Documentation ¶
Overview ¶
Package jwks provides low level facilities for parsing JWKs endpoint responses according to RFC7517. It provides the basic JWK and JWK Set (JWKS) JSON parsing structs Response (`keys`) and Key (`[]key`). It also provides a small utility function and interface to obtain and parse a JWKS endpoint over string defined locations such as via URLs for HTTP(S).
Basic resolver usage: ```
resolver := &HttpResolver{} resp, rawPayload, err := resolver.Get("https://myhost/.well-known/jwks.json")
``` Basic parser usage: ```
response := &Response{} err := json.Unmarshal([]byte(`{"keys": [...]}`), response)
```
Copyright NetFoundry, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
const ( KeyTypeRsa = "RSA" KeyTypeEc = "EC" )
const ( ErrorInvalidStatusCodeMsg = "could not fetch JWKS, status code was not 200 OK" ErrorInvalidContentTypeMsg = "invalid content type, expected application/json" )
Variables ¶
This section is empty.
Functions ¶
func KeyToPublicKey ¶ added in v1.0.3
KeyToPublicKey converts the JSON marshalled Key to an interface{} object which represents a public key that may be backed by rsa.PublicKey or ecdsa.Public key depending on the input key's KeyType.
Types ¶
type HttpResolver ¶
type HttpResolver struct{}
HttpResolver implements Resolver and obtains JWKs responses via HTTP(S)
type HttpResolverError ¶
HttpResolverError is a generic error type used to relay the the http.Response from a JWKS endpoint to external code for inspection
type Key ¶
type Key struct { Algorithm string `json:"alg"` // https://www.rfc-editor.org/rfc/rfc7518#section-3.1 KeyType string `json:"kty"` // RSA, EC KeyOperations []string `json:"key_ops"` // sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits Use string `json:"use"` // sig, enc KeyId string `json:"kid"` // a unique id for a key //x509 X509Thumbprint string `json:"x5t"` //sha1 of der bytes X509ThumbprintSha256 string `json:"x5t#S256"` //sha256 of der bytes X509Chain []string `json:"x5c"` // array of base64 certificate DER X509Url string `json:"x5u"` // URI pointing to an array of pem certs //public ec kty="ec" Curve string `json:"crv"` //ec curve X string `json:"x"` // ec x curve coordinate Y string `json:"y"` // ec y curve coordinate //public rsa kty="rsa" N string `json:"n"` // rsa modulus E string `json:"e"` // rsa public exponent //symmetric kty="oct" K string `json:"k"` // symmetric key //private key properties D string `json:"d"` // rsa private exponent / ec private key P string `json:"p"` // rsa secret prime Q string `json:"q"` // rsa secret prime Dp string `json:"dp"` // rsa private key parameter Dq string `json:"dq"` // rsa private key parameter Qi string `json:"qi"` // rsa private key parameter //byok T string `json:"t"` //bring your own key property }
Key is used to parse the public keys ina JWKS endpoint. All properties defined by https://www.rfc-editor.org/rfc/rfc7517#section-4.1 and https://www.rfc-editor.org/rfc/rfc7518
func NewKey ¶ added in v1.0.3
func NewKey(keyId string, cert *x509.Certificate, chain []*x509.Certificate) (*Key, error)
NewKey will convert an *x509.Certificate to a Key. If keyId is empty string, the keyId will be populated with the sha1 fingerprint/thumbprint of the certificate. Supports RSA and EC keys only.