- func (k *OctSecretKey) UnmarshalJSON(src []byte) (err error)
- func (j *OctSecretKey) Use() KeyUse
- func (j *OctSecretKey) X5C() []*x509.Certificate
- func (j *OctSecretKey) X5T() *Fingerprint
- type OctSecretKeyFields
- type PrivateEcKey
- func (j *PrivateEcKey) Alg() Alg
- func (j *PrivateEcKey) CheckConsistency() error
- func (j *PrivateEcKey) Kid() string
- func (k *PrivateEcKey) Kty() Kty
- func (k *PrivateEcKey) MarshalJSON() (dst []byte, err error)
- func (j *PrivateEcKey) Ops() []KeyOps
- func (j *PrivateEcKey) SetAlg(alg Alg)
- func (j *PrivateEcKey) SetKid(kid string)
- func (j *PrivateEcKey) SetOps(ops []KeyOps)
- func (j *PrivateEcKey) SetUse(use KeyUse)
- func (j *PrivateEcKey) SetX5C(x5c []*x509.Certificate)
- func (j *PrivateEcKey) SetX5T(blob *Fingerprint)
- func (k *PrivateEcKey) UnmarshalJSON(src []byte) (err error)
- func (j *PrivateEcKey) Use() KeyUse
- func (j *PrivateEcKey) X5C() []*x509.Certificate
- func (j *PrivateEcKey) X5T() *Fingerprint
- type PrivateEcKeyFields
- type PrivateRsaKey
- func (j *PrivateRsaKey) Alg() Alg
- func (j *PrivateRsaKey) CheckConsistency() error
- func (j *PrivateRsaKey) Kid() string
- func (k *PrivateRsaKey) Kty() Kty
- func (k *PrivateRsaKey) MarshalJSON() (dst []byte, err error)
- func (j *PrivateRsaKey) Ops() []KeyOps
- func (j *PrivateRsaKey) SetAlg(alg Alg)
- func (j *PrivateRsaKey) SetKid(kid string)
- func (j *PrivateRsaKey) SetOps(ops []KeyOps)
- func (j *PrivateRsaKey) SetUse(use KeyUse)
- func (j *PrivateRsaKey) SetX5C(x5c []*x509.Certificate)
- func (j *PrivateRsaKey) SetX5T(blob *Fingerprint)
- func (k *PrivateRsaKey) UnmarshalJSON(src []byte) (err error)
- func (j *PrivateRsaKey) Use() KeyUse
- func (j *PrivateRsaKey) X5C() []*x509.Certificate
- func (j *PrivateRsaKey) X5T() *Fingerprint
- type PrivateRsaKeyFields
- type PublicEcKey
- func (j *PublicEcKey) Alg() Alg
- func (j *PublicEcKey) CheckConsistency() error
- func (j *PublicEcKey) Kid() string
- func (k *PublicEcKey) Kty() Kty
- func (k *PublicEcKey) MarshalJSON() (dst []byte, err error)
- func (j *PublicEcKey) Ops() []KeyOps
- func (j *PublicEcKey) SetAlg(alg Alg)
- func (j *PublicEcKey) SetKid(kid string)
- func (j *PublicEcKey) SetOps(ops []KeyOps)
- func (j *PublicEcKey) SetUse(use KeyUse)
- func (j *PublicEcKey) SetX5C(x5c []*x509.Certificate)
- func (j *PublicEcKey) SetX5T(blob *Fingerprint)
- func (k *PublicEcKey) UnmarshalJSON(src []byte) (err error)
- func (j *PublicEcKey) Use() KeyUse
- func (j *PublicEcKey) X5C() []*x509.Certificate
- func (j *PublicEcKey) X5T() *Fingerprint
- type PublicEcKeyFields
- type PublicRsaKey
- func (j *PublicRsaKey) Alg() Alg
- func (j *PublicRsaKey) CheckConsistency() error
- func (j *PublicRsaKey) Kid() string
- func (k *PublicRsaKey) Kty() Kty
- func (k *PublicRsaKey) MarshalJSON() (dst []byte, err error)
- func (j *PublicRsaKey) Ops() []KeyOps
- func (j *PublicRsaKey) SetAlg(alg Alg)
- func (j *PublicRsaKey) SetKid(kid string)
- func (j *PublicRsaKey) SetOps(ops []KeyOps)
- func (j *PublicRsaKey) SetUse(use KeyUse)
- func (j *PublicRsaKey) SetX5C(x5c []*x509.Certificate)
- func (j *PublicRsaKey) SetX5T(blob *Fingerprint)
- func (k *PublicRsaKey) UnmarshalJSON(src []byte) (err error)
- func (j *PublicRsaKey) Use() KeyUse
- func (j *PublicRsaKey) X5C() []*x509.Certificate
- func (j *PublicRsaKey) X5T() *Fingerprint
- type PublicRsaKeyFields
- type SettableJwtClaims
- type UntypedClaims
- type Zip
Constants ¶
const ( //AlgRS256 RSA PKCS #1 and SHA-2 256 AlgRS256 Alg = "RS256" //AlgRS384 RSA PKCS #1 and SHA-2 384 AlgRS384 Alg = "RS384" //AlgRS512 RSA PKCS #1 and SHA-2 512 AlgRS512 Alg = "RS512" //AlgPS256 RSA PSS signature with SHA-2 256 AlgPS256 Alg = "PS256" //AlgPS384 RSA PSS signature with SHA-2 384 AlgPS384 Alg = "PS384" //AlgPS512 RSA PSS signature with SHA-2 512 AlgPS512 Alg = "PS512" //AlgES256 EC DSA signature with SHA-2 256 AlgES256 Alg = "ES256" //AlgES384 EC DSA signature with SHA-2 384 AlgES384 Alg = "ES384" //AlgES512 EC DSA signature with SHA-2 512 AlgES512 Alg = "ES512" //AlgA128GCM AES GCM using 128-bit key AlgA128GCM Alg = "A128GCM" //AlgA192GCM AES GCM using 192-bit key AlgA192GCM Alg = "A192GCM" //AlgA256GCM AES GCM using 256-bit key AlgA256GCM Alg = "A256GCM" // AlgDir direct encryption for use with JWEs AlgDir Alg = "dir" // AlgRSAOAEP RSA OAEP Key encryption for use with JWEs AlgRSAOAEP = "RSA-OAEP" //CrvP256 NIST P-256 CrvP256 Crv = "P-256" //CrvP384 NIST P-384 CrvP384 Crv = "P-384" //CrvP521 NIST P-521 CrvP521 Crv = "P-521" //KtyRSA RSA key type KtyRSA Kty = "RSA" //KtyEC Elliptical Curve key type KtyEC Kty = "EC" //KtyOct Octet key type KtyOct Kty = "oct" //KeyUseEnc encryption usage KeyUseEnc KeyUse = "enc" //KeyUseSig signing usage KeyUseSig KeyUse = "sig" //KeyOpsSign sign stuff KeyOpsSign KeyOps = "sign" //KeyOpsVerify verify signed stuff KeyOpsVerify KeyOps = "verify" //KeyOpsEncrypt encrypt stuff KeyOpsEncrypt KeyOps = "encrypt" //KeyOpsDecrypt decrypt stuff KeyOpsDecrypt KeyOps = "decrypt" //KeyOpsWrapKey wrap keys KeyOpsWrapKey KeyOps = "wrapKey" //KeyOpsUnwrapKey unwrap keys KeyOpsUnwrapKey KeyOps = "unwrapKey" //KeyOpsDeriveKey derive a key KeyOpsDeriveKey KeyOps = "deriveKey" //KeyOpsDeriveBits derive bits KeyOpsDeriveBits KeyOps = "deriveBits" //JwtType JWT type JwtType JwsType = "JWT" // EncA128GCM AES GCM 128 Enc type EncA128GCM Enc = "A128GCM" // EncA192GCM AES GCM 192 Enc type EncA192GCM Enc = "A192GCM" // EncA256GCM AES GCM 256 Enc type EncA256GCM Enc = "A256GCM" // DeflateZip deflate type DeflateZip Zip = "DEF" )
Variables ¶
var ( //ErrJSONFormat when bad JSON string provided ErrJSONFormat = errors.New("invalid JSON format") //ErrBlobEmpty when bad Blob provided ErrBlobEmpty = errors.New("invalid Blob format, may not be empty") //ErrUnsupportedKeyType when a key type is unknown/unsupported ErrUnsupportedKeyType = errors.New("unsupported key type") //ErrUnexpectedKeyType when a key shows up in the wrong place. ErrUnexpectedKeyType = errors.New("unexpected key type") //ErrJwtFormat when a JWT isn't formatted correctly ErrJwtFormat = errors.New("invalid JWT format") //ErrDuplicateKeyOps too many of the same operation requested ErrDuplicateKeyOps = errors.New("duplicate key_ops entries") //ErrJwkInconsistentCertificateFields when a certificates fields are not what was expected ErrJwkInconsistentCertificateFields = errors.New("inconsistent certificate fields") //ErrJwkInvalidFingerprintfomat the fingerprint field (x5t) is encoded in an incorrect format ErrJwkInvalidFingerprintfomat = errors.New("invalid fingerprint format") //ErrJwkReservedClaimName invalid use of a reserved/defined claim name ErrJwkReservedClaimName = errors.New("incorrect use of reserved claim name") //ErrJweFormat when a JWE isn't formatted correctly ErrJweFormat = errors.New("invalid JWE format") )
Functions ¶
func MarshalJws ¶
MarshalJws body and signature to a string
Types ¶
type Alg ¶
type Alg string
Alg is a type for representing values destined for `alg` fields in JWK and JWTs.
type Audiences ¶
type Audiences struct {
Aud []string
}
Audiences holds audience members
func (*Audiences) MarshalJSON ¶
MarshalJSON audience to byte slice or error
func (*Audiences) UnmarshalJSON ¶
UnmarshalJSON byte slice to audience members or error
type AutomaticJwtClaims ¶
type AutomaticJwtClaims struct { Issuer string `json:"iss,omitempty"` IssuedAt int64 `json:"iat,omitempty"` JwtID string `json:"jti,omitempty"` }
AutomaticJwtClaims represent standard JWT claims that should not generally be set by a caller. For example the iat (issued-at) claim should only be set by a signer not the caller who requests the JWT.
type BigNum ¶
type BigNum struct {
// contains filtered or unexported fields
}
BigNum for managing big.Int
func (*BigNum) MarshalJSON ¶
MarshalJSON as byte slice or error
func (*BigNum) UnmarshalJSON ¶
UnmarshalJSON byte slice or error
type Blob ¶
type Blob struct {
B []byte
}
Blob represents a url-safe base64 encoded byte block.
func (*Blob) MarshalJSON ¶
MarshalJSON blob to byte slice
func (*Blob) UnmarshalJSON ¶
UnmarshalJSON byte slice to Blob, or error
type Certificate ¶
type Certificate struct {
Certificate *x509.Certificate
}
Certificate leaf for JWK
func (*Certificate) MarshalJSON ¶
func (c *Certificate) MarshalJSON() (dst []byte, err error)
MarshalJSON as byte slice or error
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON byte slice to certificate, or error
type Enc ¶
type Enc string
Enc is a type representing values destined for the `enc` field in a JWE header.
type Fingerprint ¶
type Fingerprint struct {
// contains filtered or unexported fields
}
Fingerprint represents a SHA1 digest
func (*Fingerprint) MarshalJSON ¶
func (f *Fingerprint) MarshalJSON() (dst []byte, err error)
MarshalJSON Fingerprint to byte slice
func (*Fingerprint) SetBytes ¶
func (f *Fingerprint) SetBytes(val []byte) *Fingerprint
SetBytes of Fingerprint
func (*Fingerprint) UnmarshalJSON ¶
func (f *Fingerprint) UnmarshalJSON(src []byte) error
UnmarshalJSON byte slice to Fingerprint, or error
type Jwe ¶
type Jwe struct { Header JweHeader MarshalledHeader []byte EncryptedKey []byte Iv []byte Ciphertext []byte Plaintext []byte Tag []byte }
Jwe representation of a JWE.
func (*Jwe) MarshalHeader ¶
MarshalHeader marshal JWE header. Note this is not guaranteed to result in the same marshaled representation across invocations.
type JweCustomHeaderFields ¶
type JweCustomHeaderFields struct { // Other AAD for transporting AAD around with the JWE... OtherAad *Blob `json:"_thales_aad,omitempty"` }
JweCustomHeaderFields custom JWE defined fields.
type JweHeader ¶
type JweHeader struct { JwsHeader JweCustomHeaderFields Enc Enc `json:"enc"` Zip Zip `json:"zip,omitempty"` }
JweHeader JWE header fields.
type Jwk ¶
type Jwk interface { Kty() Kty Use() KeyUse SetUse(use KeyUse) Ops() []KeyOps SetOps(ops []KeyOps) Alg() Alg SetAlg(alg Alg) Kid() string SetKid(kid string) X5C() []*x509.Certificate SetX5C(x5c []*x509.Certificate) X5T() *Fingerprint SetX5T(hash *Fingerprint) // TODO: Add x5t#S256 handling including consistency checking // CheckConsistency verify the JWK is well formed. CheckConsistency() error }
Jwk provides an interface for setting and getting common fields irrespective of key type.
