jwk

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 4, 2019 License: Apache-2.0 Imports: 40 Imported by: 173

Documentation

Overview

Package jwk implements JSON Web Key management capabilities

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens).

Index

Constants

View Source
const (
	KeyHandlerPath    = "/keys"
	WellKnownKeysPath = "/.well-known/jwks.json"
)

Variables

View Source
var Migrations = map[string]*dbal.PackrMigrationSource{
	dbal.DriverMySQL: dbal.NewMustPackerMigrationSource(logrus.New(), AssetNames(), Asset, []string{
		"migrations/sql/shared",
		"migrations/sql/mysql",
	}, true),
	dbal.DriverPostgreSQL: dbal.NewMustPackerMigrationSource(logrus.New(), AssetNames(), Asset, []string{
		"migrations/sql/shared",
		"migrations/sql/postgres",
	}, true),
	dbal.DriverCockroachDB: dbal.NewMustPackerMigrationSource(logrus.New(), AssetNames(), Asset, []string{
		"migrations/sql/cockroach",
	}, true),
}

Functions

func Asset

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDigest added in v1.0.1

func AssetDigest(name string) ([sha256.Size]byte, error)

AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.

func AssetDir

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.

func AssetInfo

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames

func AssetNames() []string

AssetNames returns the names of the assets.

func AssetString added in v1.0.1

func AssetString(name string) (string, error)

AssetString returns the asset contents as a string (instead of a []byte).

func AsymmetricKeypair

func AsymmetricKeypair(ctx context.Context, r InternalRegistry, g KeyGenerator, set string) (public, private *jose.JSONWebKey, err error)

func Digests added in v1.0.1

func Digests() (map[string][sha256.Size]byte, error)

Digests returns a map of all known files and their checksums.

func EnsureAsymmetricKeypairExists

func EnsureAsymmetricKeypairExists(ctx context.Context, r InternalRegistry, g KeyGenerator, set string) error

func FindKeyByPrefix

func FindKeyByPrefix(set *jose.JSONWebKeySet, prefix string) (key *jose.JSONWebKey, err error)

func FindKeysByPrefix

func FindKeysByPrefix(set *jose.JSONWebKeySet, prefix string) (*jose.JSONWebKeySet, error)

func First

func First(keys []jose.JSONWebKey) *jose.JSONWebKey

func GetOrCreateKey

func GetOrCreateKey(ctx context.Context, r InternalRegistry, g KeyGenerator, set, prefix string) (*jose.JSONWebKey, error)

func Ider

func Ider(typ, id string) string

func MustAsset

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func MustAssetString added in v1.0.1

func MustAssetString(name string) string

MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.

func MustRSAPrivate

func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey

func MustRSAPublic

func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey

func PEMBlockForKey

func PEMBlockForKey(key interface{}) (*pem.Block, error)

func RandomBytes

func RandomBytes(n int) ([]byte, error)

func RestoreAsset

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory.

func RestoreAssets

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively.

func TestHelperManagerKey

func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func TestHelperManagerKeySet

func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func ToRSAPrivate

func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)

func ToRSAPublic

func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)

Types

type AEAD

type AEAD struct {
	// contains filtered or unexported fields
}

func NewAEAD

func NewAEAD(c configuration.Provider) *AEAD

func (*AEAD) Decrypt

func (c *AEAD) Decrypt(ciphertext string) (p []byte, err error)

func (*AEAD) Encrypt

func (c *AEAD) Encrypt(plaintext []byte) (string, error)

type Configuration

type Configuration interface {
	configuration.Provider
}

type ECDSA256Generator

type ECDSA256Generator struct{}

func (*ECDSA256Generator) Generate

func (g *ECDSA256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type ECDSA512Generator

type ECDSA512Generator struct{}

func (*ECDSA512Generator) Generate

func (g *ECDSA512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS256Generator

type HS256Generator struct{}

func (*HS256Generator) Generate

func (g *HS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS512Generator

type HS512Generator struct{}

func (*HS512Generator) Generate

func (g *HS512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(r InternalRegistry, c Configuration) *Handler

func (*Handler) Create

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route POST /keys/{set} admin createJsonWebKeySet

Generate a new JSON Web Key

This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  201: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) DeleteKey

func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set}/{kid} admin deleteJsonWebKey

Delete a JSON Web Key

Use this endpoint to delete a single JSON Web Key.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: genericError
  403: genericError
  500: genericError

func (*Handler) DeleteKeySet

func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set} admin deleteJsonWebKeySet

Delete a JSON Web Key Set

Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: genericError
  403: genericError
  500: genericError

func (*Handler) GetKey

func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set}/{kid} admin getJsonWebKey

Fetch a JSON Web Key

This endpoint returns a singular JSON Web Key, identified by the set and the specific key ID (kid).

