Documentation ¶
Index ¶
- Constants
- func AlgFromKeyAndCurve(kty jwa.KeyType, crv jwa.EllipticCurveAlgorithm) (jwa.SignatureAlgorithm, error)
- func BytesToPrivKey(keyBytes []byte, kt KeyType) (crypto.PrivateKey, error)
- func BytesToPubKey(keyBytes []byte, kt KeyType) (crypto.PublicKey, error)
- func GenerateEd25519Key() (ed25519.PublicKey, ed25519.PrivateKey, error)
- func GenerateKeyByKeyType(kt KeyType) (crypto.PublicKey, crypto.PrivateKey, error)
- func GenerateP224Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
- func GenerateP256Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
- func GenerateP384Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
- func GenerateP521Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
- func GenerateRSA2048Key() (rsa.PublicKey, rsa.PrivateKey, error)
- func GenerateSECP256k1Key() (secp.PublicKey, secp.PrivateKey, error)
- func GenerateX25519Key() (x25519.PublicKey, x25519.PrivateKey, error)
- func GetCRVFromJWK(key jwk.Key) (string, error)
- func GetSupportedJWTSigningVerificationAlgorithms() []jwa.SignatureAlgorithm
- func IsSupportedJWTSigningVerificationAlgorithm(algorithm jwa.SignatureAlgorithm) bool
- func IsSupportedKeyType(kt KeyType) bool
- func IsSupportedSignatureAlg(sa SignatureAlgorithm) bool
- func PrivKeyToBytes(key crypto.PrivateKey) ([]byte, error)
- func PrivateKeyToJWK(key crypto.PrivateKey) (jwk.Key, error)
- func PrivateKeyToPrivateKeyJWK(key crypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)
- func PubKeyToBytes(key crypto.PublicKey) ([]byte, error)
- func PublicKeyToJWK(key crypto.PublicKey) (jwk.Key, error)
- type HashType
- type JWTSigner
- type JWTVerifier
- func (*JWTVerifier) ParseJWS(token string) (*jws.Signature, error)
- func (*JWTVerifier) ParseJWT(token string) (jwt.Token, error)
- func (v *JWTVerifier) VerifyAndParseJWT(token string) (jwt.Token, error)
- func (v *JWTVerifier) VerifyJWS(token string) error
- func (v *JWTVerifier) VerifyJWT(token string) error
- type KeyType
- type PrivateKeyJWK
- type Proof
- type PublicKeyJWK
- type SignatureAlgorithm
Constants ¶
Variables ¶
This section is empty.
Functions ¶
func AlgFromKeyAndCurve ¶
func AlgFromKeyAndCurve(kty jwa.KeyType, crv jwa.EllipticCurveAlgorithm) (jwa.SignatureAlgorithm, error)
AlgFromKeyAndCurve returns the supported JSON Web Algorithm for signing for a given key type and curve pair The curve parameter is optional (e.g. "") as in the case of RSA.
func BytesToPrivKey ¶
func BytesToPrivKey(keyBytes []byte, kt KeyType) (crypto.PrivateKey, error)
BytesToPrivKey reconstructs a private key given some bytes and a target key type It is assumed the key was turned into byte form using the sibling method `PrivKeyToBytes`
func BytesToPubKey ¶
BytesToPubKey reconstructs a public key given some bytes and a target key type It is assumed the key was turned into byte form using the sibling method `PubKeyToBytes`
func GenerateEd25519Key ¶
func GenerateEd25519Key() (ed25519.PublicKey, ed25519.PrivateKey, error)
func GenerateKeyByKeyType ¶
GenerateKeyByKeyType creates a brand-new key, returning the public and private key for the given key type
func GenerateP224Key ¶
func GenerateP224Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
func GenerateP256Key ¶
func GenerateP256Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
func GenerateP384Key ¶
func GenerateP384Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
func GenerateP521Key ¶
func GenerateP521Key() (ecdsa.PublicKey, ecdsa.PrivateKey, error)
func GenerateRSA2048Key ¶
func GenerateRSA2048Key() (rsa.PublicKey, rsa.PrivateKey, error)
func GenerateSECP256k1Key ¶
func GenerateSECP256k1Key() (secp.PublicKey, secp.PrivateKey, error)
func GenerateX25519Key ¶
func GenerateX25519Key() (x25519.PublicKey, x25519.PrivateKey, error)
func GetSupportedJWTSigningVerificationAlgorithms ¶
func GetSupportedJWTSigningVerificationAlgorithms() []jwa.SignatureAlgorithm
GetSupportedJWTSigningVerificationAlgorithms returns a list of supported signing and verifying algorithms for JWTs
func IsSupportedJWTSigningVerificationAlgorithm ¶
func IsSupportedJWTSigningVerificationAlgorithm(algorithm jwa.SignatureAlgorithm) bool
IsSupportedJWTSigningVerificationAlgorithm returns true if the algorithm is supported for signing or verifying JWTs
func IsSupportedKeyType ¶
func IsSupportedSignatureAlg ¶
func IsSupportedSignatureAlg(sa SignatureAlgorithm) bool
func PrivKeyToBytes ¶
func PrivKeyToBytes(key crypto.PrivateKey) ([]byte, error)
PrivKeyToBytes constructs a byte representation of a private key, for a set number of supported key types