func UnmarshalJwk ¶
func UnmarshalJwk(reader io.ReadSeeker) (jwk Jwk, err error)
UnmarshalJwk serialization into a concrete type.
type Jwks ¶
type Jwks struct {
Keys []Jwk `json:"keys"`
}
Jwks key store
func (*Jwks) UnmarshalJSON ¶
UnmarshalJSON byte slice into key store, or error
type Jws ¶
Jws jave web signature
func (*Jws) MarshalBody ¶
MarshalBody marshaled representation of the JWT Header and Claims.
type JwsHeader ¶
type JwsHeader struct { Alg Alg `json:"alg"` Jku string `json:"jku,omitempty"` //jwkFields []jwkFields `json:"jwk,omitempty"` TODO finish this Kid string `json:"kid,omitempty"` X5U string `json:"x5u,omitempty"` X5C [][]byte `json:"x5c,omitempty"` X5T *Blob `json:"x5t,omitempty"` X5T256 *Blob `json:"x5t#S256,omitempty"` Typ JwsType `json:"typ,omitempty"` Cty JwsType `json:"cty,omitempty"` Crit []string `json:"crit,omitempty"` }
JwsHeader header for JWS
type JwsType ¶
type JwsType string
JwsType is a type for representing values destined for `typ` fields in JWS and JWTs.
type Jwt ¶
Jwt defines a Jave web token
func (*Jwt) MarshalBody ¶
MarshalBody representation of the JWT Header and Claims.
type JwtClaims ¶
type JwtClaims struct { AutomaticJwtClaims SettableJwtClaims UntypedClaims }
JwtClaims claims for a JWT
func (*JwtClaims) MarshalJSON ¶
MarshalJSON implements json.Marshaler interface method.
func (*JwtClaims) UnmarshalCustomClaim ¶
UnmarshalCustomClaim Unmarshals a custom claim. A Claim that do not exist is unset but no error is returned.
func (*JwtClaims) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler interface method.
type KeyOps ¶
type KeyOps string
KeyOps is a type for representing values destined for `key_ops` fields in JWKs.
type KeyUse ¶
type KeyUse string
KeyUse is a type for representing values destined for `use` fields in JWKs.
type OctSecretKey ¶
type OctSecretKey struct { OctSecretKeyFields // contains filtered or unexported fields }
OctSecretKey Secret key JWK type.
func (*OctSecretKey) CheckConsistency ¶
func (j *OctSecretKey) CheckConsistency() error
func (*OctSecretKey) MarshalJSON ¶
func (k *OctSecretKey) MarshalJSON() (dst []byte, err error)
MarshalJSON to byte slice or error
func (*OctSecretKey) SetX5C ¶
func (j *OctSecretKey) SetX5C(x5c []*x509.Certificate)
func (*OctSecretKey) SetX5T ¶
func (j *OctSecretKey) SetX5T(blob *Fingerprint)
func (*OctSecretKey) UnmarshalJSON ¶
func (k *OctSecretKey) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON to to byte slice or error
func (*OctSecretKey) X5C ¶
func (j *OctSecretKey) X5C() []*x509.Certificate
func (*OctSecretKey) X5T ¶
func (j *OctSecretKey) X5T() *Fingerprint
type OctSecretKeyFields ¶
type OctSecretKeyFields struct {
K Blob `json:"k"`
}
OctSecretKeyFields Secret key specific fields.
type PrivateEcKey ¶
type PrivateEcKey struct { PublicEcKey PrivateEcKeyFields }
PrivateEcKey Private EC JWK type.
func (*PrivateEcKey) CheckConsistency ¶
func (j *PrivateEcKey) CheckConsistency() error
func (*PrivateEcKey) MarshalJSON ¶
func (k *PrivateEcKey) MarshalJSON() (dst []byte, err error)
MarshalJSON to byte slice or error
func (*PrivateEcKey) SetX5C ¶
func (j *PrivateEcKey) SetX5C(x5c []*x509.Certificate)
func (*PrivateEcKey) SetX5T ¶
func (j *PrivateEcKey) SetX5T(blob *Fingerprint)
func (*PrivateEcKey) UnmarshalJSON ¶
func (k *PrivateEcKey) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON byte slice or error
func (*PrivateEcKey) X5C ¶
func (j *PrivateEcKey) X5C() []*x509.Certificate
func (*PrivateEcKey) X5T ¶
func (j *PrivateEcKey) X5T() *Fingerprint
type PrivateEcKeyFields ¶
type PrivateEcKeyFields struct {
D BigNum `json:"d"`
}
PrivateEcKeyFields Private EC specific fields.
type PrivateRsaKey ¶
type PrivateRsaKey struct { PublicRsaKey PrivateRsaKeyFields }
PrivateRsaKey Private RSA JWK type.
func (*PrivateRsaKey) CheckConsistency ¶
func (j *PrivateRsaKey) CheckConsistency() error
func (*PrivateRsaKey) MarshalJSON ¶
func (k *PrivateRsaKey) MarshalJSON() (dst []byte, err error)
MarshalJSON to byte slice or error
func (*PrivateRsaKey) SetX5C ¶
func (j *PrivateRsaKey) SetX5C(x5c []*x509.Certificate)
func (*PrivateRsaKey) SetX5T ¶
func (j *PrivateRsaKey) SetX5T(blob *Fingerprint)
func (*PrivateRsaKey) UnmarshalJSON ¶
func (k *PrivateRsaKey) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON byte slice or error
func (*PrivateRsaKey) X5C ¶
func (j *PrivateRsaKey) X5C() []*x509.Certificate
func (*PrivateRsaKey) X5T ¶
func (j *PrivateRsaKey) X5T() *Fingerprint
type PrivateRsaKeyFields ¶
type PrivateRsaKeyFields struct { D BigNum `json:"d"` P BigNum `json:"p"` Q BigNum `json:"q"` Dp BigNum `json:"dp"` Dq BigNum `json:"dq"` Qi BigNum `json:"qi"` }
PrivateRsaKeyFields Private RSA specific fields.
type PublicEcKey ¶
type PublicEcKey struct { PublicEcKeyFields // contains filtered or unexported fields }
PublicEcKey Public EC JWK type.
func (*PublicEcKey) CheckConsistency ¶
func (j *PublicEcKey) CheckConsistency() error
func (*PublicEcKey) MarshalJSON ¶
func (k *PublicEcKey) MarshalJSON() (dst []byte, err error)
MarshalJSON to byte slice or error
func (*PublicEcKey) SetX5C ¶
func (j *PublicEcKey) SetX5C(x5c []*x509.Certificate)
func (*PublicEcKey) SetX5T ¶
func (j *PublicEcKey) SetX5T(blob *Fingerprint)
func (*PublicEcKey) UnmarshalJSON ¶
func (k *PublicEcKey) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON byte slice or error
func (*PublicEcKey) X5C ¶
func (j *PublicEcKey) X5C() []*x509.Certificate
func (*PublicEcKey) X5T ¶
func (j *PublicEcKey) X5T() *Fingerprint
type PublicEcKeyFields ¶
PublicEcKeyFields Public EC specific fields.
type PublicRsaKey ¶
type PublicRsaKey struct { PublicRsaKeyFields // contains filtered or unexported fields }
PublicRsaKey Public RSA JWK type.
func (*PublicRsaKey) CheckConsistency ¶
func (j *PublicRsaKey) CheckConsistency() error
func (*PublicRsaKey) MarshalJSON ¶
func (k *PublicRsaKey) MarshalJSON() (dst []byte, err error)
MarshalJSON to byte slice or error
func (*PublicRsaKey) SetX5C ¶
func (j *PublicRsaKey) SetX5C(x5c []*x509.Certificate)
func (*PublicRsaKey) SetX5T ¶
func (j *PublicRsaKey) SetX5T(blob *Fingerprint)
func (*PublicRsaKey) UnmarshalJSON ¶
func (k *PublicRsaKey) UnmarshalJSON(src []byte) (err error)
UnmarshalJSON byte slice or error
func (*PublicRsaKey) X5C ¶
func (j *PublicRsaKey) X5C() []*x509.Certificate
func (*PublicRsaKey) X5T ¶
func (j *PublicRsaKey) X5T() *Fingerprint
type PublicRsaKeyFields ¶
PublicRsaKeyFields Public RSA specific fields.
type SettableJwtClaims ¶
type SettableJwtClaims struct { Subject string `json:"sub,omitempty"` Audiences Audiences `json:"aud,omitempty"` Expiration int64 `json:"exp,omitempty"` NotBefore int64 `json:"nbf,omitempty"` }
SettableJwtClaims are claims generally requested by a caller and not a signer.
type UntypedClaims ¶
type UntypedClaims map[string]json.RawMessage
UntypedClaims for non-standard clains