Documentation ¶
Index ¶
- Constants
- func AlgFromKeyAndCurve(kty, crv string) (string, error)
- func GetExperimentalJWXSigningVerificationAlgorithms() []string
- func GetJWSHeaders(token []byte) (jws.Headers, error)
- func GetSupportedJWXSigningVerificationAlgorithms() []string
- func IsExperimentalJWXSigningVerificationAlgorithm(algorithm string) bool
- func IsSupportedJWXSigningVerificationAlgorithm(algorithm string) bool
- func NewDilithiumMode2Signer() (jws.Signer, error)
- func NewDilithiumMode2Verifier() (jws.Verifier, error)
- func NewDilithiumMode3Signer() (jws.Signer, error)
- func NewDilithiumMode3Verifier() (jws.Verifier, error)
- func NewDilithiumMode5Signer() (jws.Signer, error)
- func NewDilithiumMode5Verifier() (jws.Verifier, error)
- func PrivateKeyToPrivateKeyJWK(keyID string, key gocrypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)
- type DilithiumSignerVerifier
- type PrivateKeyJWK
- type PublicKeyJWK
- type Signer
- type Verifier
- func (*Verifier) Parse(token string) (jws.Headers, jwt.Token, error)
- func (*Verifier) ParseJWS(token string) (*jws.Signature, error)
- func (v *Verifier) Verify(token string) error
- func (v *Verifier) VerifyAndParse(token string) (jws.Headers, jwt.Token, error)
- func (v *Verifier) VerifyJWS(token string) error
Constants ¶
const ( DilithiumMode2Alg jwa.SignatureAlgorithm = "CRYDI2" DilithiumMode3Alg jwa.SignatureAlgorithm = "CRYDI3" DilithiumMode5Alg jwa.SignatureAlgorithm = "CRYDI5" )
const (
DilithiumKTY = "LWE"
)
Variables ¶
This section is empty.
Functions ¶
func AlgFromKeyAndCurve ¶
AlgFromKeyAndCurve returns the supported JSON Web Algorithm for signing for a given key type and curve pair The curve parameter is optional (e.g. "") as in the case of RSA.
func GetExperimentalJWXSigningVerificationAlgorithms ¶
func GetExperimentalJWXSigningVerificationAlgorithms() []string
GetExperimentalJWXSigningVerificationAlgorithms returns a list of experimental signing and verifying algorithms for JWXs
func GetJWSHeaders ¶
GetJWSHeaders returns the headers of a JWS signed object, assuming there is only one signature.
func GetSupportedJWXSigningVerificationAlgorithms ¶
func GetSupportedJWXSigningVerificationAlgorithms() []string
GetSupportedJWXSigningVerificationAlgorithms returns a list of supported signing and verifying algorithms for JWXs
func IsExperimentalJWXSigningVerificationAlgorithm ¶
IsExperimentalJWXSigningVerificationAlgorithm returns true if the algorithm is supported for experimental signing or verifying JWXs
func IsSupportedJWXSigningVerificationAlgorithm ¶
IsSupportedJWXSigningVerificationAlgorithm returns true if the algorithm is supported for signing or verifying JWXs
func NewDilithiumMode2Signer ¶
NewDilithiumMode2Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 2
func NewDilithiumMode2Verifier ¶
NewDilithiumMode2Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 2
func NewDilithiumMode3Signer ¶
NewDilithiumMode3Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 3
func NewDilithiumMode3Verifier ¶
NewDilithiumMode3Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 3
func NewDilithiumMode5Signer ¶
NewDilithiumMode5Signer returns a new DilithiumSignerVerifier configured for Dilithium Mode 5
func NewDilithiumMode5Verifier ¶
NewDilithiumMode5Verifier returns a new DilithiumSignerVerifier configured for Dilithium Mode 5
func PrivateKeyToPrivateKeyJWK ¶
func PrivateKeyToPrivateKeyJWK(keyID string, key gocrypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error)
PrivateKeyToPrivateKeyJWK converts a private key to a PrivateKeyJWK
Types ¶
type DilithiumSignerVerifier ¶
type DilithiumSignerVerifier struct {
// contains filtered or unexported fields
}
DilithiumSignerVerifier implements the jws.Signer and jws.Verifier interfaces for use with the jwx library
func (DilithiumSignerVerifier) Algorithm ¶
func (s DilithiumSignerVerifier) Algorithm() jwa.SignatureAlgorithm
Algorithm returns the jwa.SignatureAlgorithm value for the configured Dilithium mode
type PrivateKeyJWK ¶
type PrivateKeyJWK struct { KTY string `json:"kty,omitempty" validate:"required"` CRV string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` Use string `json:"use,omitempty"` KeyOps string `json:"key_ops,omitempty"` ALG string `json:"alg,omitempty"` KID string `json:"kid,omitempty"` D string `json:"d,omitempty"` DP string `json:"dp,omitempty"` DQ string `json:"dq,omitempty"` P string `json:"p,omitempty"` Q string `json:"q,omitempty"` QI string `json:"qi,omitempty"` }
PrivateKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517
func (*PrivateKeyJWK) IsEmpty ¶
func (k *PrivateKeyJWK) IsEmpty() bool
func (*PrivateKeyJWK) ToPrivateKey ¶
func (k *PrivateKeyJWK) ToPrivateKey() (gocrypto.PrivateKey, error)
ToPrivateKey converts a PrivateKeyJWK to a PrivateKeyJWK
func (*PrivateKeyJWK) ToPublicKeyJWK ¶
func (k *PrivateKeyJWK) ToPublicKeyJWK() PublicKeyJWK
ToPublicKeyJWK converts a PrivateKeyJWK to a PublicKeyJWK
type PublicKeyJWK ¶
type PublicKeyJWK struct { KTY string `json:"kty,omitempty" validate:"required"` CRV string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` Use string `json:"use,omitempty"` KeyOps string `json:"key_ops,omitempty"` ALG string `json:"alg,omitempty"` KID string `json:"kid,omitempty"` }
PublicKeyJWK complies with RFC7517 https://datatracker.ietf.org/doc/html/rfc7517
func PublicKeyToPublicKeyJWK ¶
func PublicKeyToPublicKeyJWK(kid string, key gocrypto.PublicKey) (*PublicKeyJWK, error)
PublicKeyToPublicKeyJWK converts a public key to a PublicKeyJWK
func (*PublicKeyJWK) IsEmpty ¶
func (k *PublicKeyJWK) IsEmpty() bool
func (*PublicKeyJWK) ToPublicKey ¶
func (k *PublicKeyJWK) ToPublicKey() (gocrypto.PublicKey, error)
ToPublicKey converts a PublicKeyJWK to a PublicKey
type Signer ¶
type Signer struct { ID string PrivateKeyJWK gocrypto.PrivateKey }
Signer is a struct that contains the key and algorithm used to sign JWTs and produce JWS values
func NewJWXSigner ¶
func NewJWXSigner(id, kid string, key gocrypto.PrivateKey) (*Signer, error)
NewJWXSigner creates a new signer from a private key to sign and produce JWS values
func NewJWXSignerFromJWK ¶
func NewJWXSignerFromJWK(id string, key PrivateKeyJWK) (*Signer, error)
NewJWXSignerFromJWK creates a new signer from a private key to sign and produce JWS values
func (*Signer) SignJWS ¶
SignJWS takes a set of payload and signs it with the key defined in the signer
func (*Signer) SignWithDefaults ¶
SignWithDefaults takes a set of JWT keys and values to add to a JWT before singing them with the key defined in the signer. Automatically sets iss and iat
type Verifier ¶
type Verifier struct { ID string PublicKeyJWK // contains filtered or unexported fields }
Verifier is a struct that contains the key and algorithm used to verify JWTs and JWS signatures
func NewJWXVerifier ¶
NewJWXVerifier creates a new verifier from a public key to verify JWTs and JWS signatures
func NewJWXVerifierFromJWK ¶
func NewJWXVerifierFromJWK(id string, key PublicKeyJWK) (*Verifier, error)
NewJWXVerifierFromJWK creates a new verifier from a public key to verify JWTs and JWS signatures
func (*Verifier) ParseJWS ¶
ParseJWS attempts to pull of a single signature from a token, containing its headers
func (*Verifier) Verify ¶
Verify parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success
func (*Verifier) VerifyAndParse ¶
VerifyAndParse attempts to turn a string into a jwt.Token and verify its signature using the verifier