Documentation ¶
Index ¶
- Constants
- func CurveByName(curveName string) ec.Curve
- func GetKeyType(alg string) string
- func IsValidJwsAlg(alg string) bool
- type Base64Url
- type Base64UrlOctets
- type Base64UrlUInt
- type ClaimSet
- func (c *ClaimSet) MarshalJSON() ([]byte, error)
- func (c *ClaimSet) UnmarshalJSON(data []byte) (err error)
- func (c *ClaimSet) Validate(ref *ClaimSet) error
- func (c *ClaimSet) ValidateAdditionalClaims(addlC map[string]interface{}) error
- func (c *ClaimSet) ValidateAud(refAud string) error
- func (c *ClaimSet) ValidateExp() error
- func (c *ClaimSet) ValidateIss(iss string) error
- func (c *ClaimSet) ValidateJti(jti string) error
- func (c *ClaimSet) ValidateNbf() error
- func (c *ClaimSet) ValidateSub(sub string) error
- type ECPoint
- type ESSigner
- type HSSigner
- type JSONSerialization
- type JwHeader
- type JwaSigner
- type Jwe
- type JweRecipient
- type Jwk
- func (jwk *Jwk) ClearTypeParams()
- func (jwk *Jwk) EcdsaPrivKey() *ecdsa.PrivateKey
- func (jwk *Jwk) EcdsaPubKey() *ecdsa.PublicKey
- func (jwk *Jwk) ImportKey(k interface{}) error
- func (jwk *Jwk) MarshalJSON() (data []byte, err error)
- func (jwk *Jwk) RsaPrivKey() *rsa.PrivateKey
- func (jwk *Jwk) RsaPubKey() *rsa.PublicKey
- func (jwk *Jwk) UnmarshalJSON(data []byte) error
- func (jwk *Jwk) Validate() error
- type JwkSet
- type Jws
- type JwsSignature
- func (jSig *JwsSignature) GetAlg() (string, error)
- func (jSig *JwsSignature) GetKeyId() (string, error)
- func (jSig *JwsSignature) MarshalJSON() ([]byte, error)
- func (jSig *JwsSignature) Sign(jws *Jws, jwk *Jwk) error
- func (jSig *JwsSignature) Signature() []byte
- func (jSig *JwsSignature) UnmarshalJSON(data []byte) error
- func (jSig *JwsSignature) Validate() error
- func (jSig *JwsSignature) Verify(jws *Jws, jwk *Jwk) error
- type KeyOperation
- type NumericDate
- type PSSigner
- type RSSigner
Constants ¶
const ( JwsAlgHS256 string = "HS256" JwsAlgHS384 string = "HS384" JwsAlgHS512 string = "HS512" JwsAlgRS256 string = "RS256" JwsAlgRS384 string = "RS384" JwsAlgRS512 string = "RS512" JwsAlgES256 string = "ES256" JwsAlgES384 string = "ES384" JwsAlgES512 string = "ES512" JwsAlgPS256 string = "PS256" JwsAlgPS384 string = "PS384" JwsAlgPS512 string = "PS512" JwsAlgNone string = "none" )
JwsAlg represents a signature algorithm used for JSON Web Signatures (JWS). See https://tools.ietf.org/html/rfc7518#section-3 for more information
const ( JweAlgDir string = "dir" JweAlgRSA1_5 string = "RSA1_5" JweAlgRSA_OAEP string = "RSA-OAEP" JweAlgRSA_OAEP_256 string = "RSA-OAEP-256" JweAlgA128KW string = "A128KW" JweAlgA192KW string = "A192KW" JweAlgA256KW string = "A256KW" JweAlgECDH_ES string = "ECDH-ES" JweAlgECDH_ES_A128KW string = "ECDH-ES+A128KW" JweAlgECDH_ES_A192KW string = "ECDH-ES+A192KW" JweAlgECDH_ES_A256KW string = "ECDH-ES+A256KW" JweAlgA128GCMKW string = "A128GCMKW" JweAlgA192GCMKW string = "A192GCMKW" JweAlgA256GCMKW string = "A256GCMKW" JweAlgPBES2_HS256_A128KW string = "PBES2-HS256+A128KW" JweAlgPBES2_HS384_A192KW string = "PBES2-HS384+A192KW" JweAlgPBES2_HS512_A256KW string = "PBES2-HS512+A256KW" )
const ( JweEncAlgA128CBC_HS256 string = "A128CBC-HS256" JweEncAlgA192CBC_HS384 string = "A192CBC-HS384" JweEncAlgA256CBC_HS512 string = "A256CBC-HS512" JweEncAlgA128GCM string = "A128GCM" JweEncAlgA192GCM string = "A192GCM" JweEncAlgA256GCM string = "A256GCM" )
const ( KeyTypeOct string = "oct" KeyTypeEC string = "EC" KeyTypeRSA string = "RSA" )
Represents a type of JSON Web Key (JWK) See https://tools.ietf.org/html/rfc7518#section-6.1 for more information
const ( KeyUseSig string = "sig" KeyUseEnc string = "enc" )
Identifies the use for JWK Public keys as specified in: https://tools.ietf.org/html/rfc7517#section-4.2
Variables ¶
This section is empty.
Functions ¶
func CurveByName ¶
Curve returns the elliptic.Curve for the specificied CrvType. If the CrvType is invalid or unknown, a nil Curve type will be returned.
func GetKeyType ¶
func IsValidJwsAlg ¶
Types ¶
type Base64Url ¶
type Base64Url interface { Encoded() string Decode(string) error UnmarshalJSON(data []byte) (err error) MarshalJSON() ([]byte, error) }
Base64Url describes a Base64 URL Encoded, without padding representation of a type
type Base64UrlOctets ¶
type Base64UrlOctets struct {
Octets []byte
}
Represents a Base64 URL Encoded, without padding, byte array; referred to as base64url-encoded in the JWS, JWE, JWA, JWT and JWK specifications. Note: Base64 Encoding will occur by json marshalling/unmarshalling or through the encoded/decode methods
func (*Base64UrlOctets) Decode ¶
func (b *Base64UrlOctets) Decode(enc string) error
Decodes the Base64 Encoded value of the math/big/Int and saves to the decoded value to the Base64UrlUInt object. If the decoding cannot be performed and error will be returned
func (*Base64UrlOctets) Encoded ¶
func (b *Base64UrlOctets) Encoded() string
Returns the Base64 Encoded value of the math/big/int
func (*Base64UrlOctets) MarshalJSON ¶
func (b *Base64UrlOctets) MarshalJSON() ([]byte, error)
JSON encodes the base64 URL []byte
func (*Base64UrlOctets) UnmarshalJSON ¶
func (b *Base64UrlOctets) UnmarshalJSON(data []byte) (err error)
JSON decodes and the base64 URL []byte
type Base64UrlUInt ¶
Represents a Base64 URL Encoded, without padding, math/big/Int; referred to as Base64urlUInt-encoded in the JWA specification. Note: Base64 Encoding/decoding will only occur by json marshalling/unmarshalling or through the encoded/decode methods
func (*Base64UrlUInt) Decode ¶
func (b *Base64UrlUInt) Decode(enc string) error
Decodes the Base64 Encoded value of the math/big/Int and saves to the decoded value to the Base64UrlUInt object. If the decoding cannot be performed and error will be returned
func (*Base64UrlUInt) Encoded ¶
func (b *Base64UrlUInt) Encoded() string
Returns the Base64 Encoded value of the math/big/int
func (*Base64UrlUInt) MarshalJSON ¶
func (b *Base64UrlUInt) MarshalJSON() ([]byte, error)
Implements the json.Marshaller interface and JSON encodes the base64 URL encoded math/big/Int
func (*Base64UrlUInt) UnmarshalJSON ¶
func (b *Base64UrlUInt) UnmarshalJSON(data []byte) (err error)
Implements the json.Unmarshaller JSON decodes and then base64 URL decodes the math/big/Int
type ClaimSet ¶
type ClaimSet struct { Issuer string `json:"iss,omitempty"` Subject string `json:"sub,omitempty"` Audience []string `json:"aud,omitempty"` Id string `json:"jti,omitempty"` Expiration time.Time `json:"exp,omitempty"` NotBefore time.Time `json:"nbf,omitempty"` IssuedAt time.Time `json:"iat,omitempty"` AdditionalClaims map[string]interface{} `json:"-"` }
Represents a JWT Claim Set as specified in https://tools.ietf.org/html/rfc7519
func (*ClaimSet) MarshalJSON ¶
func (*ClaimSet) UnmarshalJSON ¶
Implements the json.Unmarshaler interface and JSON decodes a JSON representation of the a JWT ClaimSet Set.
func (*ClaimSet) ValidateAdditionalClaims ¶
func (*ClaimSet) ValidateAud ¶
func (*ClaimSet) ValidateExp ¶
func (*ClaimSet) ValidateIss ¶
func (*ClaimSet) ValidateJti ¶
func (*ClaimSet) ValidateNbf ¶
func (*ClaimSet) ValidateSub ¶
type JSONSerialization ¶
type JSONSerialization string
const ( JSONSerializationGeneral JSONSerialization = "general" JSONSerializationFlat JSONSerialization = "flat" )
type JwHeader ¶
type JwHeader struct { Algorithm string EncryptionAlg string Compression string JwkUrl string Jwk *Jwk KeyId string Type string ContentType string AgreePartyUInfo []byte AgreePartyVInfo []byte EphermalPubKey *Jwk Critical []string X509Url string X509CertChain [][]byte X509Thumbprint []byte X509Sha256Thumbprint []byte AdditionalMembers map[string]interface{} }
The JSON Web header used by JWE and JWS
func (*JwHeader) MarshalJSON ¶
func (*JwHeader) UnmarshalJSON ¶
type JwaSigner ¶
type JwaSigner interface { Sign(msg []byte) ([]byte, error) Verify(msg, sig []byte) error SetSignKey(jwk *Jwk) error SetVerifyKey(jwk *Jwk) error }
Signer is the interface implemented by types that crypographically sign and verify data
func NewJwaSigner ¶
Returnes a signer a particular JWS Algorithm. An error is returned for an invalid algorithm.
type Jwe ¶
type Jwe struct { ProtectedHeader *JwHeader UnprotectedHeader *JwHeader Recipients []*JweRecipient InitializationVector []byte Tag []byte Message []byte AdditionalAuthData []byte AdditionalMembers map[string]interface{} // contains filtered or unexported fields }
func (*Jwe) EncryptMultiple ¶
type JweRecipient ¶
type JweRecipient struct { Header *JwHeader // contains filtered or unexported fields }
func (*JweRecipient) Decrypt ¶
func (jRecip *JweRecipient) Decrypt(jwe *Jwe, jwk *Jwk)
func (*JweRecipient) Encrypt ¶
func (jRecip *JweRecipient) Encrypt(jwe *Jwe, jwk *Jwk)
type Jwk ¶
type Jwk struct { Type string Id string Algorithm string Use string Operations []string Curve ec.Curve X *big.Int Y *big.Int D *big.Int N *big.Int P *big.Int Q *big.Int Dp *big.Int Dq *big.Int Qi *big.Int E int OtherPrimes []rsa.CRTValue KeyValue []byte AdditionalMembers map[string]interface{} }
Jwk represents a JSON Web Key as specified in in: https://tools.ietf.org/html/rfc7517
func NewJwk ¶
Returns a new JWK for the desired type. An error will be returned if an invalid type is passed
func (*Jwk) ClearTypeParams ¶
func (jwk *Jwk) ClearTypeParams()
ClearTypeParams will set all Key Type Specific Params (OCT, RSA, EC) to the empty/default state
func (*Jwk) EcdsaPrivKey ¶
func (jwk *Jwk) EcdsaPrivKey() *ecdsa.PrivateKey
Exports the JWK to a crypto/ecdsa/PrivateKey
func (*Jwk) EcdsaPubKey ¶
Exports the JWK to a crypto/ecdsa/PublicKey
func (*Jwk) ImportKey ¶
ImportKey imports a Go key into the JWK object. The supported Go Key types are: rsa.PublicKey, *rsa.PublicKey, rsa.PrivateKey, *rsa.PrivateKey, ecdsa.PublicKey, *ecdsa.PublicKey, ecdsa.PrivateKey, *ecdsa.PrivateKey, string, []byte
func (*Jwk) MarshalJSON ¶
Implements the json.Marshaler interface and JSON encodes the Jwk
func (*Jwk) RsaPrivKey ¶
func (jwk *Jwk) RsaPrivKey() *rsa.PrivateKey
Exports the JWK to a crypto/rsa/PrivateKey
func (*Jwk) UnmarshalJSON ¶
type JwkSet ¶
type JwkSet struct { Keys []*Jwk `json:"keys"` AdditionalMembers map[string]interface{} `json:"-"` }
JwkSet Represents a set of JWK's as defined in https://tools.ietf.org/html/rfc7517#section-5
func (*JwkSet) GetKeyById ¶
GetKeyBId returns the first JWK found with the desired key id. A boolean is also returned that signals whether or not a JWK was found
func (*JwkSet) GetKeyByIdAndType ¶
GetKeyByIdAndType gets a JWK containeed in the JwkSet that is of type typ and has a Key Id of id. This function is useful for keys of different types that may have the same key id. The desired JWk and whethere or not the JWK exists (boolean) is returned https://tools.ietf.org/html/rfc7517#section-4.5
func (*JwkSet) MarshalJSON ¶
Implements the json.Marshaler interface and JSON encodes the Jwk Key Set
func (*JwkSet) UnmarshalJSON ¶
Implements the json.Unmarshaler interface and JSON decodes a JSON representation of the JWK Key Set.
type Jws ¶
type Jws struct { Signatures []*JwsSignature Payload []byte AdditionalMembers map[string]interface{} JSONSerialization JSONSerialization // contains filtered or unexported fields }
Jws represents a JSON Web Signature (JWS) object as specified in: https://tools.ietf.org/html/rfc7515
func (*Jws) MarshalCompact ¶
func (*Jws) MarshalJSON ¶
func (*Jws) Sign ¶
Sign attempts to cryptographically sign the passed Base64URLEncoded payload using the configured Signature value
func (*Jws) UnmarshalCompact ¶
func (*Jws) UnmarshalJSON ¶
type JwsSignature ¶
type JwsSignature struct { ProtectedHeader *JwHeader UnprotectedHeader *JwHeader // contains filtered or unexported fields }
func (*JwsSignature) GetAlg ¶
func (jSig *JwsSignature) GetAlg() (string, error)
Attempts to determine the signing algorithm for a Jws Signature. This may be in the unprotected header or the protected header depending on the end-user's implementation. An error is returned if there are conflicts, or no Alg
func (*JwsSignature) GetKeyId ¶
func (jSig *JwsSignature) GetKeyId() (string, error)
Attempts to determine the keyId to use for verifying a signature. This may be in the unprotected header or the protected header depending on the end-user's implementation. An error is returned if there are conflicts, or no KId was found
func (*JwsSignature) MarshalJSON ¶
func (jSig *JwsSignature) MarshalJSON() ([]byte, error)
func (*JwsSignature) Signature ¶
func (jSig *JwsSignature) Signature() []byte
func (*JwsSignature) UnmarshalJSON ¶
func (jSig *JwsSignature) UnmarshalJSON(data []byte) error
func (*JwsSignature) Validate ¶
func (jSig *JwsSignature) Validate() error
Validates a Jws's Signature structure. Note this does not verify the signatures signature. That is done with the VerifyWithJwk() and VerifyWithJwks() functions. This simply checks to see the header key/value pairs meet the JWS specification
type KeyOperation ¶
type KeyOperation string
Identifies the operation the JWK is inteneded for as specified in: https://tools.ietf.org/html/rfc7517#section-4.3
type NumericDate ¶
NumericDate represents a date as a UTC Unix Timestamp as defined in: https://tools.ietf.org/html/rfc7519#section-2
func (*NumericDate) Decode ¶
func (nd *NumericDate) Decode(enc int64) error
Decodes a UTC TimeStamp (int64) into a time.Time (NumericDate) type
func (*NumericDate) Encoded ¶
func (nd *NumericDate) Encoded() int64
Returns the UTC Timestamp represenation of the time.Time value
func (*NumericDate) MarshalJSON ¶
func (nd *NumericDate) MarshalJSON() ([]byte, error)
Implements the json.Marshaler interface and JSON encodes the Numeric Date
func (*NumericDate) UnmarshalJSON ¶
func (nd *NumericDate) UnmarshalJSON(data []byte) error
Implements the json.Unmarshaler interface and JSON decodes the Numeric Date