Documentation ¶
Overview ¶
Package jwk implements JSON Web Key management capabilities
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens).
Index ¶
- Constants
- func First(keys []jose.JSONWebKey) *jose.JSONWebKey
- func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey
- func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey
- func PEMBlockForKey(key interface{}) (*pem.Block, error)
- func RandomBytes(n int) ([]byte, error)
- func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T)
- func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T)
- func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)
- func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)
- type AEAD
- type ECDSA256Generator
- type ECDSA521Generator
- type HS256Generator
- type HS512Generator
- type Handler
- func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) GetGenerators() map[string]KeyGenerator
- func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) SetRoutes(r *httprouter.Router)
- func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- type KeyGenerator
- type Manager
- type MemoryManager
- func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error
- func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
- func (m *MemoryManager) DeleteKey(set, kid string) error
- func (m *MemoryManager) DeleteKeySet(set string) error
- func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
- func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
- type RS256Generator
- type SQLManager
- func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error
- func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
- func (s *SQLManager) CreateSchemas() (int, error)
- func (m *SQLManager) DeleteKey(set, kid string) error
- func (m *SQLManager) DeleteKeySet(set string) error
- func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
- func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
Constants ¶
const (
IDTokenKeyName = "hydra.openid.id-token"
)
Variables ¶
This section is empty.
Functions ¶
func MustRSAPrivate ¶
func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey
func MustRSAPublic ¶
func PEMBlockForKey ¶
func RandomBytes ¶ added in v0.9.3
func TestHelperManagerKey ¶ added in v0.9.3
func TestHelperManagerKeySet ¶ added in v0.9.3
func ToRSAPrivate ¶
func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)
func ToRSAPublic ¶
Types ¶
type ECDSA256Generator ¶
type ECDSA256Generator struct{}
func (*ECDSA256Generator) Generate ¶
func (g *ECDSA256Generator) Generate(id string) (*jose.JSONWebKeySet, error)
type ECDSA521Generator ¶
type ECDSA521Generator struct{}
func (*ECDSA521Generator) Generate ¶
func (g *ECDSA521Generator) Generate(id string) (*jose.JSONWebKeySet, error)
type HS256Generator ¶
type HS256Generator struct{}
func (*HS256Generator) Generate ¶
func (g *HS256Generator) Generate(id string) (*jose.JSONWebKeySet, error)
type HS512Generator ¶
type HS512Generator struct{}
func (*HS512Generator) Generate ¶
func (g *HS512Generator) Generate(id string) (*jose.JSONWebKeySet, error)
type Handler ¶
type Handler struct { Manager Manager Generators map[string]KeyGenerator H herodot.Writer W firewall.Firewall }
func (*Handler) Create ¶
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route POST /keys/{set} jsonWebKey createJsonWebKeySet
Generate a new JSON Web Key ¶
This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA).
If the specified JSON Web Key Set does not exist, it will be created.
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>:<kid>"], "actions": ["create"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.create Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) DeleteKey ¶
func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /keys/{set}/{kid} jsonWebKey deleteJsonWebKey
Delete a JSON Web Key ¶
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>:<kid>"], "actions": ["delete"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.delete Responses: 204: emptyResponse 401: genericError 403: genericError 500: genericError
func (*Handler) DeleteKeySet ¶
func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /keys/{set} jsonWebKey deleteJsonWebKeySet
Delete a JSON Web Key ¶
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>"], "actions": ["delete"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.delete Responses: 204: emptyResponse 401: genericError 403: genericError 500: genericError
func (*Handler) GetGenerators ¶
func (h *Handler) GetGenerators() map[string]KeyGenerator
func (*Handler) GetKey ¶
func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /keys/{set}/{kid} jsonWebKey getJsonWebKey
Retrieve a JSON Web Key ¶
This endpoint can be used to retrieve JWKs stored in ORY Hydra.
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>:<kid>"], "actions": ["get"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.get Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) GetKeySet ¶
func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /keys/{set} jsonWebKey getJsonWebKeySet
Retrieve a JSON Web Key Set ¶
This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>:<kid>"], "actions": ["get"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.get Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(r *httprouter.Router)
func (*Handler) UpdateKey ¶
func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route PUT /keys/{set}/{kid} jsonWebKey updateJsonWebKey
Update a JSON Web Key ¶
Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>:<kid>"], "actions": ["update"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.update Responses: 200: jsonWebKey 401: genericError 403: genericError 500: genericError
func (*Handler) UpdateKeySet ¶
func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route PUT /keys/{set} jsonWebKey updateJsonWebKeySet
Update a JSON Web Key Set ¶
Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:<set>"], "actions": ["update"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.update Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) WellKnown ¶ added in v0.8.2
func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /.well-known/jwks.json oAuth2 wellKnown
Get list of well known JSON Web Keys ¶
The subject making the request needs to be assigned to a policy containing:
``` { "resources": ["rn:hydra:keys:hydra.openid.id-token:public"], "actions": ["GET"], "effect": "allow" } ``` Consumes: - application/json Produces: - application/json Schemes: http, https Security: oauth2: hydra.keys.get Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
type KeyGenerator ¶
type MemoryManager ¶
func (*MemoryManager) AddKey ¶
func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error
func (*MemoryManager) AddKeySet ¶
func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
func (*MemoryManager) DeleteKey ¶
func (m *MemoryManager) DeleteKey(set, kid string) error
func (*MemoryManager) DeleteKeySet ¶
func (m *MemoryManager) DeleteKeySet(set string) error
func (*MemoryManager) GetKey ¶
func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
func (*MemoryManager) GetKeySet ¶
func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
type RS256Generator ¶
type RS256Generator struct {
KeyLength int
}
func (*RS256Generator) Generate ¶
func (g *RS256Generator) Generate(id string) (*jose.JSONWebKeySet, error)
type SQLManager ¶ added in v0.6.0
func (*SQLManager) AddKey ¶ added in v0.6.0
func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error
func (*SQLManager) AddKeySet ¶ added in v0.6.0
func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
func (*SQLManager) CreateSchemas ¶ added in v0.6.0
func (s *SQLManager) CreateSchemas() (int, error)
func (*SQLManager) DeleteKey ¶ added in v0.6.0
func (m *SQLManager) DeleteKey(set, kid string) error
func (*SQLManager) DeleteKeySet ¶ added in v0.6.0
func (m *SQLManager) DeleteKeySet(set string) error
func (*SQLManager) GetKey ¶ added in v0.6.0
func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
func (*SQLManager) GetKeySet ¶ added in v0.6.0
func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)