func PrivateKeyToJWK ¶
func PrivateKeyToJWK(key crypto.PrivateKey) (jwk.Key, error)
PrivateKeyToJWK converts a private key to a JWK
func PrivateKeyToPrivateKeyJWK ¶
func PrivateKeyToPrivateKeyJWK(key crypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)
PrivateKeyToPrivateKeyJWK converts a private key to a PrivateKeyJWK
func PubKeyToBytes ¶
PubKeyToBytes constructs a byte representation of a public key, for a set number of supported key types
Types ¶
type JWTSigner ¶
type JWTSigner struct { jwa.SignatureAlgorithm jwk.Key }
JWTSigner is a struct that contains the key and algorithm used to sign JWTs
func NewJWTSigner ¶
func NewJWTSigner(kid string, key crypto.PrivateKey) (*JWTSigner, error)
func NewJWTSignerFromJWK ¶
func NewJWTSignerFromJWK(kid string, key PrivateKeyJWK) (*JWTSigner, error)
func (*JWTSigner) GetSigningAlgorithm ¶
GetSigningAlgorithm returns the algorithm used to sign the JWT
func (*JWTSigner) SignJWT ¶
SignJWT takes a set of JWT keys and values to add to a JWT before singing them with the key defined in the signer
func (*JWTSigner) ToVerifier ¶
func (s *JWTSigner) ToVerifier() (*JWTVerifier, error)
type JWTVerifier ¶
JWTVerifier is a struct that contains the key and algorithm used to verify JWTs
func NewJWTVerifier ¶
func NewJWTVerifier(kid string, key crypto.PublicKey) (*JWTVerifier, error)
func NewJWTVerifierFromJWK ¶
func NewJWTVerifierFromJWK(kid string, key PublicKeyJWK) (*JWTVerifier, error)
func NewJWTVerifierFromKey ¶
func NewJWTVerifierFromKey(kid string, key jwk.Key) (*JWTVerifier, error)
func (*JWTVerifier) ParseJWS ¶
func (*JWTVerifier) ParseJWS(token string) (*jws.Signature, error)
ParseJWS attempts to pull of a single signature from a token, containing its headers
func (*JWTVerifier) ParseJWT ¶
func (*JWTVerifier) ParseJWT(token string) (jwt.Token, error)
ParseJWT attempts to turn a string into a jwt.Token
func (*JWTVerifier) VerifyAndParseJWT ¶
func (v *JWTVerifier) VerifyAndParseJWT(token string) (jwt.Token, error)
VerifyAndParseJWT attempts to turn a string into a jwt.Token and verify its signature using the verifier
func (*JWTVerifier) VerifyJWS ¶
func (v *JWTVerifier) VerifyJWS(token string) error
VerifyJWS parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success.
func (*JWTVerifier) VerifyJWT ¶
func (v *JWTVerifier) VerifyJWT(token string) error
VerifyJWT parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success
type KeyType ¶
type KeyType string
func GetKeyTypeFromPrivateKey ¶
func GetKeyTypeFromPrivateKey(key crypto.PrivateKey) (KeyType, error)
GetKeyTypeFromPrivateKey returns the key type of a private key for known key types
func GetSupportedKeyTypes ¶
func GetSupportedKeyTypes() []KeyType
type PrivateKeyJWK ¶
type PrivateKeyJWK struct { KTY string `json:"kty" validate:"required"` CRV string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` Use string `json:"use,omitempty"` KeyOps string `json:"key_ops,omitempty"` Alg string `json:"alg,omitempty"` KID string `json:"kid,omitempty"` D string `json:"d,omitempty"` DP string `json:"dp,omitempty"` DQ string `json:"dq,omitempty"` P string `json:"p,omitempty"` Q string `json:"q,omitempty"` QI string `json:"qi,omitempty"` }
PrivateKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517
func JWKToPrivateKeyJWK ¶
func JWKToPrivateKeyJWK(key jwk.Key) (*PrivateKeyJWK, error)
JWKToPrivateKeyJWK converts a JWK to a PrivateKeyJWK
type PublicKeyJWK ¶
type PublicKeyJWK struct { KTY string `json:"kty" validate:"required"` CRV string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` Use string `json:"use,omitempty"` KeyOps string `json:"key_ops,omitempty"` Alg string `json:"alg,omitempty"` KID string `json:"kid,omitempty"` }
PublicKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517
func JWKToPublicKeyJWK ¶
func JWKToPublicKeyJWK(key jwk.Key) (*PublicKeyJWK, error)
JWKToPublicKeyJWK converts a JWK to a PublicKeyJWK
func PublicKeyToPublicKeyJWK ¶
func PublicKeyToPublicKeyJWK(key crypto.PublicKey) (*PublicKeyJWK, error)
PublicKeyToPublicKeyJWK converts a public key to a PublicKeyJWK
type SignatureAlgorithm ¶
type SignatureAlgorithm string
const ( // EdDSA uses an ed25519 key EdDSA SignatureAlgorithm = "EdDSA" // ES256K uses a secp256k1 key ES256K SignatureAlgorithm = "ES256K" // ES256 uses a p-256 curve key ES256 SignatureAlgorithm = "ES256" // ES384 uses a p-384 curve key ES384 SignatureAlgorithm = "ES384" // PS256 uses a 2048-bit RSA key PS256 SignatureAlgorithm = "PS256" )
func GetSupportedSignatureAlgs ¶
func GetSupportedSignatureAlgs() []SignatureAlgorithm