jwx

package
v0.0.0-...-f93f300 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 29, 2023 License: Apache-2.0 Imports: 22 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	DilithiumMode2Alg jwa.SignatureAlgorithm = "CRYDI2"
	DilithiumMode3Alg jwa.SignatureAlgorithm = "CRYDI3"
	DilithiumMode5Alg jwa.SignatureAlgorithm = "CRYDI5"
)
View Source 
const (
	DilithiumKTY = "LWE"
)

Variables

This section is empty.

Functions

func AlgFromKeyAndCurve 

func AlgFromKeyAndCurve(kty, crv string) (string, error)

AlgFromKeyAndCurve returns the supported JSON Web Algorithm for signing for a given key type and curve pair The curve parameter is optional (e.g. "") as in the case of RSA.

func GetExperimentalJWXSigningVerificationAlgorithms 

func GetExperimentalJWXSigningVerificationAlgorithms() []string

GetExperimentalJWXSigningVerificationAlgorithms returns a list of experimental signing and verifying algorithms for JWXs

func GetJWSHeaders 

func GetJWSHeaders(token []byte) (jws.Headers, error)

GetJWSHeaders returns the headers of a JWS signed object, assuming there is only one signature.

func GetSupportedJWXSigningVerificationAlgorithms 

func GetSupportedJWXSigningVerificationAlgorithms() []string

GetSupportedJWXSigningVerificationAlgorithms returns a list of supported signing and verifying algorithms for JWXs

func GetSupportedKeyAgreementTypes 

func GetSupportedKeyAgreementTypes() []string

func IsExperimentalJWXSigningVerificationAlgorithm 

func IsExperimentalJWXSigningVerificationAlgorithm(algorithm string) bool

IsExperimentalJWXSigningVerificationAlgorithm returns true if the algorithm is supported for experimental signing or verifying JWXs

func IsSupportedJWXSigningVerificationAlgorithm 

func IsSupportedJWXSigningVerificationAlgorithm(algorithm string) bool

IsSupportedJWXSigningVerificationAlgorithm returns true if the algorithm is supported for signing or verifying JWXs

func IsSupportedKeyAgreementType 

func IsSupportedKeyAgreementType(keyAgreementType string) bool

func NewDilithiumMode2Signer 

func NewDilithiumMode2Signer() (jws.Signer, error)

NewDilithiumMode2Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 2

func NewDilithiumMode2Verifier 

func NewDilithiumMode2Verifier() (jws.Verifier, error)

NewDilithiumMode2Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 2

func NewDilithiumMode3Signer 

func NewDilithiumMode3Signer() (jws.Signer, error)

NewDilithiumMode3Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 3

func NewDilithiumMode3Verifier 

func NewDilithiumMode3Verifier() (jws.Verifier, error)

NewDilithiumMode3Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 3

func NewDilithiumMode5Signer 

func NewDilithiumMode5Signer() (jws.Signer, error)

NewDilithiumMode5Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 5

func NewDilithiumMode5Verifier 

func NewDilithiumMode5Verifier() (jws.Verifier, error)

NewDilithiumMode5Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 5

func PrivateKeyToPrivateKeyJWK 

func PrivateKeyToPrivateKeyJWK(keyID *string, key gocrypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)

PrivateKeyToPrivateKeyJWK converts a private key to a PrivateKeyJWK

Types

type DilithiumSignerVerifier 

type DilithiumSignerVerifier struct {
	// contains filtered or unexported fields
}

DilithiumSignerVerifier implements the jws.Signer and jws.Verifier interfaces for use with the jwx library

func (DilithiumSignerVerifier) Algorithm 

func (s DilithiumSignerVerifier) Algorithm() jwa.SignatureAlgorithm

Algorithm returns the jwa.SignatureAlgorithm value for the configured Dilithium mode

func (DilithiumSignerVerifier) Sign 

func (s DilithiumSignerVerifier) Sign(payload []byte, keyif any) ([]byte, error)

Sign signs the payload using the provided key

func (DilithiumSignerVerifier) Verify 

func (s DilithiumSignerVerifier) Verify(payload []byte, signature []byte, keyif any) error

Verify verifies the signature against the payload using the provided key

type PrivateKeyJWK 

type PrivateKeyJWK struct {
	KTY    string `json:"kty,omitempty" validate:"required"`
	CRV    string `json:"crv,omitempty"`
	X      string `json:"x,omitempty"`
	Y      string `json:"y,omitempty"`
	N      string `json:"n,omitempty"`
	E      string `json:"e,omitempty"`
	Use    string `json:"use,omitempty"`
	KeyOps string `json:"key_ops,omitempty"`
	ALG    string `json:"alg,omitempty"`
	KID    string `json:"kid,omitempty"`
	D      string `json:"d,omitempty"`
	DP     string `json:"dp,omitempty"`
	DQ     string `json:"dq,omitempty"`
	P      string `json:"p,omitempty"`
	Q      string `json:"q,omitempty"`
	QI     string `json:"qi,omitempty"`
}

PrivateKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517

func (*PrivateKeyJWK) IsEmpty 

func (k *PrivateKeyJWK) IsEmpty() bool

func (*PrivateKeyJWK) ToPrivateKey 

func (k *PrivateKeyJWK) ToPrivateKey() (gocrypto.PrivateKey, error)

ToPrivateKey converts a PrivateKeyJWK to a PrivateKeyJWK

func (*PrivateKeyJWK) ToPublicKeyJWK 

func (k *PrivateKeyJWK) ToPublicKeyJWK() PublicKeyJWK

ToPublicKeyJWK converts a PrivateKeyJWK to a PublicKeyJWK

type PublicKeyJWK 

type PublicKeyJWK struct {
	KTY    string `json:"kty,omitempty" validate:"required"`
	CRV    string `json:"crv,omitempty"`
	X      string `json:"x,omitempty"`
	Y      string `json:"y,omitempty"`
	N      string `json:"n,omitempty"`
	E      string `json:"e,omitempty"`
	Use    string `json:"use,omitempty"`
	KeyOps string `json:"key_ops,omitempty"`
	ALG    string `json:"alg,omitempty"`
	KID    string `json:"kid,omitempty"`
}

PublicKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517

func PublicKeyToPublicKeyJWK 

func PublicKeyToPublicKeyJWK(kid *string, key gocrypto.PublicKey) (*PublicKeyJWK, error)

PublicKeyToPublicKeyJWK converts a public key to a PublicKeyJWK

func (*PublicKeyJWK) IsEmpty 

func (k *PublicKeyJWK) IsEmpty() bool

func (*PublicKeyJWK) ToPublicKey 

func (k *PublicKeyJWK) ToPublicKey() (gocrypto.PublicKey, error)

ToPublicKey converts a PublicKeyJWK to a PublicKey

type Signer 

type Signer struct {
	ID string
	PrivateKeyJWK
	gocrypto.PrivateKey
}

Signer is a struct that contains the key and algorithm used to sign JWTs and produce JWS values

func NewJWXSigner 

func NewJWXSigner(id string, kid *string, key gocrypto.PrivateKey) (*Signer, error)

NewJWXSigner creates a new signer from a private key to sign and produce JWS values

func NewJWXSignerFromJWK 

func NewJWXSignerFromJWK(id string, key PrivateKeyJWK) (*Signer, error)

NewJWXSignerFromJWK creates a new signer from a private key to sign and produce JWS values

func (*Signer) Parse 

func (*Signer) Parse(token string) (jws.Headers, jwt.Token, error)

Parse attempts to turn a string into a jwt.Token

func (*Signer) SignJWS 

func (s *Signer) SignJWS(payload []byte) ([]byte, error)

SignJWS takes a set of payload and signs it with the key defined in the signer

func (*Signer) SignWithDefaults 

func (s *Signer) SignWithDefaults(kvs map[string]any) ([]byte, error)

SignWithDefaults takes a set of JWT keys and values to add to a JWT before singing them with the key defined in the signer. Automatically sets iss and iat

func (*Signer) ToVerifier 

func (s *Signer) ToVerifier(verifierID string) (*Verifier, error)

ToVerifier converts a signer to a verifier, where the passed in verifiedID is the intended ID of the verifier for `aud` validation

type Verifier 

type Verifier struct {
	ID string
	PublicKeyJWK
	// contains filtered or unexported fields
}

Verifier is a struct that contains the key and algorithm used to verify JWTs and JWS signatures

func NewJWXVerifier 

func NewJWXVerifier(id string, kid *string, key gocrypto.PublicKey) (*Verifier, error)

NewJWXVerifier creates a new verifier from a public key to verify JWTs and JWS signatures

func NewJWXVerifierFromJWK 

func NewJWXVerifierFromJWK(id string, key PublicKeyJWK) (*Verifier, error)

NewJWXVerifierFromJWK creates a new verifier from a public key to verify JWTs and JWS signatures

func (*Verifier) Parse 

func (*Verifier) Parse(token string) (jws.Headers, jwt.Token, error)

Parse attempts to turn a string into a jwt.Token

func (*Verifier) ParseJWS 

func (*Verifier) ParseJWS(token string) (*jws.Signature, error)

ParseJWS attempts to pull of a single signature from a token, containing its headers

func (*Verifier) Verify 

func (v *Verifier) Verify(token string) error

Verify parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success

func (*Verifier) VerifyAndParse 

func (v *Verifier) VerifyAndParse(token string) (jws.Headers, jwt.Token, error)

VerifyAndParse attempts to turn a string into a jwt.Token and verify its signature using the verifier

func (*Verifier) VerifyJWS 

func (v *Verifier) VerifyJWS(token string) error

VerifyJWS parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.