gose

package module
v0.0.0-...-2a4af99 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

README

gose

Javascript Object Signing and Encryption (JOSE) implementation (JWK, JWT, JWS, JWE) in GO

Documentation

Index

Constants

View Source 
const (
	JwsAlgHS256 string = "HS256"
	JwsAlgHS384 string = "HS384"
	JwsAlgHS512 string = "HS512"
	JwsAlgRS256 string = "RS256"
	JwsAlgRS384 string = "RS384"
	JwsAlgRS512 string = "RS512"
	JwsAlgES256 string = "ES256"
	JwsAlgES384 string = "ES384"
	JwsAlgES512 string = "ES512"
	JwsAlgPS256 string = "PS256"
	JwsAlgPS384 string = "PS384"
	JwsAlgPS512 string = "PS512"
	JwsAlgNone  string = "none"
)

JwsAlg represents a signature algorithm used for JSON Web Signatures (JWS). See https://tools.ietf.org/html/rfc7518#section-3 for more information

View Source 
const (
	JweAlgDir                string = "dir"
	JweAlgRSA1_5             string = "RSA1_5"
	JweAlgRSA_OAEP           string = "RSA-OAEP"
	JweAlgRSA_OAEP_256       string = "RSA-OAEP-256"
	JweAlgA128KW             string = "A128KW"
	JweAlgA192KW             string = "A192KW"
	JweAlgA256KW             string = "A256KW"
	JweAlgECDH_ES            string = "ECDH-ES"
	JweAlgECDH_ES_A128KW     string = "ECDH-ES+A128KW"
	JweAlgECDH_ES_A192KW     string = "ECDH-ES+A192KW"
	JweAlgECDH_ES_A256KW     string = "ECDH-ES+A256KW"
	JweAlgA128GCMKW          string = "A128GCMKW"
	JweAlgA192GCMKW          string = "A192GCMKW"
	JweAlgA256GCMKW          string = "A256GCMKW"
	JweAlgPBES2_HS256_A128KW string = "PBES2-HS256+A128KW"
	JweAlgPBES2_HS384_A192KW string = "PBES2-HS384+A192KW"
	JweAlgPBES2_HS512_A256KW string = "PBES2-HS512+A256KW"
)
View Source 
const (
	JweEncAlgA128CBC_HS256 string = "A128CBC-HS256"
	JweEncAlgA192CBC_HS384 string = "A192CBC-HS384"
	JweEncAlgA256CBC_HS512 string = "A256CBC-HS512"
	JweEncAlgA128GCM       string = "A128GCM"
	JweEncAlgA192GCM       string = "A192GCM"
	JweEncAlgA256GCM       string = "A256GCM"
)
View Source 
const (
	KeyTypeOct string = "oct"
	KeyTypeEC  string = "EC"
	KeyTypeRSA string = "RSA"
)

Represents a type of JSON Web Key (JWK) See https://tools.ietf.org/html/rfc7518#section-6.1 for more information

View Source 
const (
	KeyUseSig string = "sig"
	KeyUseEnc string = "enc"
)

Identifies the use for JWK Public keys as specified in: https://tools.ietf.org/html/rfc7517#section-4.2

View Source 
const (
	KeyOpSign       string = "sign"
	KeyOpVerify     string = "verify"
	KeyOpEncrypt    string = "encrypt"
	KeyOpDecrypt    string = "decrypt"
	KeyOpWrapKey    string = "wrapkey"
	KeyOpUnwrapKey  string = "unwrapkey"
	KeyOpDeriveKey  string = "derivekey"
	KeyOpDeriveBits string = "derivebits"
)

Variables

This section is empty.

Functions

func CurveByName 

func CurveByName(curveName string) ec.Curve

Curve returns the elliptic.Curve for the specificied CrvType. If the CrvType is invalid or unknown, a nil Curve type will be returned.

func GetKeyType 

func GetKeyType(alg string) string

func IsValidJwsAlg 

func IsValidJwsAlg(alg string) bool

Types

type Base64Url 

type Base64Url interface {
	Encoded() string
	Decode(string) error
	UnmarshalJSON(data []byte) (err error)
	MarshalJSON() ([]byte, error)
}

Base64Url describes a Base64 URL Encoded, without padding representation of a type

type Base64UrlOctets 

type Base64UrlOctets struct {
	Octets []byte
}

Represents a Base64 URL Encoded, without padding, byte array; referred to as base64url-encoded in the JWS, JWE, JWA, JWT and JWK specifications. Note: Base64 Encoding will occur by json marshalling/unmarshalling or through the encoded/decode methods

func (*Base64UrlOctets) Decode 

func (b *Base64UrlOctets) Decode(enc string) error

Decodes the Base64 Encoded value of the math/big/Int and saves to the decoded value to the Base64UrlUInt object. If the decoding cannot be performed and error will be returned

func (*Base64UrlOctets) Encoded 

func (b *Base64UrlOctets) Encoded() string

Returns the Base64 Encoded value of the math/big/int

func (*Base64UrlOctets) MarshalJSON 

func (b *Base64UrlOctets) MarshalJSON() ([]byte, error)

JSON encodes the base64 URL []byte

func (*Base64UrlOctets) UnmarshalJSON 

func (b *Base64UrlOctets) UnmarshalJSON(data []byte) (err error)

JSON decodes and the base64 URL []byte

type Base64UrlUInt 

type Base64UrlUInt struct {
	UInt *big.Int
}

Represents a Base64 URL Encoded, without padding, math/big/Int; referred to as Base64urlUInt-encoded in the JWA specification. Note: Base64 Encoding/decoding will only occur by json marshalling/unmarshalling or through the encoded/decode methods

func (*Base64UrlUInt) Decode 

func (b *Base64UrlUInt) Decode(enc string) error

Decodes the Base64 Encoded value of the math/big/Int and saves to the decoded value to the Base64UrlUInt object. If the decoding cannot be performed and error will be returned

func (*Base64UrlUInt) Encoded 

func (b *Base64UrlUInt) Encoded() string

Returns the Base64 Encoded value of the math/big/int

func (*Base64UrlUInt) MarshalJSON 

func (b *Base64UrlUInt) MarshalJSON() ([]byte, error)

Implements the json.Marshaller interface and JSON encodes the base64 URL encoded math/big/Int

func (*Base64UrlUInt) UnmarshalJSON 

func (b *Base64UrlUInt) UnmarshalJSON(data []byte) (err error)

Implements the json.Unmarshaller JSON decodes and then base64 URL decodes the math/big/Int

type ClaimSet 

type ClaimSet struct {
	Issuer           string                 `json:"iss,omitempty"`
	Subject          string                 `json:"sub,omitempty"`
	Audience         []string               `json:"aud,omitempty"`
	Id               string                 `json:"jti,omitempty"`
	Expiration       time.Time              `json:"exp,omitempty"`
	NotBefore        time.Time              `json:"nbf,omitempty"`
	IssuedAt         time.Time              `json:"iat,omitempty"`
	AdditionalClaims map[string]interface{} `json:"-"`
}

Represents a JWT Claim Set as specified in https://tools.ietf.org/html/rfc7519

func (*ClaimSet) MarshalJSON 

func (c *ClaimSet) MarshalJSON() ([]byte, error)

func (*ClaimSet) UnmarshalJSON 

func (c *ClaimSet) UnmarshalJSON(data []byte) (err error)

Implements the json.Unmarshaler interface and JSON decodes a JSON representation of the a JWT ClaimSet Set.

func (*ClaimSet) Validate 

func (c *ClaimSet) Validate(ref *ClaimSet) error

func (*ClaimSet) ValidateAdditionalClaims 

func (c *ClaimSet) ValidateAdditionalClaims(addlC map[string]interface{}) error

func (*ClaimSet) ValidateAud 

func (c *ClaimSet) ValidateAud(refAud string) error

func (*ClaimSet) ValidateExp 

func (c *ClaimSet) ValidateExp() error

func (*ClaimSet) ValidateIss 

func (c *ClaimSet) ValidateIss(iss string) error

func (*ClaimSet) ValidateJti 

func (c *ClaimSet) ValidateJti(jti string) error

func (*ClaimSet) ValidateNbf 

func (c *ClaimSet) ValidateNbf() error

func (*ClaimSet) ValidateSub 

func (c *ClaimSet) ValidateSub(sub string) error

type ECPoint 

type ECPoint struct {
	R *big.Int
	S *big.Int
}

type ESSigner 

type ESSigner struct {
	H crypto.Hash
	// contains filtered or unexported fields
}

func (*ESSigner) SetSignKey 

func (es *ESSigner) SetSignKey(jwk *Jwk) error

func (*ESSigner) SetVerifyKey 

func (es *ESSigner) SetVerifyKey(jwk *Jwk) error

func (*ESSigner) Sign 

func (es *ESSigner) Sign(msg []byte) ([]byte, error)

func (*ESSigner) Verify 

func (es *ESSigner) Verify(msg, sig []byte) error

type HSSigner 

type HSSigner struct {
	H crypto.Hash
	// contains filtered or unexported fields
}

func (*HSSigner) SetSignKey 

func (hs *HSSigner) SetSignKey(jwk *Jwk) error

func (*HSSigner) SetVerifyKey 

func (hs *HSSigner) SetVerifyKey(jwk *Jwk) error

func (*HSSigner) Sign 

func (hs *HSSigner) Sign(msg []byte) ([]byte, error)

func (*HSSigner) Verify 

func (hs *HSSigner) Verify(msg, sig []byte) error

type JSONSerialization 

type JSONSerialization string
const (
	JSONSerializationGeneral JSONSerialization = "general"
	JSONSerializationFlat    JSONSerialization = "flat"
)

type JwHeader 

type JwHeader struct {
	Algorithm            string
	EncryptionAlg        string
	Compression          string
	JwkUrl               string
	Jwk                  *Jwk
	KeyId                string
	Type                 string
	ContentType          string
	AgreePartyUInfo      []byte
	AgreePartyVInfo      []byte
	EphermalPubKey       *Jwk
	Critical             []string
	X509Url              string
	X509CertChain        [][]byte
	X509Thumbprint       []byte
	X509Sha256Thumbprint []byte
	AdditionalMembers    map[string]interface{}
}

The JSON Web header used by JWE and JWS

func (*JwHeader) MarshalJSON 

func (h *JwHeader) MarshalJSON() ([]byte, error)

func (*JwHeader) UnmarshalJSON 

func (h *JwHeader) UnmarshalJSON(data []byte) error

type JwaSigner 

type JwaSigner interface {
	Sign(msg []byte) ([]byte, error)
	Verify(msg, sig []byte) error
	SetSignKey(jwk *Jwk) error
	SetVerifyKey(jwk *Jwk) error
}

Signer is the interface implemented by types that crypographically sign and verify data

func NewJwaSigner 

func NewJwaSigner(jwsAlg string) (JwaSigner, error)

Returnes a signer a particular JWS Algorithm. An error is returned for an invalid algorithm.

type Jwe 

type Jwe struct {
	ProtectedHeader      *JwHeader
	UnprotectedHeader    *JwHeader
	Recipients           []*JweRecipient
	InitializationVector []byte
	Tag                  []byte
	Message              []byte
	AdditionalAuthData   []byte
	AdditionalMembers    map[string]interface{}
	// contains filtered or unexported fields
}

func (*Jwe) Decrypt 

func (jwe *Jwe) Decrypt(jwk *Jwk)

func (*Jwe) Encrypt 

func (jwe *Jwe) Encrypt(jwk *Jwk)

func (*Jwe) EncryptMultiple 

func (jwe *Jwe) EncryptMultiple(jwks *JwkSet)

type JweRecipient 

type JweRecipient struct {
	Header *JwHeader
	// contains filtered or unexported fields
}

func (*JweRecipient) Decrypt 

func (jRecip *JweRecipient) Decrypt(jwe *Jwe, jwk *Jwk)

func (*JweRecipient) Encrypt 

func (jRecip *JweRecipient) Encrypt(jwe *Jwe, jwk *Jwk)

type Jwk 

type Jwk struct {
	Type              string
	Id                string
	Algorithm         string
	Use               string
	Operations        []string
	Curve             ec.Curve
	X                 *big.Int
	Y                 *big.Int
	D                 *big.Int
	N                 *big.Int
	P                 *big.Int
	Q                 *big.Int
	Dp                *big.Int
	Dq                *big.Int
	Qi                *big.Int
	E                 int
	OtherPrimes       []rsa.CRTValue
	KeyValue          []byte
	AdditionalMembers map[string]interface{}
}

Jwk represents a JSON Web Key as specified in in: https://tools.ietf.org/html/rfc7517

func NewJwk 

func NewJwk(kty string) (j *Jwk, err error)

Returns a new JWK for the desired type. An error will be returned if an invalid type is passed

func (*Jwk) ClearTypeParams 

func (jwk *Jwk) ClearTypeParams()

ClearTypeParams will set all Key Type Specific Params (OCT, RSA, EC) to the empty/default state

func (*Jwk) EcdsaPrivKey 

func (jwk *Jwk) EcdsaPrivKey() *ecdsa.PrivateKey

Exports the JWK to a crypto/ecdsa/PrivateKey

func (*Jwk) EcdsaPubKey 

func (jwk *Jwk) EcdsaPubKey() *ecdsa.PublicKey

Exports the JWK to a crypto/ecdsa/PublicKey

func (*Jwk) ImportKey 

func (jwk *Jwk) ImportKey(k interface{}) error

ImportKey imports a Go key into the JWK object. The supported Go Key types are: rsa.PublicKey, *rsa.PublicKey, rsa.PrivateKey, *rsa.PrivateKey, ecdsa.PublicKey, *ecdsa.PublicKey, ecdsa.PrivateKey, *ecdsa.PrivateKey, string, []byte

func (*Jwk) MarshalJSON 

func (jwk *Jwk) MarshalJSON() (data []byte, err error)

Implements the json.Marshaler interface and JSON encodes the Jwk

func (*Jwk) RsaPrivKey 

func (jwk *Jwk) RsaPrivKey() *rsa.PrivateKey

Exports the JWK to a crypto/rsa/PrivateKey

func (*Jwk) RsaPubKey 

func (jwk *Jwk) RsaPubKey() *rsa.PublicKey

Exports the JWK to a crypto/rsa/PublicKey

func (*Jwk) UnmarshalJSON 

func (jwk *Jwk) UnmarshalJSON(data []byte) error

func (*Jwk) Validate 

func (jwk *Jwk) Validate() error

Validate checkes the JWK object to verify the parameter set represent a valid JWK. If jwk is valid a nil error will be returned. If a JWK is invalid an error will be returned describing the values that causes the validation to fail.

type JwkSet 

type JwkSet struct {
	Keys              []*Jwk                 `json:"keys"`
	AdditionalMembers map[string]interface{} `json:"-"`
}

JwkSet Represents a set of JWK's as defined in https://tools.ietf.org/html/rfc7517#section-5

func (*JwkSet) GetKeyById 

func (jwks *JwkSet) GetKeyById(id string) *Jwk

GetKeyBId returns the first JWK found with the desired key id. A boolean is also returned that signals whether or not a JWK was found

func (*JwkSet) GetKeyByIdAndType 

func (jwks *JwkSet) GetKeyByIdAndType(id string, kty string) *Jwk

GetKeyByIdAndType gets a JWK containeed in the JwkSet that is of type typ and has a Key Id of id. This function is useful for keys of different types that may have the same key id. The desired JWk and whethere or not the JWK exists (boolean) is returned https://tools.ietf.org/html/rfc7517#section-4.5

func (*JwkSet) MarshalJSON 

func (jwks *JwkSet) MarshalJSON() ([]byte, error)

Implements the json.Marshaler interface and JSON encodes the Jwk Key Set

func (*JwkSet) UnmarshalJSON 

func (jwks *JwkSet) UnmarshalJSON(data []byte) error

Implements the json.Unmarshaler interface and JSON decodes a JSON representation of the JWK Key Set.

type Jws 

type Jws struct {
	Signatures        []*JwsSignature
	Payload           []byte
	AdditionalMembers map[string]interface{}
	JSONSerialization JSONSerialization
	// contains filtered or unexported fields
}

Jws represents a JSON Web Signature (JWS) object as specified in: https://tools.ietf.org/html/rfc7515

func (*Jws) MarshalCompact 

func (jws *Jws) MarshalCompact() ([]byte, error)

func (*Jws) MarshalJSON 

func (jws *Jws) MarshalJSON() ([]byte, error)

func (*Jws) Sign 

func (jws *Jws) Sign(jwk *Jwk) error

Sign attempts to cryptographically sign the passed Base64URLEncoded payload using the configured Signature value

func (*Jws) UnmarshalCompact 

func (jws *Jws) UnmarshalCompact(data []byte) error

func (*Jws) UnmarshalJSON 

func (jws *Jws) UnmarshalJSON(data []byte) error

func (*Jws) Verify 

func (jws *Jws) Verify(jwk *Jwk) error

Verfies a JWS that has a single signature

type JwsSignature 

type JwsSignature struct {
	ProtectedHeader   *JwHeader
	UnprotectedHeader *JwHeader
	// contains filtered or unexported fields
}

func (*JwsSignature) GetAlg 

func (jSig *JwsSignature) GetAlg() (string, error)

Attempts to determine the signing algorithm for a Jws Signature. This may be in the unprotected header or the protected header depending on the end-user's implementation. An error is returned if there are conflicts, or no Alg

func (*JwsSignature) GetKeyId 

func (jSig *JwsSignature) GetKeyId() (string, error)

Attempts to determine the keyId to use for verifying a signature. This may be in the unprotected header or the protected header depending on the end-user's implementation. An error is returned if there are conflicts, or no KId was found

func (*JwsSignature) MarshalJSON 

func (jSig *JwsSignature) MarshalJSON() ([]byte, error)

func (*JwsSignature) Sign 

func (jSig *JwsSignature) Sign(jws *Jws, jwk *Jwk) error

func (*JwsSignature) Signature 

func (jSig *JwsSignature) Signature() []byte

func (*JwsSignature) UnmarshalJSON 

func (jSig *JwsSignature) UnmarshalJSON(data []byte) error

func (*JwsSignature) Validate 

func (jSig *JwsSignature) Validate() error

Validates a Jws's Signature structure. Note this does not verify the signatures signature. That is done with the VerifyWithJwk() and VerifyWithJwks() functions. This simply checks to see the header key/value pairs meet the JWS specification

func (*JwsSignature) Verify 

func (jSig *JwsSignature) Verify(jws *Jws, jwk *Jwk) error

Private function, verifies a JwsSignature object

type KeyOperation 

type KeyOperation string

Identifies the operation the JWK is inteneded for as specified in: https://tools.ietf.org/html/rfc7517#section-4.3

type NumericDate 

type NumericDate struct {
	time.Time
}

NumericDate represents a date as a UTC Unix Timestamp as defined in: https://tools.ietf.org/html/rfc7519#section-2

func (*NumericDate) Decode 

func (nd *NumericDate) Decode(enc int64) error

Decodes a UTC TimeStamp (int64) into a time.Time (NumericDate) type

func (*NumericDate) Encoded 

func (nd *NumericDate) Encoded() int64

Returns the UTC Timestamp represenation of the time.Time value

func (*NumericDate) MarshalJSON 

func (nd *NumericDate) MarshalJSON() ([]byte, error)

Implements the json.Marshaler interface and JSON encodes the Numeric Date

func (*NumericDate) UnmarshalJSON 

func (nd *NumericDate) UnmarshalJSON(data []byte) error

Implements the json.Unmarshaler interface and JSON decodes the Numeric Date

type PSSigner 

type PSSigner struct {
	H crypto.Hash
	// contains filtered or unexported fields
}

func (*PSSigner) SetSignKey 

func (ps *PSSigner) SetSignKey(jwk *Jwk) error

func (*PSSigner) SetVerifyKey 

func (ps *PSSigner) SetVerifyKey(jwk *Jwk) error

func (*PSSigner) Sign 

func (ps *PSSigner) Sign(msg []byte) ([]byte, error)

func (*PSSigner) Verify 

func (ps *PSSigner) Verify(msg, sig []byte) error

type RSSigner 

type RSSigner struct {
	H crypto.Hash
	// contains filtered or unexported fields
}

func (*RSSigner) SetSignKey 

func (rs *RSSigner) SetSignKey(jwk *Jwk) error

func (*RSSigner) SetVerifyKey 

func (rs *RSSigner) SetVerifyKey(jwk *Jwk) error

func (*RSSigner) Sign 

func (rs *RSSigner) Sign(msg []byte) ([]byte, error)

func (*RSSigner) Verify 

func (rs *RSSigner) Verify(msg, sig []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.