jwk

package
v0.10.0-alpha.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2017 License: Apache-2.0 Imports: 26 Imported by: 173

Documentation

Index

Constants

View Source
const (
	IDTokenKeyName = "hydra.openid.id-token"
)

Variables

This section is empty.

Functions

func First

func First(keys []jose.JSONWebKey) *jose.JSONWebKey

func MustRSAPrivate

func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey

func MustRSAPublic

func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey

func PEMBlockForKey

func PEMBlockForKey(key interface{}) (*pem.Block, error)

func RandomBytes

func RandomBytes(n int) ([]byte, error)

func TestHelperManagerKey

func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T)

func TestHelperManagerKeySet

func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T)

func ToRSAPrivate

func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)

func ToRSAPublic

func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)

Types

type AEAD

type AEAD struct {
	Key []byte
}

func (*AEAD) Decrypt

func (c *AEAD) Decrypt(ciphertext string) ([]byte, error)

func (*AEAD) Encrypt

func (c *AEAD) Encrypt(plaintext []byte) (string, error)

type ECDSA256Generator

type ECDSA256Generator struct{}

func (*ECDSA256Generator) Generate

func (g *ECDSA256Generator) Generate(id string) (*jose.JSONWebKeySet, error)

type ECDSA521Generator added in v0.2.0

type ECDSA521Generator struct{}

func (*ECDSA521Generator) Generate added in v0.2.0

func (g *ECDSA521Generator) Generate(id string) (*jose.JSONWebKeySet, error)

type HS256Generator

type HS256Generator struct{}

func (*HS256Generator) Generate

func (g *HS256Generator) Generate(id string) (*jose.JSONWebKeySet, error)

type HS512Generator

type HS512Generator struct{}

func (*HS512Generator) Generate

func (g *HS512Generator) Generate(id string) (*jose.JSONWebKeySet, error)

type Handler

type Handler struct {
	Manager    Manager
	Generators map[string]KeyGenerator
	H          herodot.Writer
	W          firewall.Firewall
}

func (*Handler) Create

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route POST /keys/{set} jsonWebKey createJsonWebKeySet

Generate a new JSON Web Key

This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA).

If the specified JSON Web Key Set does not exist, it will be created.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>:<kid>"],
  "actions": ["create"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.create

   Responses:
     200: jsonWebKeySet
     401: genericError
     403: genericError
     500: genericError

func (*Handler) DeleteKey

func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set}/{kid} jsonWebKey deleteJsonWebKey

Delete a JSON Web Key

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>:<kid>"],
  "actions": ["delete"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.delete

   Responses:
     204: emptyResponse
     401: genericError
     403: genericError
     500: genericError

func (*Handler) DeleteKeySet

func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set} jsonWebKey deleteJsonWebKeySet

Delete a JSON Web Key

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>"],
  "actions": ["delete"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.delete

   Responses:
     204: emptyResponse
     401: genericError
     403: genericError
     500: genericError

func (*Handler) GetGenerators added in v0.2.0

func (h *Handler) GetGenerators() map[string]KeyGenerator

func (*Handler) GetKey

func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set}/{kid} jsonWebKey getJsonWebKey

Retrieve a JSON Web Key

This endpoint can be used to retrieve JWKs stored in ORY Hydra.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>:<kid>"],
  "actions": ["get"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.get

   Responses:
     200: jsonWebKeySet
     401: genericError
     403: genericError
     500: genericError

func (*Handler) GetKeySet

func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set} jsonWebKey getJsonWebKeySet

Retrieve a JSON Web Key Set

This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>:<kid>"],
  "actions": ["get"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.get

   Responses:
     200: jsonWebKeySet
     401: genericError
     403: genericError
     500: genericError

func (*Handler) SetRoutes

func (h *Handler) SetRoutes(r *httprouter.Router)

func (*Handler) UpdateKey

func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set}/{kid} jsonWebKey updateJsonWebKey

Update a JSON Web Key

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>:<kid>"],
  "actions": ["update"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.update

   Responses:
     200: jsonWebKey
     401: genericError
     403: genericError
     500: genericError

func (*Handler) UpdateKeySet

func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set} jsonWebKey updateJsonWebKeySet

Update a JSON Web Key Set

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:<set>"],
  "actions": ["update"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.update

   Responses:
     200: jsonWebKeySet
     401: genericError
     403: genericError
     500: genericError

func (*Handler) WellKnown

func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /.well-known/jwks.json oAuth2 wellKnown

Get list of well known JSON Web Keys

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:keys:hydra.openid.id-token:public"],
  "actions": ["GET"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.keys.get

   Responses:
     200: jsonWebKeySet
     401: genericError
     403: genericError
     500: genericError

type KeyGenerator

type KeyGenerator interface {
	Generate(id string) (*jose.JSONWebKeySet, error)
}

type Manager

type Manager interface {
	AddKey(set string, key *jose.JSONWebKey) error

	AddKeySet(set string, keys *jose.JSONWebKeySet) error

	GetKey(set, kid string) (*jose.JSONWebKeySet, error)

	GetKeySet(set string) (*jose.JSONWebKeySet, error)

	DeleteKey(set, kid string) error

	DeleteKeySet(set string) error
}

type MemoryManager

type MemoryManager struct {
	Keys map[string]*jose.JSONWebKeySet
	sync.RWMutex
}

func (*MemoryManager) AddKey

func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error

func (*MemoryManager) AddKeySet

func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error

func (*MemoryManager) DeleteKey

func (m *MemoryManager) DeleteKey(set, kid string) error

func (*MemoryManager) DeleteKeySet

func (m *MemoryManager) DeleteKeySet(set string) error

func (*MemoryManager) GetKey

func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)

func (*MemoryManager) GetKeySet

func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)

type RS256Generator

type RS256Generator struct {
	KeyLength int
}

func (*RS256Generator) Generate

func (g *RS256Generator) Generate(id string) (*jose.JSONWebKeySet, error)

type SQLManager

type SQLManager struct {
	DB     *sqlx.DB
	Cipher *AEAD
}

func (*SQLManager) AddKey

func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error

func (*SQLManager) AddKeySet

func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error

func (*SQLManager) CreateSchemas

func (s *SQLManager) CreateSchemas() (int, error)

func (*SQLManager) DeleteKey

func (m *SQLManager) DeleteKey(set, kid string) error

func (*SQLManager) DeleteKeySet

func (m *SQLManager) DeleteKeySet(set string) error

func (*SQLManager) GetKey

func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)

func (*SQLManager) GetKeySet

func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL