jwk

package
v0.0.60-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCurveNotSupported      = errors.New("jwk: specified curve parameter is not supported")
	ErrKeyIsNotForAlgorithm   = errors.New("jwk: key is not for algorithm")
	ErrResponseIsNotCacheable = errors.New("jwk: response is not cacheable")
)
View Source
var (
	Default = NewClient(context.Background())
)
View Source
var ErrKidNotFound = errors.New("jwk: kid not found in jwks")

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient(ctx context.Context, opts ...ClientOption) *Client

func (*Client) GetJWKSet

func (d *Client) GetJWKSet(ctx context.Context, jwksURL JWKSetURL) (*JWKSet, error)

type ClientOption

type ClientOption func(*Client)

func WithCacheMap added in v0.0.57

func WithCacheMap(cacheMap syncz.Map[*JWKSet]) ClientOption

func WithHTTPClient

func WithHTTPClient(client *http.Client) ClientOption

type JSONWebKey

type JSONWebKey struct {
	// KeyType: "kty" parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC".
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.1
	KeyType string `json:"kty"`

	// PublicKeyUse: "use" parameter identifies the intended use of the public key.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.2
	PublicKeyUse string `json:"use,omitempty"`

	// KeyOperations: "key_ops" parameter identifies the operation(s) for which the key is intended to be used.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.3
	KeyOperations []string `json:"key_ops,omitempty"` //nolint:tagliatelle

	// Algorithm: "alg" parameter identifies the algorithm intended for use with the key.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.4
	Algorithm string `json:"alg,omitempty"`

	// KeyID
	//
	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.  Use of this member is OPTIONAL.
	// When used with JWS or JWE, the "kid" value is used to match a JWS or
	// JWE "kid" Header Parameter value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.5
	KeyID string `json:"kid,omitempty"`

	// X509URL: "x5u" parameter is a URI [RFC3986] that refers to a resource for an X.509 public key certificate or certificate chain [RFC5280].
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.6
	X509URL string `json:"x5u,omitempty"`

	// X509CertificateChain: "x5c" parameter contains a chain of one or more PKIX certificates [RFC5280].
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.7
	X509CertificateChain []string `json:"x5c,omitempty"`

	// X509CertificateSHA1Thumbprint: "x5t" parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.8
	X509CertificateSHA1Thumbprint string `json:"x5t,omitempty"`

	// X509CertificateSHA256Thumbprint: "x5t#S256" parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-4.9
	X509CertificateSHA256Thumbprint string `json:"x5t#S256,omitempty"` //nolint:tagliatelle

	// Crv
	//
	// Parameters for Elliptic Curve Keys
	//
	// The "crv" (curve) parameter identifies the cryptographic curve used
	// with the key.  Curve values from [DSS] used by this specification
	// are:
	//
	//	o  "P-256"
	//	o  "P-384"
	//	o  "P-521"
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.1
	Crv string `json:"crv,omitempty"`

	// X
	//
	// Parameters for Elliptic Curve Keys
	//
	// The "x" (x coordinate) parameter contains the x coordinate for the
	// Elliptic Curve point.  It is represented as the base64url encoding of
	// the octet string representation of the coordinate, as defined in
	// Section 2.3.5 of SEC1 [SEC1].  The length of this octet string MUST
	// be the full size of a coordinate for the curve specified in the "crv"
	// parameter.  For example, if the value of "crv" is "P-521", the octet
	// string must be 66 octets long.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.2
	X string `json:"x,omitempty"`

	// Y
	//
	// Parameters for Elliptic Curve Keys
	//
	// The "y" (y coordinate) parameter contains the y coordinate for the
	// Elliptic Curve point.  It is represented as the base64url encoding of
	// the octet string representation of the coordinate, as defined in
	// Section 2.3.5 of SEC1 [SEC1].  The length of this octet string MUST
	// be the full size of a coordinate for the curve specified in the "crv"
	// parameter.  For example, if the value of "crv" is "P-521", the octet
	// string must be 66 octets long.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1.3
	Y string `json:"y,omitempty"`

	// N
	//
	// Parameters for RSA Keys
	//
	// The "n" (modulus) parameter contains the modulus value for the RSA
	// public key.  It is represented as a Base64urlUInt-encoded value.
	//
	// Note that implementers have found that some cryptographic libraries
	// prefix an extra zero-valued octet to the modulus representations they
	// return, for instance, returning 257 octets for a 2048-bit key, rather
	// than 256.  Implementations using such libraries will need to take
	// care to omit the extra octet from the base64url-encoded
	// representation.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.1
	N string `json:"n,omitempty"`

	// E
	//
	// Parameters for RSA Keys
	//
	// The "e" (exponent) parameter contains the exponent value for the RSA
	// public key.  It is represented as a Base64urlUInt-encoded value.
	//
	// For instance, when representing the value 65537, the octet sequence
	// to be base64url-encoded MUST consist of the three octets [1, 0, 1];
	// the resulting representation for this value is "AQAB".
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.2
	E string `json:"e,omitempty"`

	// P
	//
	// Parameters for RSA Keys
	//
	// The "p" (first prime factor) parameter contains the first prime
	// factor.  It is represented as a Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.2
	P string `json:"p,omitempty"`

	// Q
	//
	// Parameters for RSA Keys
	//
	// The "q" (second prime factor) parameter contains the second prime
	// factor.  It is represented as a Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.3
	Q string `json:"q,omitempty"`

	// DP
	//
	// Parameters for RSA Keys
	//
	// The "dp" (first factor CRT exponent) parameter contains the Chinese
	// Remainder Theorem (CRT) exponent of the first factor.  It is
	// represented as a Base64urlUInt-encoded value.
	//
	// Parameters for RSA Keys
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.4
	DP string `json:"dp,omitempty"`

	// DQ
	//
	// Parameters for RSA Keys
	//
	// The "dq" (second factor CRT exponent) parameter contains the CRT
	// exponent of the second factor.  It is represented as a Base64urlUInt-
	// encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.5
	DQ string `json:"dq,omitempty"`

	// QI
	//
	// Parameters for RSA Keys
	//
	// The "qi" (first CRT coefficient) parameter contains the CRT
	// coefficient of the second factor.  It is represented as a
	// Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.6
	QI string `json:"qi,omitempty"`

	// Oth
	//
	// Parameters for RSA Keys
	//
	// The "oth" (other primes info) parameter contains an array of
	// information about any third and subsequent primes, should they exist.
	// When only two primes have been used (the normal case), this parameter
	// MUST be omitted.  When three or more primes have been used, the
	// number of array elements MUST be the number of primes used minus two.
	// For more information on this case, see the description of the
	// OtherPrimeInfo parameters in Appendix A.1.2 of RFC 3447 [RFC3447],
	// upon which the following parameters are modeled.  If the consumer of
	// a JWK does not support private keys with more than two primes and it
	// encounters a private key that includes the "oth" parameter, then it
	// MUST NOT use the key.  Each array element MUST be an object with the
	// following members.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7
	Oth []OtherPrimesInfo `json:"oth,omitempty"`

	// D is "ECC private key" for EC, or "private exponent" for RSA
	//
	// Parameters for RSA Private Keys
	//
	// The "d" (ECC private key) parameter contains the Elliptic Curve
	// private key value.  It is represented as the base64url encoding of
	// the octet string representation of the private key value, as defined
	// in Section 2.3.7 of SEC1 [SEC1].  The length of this octet string
	// MUST be ceiling(log-base-2(n)/8) octets (where n is the order of the
	// curve).
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.2.2.1
	//
	// Parameters for Elliptic Curve Private Keys
	//
	// The "d" (private exponent) parameter contains the private exponent
	// value for the RSA private key.  It is represented as a Base64urlUInt-
	// encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.1
	//
	D string `json:"d,omitempty"`

	// K
	//
	// Parameters for Symmetric Keys
	//
	// The "k" (key value) parameter contains the value of the symmetric (or
	// other single-valued) key.  It is represented as the base64url
	// encoding of the octet sequence containing the key value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.4.1
	K string `json:"k,omitempty"`
}

JSONWebKey

func (*JSONWebKey) DecodeECDSAPrivateKey

func (jwk *JSONWebKey) DecodeECDSAPrivateKey() (*ecdsa.PrivateKey, error)

func (*JSONWebKey) DecodeECDSAPublicKey

func (jwk *JSONWebKey) DecodeECDSAPublicKey() (*ecdsa.PublicKey, error)

func (*JSONWebKey) DecodePublicKey

func (jwk *JSONWebKey) DecodePublicKey() (crypto.PublicKey, error)

func (*JSONWebKey) DecodeRSAPrivateKey

func (jwk *JSONWebKey) DecodeRSAPrivateKey() (*rsa.PrivateKey, error)

func (*JSONWebKey) DecodeRSAPublicKey

func (jwk *JSONWebKey) DecodeRSAPublicKey() (*rsa.PublicKey, error)

func (*JSONWebKey) EncodeECDSAPrivateKey

func (jwk *JSONWebKey) EncodeECDSAPrivateKey(key *ecdsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey

func (*JSONWebKey) EncodeECDSAPublicKey

func (jwk *JSONWebKey) EncodeECDSAPublicKey(key *ecdsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey

func (*JSONWebKey) EncodeRSAPrivateKey

func (jwk *JSONWebKey) EncodeRSAPrivateKey(key *rsa.PrivateKey, opts ...JSONWebKeyOption) *JSONWebKey

func (*JSONWebKey) EncodeRSAPublicKey

func (jwk *JSONWebKey) EncodeRSAPublicKey(key *rsa.PublicKey, opts ...JSONWebKeyOption) *JSONWebKey

type JSONWebKeyOption

type JSONWebKeyOption func(jwk *JSONWebKey)

func WithAlgorithm

func WithAlgorithm(alg string) JSONWebKeyOption

func WithKeyID

func WithKeyID(kid string) JSONWebKeyOption

func WithKeyType

func WithKeyType(kty string) JSONWebKeyOption

type JWKSet

type JWKSet struct {
	// Keys: "keys" parameter is an array of JWK values.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7517#section-5.1
	Keys []*JSONWebKey `json:"keys"`
}

JWKSet: A JWK Set is a JSON object that represents a set of JWKs.

func GetJWKSet

func GetJWKSet(ctx context.Context, jwksURL JWKSetURL) (*JWKSet, error)

func (*JWKSet) GetJSONWebKey

func (jwks *JWKSet) GetJSONWebKey(kid string) (*JSONWebKey, error)

type JWKSetURL

type JWKSetURL = string //nolint:revive

type OtherPrimesInfo

type OtherPrimesInfo struct {
	// PrimeFactor
	//
	// The "r" (prime factor) parameter within an "oth" array member
	// represents the value of a subsequent prime factor.  It is represented
	// as a Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.1
	PrimeFactor string `json:"r,omitempty"`

	// FactorCRTExponent
	//
	// The "d" (factor CRT exponent) parameter within an "oth" array member
	// represents the CRT exponent of the corresponding prime factor.  It is
	// represented as a Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.2
	FactorCRTExponent string `json:"d,omitempty"`

	// FactorCRTCoefficient
	//
	// The "t" (factor CRT coefficient) parameter within an "oth" array
	// member represents the CRT coefficient of the corresponding prime
	// factor.  It is represented as a Base64urlUInt-encoded value.
	//
	//   - ref. https://www.rfc-editor.org/rfc/rfc7518#section-6.3.2.7.3
	FactorCRTCoefficient string `json:"t,omitempty"`
}

OtherPrimesInfo is member struct of "oth" (other primes info).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL