jwk

package
v1.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2022 License: Apache-2.0 Imports: 30 Imported by: 173

Documentation

Overview

Package jwk implements JSON Web Key management capabilities

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens).

Index

Constants

View Source 
const (
	KeyHandlerPath    = "/keys"
	WellKnownKeysPath = "/.well-known/jwks.json"
)

Variables

View Source 
var ErrUnsupportedEllipticCurve = &fosite.RFC6749Error{
	CodeField:        http.StatusBadRequest,
	ErrorField:       http.StatusText(http.StatusBadRequest),
	DescriptionField: "Unsupported elliptic curve",
}
View Source 
var ErrUnsupportedKeyAlgorithm = &fosite.RFC6749Error{
	CodeField:        http.StatusBadRequest,
	ErrorField:       http.StatusText(http.StatusBadRequest),
	DescriptionField: "Unsupported key algorithm",
}

Functions

func EnsureAsymmetricKeypairExists 

func EnsureAsymmetricKeypairExists(ctx context.Context, r InternalRegistry, alg, set string) error

func ExcludeOpaquePrivateKeys added in v1.11.0 

func ExcludeOpaquePrivateKeys(set *jose.JSONWebKeySet) *jose.JSONWebKeySet

func ExcludePrivateKeys added in v1.10.7 

func ExcludePrivateKeys(set *jose.JSONWebKeySet) *jose.JSONWebKeySet

func ExcludePublicKeys added in v1.11.0 

func ExcludePublicKeys(set *jose.JSONWebKeySet) *jose.JSONWebKeySet

func FindPrivateKey added in v1.11.0 

func FindPrivateKey(set *jose.JSONWebKeySet) (key *jose.JSONWebKey, err error)

func FindPublicKey added in v1.10.7 

func FindPublicKey(set *jose.JSONWebKeySet) (key *jose.JSONWebKey, err error)

func First 

func First(keys []jose.JSONWebKey) *jose.JSONWebKey

func GetOrGenerateKeys added in v1.11.0 

func GetOrGenerateKeys(ctx context.Context, r InternalRegistry, m Manager, set, kid, alg string) (public, private *jose.JSONWebKey, err error)

func Ider 

func Ider(typ, id string) string

func MustRSAPrivate 

func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey

func MustRSAPublic 

func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey

func PEMBlockForKey 

func PEMBlockForKey(key interface{}) (*pem.Block, error)

func RandomBytes 

func RandomBytes(n int) ([]byte, error)

func TestHelperManagerGenerateAndPersistKeySet added in v1.11.0 

func TestHelperManagerGenerateAndPersistKeySet(m Manager, alg string) func(t *testing.T)

func TestHelperManagerKey 

func TestHelperManagerKey(m Manager, algo string, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func TestHelperManagerKeySet 

func TestHelperManagerKeySet(m Manager, algo string, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func ToRSAPrivate 

func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)

func ToRSAPublic 

func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)

Types

type AEAD 

type AEAD struct {
	// contains filtered or unexported fields
}

func NewAEAD 

func NewAEAD(c *config.Provider) *AEAD

func (*AEAD) Decrypt 

func (c *AEAD) Decrypt(ciphertext string) (p []byte, err error)

func (*AEAD) Encrypt 

func (c *AEAD) Encrypt(plaintext []byte) (string, error)

type ECDSA256Generator 

type ECDSA256Generator struct{}

func (*ECDSA256Generator) Generate 

func (g *ECDSA256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type ECDSA512Generator 

type ECDSA512Generator struct{}

func (*ECDSA512Generator) Generate 

func (g *ECDSA512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type EdDSAGenerator added in v1.10.7 

type EdDSAGenerator struct{}

func (*EdDSAGenerator) Generate added in v1.10.7 

func (g *EdDSAGenerator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS256Generator 

type HS256Generator struct{}

func (*HS256Generator) Generate 

func (g *HS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS512Generator 

type HS512Generator struct{}

func (*HS512Generator) Generate 

func (g *HS512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler(r InternalRegistry, c *config.Provider) *Handler

func (*Handler) Create 

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route POST /keys/{set} admin createJsonWebKeySet

Generate a New JSON Web Key

This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  201: JSONWebKeySet
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) DeleteKey 

func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set}/{kid} admin deleteJsonWebKey

Delete a JSON Web Key

Use this endpoint to delete a single JSON Web Key.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) DeleteKeySet 

func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set} admin deleteJsonWebKeySet

Delete a JSON Web Key Set

Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) GetKey 

func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set}/{kid} admin getJsonWebKey

Fetch a JSON Web Key

This endpoint returns a singular JSON Web Key, identified by the set and the specific key ID (kid). 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  404: jsonError
  500: jsonError

func (*Handler) GetKeySet 

func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set} admin getJsonWebKeySet

Retrieve a JSON Web Key Set

This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) SetRoutes 

func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMiddleware func(http.Handler) http.Handler)

func (*Handler) UpdateKey 

func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set}/{kid} admin updateJsonWebKey

Update a JSON Web Key

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKey
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) UpdateKeySet 

func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set} admin updateJsonWebKeySet

Update a JSON Web Key Set

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: jsonError
  403: jsonError
  500: jsonError

func (*Handler) WellKnown 

func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request)

swagger:route GET /.well-known/jwks.json public wellKnown

JSON Web Keys Discovery

This endpoint returns JSON Web Keys to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others. 

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  500: jsonError

type InternalRegistry 

type InternalRegistry interface {
	x.RegistryWriter
	x.RegistryLogger
	Registry
}

type JWTStrategy 

type JWTStrategy interface {
	GetPublicKeyID(ctx context.Context) (string, error)

	jwt.JWTStrategy
}

type KeyGenerator 

type KeyGenerator interface {
	Generate(id, use string) (*jose.JSONWebKeySet, error)
}

type Manager 

type Manager interface {
	GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (*jose.JSONWebKeySet, error)

	AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

	AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

	UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) error

	UpdateKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

	GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

	GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

	DeleteKey(ctx context.Context, set, kid string) error

	DeleteKeySet(ctx context.Context, set string) error
}

type ManagerStrategy added in v1.11.0 

type ManagerStrategy struct {
	// contains filtered or unexported fields
}

func NewManagerStrategy added in v1.11.0 

func NewManagerStrategy(hardwareKeyManager Manager, softwareKeyManager Manager) *ManagerStrategy

func (ManagerStrategy) AddKey added in v1.11.0 

func (m ManagerStrategy) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (ManagerStrategy) AddKeySet added in v1.11.0 

func (m ManagerStrategy) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

func (ManagerStrategy) DeleteKey added in v1.11.0 

func (m ManagerStrategy) DeleteKey(ctx context.Context, set, kid string) error

func (ManagerStrategy) DeleteKeySet added in v1.11.0 

func (m ManagerStrategy) DeleteKeySet(ctx context.Context, set string) error

func (ManagerStrategy) GenerateAndPersistKeySet added in v1.11.0 

func (m ManagerStrategy) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (*jose.JSONWebKeySet, error)

func (ManagerStrategy) GetKey added in v1.11.0 

func (m ManagerStrategy) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

func (ManagerStrategy) GetKeySet added in v1.11.0 

func (m ManagerStrategy) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

func (ManagerStrategy) UpdateKey added in v1.11.0 

func (m ManagerStrategy) UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (ManagerStrategy) UpdateKeySet added in v1.11.0 

func (m ManagerStrategy) UpdateKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

type RS256Generator 

type RS256Generator struct {
	KeyLength int
}

func (*RS256Generator) Generate 

func (g *RS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type RS256JWTStrategy 

type RS256JWTStrategy struct {
	sync.RWMutex

	RS256JWTStrategy *jwt.RS256JWTStrategy
	// contains filtered or unexported fields
}

func NewRS256JWTStrategy 

func NewRS256JWTStrategy(c config.Provider, r InternalRegistry, rs func() string) (*RS256JWTStrategy, error)

func (*RS256JWTStrategy) Decode 

func (j *RS256JWTStrategy) Decode(ctx context.Context, token string) (*jwt2.Token, error)

func (*RS256JWTStrategy) Generate 

func (j *RS256JWTStrategy) Generate(ctx context.Context, claims jwt2.MapClaims, header jwt.Mapper) (string, string, error)

func (*RS256JWTStrategy) GetPublicKeyID 

func (j *RS256JWTStrategy) GetPublicKeyID(ctx context.Context) (string, error)

func (*RS256JWTStrategy) GetSignature 

func (j *RS256JWTStrategy) GetSignature(ctx context.Context, token string) (string, error)

func (*RS256JWTStrategy) GetSigningMethodLength 

func (j *RS256JWTStrategy) GetSigningMethodLength() int

GetSigningMethodLength will return the length of the signing method

func (*RS256JWTStrategy) Hash 

func (j *RS256JWTStrategy) Hash(ctx context.Context, in []byte) ([]byte, error)

func (*RS256JWTStrategy) Validate 

func (j *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error)

type Registry 

type Registry interface {
	KeyManager() Manager
	SoftwareKeyManager() Manager
	KeyGenerators() map[string]KeyGenerator
	KeyCipher() *AEAD
}

type SQLData added in v1.5.0 

type SQLData struct {
	ID        int       `db:"pk"`
	Set       string    `db:"sid"`
	KID       string    `db:"kid"`
	Version   int       `db:"version"`
	CreatedAt time.Time `db:"created_at"`
	Key       string    `db:"keydata"`
}

func (SQLData) TableName added in v1.5.0 

func (d SQLData) TableName() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.