pktoken

package
v0.0.0-...-b2cb311 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: MIT, Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CosignerClaims

type CosignerClaims struct {
	Issuer      string `json:"iss"`
	KeyID       string `json:"kid"`
	Algorithm   string `json:"alg"`
	AuthID      string `json:"eid"`
	AuthTime    int64  `json:"auth_time"`
	IssuedAt    int64  `json:"iat"` // may differ from auth_time because of refresh
	Expiration  int64  `json:"exp"`
	RedirectURI string `json:"ruri"`
	Nonce       string `json:"nonce"`
	Typ         string `json:"typ"`
}

func ParseCosignerClaims

func ParseCosignerClaims(protected []byte) (*CosignerClaims, error)

type PKToken

type PKToken struct {
	Payload []byte     // decoded payload
	Op      *Signature // Provider Signature
	Cic     *Signature // Client Signature
	Cos     *Signature // Cosigner Signature

	// We keep the tokens around as  unmarshalled values can no longer be verified
	OpToken  []byte // Base64 encoded ID Token signed by the OP
	CicToken []byte // Base64 encoded Token signed by the Client
	CosToken []byte // Base64 encoded Token signed by the Cosigner
	// contains filtered or unexported fields
}

func New

func New(idToken []byte, cicToken []byte) (*PKToken, error)

func (*PKToken) AddJKTHeader

func (p *PKToken) AddJKTHeader(opKey crypto.PublicKey) error

kid isn't always present, and is only guaranteed to be unique within a given key set, so we can use the thumbprint of the key instead to identify it at verification time

func (*PKToken) AddSignature

func (p *PKToken) AddSignature(token []byte, sigType SignatureType) error

func (*PKToken) Compact deprecated

func (p *PKToken) Compact(sig *Signature) ([]byte, error)

Deprecated: The PK Token now stores the signed tokens such as OpToken, CicToken, etc.... removing the need for this function. Instead of calling Compact, just get the token directly from the PK Token. Do `pkt.OpToken` instead of `opToken, err := pkt.Compact(pkt.Op)`

func (*PKToken) GetCicValues

func (p *PKToken) GetCicValues() (*clientinstance.Claims, error)

func (*PKToken) Hash

func (p *PKToken) Hash() (string, error)

func (*PKToken) MarshalJSON

func (p *PKToken) MarshalJSON() ([]byte, error)

func (*PKToken) NewSignedMessage

func (p *PKToken) NewSignedMessage(content []byte, signer crypto.Signer) ([]byte, error)

NewSignedMessage signs a message with the signer provided. The signed message is OSM (OpenPubkey Signed Message) which is a type of JWS (JSON Web Signature). OSMs commit to the PK Token which was used to generate the OSM.

func (*PKToken) ProviderAlgorithm

func (p *PKToken) ProviderAlgorithm() (jwa.SignatureAlgorithm, bool)

func (*PKToken) Sign

func (p *PKToken) Sign(
	sigType SignatureType,
	signer crypto.Signer,
	alg jwa.KeyAlgorithm,
	protected map[string]any,
) error

func (*PKToken) SignToken

func (p *PKToken) SignToken(
	signer crypto.Signer,
	alg jwa.KeyAlgorithm,
	protected map[string]any,
) ([]byte, error)

Signs PK Token and then returns only the payload, header and signature as a JWT

func (*PKToken) UnmarshalJSON

func (p *PKToken) UnmarshalJSON(data []byte) error

func (*PKToken) VerifyCicSig

func (p *PKToken) VerifyCicSig() error

func (*PKToken) VerifyCosSig

func (p *PKToken) VerifyCosSig() error

func (*PKToken) VerifyGQSig

func (p *PKToken) VerifyGQSig(pubKey *rsa.PublicKey, gqSecurityParameter int) error

func (*PKToken) VerifySignedMessage

func (p *PKToken) VerifySignedMessage(osm []byte) ([]byte, error)

NewSignedMessage verifies that an OSM (OpenPubkey Signed Message) using the public key in this PK Token. If verification is successful, VerifySignedMessage returns the content of the signed message. Otherwise it returns an error explaining why verification failed.

Note: VerifySignedMessage does not check this the PK Token is valid. The PK Token should always be verified first before calling VerifySignedMessage

type Signature

type Signature = jws.Signature

type SignatureType

type SignatureType string
const (
	OIDC SignatureType = "JWT"
	CIC  SignatureType = "CIC"
	COS  SignatureType = "COS"
)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL