token

package

v0.0.10 Latest Latest Go to latest Published: Mar 22, 2023 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/peterzandbergen/ishare

Links

Open Source Insights

Documentation ¶

Overview ¶

Package token implements the methods to create and validate iShare compliant tokens.

Index ¶

Variables
func IsTokenResponse(tk interface{}) (tokenString string, err error)
func NewValidatingClaims(claims claims.ClaimsGetter, valid func() error) jwt.Claims
func WithDisableIssuerSubjectEquality() validateOption
type Token
- func New(clientEori string, cert *x509.Certificate, privateKey interface{}, ...) (*Token, error)
- func NewFromFiles(clientEori, certFile, keyFile, caCertsFile, rootCertsFile string) (*Token, error)
type TokenResponse
type ValidatingClaims

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrKeyIsNotRSA          = errors.New("key is not of type RSA")
	ErrTokenInvalid         = errors.New("token invalid")
	ErrNoPemBlocksFound     = errors.New("no pem blocks found")
	ErrBadX5CEntry          = errors.New("bad x5c entry")
	ErrNoRootFound          = errors.New("no root found")
	ErrNoCertFound          = errors.New("no cert found")
	ErrNoCertsFound         = errors.New("no certs found")
	ErrNoIntermediatesFound = errors.New("no intermediates found")
	ErrNoLeafFound          = errors.New("no leaf found")
)

View Source

var NonceSource nonceSource

Functions ¶

func IsTokenResponse ¶

func IsTokenResponse(tk interface{}) (tokenString string, err error)

func NewValidatingClaims ¶

func NewValidatingClaims(claims claims.ClaimsGetter, valid func() error) jwt.Claims

func WithDisableIssuerSubjectEquality ¶

func WithDisableIssuerSubjectEquality() validateOption

WithDisableIssuerSubjectEquality disables the check if the issuer is equal to the cert subject name.

Types ¶

type Token ¶

type Token struct {
	ClientEori   string
	ServerEori   string
	Cert         *x509.Certificate
	CaChainCerts []*x509.Certificate
	CaChain      *x509.CertPool
	RootCerts    *x509.CertPool
	X5c          [][]byte

	ValidBefore time.Duration
	ValidFor    time.Duration
	// contains filtered or unexported fields
}

Token contains the settings required to generate and validate iShare compliant jwt tokens.

func New ¶

func New(clientEori string, cert *x509.Certificate, privateKey interface{}, caChainCerts []*x509.Certificate, rootCerts *x509.CertPool) (*Token, error)

New creates a new ishare token.

caChain can be nil.

func NewFromFiles ¶

func NewFromFiles(clientEori, certFile, keyFile, caCertsFile, rootCertsFile string) (*Token, error)

NewFromFile creates a new token and accepts the names of the files that contain the keys and certificates.

func (*Token) Assertion ¶

func (t *Token) Assertion(audience string) (string, error)

Assertion returns an assertion string to obtain a new iShare OAuth2 token.

func (*Token) GetTokenClaims ¶

func (t *Token) GetTokenClaims(token string) (interface{}, error)

func (*Token) GetTokenClaimsOpt ¶

func (t *Token) GetTokenClaimsOpt(token string, unsafe bool) (interface{}, error)

func (*Token) GetTokenClaimsUnsafe ¶

func (t *Token) GetTokenClaimsUnsafe(token string) (interface{}, error)

func (*Token) NewClaims ¶

func (t *Token) NewClaims(audience string) claims.Claims

func (*Token) ResponseToken ¶

func (t *Token) ResponseToken(claims claims.ClaimsGetter) (string, error)

ResponseToken returns the compact signed JWT with the given claims.

To create your own response token, you need to provide your own struct that embeds a jwt.Claims that is obtained using the NewClaims method.

	Claims := t.NewClaims(audienceEORI)
 claims := struct {

}

func (*Token) UnmarshalJWT ¶

func (t *Token) UnmarshalJWT(signedJWT string, claims claims.ClaimsGetter, options ...validateOption) error

UnmarshalJWT unmarshals and validates the signed JWT.

The validation checks if the token complies with the iShare rules. See for more details: https://dev.ishareworks.org/introduction/jwt.html#ishare-jwt

func (*Token) UnmarshalJWTUnsafe ¶

func (t *Token) UnmarshalJWTUnsafe(signedJWT string, claims claims.ClaimsGetter) error

func (*Token) ValidateClaims ¶

func (t *Token) ValidateClaims(claims claims.ClaimsGetter, subjectSerialNumber string, options ...validateOption) error

ValidateClaims checks if the received token is valid. It checks

JTW Headers for only the presence of alg, typ and xc5.
Valid Cert chain.
Cert.Subject.serialNumber value is equal to the identity of the creator of the JWT. For a request this must be the client EORI (iss and sub), for a response this must be the server (aud) EORI.
Mandatory JWT claims: iss, sub, aud, jti, exp, iat.
iss and sub must be equal.
Valid duration, exp - iat, must be 30 seconds and now must be in the interval.

func (*Token) ValidateHeaders ¶

func (t *Token) ValidateHeaders(header map[string]interface{}) (*x509.Certificate, error)

ValidateHeaders checks if the JWT headers are iShare compliant.

only typ, alg and x5c are present
typ == JWT
alg == RS256
x5c certificates are valid

type TokenResponse ¶

type TokenResponse struct {
	Token interface{}
	JWT   interface{}
}

type ValidatingClaims ¶

type ValidatingClaims struct {
	claims.ClaimsGetter
	// contains filtered or unexported fields
}

func (*ValidatingClaims) MarshalJSON ¶

func (c *ValidatingClaims) MarshalJSON() ([]byte, error)

func (*ValidatingClaims) UnmarshalJSON ¶

func (c *ValidatingClaims) UnmarshalJSON(d []byte) error

func (*ValidatingClaims) Valid ¶

func (c *ValidatingClaims) Valid() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL