Documentation ¶
Overview ¶
Package jwk implements JWK as described in https://tools.ietf.org/html/rfc7517
Example ¶
package main import ( "log" "github.com/lestrrat-go/jwx/jwk" ) func main() { set, err := jwk.Fetch("https://foobar.domain/json") if err != nil { log.Printf("failed to parse JWK: %s", err) return } // If you KNOW you have exactly one key, you can just // use set.Keys[0] keys := set.LookupKeyID("mykey") if len(keys) == 0 { log.Printf("failed to lookup key: %s", err) return } key, err := keys[0].Materialize() if err != nil { log.Printf("failed to generate public key: %s", err) return } // Use key for jws.Verify() or whatever _ = key }
Output:
Index ¶
- Constants
- Variables
- func GetPublicKey(key interface{}) (interface{}, error)
- type CertificateChain
- type ECDSAPrivateKey
- func (k ECDSAPrivateKey) Curve() jwa.EllipticCurveAlgorithm
- func (k *ECDSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)
- func (k ECDSAPrivateKey) MarshalJSON() (buf []byte, err error)
- func (k ECDSAPrivateKey) Materialize() (interface{}, error)
- func (k ECDSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)
- func (k ECDSAPrivateKey) PublicKey() (*ECDSAPublicKey, error)
- func (k ECDSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)
- func (k *ECDSAPrivateKey) UnmarshalJSON(data []byte) (err error)
- type ECDSAPublicKey
- func (k ECDSAPublicKey) Curve() jwa.EllipticCurveAlgorithm
- func (k *ECDSAPublicKey) ExtractMap(m map[string]interface{}) (err error)
- func (k ECDSAPublicKey) MarshalJSON() (buf []byte, err error)
- func (k ECDSAPublicKey) Materialize() (interface{}, error)
- func (k ECDSAPublicKey) PopulateMap(m map[string]interface{}) (err error)
- func (k ECDSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
- func (k *ECDSAPublicKey) UnmarshalJSON(data []byte) (err error)
- type Headers
- type Key
- type KeyOperation
- type KeyOperationList
- type KeyUsageType
- type Option
- type RSAPrivateKey
- func (k *RSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)
- func (k RSAPrivateKey) MarshalJSON() (buf []byte, err error)
- func (k *RSAPrivateKey) Materialize() (interface{}, error)
- func (k RSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)
- func (k RSAPrivateKey) PublicKey() (*RSAPublicKey, error)
- func (k RSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)
- func (k *RSAPrivateKey) UnmarshalJSON(data []byte) (err error)
- type RSAPublicKey
- func (k *RSAPublicKey) ExtractMap(m map[string]interface{}) (err error)
- func (k RSAPublicKey) MarshalJSON() (buf []byte, err error)
- func (k *RSAPublicKey) Materialize() (interface{}, error)
- func (k RSAPublicKey) PopulateMap(m map[string]interface{}) (err error)
- func (k RSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
- func (k *RSAPublicKey) UnmarshalJSON(data []byte) (err error)
- type Set
- func Fetch(urlstring string, options ...Option) (*Set, error)
- func FetchHTTP(jwkurl string, options ...Option) (*Set, error)
- func FetchHTTPWithContext(ctx context.Context, jwkurl string, options ...Option) (*Set, error)
- func Parse(in io.Reader) (*Set, error)
- func ParseBytes(buf []byte) (*Set, error)
- func ParseString(s string) (*Set, error)
- type StandardHeaders
- func (h *StandardHeaders) Algorithm() string
- func (h *StandardHeaders) ExtractMap(m map[string]interface{}) (err error)
- func (h *StandardHeaders) Get(name string) (interface{}, bool)
- func (h *StandardHeaders) KeyID() string
- func (h *StandardHeaders) KeyOps() KeyOperationList
- func (h *StandardHeaders) KeyType() jwa.KeyType
- func (h *StandardHeaders) KeyUsage() string
- func (h StandardHeaders) PopulateMap(m map[string]interface{}) error
- func (h *StandardHeaders) Remove(s string)
- func (h *StandardHeaders) Set(name string, value interface{}) error
- func (h StandardHeaders) Walk(f func(string, interface{}) error) error
- func (h *StandardHeaders) X509CertChain() []*x509.Certificate
- func (h *StandardHeaders) X509CertThumbprint() string
