opa: github.com/open-policy-agent/opa/topdown/internal/jwx/jws Index | Files | Directories

package jws

import "github.com/open-policy-agent/opa/topdown/internal/jwx/jws"

Package jws implements the digital Signature on JSON based data structures as described in https://tools.ietf.org/html/rfc7515

If you do not care about the details, the only things that you would need to use are the following functions:

jws.SignWithOption(Payload, algorithm, key)
jws.Verify(encodedjws, algorithm, key)

To sign, simply use `jws.SignWithOption`. `Payload` is a []byte buffer that contains whatever data you want to sign. `alg` is one of the jwa.SignatureAlgorithm constants from package jwa. For RSA and ECDSA family of algorithms, you will need to prepare a private key. For HMAC family, you just need a []byte value. The `jws.SignWithOption` function will return the encoded JWS message on success.

To verify, use `jws.Verify`. It will parse the `encodedjws` buffer and verify the result using `algorithm` and `key`. Upon successful verification, the original Payload is returned, so you can work on it.


Package Files

headers.go interface.go jws.go message.go


const (
    AlgorithmKey     = "alg"
    ContentTypeKey   = "cty"
    CriticalKey      = "crit"
    JWKKey           = "jwk"
    JWKSetURLKey     = "jku"
    KeyIDKey         = "kid"
    PrivateParamsKey = "privateParams"
    TypeKey          = "typ"

Constants for JWS Common parameters

func SignLiteral Uses

func SignLiteral(payload []byte, alg jwa.SignatureAlgorithm, key interface{}, hdrBuf []byte) ([]byte, error)

SignLiteral generates a Signature for the given Payload and Headers, and serializes it in compact serialization format. In this format you may NOT use multiple signers.

func SignWithOption Uses

func SignWithOption(payload []byte, alg jwa.SignatureAlgorithm, key interface{}) ([]byte, error)

SignWithOption generates a Signature for the given Payload, and serializes it in compact serialization format. In this format you may NOT use multiple signers.

If you would like to pass custom Headers, use the WithHeaders option.

func SplitCompact Uses

func SplitCompact(jwsCompact string) ([]string, error)

SplitCompact splits a JWT and returns its three parts separately: Protected Headers, Payload and Signature.

func Verify Uses

func Verify(buf []byte, alg jwa.SignatureAlgorithm, key interface{}) (ret []byte, err error)

Verify checks if the given JWS message is verifiable using `alg` and `key`. If the verification is successful, `err` is nil, and the content of the Payload that was signed is returned. If you need more fine-grained control of the verification process, manually call `Parse`, generate a verifier, and call `Verify` on the parsed JWS message object.

func VerifyWithJWK Uses

func VerifyWithJWK(buf []byte, key jwk.Key) (payload []byte, err error)

VerifyWithJWK verifies the JWS message using the specified JWK

func VerifyWithJWKSet Uses

func VerifyWithJWKSet(buf []byte, keyset *jwk.Set) (payload []byte, err error)

VerifyWithJWKSet verifies the JWS message using JWK key set. By default it will only pick up keys that have the "use" key set to either "sig" or "enc", but you can override it by providing a keyaccept function.

type Headers Uses

type Headers interface {
    Get(string) (interface{}, bool)
    Set(string, interface{}) error
    GetAlgorithm() jwa.SignatureAlgorithm

Headers provides a common interface for common header parameters

type Message Uses

type Message struct {
    Payload    []byte       `json:"payload"`
    Signatures []*Signature `json:"signatures,omitempty"`

Message represents a full JWS encoded message. Flattened serialization is not supported as a struct, but rather it's represented as a Message struct with only one `Signature` element.

Do not expect to use the Message object to verify or construct a signed payloads with. You should only use this when you want to actually want to programmatically view the contents for the full JWS Payload.

To sign and verify, use the appropriate `SignWithOption()` nad `Verify()` functions

func ParseByte Uses

func ParseByte(jwsCompact []byte) (m *Message, err error)

ParseByte parses a JWS value serialized via compact serialization and provided as []byte.

func ParseString Uses

func ParseString(s string) (*Message, error)

ParseString parses a JWS value serialized via compact serialization and provided as string.

func (Message) GetPayload Uses

func (m Message) GetPayload() []byte

GetPayload returns the payload in a JWS

func (Message) GetSignatures Uses

func (m Message) GetSignatures() []*Signature

GetSignatures returns the all signatures in a JWS

type Signature Uses

type Signature struct {
    Headers   Headers `json:"header,omitempty"`    // Unprotected Headers
    Protected Headers `json:"Protected,omitempty"` // Protected Headers
    Signature []byte  `json:"signature,omitempty"` // GetSignature

Signature represents the headers and signature of a JWS message

func (Signature) GetSignature Uses

func (s Signature) GetSignature() []byte

GetSignature returns the signature in a JWS

func (Signature) ProtectedHeaders Uses

func (s Signature) ProtectedHeaders() Headers

ProtectedHeaders returns the protected headers in a JWS

func (Signature) PublicHeaders Uses

func (s Signature) PublicHeaders() Headers

PublicHeaders returns the public headers in a JWS

type StandardHeaders Uses

type StandardHeaders struct {
    Algorithm     jwa.SignatureAlgorithm `json:"alg,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.1
    ContentType   string                 `json:"cty,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.10
    Critical      []string               `json:"crit,omitempty"`          // https://tools.ietf.org/html/rfc7515#section-4.1.11
    JWK           string                 `json:"jwk,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.3
    JWKSetURL     string                 `json:"jku,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.2
    KeyID         string                 `json:"kid,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.4
    PrivateParams map[string]interface{} `json:"privateParams,omitempty"` // https://tools.ietf.org/html/rfc7515#section-4.1.9
    Type          string                 `json:"typ,omitempty"`           // https://tools.ietf.org/html/rfc7515#section-4.1.9

StandardHeaders contains JWS common parameters.

func (*StandardHeaders) Get Uses

func (h *StandardHeaders) Get(name string) (interface{}, bool)

Get is a general getter function for StandardHeaders structure

func (*StandardHeaders) GetAlgorithm Uses

func (h *StandardHeaders) GetAlgorithm() jwa.SignatureAlgorithm

GetAlgorithm returns algorithm

func (*StandardHeaders) Set Uses

func (h *StandardHeaders) Set(name string, value interface{}) error

Set is a general setter function for StandardHeaders structure



Package jws imports 9 packages (graph) and is imported by 2 packages. Updated 2019-10-06. Refresh now. Tools for package owners.