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  404: genericError
  500: genericError

func (*Handler) GetKeySet

func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set} admin getJsonWebKeySet

Retrieve a JSON Web Key Set

This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) SetRoutes

func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMiddleware func(http.Handler) http.Handler)

func (*Handler) UpdateKey

func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set}/{kid} admin updateJsonWebKey

Update a JSON Web Key

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKey
  401: genericError
  403: genericError
  500: genericError

func (*Handler) UpdateKeySet

func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set} admin updateJsonWebKeySet

Update a JSON Web Key Set

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) WellKnown

func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request)

swagger:route GET /.well-known/jwks.json public wellKnown

JSON Web Keys Discovery

This endpoint returns JSON Web Keys to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  500: genericError

type InternalRegistry

type InternalRegistry interface {
	x.RegistryWriter
	x.RegistryLogger
	Registry
}

type JWTStrategy

type JWTStrategy interface {
	GetPublicKeyID(ctx context.Context) (string, error)

	jwt.JWTStrategy
}

type KeyGenerator

type KeyGenerator interface {
	Generate(id, use string) (*jose.JSONWebKeySet, error)
}

type Manager

type Manager interface {
	AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

	AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

	GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

	GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

	DeleteKey(ctx context.Context, set, kid string) error

	DeleteKeySet(ctx context.Context, set string) error
}

type MemoryManager

type MemoryManager struct {
	Keys map[string]*jose.JSONWebKeySet
	sync.RWMutex
}

func NewMemoryManager

func NewMemoryManager() *MemoryManager

func (*MemoryManager) AddKey

func (m *MemoryManager) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (*MemoryManager) AddKeySet

func (m *MemoryManager) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

func (*MemoryManager) DeleteKey

func (m *MemoryManager) DeleteKey(ctx context.Context, set, kid string) error

func (*MemoryManager) DeleteKeySet

func (m *MemoryManager) DeleteKeySet(ctx context.Context, set string) error

func (*MemoryManager) GetKey

func (m *MemoryManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

func (*MemoryManager) GetKeySet

func (m *MemoryManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

type RS256Generator

type RS256Generator struct {
	KeyLength int
}

func (*RS256Generator) Generate

func (g *RS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type RS256JWTStrategy

type RS256JWTStrategy struct {
	sync.RWMutex

	RS256JWTStrategy *jwt.RS256JWTStrategy
	// contains filtered or unexported fields
}

func NewRS256JWTStrategy

func NewRS256JWTStrategy(r InternalRegistry, rs func() string) (*RS256JWTStrategy, error)

func (*RS256JWTStrategy) Decode

func (j *RS256JWTStrategy) Decode(ctx context.Context, token string) (*jwt2.Token, error)

func (*RS256JWTStrategy) Generate

func (j *RS256JWTStrategy) Generate(ctx context.Context, claims jwt2.Claims, header jwt.Mapper) (string, string, error)

func (*RS256JWTStrategy) GetPublicKeyID

func (j *RS256JWTStrategy) GetPublicKeyID(ctx context.Context) (string, error)

func (*RS256JWTStrategy) GetSignature

func (j *RS256JWTStrategy) GetSignature(ctx context.Context, token string) (string, error)

func (*RS256JWTStrategy) GetSigningMethodLength

func (j *RS256JWTStrategy) GetSigningMethodLength() int

GetSigningMethodLength will return the length of the signing method

func (*RS256JWTStrategy) Hash

func (j *RS256JWTStrategy) Hash(ctx context.Context, in []byte) ([]byte, error)

func (*RS256JWTStrategy) Validate

func (j *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error)

type Registry

type Registry interface {
	KeyManager() Manager
	KeyGenerators() map[string]KeyGenerator
	KeyCipher() *AEAD
}

type SQLManager

type SQLManager struct {
	DB *sqlx.DB
	R  InternalRegistry
}

func NewSQLManager

func NewSQLManager(db *sqlx.DB, r InternalRegistry) *SQLManager

func (*SQLManager) AddKey

func (m *SQLManager) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (*SQLManager) AddKeySet

func (m *SQLManager) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

func (*SQLManager) CreateSchemas

func (m *SQLManager) CreateSchemas(dbName string) (int, error)

func (*SQLManager) DeleteKey

func (m *SQLManager) DeleteKey(ctx context.Context, set, kid string) error

func (*SQLManager) DeleteKeySet

func (m *SQLManager) DeleteKeySet(ctx context.Context, set string) error

func (*SQLManager) GetKey

func (m *SQLManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

func (*SQLManager) GetKeySet

func (m *SQLManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

func (*SQLManager) PlanMigration

func (m *SQLManager) PlanMigration(dbName string) ([]*migrate.PlannedMigration, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL