jwk

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2021 License: MIT Imports: 19 Imported by: 81

Documentation

Overview

Package jwk implements JWK as described in https://tools.ietf.org/html/rfc7517

Example 
package main

import (
	"log"

	"github.com/lestrrat/go-jwx/jwk"
)

func main() {
	set, err := jwk.Fetch("https://foobar.domain/json")
	if err != nil {
		log.Printf("failed to parse JWK: %s", err)
		return
	}

	// If you KNOW you have exactly one key, you can just
	// use set.Keys[0]
	keys := set.LookupKeyID("mykey")
	if len(keys) == 0 {
		log.Printf("failed to lookup key: %s", err)
		return
	}

	key, err := keys[0].Materialize()
	if err != nil {
		log.Printf("failed to generate public key: %s", err)
		return
	}
	// Use key for jws.Verify() or whatever
	_ = key
}

Output:

Index

Examples

Constants

View Source 
const (
	AlgorithmKey              = "alg"
	KeyIDKey                  = "kid"
	KeyTypeKey                = "kty"
	KeyUsageKey               = "use"
	KeyOpsKey                 = "key_ops"
	X509CertChainKey          = "x5c"
	X509CertThumbprintKey     = "x5t"
	X509CertThumbprintS256Key = "x5t#S256"
	X509URLKey                = "x5u"
)
View Source 
const (
	KeyOpSign       KeyOperation = "sign"       // (compute digital signature or MAC)
	KeyOpVerify                  = "verify"     // (verify digital signature or MAC)
	KeyOpEncrypt                 = "encrypt"    // (encrypt content)
	KeyOpDecrypt                 = "decrypt"    // (decrypt content and validate decryption, if applicable)
	KeyOpWrapKey                 = "wrapKey"    // (encrypt key)
	KeyOpUnwrapKey               = "unwrapKey"  // (decrypt key and validate decryption, if applicable)
	KeyOpDeriveKey               = "deriveKey"  // (derive key)
	KeyOpDeriveBits              = "deriveBits" // (derive bits not to be used as a key)
)

Variables

View Source 
var (
	ErrInvalidHeaderName  = errors.New("invalid header name")
	ErrInvalidHeaderValue = errors.New("invalid value for header key")
	ErrUnsupportedKty     = errors.New("unsupported kty")
	ErrUnsupportedCurve   = errors.New("unsupported curve")
)

Errors related to JWK

Functions

This section is empty.

Types

type CertificateChain 

type CertificateChain struct {
	// contains filtered or unexported fields
}

func (*CertificateChain) Accept 

func (c *CertificateChain) Accept(v interface{}) error

func (CertificateChain) Get 

func (c CertificateChain) Get() []*x509.Certificate

type ECDSAPrivateKey 

type ECDSAPrivateKey struct {
	// contains filtered or unexported fields
}

ECDSAPrivateKey is a type of JWK generated from ECDH-ES private keys

func (ECDSAPrivateKey) Curve 

func (k ECDSAPrivateKey) Curve() jwa.EllipticCurveAlgorithm

func (*ECDSAPrivateKey) ExtractMap 

func (k *ECDSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)

func (ECDSAPrivateKey) MarshalJSON 

func (k ECDSAPrivateKey) MarshalJSON() (buf []byte, err error)

func (ECDSAPrivateKey) Materialize 

func (k ECDSAPrivateKey) Materialize() (interface{}, error)

Materialize returns the EC-DSA private key represented by this JWK

func (ECDSAPrivateKey) PopulateMap 

func (k ECDSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)

func (ECDSAPrivateKey) PublicKey 

func (k ECDSAPrivateKey) PublicKey() (*ECDSAPublicKey, error)

func (ECDSAPrivateKey) Thumbprint 

func (k ECDSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)

Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638

func (*ECDSAPrivateKey) UnmarshalJSON 

func (k *ECDSAPrivateKey) UnmarshalJSON(data []byte) (err error)

type ECDSAPublicKey 

type ECDSAPublicKey struct {
	// contains filtered or unexported fields
}

ECDSAPublicKey is a type of JWK generated from ECDSA public keys

func (ECDSAPublicKey) Curve 

func (k ECDSAPublicKey) Curve() jwa.EllipticCurveAlgorithm

func (*ECDSAPublicKey) ExtractMap 

func (k *ECDSAPublicKey) ExtractMap(m map[string]interface{}) (err error)

func (ECDSAPublicKey) MarshalJSON 

func (k ECDSAPublicKey) MarshalJSON() (buf []byte, err error)

func (ECDSAPublicKey) Materialize 

func (k ECDSAPublicKey) Materialize() (interface{}, error)

Materialize returns the EC-DSA public key represented by this JWK

func (ECDSAPublicKey) PopulateMap 

func (k ECDSAPublicKey) PopulateMap(m map[string]interface{}) (err error)

func (ECDSAPublicKey) Thumbprint 

func (k ECDSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)

Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638

func (*ECDSAPublicKey) UnmarshalJSON 

func (k *ECDSAPublicKey) UnmarshalJSON(data []byte) (err error)

type Headers 

type Headers interface {
	Remove(string)
	Get(string) (interface{}, bool)
	Set(string, interface{}) error
	PopulateMap(map[string]interface{}) error
	ExtractMap(map[string]interface{}) error
	Walk(func(string, interface{}) error) error
	Algorithm() string
	KeyID() string
	KeyType() jwa.KeyType
	KeyUsage() string
	KeyOps() []KeyOperation
	X509CertChain() []*x509.Certificate
	X509CertThumbprint() string
	X509CertThumbprintS256() string
	X509URL() string
}

type Key 

type Key interface {
	Headers

	// Materialize creates the corresponding key. For example,
	// RSA types would create *rsa.PublicKey or *rsa.PrivateKey,
	// EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey,
	// and OctetSeq types create a []byte key.
	Materialize() (interface{}, error)

	// Thumbprint returns the JWK thumbprint using the indicated
	// hashing algorithm, according to RFC 7638
	Thumbprint(crypto.Hash) ([]byte, error)
}

Key defines the minimal interface for each of the key types. Their use and implementation differ significantly between each key types, so you should use type assertions to perform more specific tasks with each key

func New 

func New(key interface{}) (Key, error)

New creates a jwk.Key from the given key.

type KeyOperation 

type KeyOperation string

type KeyUsageType 

type KeyUsageType string

KeyUsageType is used to denote what this key should be used for 

const (
	// ForSignature is the value used in the headers to indicate that
	// this key should be used for signatures
	ForSignature KeyUsageType = "sig"
	// ForEncryption is the value used in the headers to indicate that
	// this key should be used for encryptiong
	ForEncryption KeyUsageType = "enc"
)

type RSAPrivateKey 

type RSAPrivateKey struct {
	// contains filtered or unexported fields
}

RSAPrivateKey is a type of JWK generated from RSA private keys

func (*RSAPrivateKey) ExtractMap 

func (k *RSAPrivateKey) ExtractMap(m map[string]interface{}) (err error)

func (RSAPrivateKey) MarshalJSON 

func (k RSAPrivateKey) MarshalJSON() (buf []byte, err error)

func (*RSAPrivateKey) Materialize 

func (k *RSAPrivateKey) Materialize() (interface{}, error)

func (RSAPrivateKey) PopulateMap 

func (k RSAPrivateKey) PopulateMap(m map[string]interface{}) (err error)

func (RSAPrivateKey) PublicKey 

func (k RSAPrivateKey) PublicKey() (*RSAPublicKey, error)

func (RSAPrivateKey) Thumbprint 

func (k RSAPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error)

Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638

func (*RSAPrivateKey) UnmarshalJSON 

func (k *RSAPrivateKey) UnmarshalJSON(data []byte) (err error)

type RSAPublicKey 

type RSAPublicKey struct {
	// contains filtered or unexported fields
}

RSAPublicKey is a type of JWK generated from RSA public keys

func (*RSAPublicKey) ExtractMap 

func (k *RSAPublicKey) ExtractMap(m map[string]interface{}) (err error)

func (RSAPublicKey) MarshalJSON 

func (k RSAPublicKey) MarshalJSON() (buf []byte, err error)

func (*RSAPublicKey) Materialize 

func (k *RSAPublicKey) Materialize() (interface{}, error)

func (RSAPublicKey) PopulateMap 

func (k RSAPublicKey) PopulateMap(m map[string]interface{}) (err error)

func (RSAPublicKey) Thumbprint 

func (k RSAPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)

func (*RSAPublicKey) UnmarshalJSON 

func (k *RSAPublicKey) UnmarshalJSON(data []byte) (err error)

type Set 

type Set struct {
	Keys []Key `json:"keys"`
}

Set is a convenience struct to allow generating and parsing JWK sets as opposed to single JWKs

func Fetch 

func Fetch(urlstring string) (*Set, error)

Fetch fetches a JWK resource specified by a URL

func FetchHTTP 

func FetchHTTP(jwkurl string) (*Set, error)

FetchHTTP fetches the remote JWK and parses its contents

func Parse 

func Parse(buf []byte) (*Set, error)

Parse parses JWK from the incoming byte buffer.

func ParseString 

func ParseString(s string) (*Set, error)

ParseString parses JWK from the incoming string.

func (*Set) ExtractMap 

func (s *Set) ExtractMap(m map[string]interface{}) error

func (Set) LookupKeyID 

func (s Set) LookupKeyID(kid string) []Key

LookupKeyID looks for keys matching the given key id. Note that the Set *may* contain multiple keys with the same key id

type StandardHeaders 

type StandardHeaders struct {
	// contains filtered or unexported fields
}

func (*StandardHeaders) Algorithm 

func (h *StandardHeaders) Algorithm() string

func (*StandardHeaders) ExtractMap 

func (h *StandardHeaders) ExtractMap(m map[string]interface{}) (err error)

ExtractMap populates the appropriate values from a map that represent the headers as a JSON object. This exists primarily because JWKs are represented as flat objects instead of differentiating the different parts of the message in separate sub objects.

func (*StandardHeaders) Get 

func (h *StandardHeaders) Get(name string) (interface{}, bool)

func (*StandardHeaders) KeyID 

func (h *StandardHeaders) KeyID() string

func (*StandardHeaders) KeyOps 

func (h *StandardHeaders) KeyOps() []KeyOperation

func (*StandardHeaders) KeyType 

func (h *StandardHeaders) KeyType() jwa.KeyType

func (*StandardHeaders) KeyUsage 

func (h *StandardHeaders) KeyUsage() string

func (StandardHeaders) MarshalJSON 

func (h StandardHeaders) MarshalJSON() ([]byte, error)

func (StandardHeaders) PopulateMap 

func (h StandardHeaders) PopulateMap(m map[string]interface{}) error

PopulateMap populates a map with appropriate values that represent the headers as a JSON object. This exists primarily because JWKs are represented as flat objects instead of differentiating the different parts of the message in separate sub objects.

func (*StandardHeaders) Remove 

func (h *StandardHeaders) Remove(s string)

func (*StandardHeaders) Set 

func (h *StandardHeaders) Set(name string, value interface{}) error

func (*StandardHeaders) UnmarshalJSON 

func (h *StandardHeaders) UnmarshalJSON(buf []byte) error

func (StandardHeaders) Walk 

func (h StandardHeaders) Walk(f func(string, interface{}) error) error

func (*StandardHeaders) X509CertChain 

func (h *StandardHeaders) X509CertChain() []*x509.Certificate

func (*StandardHeaders) X509CertThumbprint 

func (h *StandardHeaders) X509CertThumbprint() string

func (*StandardHeaders) X509CertThumbprintS256 

func (h *StandardHeaders) X509CertThumbprintS256() string

func (*StandardHeaders) X509URL 

func (h *StandardHeaders) X509URL() string

type SymmetricKey 

type SymmetricKey struct {
	// contains filtered or unexported fields
}

SymmetricKey is a type of JWK generated from symmetric keys

func (*SymmetricKey) ExtractMap 

func (s *SymmetricKey) ExtractMap(m map[string]interface{}) (err error)

func (SymmetricKey) MarshalJSON 

func (s SymmetricKey) MarshalJSON() (buf []byte, err error)

func (SymmetricKey) Materialize 

func (s SymmetricKey) Materialize() (interface{}, error)

Materialize returns the octets for this symmetric key. Since this is a symmetric key, this just calls Octets

func (SymmetricKey) Octets 

func (s SymmetricKey) Octets() []byte

Octets returns the octets in the key

func (SymmetricKey) PopulateMap 

func (s SymmetricKey) PopulateMap(m map[string]interface{}) (err error)

func (SymmetricKey) Thumbprint 

func (s SymmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error)

Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638

func (*SymmetricKey) UnmarshalJSON 

func (k *SymmetricKey) UnmarshalJSON(data []byte) (err error)

Source Files

View all Source files

Directories

Path Synopsis
internal
cmd/genheader

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.