Documentation ¶
Index ¶
- Variables
- type Client
- type ClientOption
- type JSONWebKey
- func (jwk *JSONWebKey) DecodeECDSAPrivateKey() (*ecdsa.PrivateKey, error)
- func (jwk *JSONWebKey) DecodeECDSAPublicKey() (*ecdsa.PublicKey, error)
- func (jwk *JSONWebKey) DecodePublicKey() (crypto.PublicKey, error)
- func (jwk *JSONWebKey) DecodeRSAPrivateKey() (*rsa.PrivateKey, error)
- func (jwk *JSONWebKey) DecodeRSAPublicKey() (*rsa.PublicKey, error)
- func (jwk *JSONWebKey) EncodeECDSAPrivateKey(key *ecdsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey
- func (jwk *JSONWebKey) EncodeECDSAPublicKey(key *ecdsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey
- func (jwk *JSONWebKey) EncodeRSAPrivateKey(key *rsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey
- func (jwk *JSONWebKey) EncodeRSAPublicKey(key *rsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey
- type JSONWebKeyOption
- type JWKSet
- type JWKSetURL
- type OtherPrimesInfo
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrCurveNotSupported = errors.New("jwk: specified curve parameter is not supported") ErrKeyIsNotForAlgorithm = errors.New("jwk: key is not for algorithm") ErrResponseIsNotCacheable = errors.New("jwk: response is not cacheable") )
View Source
var (
Default = NewClient(context.Background())
)
View Source
var ErrKidNotFound = errors.New("jwk: kid not found in jwks")
Functions ¶
This section is empty.
Types ¶
type ClientOption ¶
type ClientOption func(*Client)
func WithCacheStore ¶
func WithCacheStore(store *cache.Store[*JWKSet]) ClientOption
func WithHTTPClient ¶
func WithHTTPClient(client *http.Client) ClientOption
type JSONWebKey ¶
type JSONWebKey struct { // KeyType: "kty" parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.1 KeyType string `json:"kty"` // PublicKeyUse: "use" parameter identifies the intended use of the public key. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.2 PublicKeyUse string `json:"use,omitempty"` // KeyOperations: "key_ops" parameter identifies the operation(s) for which the key is intended to be used. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.3 KeyOperations []string `json:"key_ops,omitempty"` //nolint:tagliatelle // Algorithm: "alg" parameter identifies the algorithm intended for use with the key. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.4 Algorithm string `json:"alg,omitempty"` // KeyID // // The "kid" (key ID) parameter is used to match a specific key. This // is used, for instance, to choose among a set of keys within a JWK Set // during key rollover. The structure of the "kid" value is // unspecified. When "kid" values are used within a JWK Set, different // keys within the JWK Set SHOULD use distinct "kid" values. (One // example in which different keys might use the same "kid" value is if // they have different "kty" (key type) values but are considered to be // equivalent alternatives by the application using them.) The "kid" // value is a case-sensitive string. Use of this member is OPTIONAL. // When used with JWS or JWE, the "kid" value is used to match a JWS or // JWE "kid" Header Parameter value. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.5 KeyID string `json:"kid,omitempty"` // X509URL: "x5u" parameter is a URI [RFC3986] that refers to a resource for an X.509 public key certificate or certificate chain [RFC5280]. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.6 X509URL string `json:"x5u,omitempty"` // X509CertificateChain: "x5c" parameter contains a chain of one or more PKIX certificates [RFC5280]. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.7 X509CertificateChain []string `json:"x5c,omitempty"` // X509CertificateSHA1Thumbprint: "x5t" parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280]. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.8 X509CertificateSHA1Thumbprint string `json:"x5t,omitempty"` // X509CertificateSHA256Thumbprint: "x5t#S256" parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280]. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.9 X509CertificateSHA256Thumbprint string `json:"x5t#S256,omitempty"` //nolint:tagliatelle // Crv // // Parameters for Elliptic Curve Keys // // The "crv" (curve) parameter identifies the cryptographic curve used // with the key. Curve values from [DSS] used by this specification // are: // // o "P-256" // o "P-384" // o "P-521" // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.1 Crv string `json:"crv,omitempty"` // X // // Parameters for Elliptic Curve Keys // // The "x" (x coordinate) parameter contains the x coordinate for the // Elliptic Curve point. It is represented as the base64url encoding of // the octet string representation of the coordinate, as defined in // Section 2.3.5 of SEC1 [SEC1]. The length of this octet string MUST // be the full size of a coordinate for the curve specified in the "crv" // parameter. For example, if the value of "crv" is "P-521", the octet // string must be 66 octets long. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.2 X string `json:"x,omitempty"` // Y // // Parameters for Elliptic Curve Keys // // The "y" (y coordinate) parameter contains the y coordinate for the // Elliptic Curve point. It is represented as the base64url encoding of // the octet string representation of the coordinate, as defined in // Section 2.3.5 of SEC1 [SEC1]. The length of this octet string MUST // be the full size of a coordinate for the curve specified in the "crv" // parameter. For example, if the value of "crv" is "P-521", the octet // string must be 66 octets long. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.3 Y string `json:"y,omitempty"` // N // // Parameters for RSA Keys // // The "n" (modulus) parameter contains the modulus value for the RSA // public key. It is represented as a Base64urlUInt-encoded value. // // Note that implementers have found that some cryptographic libraries // prefix an extra zero-valued octet to the modulus representations they // return, for instance, returning 257 octets for a 2048-bit key, rather // than 256. Implementations using such libraries will need to take // care to omit the extra octet from the base64url-encoded // representation. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.1 N string `json:"n,omitempty"` // E // // Parameters for RSA Keys // // The "e" (exponent) parameter contains the exponent value for the RSA // public key. It is represented as a Base64urlUInt-encoded value. // // For instance, when representing the value 65537, the octet sequence // to be base64url-encoded MUST consist of the three octets [1, 0, 1]; // the resulting representation for this value is "AQAB". // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.2 E string `json:"e,omitempty"` // P // // Parameters for RSA Keys // // The "p" (first prime factor) parameter contains the first prime // factor. It is represented as a Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.2 P string `json:"p,omitempty"` // Q // // Parameters for RSA Keys // // The "q" (second prime factor) parameter contains the second prime // factor. It is represented as a Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.3 Q string `json:"q,omitempty"` // DP // // Parameters for RSA Keys // // The "dp" (first factor CRT exponent) parameter contains the Chinese // Remainder Theorem (CRT) exponent of the first factor. It is // represented as a Base64urlUInt-encoded value. // // Parameters for RSA Keys // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.4 DP string `json:"dp,omitempty"` // DQ // // Parameters for RSA Keys // // The "dq" (second factor CRT exponent) parameter contains the CRT // exponent of the second factor. It is represented as a Base64urlUInt- // encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.5 DQ string `json:"dq,omitempty"` // QI // // Parameters for RSA Keys // // The "qi" (first CRT coefficient) parameter contains the CRT // coefficient of the second factor. It is represented as a // Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.6 QI string `json:"qi,omitempty"` // Oth // // Parameters for RSA Keys // // The "oth" (other primes info) parameter contains an array of // information about any third and subsequent primes, should they exist. // When only two primes have been used (the normal case), this parameter // MUST be omitted. When three or more primes have been used, the // number of array elements MUST be the number of primes used minus two. // For more information on this case, see the description of the // OtherPrimeInfo parameters in Appendix A.1.2 of RFC 3447 [RFC3447], // upon which the following parameters are modeled. If the consumer of // a JWK does not support private keys with more than two primes and it // encounters a private key that includes the "oth" parameter, then it // MUST NOT use the key. Each array element MUST be an object with the // following members. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7 Oth []OtherPrimesInfo `json:"oth,omitempty"` // D is "ECC private key" for EC, or "private exponent" for RSA // // Parameters for RSA Private Keys // // The "d" (ECC private key) parameter contains the Elliptic Curve // private key value. It is represented as the base64url encoding of // the octet string representation of the private key value, as defined // in Section 2.3.7 of SEC1 [SEC1]. The length of this octet string // MUST be ceiling(log-base-2(n)/8) octets (where n is the order of the // curve). // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.2.1 // // Parameters for Elliptic Curve Private Keys // // The "d" (private exponent) parameter contains the private exponent // value for the RSA private key. It is represented as a Base64urlUInt- // encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.1 // D string `json:"d,omitempty"` // K // // Parameters for Symmetric Keys // // The "k" (key value) parameter contains the value of the symmetric (or // other single-valued) key. It is represented as the base64url // encoding of the octet sequence containing the key value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.4.1 K string `json:"k,omitempty"` }
JSONWebKey
- ref. JSON Web Key (JWK) Format https://www.rfc-editor.org/rfc/rfc7517#section-4
- ref. https://openid-foundation-japan.github.io/rfc7517.ja.html#JWKFormat
func (*JSONWebKey) DecodeECDSAPrivateKey ¶
func (jwk *JSONWebKey) DecodeECDSAPrivateKey() (*ecdsa.PrivateKey, error)
func (*JSONWebKey) DecodeECDSAPublicKey ¶
func (jwk *JSONWebKey) DecodeECDSAPublicKey() (*ecdsa.PublicKey, error)
func (*JSONWebKey) DecodePublicKey ¶
func (jwk *JSONWebKey) DecodePublicKey() (crypto.PublicKey, error)
func (*JSONWebKey) DecodeRSAPrivateKey ¶
func (jwk *JSONWebKey) DecodeRSAPrivateKey() (*rsa.PrivateKey, error)
func (*JSONWebKey) DecodeRSAPublicKey ¶
func (jwk *JSONWebKey) DecodeRSAPublicKey() (*rsa.PublicKey, error)
func (*JSONWebKey) EncodeECDSAPrivateKey ¶
func (jwk *JSONWebKey) EncodeECDSAPrivateKey(key *ecdsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey
func (*JSONWebKey) EncodeECDSAPublicKey ¶
func (jwk *JSONWebKey) EncodeECDSAPublicKey(key *ecdsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey
func (*JSONWebKey) EncodeRSAPrivateKey ¶
func (jwk *JSONWebKey) EncodeRSAPrivateKey(key *rsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey
func (*JSONWebKey) EncodeRSAPublicKey ¶
func (jwk *JSONWebKey) EncodeRSAPublicKey(key *rsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey
type JSONWebKeyOption ¶
type JSONWebKeyOption func(jwk *JSONWebKey)
func WithAlgorithm ¶
func WithAlgorithm(alg string) JSONWebKeyOption
func WithKeyID ¶
func WithKeyID(kid string) JSONWebKeyOption
func WithKeyType ¶
func WithKeyType(kty string) JSONWebKeyOption
type JWKSet ¶
type JWKSet struct { // Keys: "keys" parameter is an array of JWK values. // // - ref. https://www.rfc-editor.org/rfc/rfc7517#section-5.1 Keys []*JSONWebKey `json:"keys"` }
JWKSet: A JWK Set is a JSON object that represents a set of JWKs.
- ref. JWK Set Format https://www.rfc-editor.org/rfc/rfc7517#section-5
- ref. https://openid-foundation-japan.github.io/rfc7517.ja.html#JWKSet
func (*JWKSet) GetJSONWebKey ¶
func (jwks *JWKSet) GetJSONWebKey(kid string) (*JSONWebKey, error)
type OtherPrimesInfo ¶
type OtherPrimesInfo struct { // PrimeFactor // // The "r" (prime factor) parameter within an "oth" array member // represents the value of a subsequent prime factor. It is represented // as a Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.1 PrimeFactor string `json:"r,omitempty"` // FactorCRTExponent // // The "d" (factor CRT exponent) parameter within an "oth" array member // represents the CRT exponent of the corresponding prime factor. It is // represented as a Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.2 FactorCRTExponent string `json:"d,omitempty"` // FactorCRTCoefficient // // The "t" (factor CRT coefficient) parameter within an "oth" array // member represents the CRT coefficient of the corresponding prime // factor. It is represented as a Base64urlUInt-encoded value. // // - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.3 FactorCRTCoefficient string `json:"t,omitempty"` }
OtherPrimesInfo is member struct of "oth" (other primes info).
Click to show internal directories.
Click to hide internal directories.