- func (h *StandardHeaders) X509CertThumbprintS256() string
- func (h *StandardHeaders) X509URL() string
- type SymmetricKey
- func (s *SymmetricKey) ExtractMap(m map[string]interface{}) (err error)
- func (s SymmetricKey) MarshalJSON() (buf []byte, err error)
- func (s SymmetricKey) Materialize() (interface{}, error)
- func (s SymmetricKey) Octets() []byte
- func (s SymmetricKey) PopulateMap(m map[string]interface{}) (err error)
- func (s SymmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Examples ¶
Constants ¶
const ( AlgorithmKey = "alg" KeyIDKey = "kid" KeyTypeKey = "kty" KeyUsageKey = "use" KeyOpsKey = "key_ops" X509CertChainKey = "x5c" X509CertThumbprintKey = "x5t" X509CertThumbprintS256Key = "x5t#S256" X509URLKey = "x5u" )
const ( KeyOpSign KeyOperation = "sign" // (compute digital signature or MAC) KeyOpVerify = "verify" // (verify digital signature or MAC) KeyOpEncrypt = "encrypt" // (encrypt content) KeyOpDecrypt = "decrypt" // (decrypt content and validate decryption, if applicable) KeyOpWrapKey = "wrapKey" // (encrypt key) KeyOpUnwrapKey = "unwrapKey" // (decrypt key and validate decryption, if applicable) KeyOpDeriveKey = "deriveKey" // (derive key) KeyOpDeriveBits = "deriveBits" // (derive bits not to be used as a key) )
Variables ¶
var ( ErrInvalidHeaderName = errors.New("invalid header name") ErrInvalidHeaderValue = errors.New("invalid value for header key") ErrUnsupportedKty = errors.New("unsupported kty") ErrUnsupportedCurve = errors.New("unsupported curve") )
Errors related to JWK
Functions ¶
func GetPublicKey ¶
func GetPublicKey(key interface{}) (interface{}, error)
GetPublicKey returns the public key based on te private key type. For rsa key types *rsa.PublicKey is returned; for ecdsa key types *ecdsa.PublicKey; for byte slice (raw) keys, the key itself is returned. If the corresponding public key cannot be deduced, an error is returned
Types ¶
type CertificateChain ¶
type CertificateChain struct {
// contains filtered or unexported fields
}
func (*CertificateChain) Accept ¶
func (c *CertificateChain) Accept(v interface{}) error
func (CertificateChain) Get ¶
func (c CertificateChain) Get() []*x509.Certificate
type ECDSAPrivateKey ¶
type ECDSAPrivateKey struct {
// contains filtered or unexported fields
}
ECDSAPrivateKey is a type of JWK generated from ECDH-ES private keys
func (ECDSAPrivateKey) Curve ¶
func (k ECDSAPrivateKey) Curve() jwa.EllipticCurveAlgorithm
func (*ECDSAPrivateKey) ExtractMap ¶
func (k *ECDSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)
func (ECDSAPrivateKey) MarshalJSON ¶
func (k ECDSAPrivateKey) MarshalJSON() (buf []byte, err error)
func (ECDSAPrivateKey) Materialize ¶
func (k ECDSAPrivateKey) Materialize() (interface{}, error)
Materialize returns the EC-DSA private key represented by this JWK
func (ECDSAPrivateKey) PopulateMap ¶
func (k ECDSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)
func (ECDSAPrivateKey) PublicKey ¶
func (k ECDSAPrivateKey) PublicKey() (*ECDSAPublicKey, error)
func (ECDSAPrivateKey) Thumbprint ¶
func (k ECDSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
func (*ECDSAPrivateKey) UnmarshalJSON ¶
func (k *ECDSAPrivateKey) UnmarshalJSON(data []byte) (err error)
type ECDSAPublicKey ¶
type ECDSAPublicKey struct {
// contains filtered or unexported fields
}
ECDSAPublicKey is a type of JWK generated from ECDSA public keys
func (ECDSAPublicKey) Curve ¶
func (k ECDSAPublicKey) Curve() jwa.EllipticCurveAlgorithm
func (*ECDSAPublicKey) ExtractMap ¶
func (k *ECDSAPublicKey) ExtractMap(m map[string]interface{}) (err error)
func (ECDSAPublicKey) MarshalJSON ¶
func (k ECDSAPublicKey) MarshalJSON() (buf []byte, err error)
func (ECDSAPublicKey) Materialize ¶
func (k ECDSAPublicKey) Materialize() (interface{}, error)
Materialize returns the EC-DSA public key represented by this JWK
func (ECDSAPublicKey) PopulateMap ¶
func (k ECDSAPublicKey) PopulateMap(m map[string]interface{}) (err error)
func (ECDSAPublicKey) Thumbprint ¶
func (k ECDSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
func (*ECDSAPublicKey) UnmarshalJSON ¶
func (k *ECDSAPublicKey) UnmarshalJSON(data []byte) (err error)
type Headers ¶
type Headers interface { Remove(string) Get(string) (interface{}, bool) Set(string, interface{}) error PopulateMap(map[string]interface{}) error ExtractMap(map[string]interface{}) error Walk(func(string, interface{}) error) error Algorithm() string KeyID() string KeyType() jwa.KeyType KeyUsage() string KeyOps() KeyOperationList X509CertChain() []*x509.Certificate X509CertThumbprint() string X509CertThumbprintS256() string X509URL() string }
type Key ¶
type Key interface { Headers // Materialize creates the corresponding key. For example, // RSA types would create *rsa.PublicKey or *rsa.PrivateKey, // EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey, // and OctetSeq types create a []byte key. Materialize() (interface{}, error) // Thumbprint returns the JWK thumbprint using the indicated // hashing algorithm, according to RFC 7638 Thumbprint(crypto.Hash) ([]byte, error) }
Key defines the minimal interface for each of the key types. Their use and implementation differ significantly between each key types, so you should use type assertions to perform more specific tasks with each key
type KeyOperation ¶
type KeyOperation string
type KeyOperationList ¶
type KeyOperationList []KeyOperation
func (*KeyOperationList) Accept ¶
func (ops *KeyOperationList) Accept(v interface{}) error
func (*KeyOperationList) Get ¶
func (ops *KeyOperationList) Get() KeyOperationList
type KeyUsageType ¶
type KeyUsageType string
KeyUsageType is used to denote what this key should be used for
const ( // ForSignature is the value used in the headers to indicate that // this key should be used for signatures ForSignature KeyUsageType = "sig" // ForEncryption is the value used in the headers to indicate that // this key should be used for encryptiong ForEncryption KeyUsageType = "enc" )
type Option ¶
func WithHTTPClient ¶
type RSAPrivateKey ¶
type RSAPrivateKey struct {
// contains filtered or unexported fields
}
RSAPrivateKey is a type of JWK generated from RSA private keys
func (*RSAPrivateKey) ExtractMap ¶
func (k *RSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)
func (RSAPrivateKey) MarshalJSON ¶
func (k RSAPrivateKey) MarshalJSON() (buf []byte, err error)
func (*RSAPrivateKey) Materialize ¶
func (k *RSAPrivateKey) Materialize() (interface{}, error)
func (RSAPrivateKey) PopulateMap ¶
func (k RSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)
func (RSAPrivateKey) PublicKey ¶
func (k RSAPrivateKey) PublicKey() (*RSAPublicKey, error)
func (RSAPrivateKey) Thumbprint ¶
func (k RSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
func (*RSAPrivateKey) UnmarshalJSON ¶
func (k *RSAPrivateKey) UnmarshalJSON(data []byte) (err error)
type RSAPublicKey ¶
type RSAPublicKey struct {
// contains filtered or unexported fields
}
RSAPublicKey is a type of JWK generated from RSA public keys
func (*RSAPublicKey) ExtractMap ¶
func (k *RSAPublicKey) ExtractMap(m map[string]interface{}) (err error)
func (RSAPublicKey) MarshalJSON ¶
func (k RSAPublicKey) MarshalJSON() (buf []byte, err error)
func (*RSAPublicKey) Materialize ¶
func (k *RSAPublicKey) Materialize() (interface{}, error)
func (RSAPublicKey) PopulateMap ¶
func (k RSAPublicKey) PopulateMap(m map[string]interface{}) (err error)
func (RSAPublicKey) Thumbprint ¶
func (k RSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
func (*RSAPublicKey) UnmarshalJSON ¶
func (k *RSAPublicKey) UnmarshalJSON(data []byte) (err error)
type Set ¶
type Set struct {
Keys []Key `json:"keys"`
}
Set is a convenience struct to allow generating and parsing JWK sets as opposed to single JWKs
func FetchHTTPWithContext ¶ added in v0.9.2
FetchHTTPWithContext fetches the remote JWK and parses its contents
func ParseBytes ¶
ParseBytes parses JWK from the incoming byte buffer.
func ParseString ¶
ParseString parses JWK from the incoming string.
func (*Set) ExtractMap ¶
func (Set) LookupKeyID ¶
LookupKeyID looks for keys matching the given key id. Note that the Set *may* contain multiple keys with the same key id
func (*Set) UnmarshalJSON ¶
type StandardHeaders ¶
type StandardHeaders struct {
// contains filtered or unexported fields
}
func (*StandardHeaders) Algorithm ¶
func (h *StandardHeaders) Algorithm() string
func (*StandardHeaders) ExtractMap ¶
func (h *StandardHeaders) ExtractMap(m map[string]interface{}) (err error)
ExtractMap populates the appropriate values from a map that represent the headers as a JSON object. This exists primarily because JWKs are represented as flat objects instead of differentiating the different parts of the message in separate sub objects.
func (*StandardHeaders) Get ¶
func (h *StandardHeaders) Get(name string) (interface{}, bool)
func (*StandardHeaders) KeyID ¶
func (h *StandardHeaders) KeyID() string
func (*StandardHeaders) KeyOps ¶
func (h *StandardHeaders) KeyOps() KeyOperationList
func (*StandardHeaders) KeyType ¶
func (h *StandardHeaders) KeyType() jwa.KeyType
func (*StandardHeaders) KeyUsage ¶
func (h *StandardHeaders) KeyUsage() string
func (StandardHeaders) PopulateMap ¶
func (h StandardHeaders) PopulateMap(m map[string]interface{}) error
PopulateMap populates a map with appropriate values that represent the headers as a JSON object. This exists primarily because JWKs are represented as flat objects instead of differentiating the different parts of the message in separate sub objects.
func (*StandardHeaders) Remove ¶
func (h *StandardHeaders) Remove(s string)
func (*StandardHeaders) Set ¶
func (h *StandardHeaders) Set(name string, value interface{}) error
func (StandardHeaders) Walk ¶
func (h StandardHeaders) Walk(f func(string, interface{}) error) error
func (*StandardHeaders) X509CertChain ¶
func (h *StandardHeaders) X509CertChain() []*x509.Certificate
func (*StandardHeaders) X509CertThumbprint ¶
func (h *StandardHeaders) X509CertThumbprint() string
func (*StandardHeaders) X509CertThumbprintS256 ¶
func (h *StandardHeaders) X509CertThumbprintS256() string
func (*StandardHeaders) X509URL ¶
func (h *StandardHeaders) X509URL() string
type SymmetricKey ¶
type SymmetricKey struct {
// contains filtered or unexported fields
}
SymmetricKey is a type of JWK generated from symmetric keys
func (*SymmetricKey) ExtractMap ¶
func (s *SymmetricKey) ExtractMap(m map[string]interface{}) (err error)
func (SymmetricKey) MarshalJSON ¶
func (s SymmetricKey) MarshalJSON() (buf []byte, err error)
func (SymmetricKey) Materialize ¶
func (s SymmetricKey) Materialize() (interface{}, error)
Materialize returns the octets for this symmetric key. Since this is a symmetric key, this just calls Octets
func (SymmetricKey) Octets ¶
func (s SymmetricKey) Octets() []byte
Octets returns the octets in the key
func (SymmetricKey) PopulateMap ¶
func (s SymmetricKey) PopulateMap(m map[string]interface{}) (err error)
func (SymmetricKey) Thumbprint ¶
func (s SymmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638