Documentation
¶
Index ¶
- Constants
- func ParseJwtHeaders(jwtValue string) (map[string]interface{}, error)
- type CryptoKeyProperties
- type CryptoProperties
- type FileJwkStore
- func (s *FileJwkStore) LoadAll(_ context.Context, names ...string) ([]Jwk, error)
- func (s *FileJwkStore) LoadByKid(_ context.Context, kid string) (Jwk, error)
- func (s *FileJwkStore) LoadByName(_ context.Context, name string) (Jwk, error)
- func (s *FileJwkStore) Rotate(_ context.Context, name string) error
- type Jwk
- type JwkRotator
- type JwkStore
- type JwtDecoder
- type JwtEncoder
- type JwtProperties
- type KeyFormatType
- type PlaintextJwtDecoder
- type PrivateJwk
- type RSJwtDecoder
- type RSJwtEncoder
- type RsaKeyPair
- type RsaPublicKey
- type SingleJwkStore
- type StaticJwkStore
- func (s *StaticJwkStore) LoadAll(ctx context.Context, names ...string) ([]Jwk, error)
- func (s *StaticJwkStore) LoadByKid(_ context.Context, kid string) (Jwk, error)
- func (s *StaticJwkStore) LoadByName(_ context.Context, name string) (Jwk, error)
- func (s *StaticJwkStore) Rotate(ctx context.Context, name string) error
Constants ¶
View Source
const ( JwtHeaderType = "typ" JwtHeaderAlgorithm = "alg" JwtHeaderKid = "kid" )
View Source
const CryptoKeysPropertiesPrefix = "security"
Variables ¶
This section is empty.
Functions ¶
func ParseJwtHeaders ¶
ParseJwtHeaders extract JWT's headers without verifying the token
Types ¶
type CryptoKeyProperties ¶
type CryptoKeyProperties struct {
Id string `json:"id"`
KeyFormat string `json:"format"`
Location string `json:"file"`
Password string `json:"password"`
}
func (CryptoKeyProperties) Format ¶
func (p CryptoKeyProperties) Format() KeyFormatType
type CryptoProperties ¶
type CryptoProperties struct {
Keys map[string]CryptoKeyProperties `json:"keys"`
Jwt JwtProperties `json:"jwt"`
}
func BindCryptoProperties ¶
func BindCryptoProperties(ctx *bootstrap.ApplicationContext) CryptoProperties
BindCryptoProperties create and bind CryptoProperties, with a optional prefix
func NewCryptoProperties ¶
func NewCryptoProperties() *CryptoProperties
CryptoProperties create a SessionProperties with default values
type FileJwkStore ¶
type FileJwkStore struct {
// contains filtered or unexported fields
}
FileJwkStore implements JwkStore and JwkRotator This store uses load key files for public and private keys. File locations and "kids" are read from properties. And rotate between pre-defined keys
func NewFileJwkStore ¶
func NewFileJwkStore(props CryptoProperties) *FileJwkStore
func (*FileJwkStore) LoadByName ¶
type JwkRotator ¶
type JwkStore ¶
type JwkStore interface {
// LoadByKid returns the JWK associated with given KID.
// This method is usually used when decoding/verifiying JWT token
LoadByKid(ctx context.Context, kid string) (Jwk, error)
// LoadByKid returns the JWK associated with given name.
// The method might return different JWK for same name, if the store is also support rotation
// This method is usually used when encoding/encrypt JWT token
LoadByName(ctx context.Context, name string) (Jwk, error)
// LoadAll return all JWK with given names. If name is not provided, all JWK is returned
LoadAll(ctx context.Context, names ...string) ([]Jwk, error)
}
type JwtDecoder ¶
type JwtEncoder ¶
type JwtProperties ¶
type JwtProperties struct {
KeyName string `json:"key-name"`
}
type PlaintextJwtDecoder ¶
type PlaintextJwtDecoder struct {
// contains filtered or unexported fields
}
PlaintextJwtDecoder implements JwtEncoder
func NewPlaintextJwtDecoder ¶
func NewPlaintextJwtDecoder() *PlaintextJwtDecoder
func (*PlaintextJwtDecoder) DecodeWithClaims ¶
func (dec *PlaintextJwtDecoder) DecodeWithClaims(_ context.Context, tokenString string, claims interface{}) (err error)
type PrivateJwk ¶
type PrivateJwk interface {
Jwk
Private() crypto.PrivateKey
}
type RSJwtDecoder ¶
type RSJwtDecoder struct {
// contains filtered or unexported fields
}
RSJwtDecoder implements JwtEncoder
func NewRS256JwtDecoder ¶
func NewRS256JwtDecoder(jwkStore JwkStore, defaultJwkName string) *RSJwtDecoder
func (*RSJwtDecoder) DecodeWithClaims ¶
func (dec *RSJwtDecoder) DecodeWithClaims(ctx context.Context, tokenString string, claims interface{}) (err error)
type RSJwtEncoder ¶
type RSJwtEncoder struct {
// contains filtered or unexported fields
}
RSJwtEncoder implements JwtEncoder
func NewRS256JwtEncoder ¶
func NewRS256JwtEncoder(jwkStore JwkStore, jwkName string) *RSJwtEncoder
type RsaKeyPair ¶
type RsaKeyPair struct {
// contains filtered or unexported fields
}
********************
Implements ********************
RsaKeyPair implements Jwk and PrivateJwk
func NewRsaPrivateJwk ¶
func NewRsaPrivateJwk(kid string, name string, privateKey *rsa.PrivateKey) *RsaKeyPair
func (*RsaKeyPair) Id ¶
func (k *RsaKeyPair) Id() string
func (*RsaKeyPair) Name ¶
func (k *RsaKeyPair) Name() string
func (*RsaKeyPair) Private ¶
func (k *RsaKeyPair) Private() crypto.PrivateKey
func (*RsaKeyPair) Public ¶
func (k *RsaKeyPair) Public() crypto.PublicKey
type RsaPublicKey ¶
type RsaPublicKey struct {
// contains filtered or unexported fields
}
RsaPublicKey implements Jwk
func (*RsaPublicKey) Id ¶
func (k *RsaPublicKey) Id() string
func (*RsaPublicKey) Name ¶
func (k *RsaPublicKey) Name() string
func (*RsaPublicKey) Public ¶
func (k *RsaPublicKey) Public() crypto.PublicKey
type SingleJwkStore ¶
type SingleJwkStore struct {
// contains filtered or unexported fields
}
SingleJwkStore implements JwkStore This store always returns single JWK if kid matches, return error if not This store is majorly for testing
func NewSingleJwkStore ¶
func NewSingleJwkStore(kid string) *SingleJwkStore
func (*SingleJwkStore) LoadByName ¶
type StaticJwkStore ¶
type StaticJwkStore struct {
// contains filtered or unexported fields
}
StaticJwkStore implements JwkStore and JwkRotator This store uses "kid" as seed to generate PrivateJwk. For same "kid" the returned key is same this one is not thread safe
func NewStaticJwkStore ¶
func NewStaticJwkStore(kids ...string) *StaticJwkStore
func (*StaticJwkStore) LoadByName ¶
Source Files
Click to show internal directories.
Click to hide internal directories.