hydra: github.com/ory/hydra/jwk Index | Files

package jwk

import "github.com/ory/hydra/jwk"

Package jwk implements JSON Web Key management capabilities

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens).

Index

Package Files

aead.go cast.go doc.go generator.go generator_ecdsa256.go generator_ecdsa521.go generator_hs256.go generator_hs512.go generator_rs256.go handler.go helper.go jwt_strategy.go manager.go manager_memory.go manager_sql.go manager_test_helpers.go registry.go

Constants

const (
    KeyHandlerPath    = "/keys"
    WellKnownKeysPath = "/.well-known/jwks.json"
)

func AsymmetricKeypair Uses

func AsymmetricKeypair(ctx context.Context, r InternalRegistry, g KeyGenerator, set string) (public, private *jose.JSONWebKey, err error)

func EnsureAsymmetricKeypairExists Uses

func EnsureAsymmetricKeypairExists(ctx context.Context, r InternalRegistry, g KeyGenerator, set string) error

func FindKeyByPrefix Uses

func FindKeyByPrefix(set *jose.JSONWebKeySet, prefix string) (key *jose.JSONWebKey, err error)

func FindKeysByPrefix Uses

func FindKeysByPrefix(set *jose.JSONWebKeySet, prefix string) (*jose.JSONWebKeySet, error)

func First Uses

func First(keys []jose.JSONWebKey) *jose.JSONWebKey

func GetOrCreateKey Uses

func GetOrCreateKey(ctx context.Context, r InternalRegistry, g KeyGenerator, set, prefix string) (*jose.JSONWebKey, error)

func Ider Uses

func Ider(typ, id string) string

func MustRSAPrivate Uses

func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey

func MustRSAPublic Uses

func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey

func PEMBlockForKey Uses

func PEMBlockForKey(key interface{}) (*pem.Block, error)

func RandomBytes Uses

func RandomBytes(n int) ([]byte, error)

func TestHelperManagerKey Uses

func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func TestHelperManagerKeySet Uses

func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)

func ToRSAPrivate Uses

func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)

func ToRSAPublic Uses

func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)

type AEAD Uses

type AEAD struct {
    // contains filtered or unexported fields
}

func NewAEAD Uses

func NewAEAD(c configuration.Provider) *AEAD

func (*AEAD) Decrypt Uses

func (c *AEAD) Decrypt(ciphertext string) (p []byte, err error)

func (*AEAD) Encrypt Uses

func (c *AEAD) Encrypt(plaintext []byte) (string, error)

type Configuration Uses

type Configuration interface {
    configuration.Provider
}

type ECDSA256Generator Uses

type ECDSA256Generator struct{}

func (*ECDSA256Generator) Generate Uses

func (g *ECDSA256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type ECDSA512Generator Uses

type ECDSA512Generator struct{}

func (*ECDSA512Generator) Generate Uses

func (g *ECDSA512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS256Generator Uses

type HS256Generator struct{}

func (*HS256Generator) Generate Uses

func (g *HS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type HS512Generator Uses

type HS512Generator struct{}

func (*HS512Generator) Generate Uses

func (g *HS512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type Handler Uses

type Handler struct {
    // contains filtered or unexported fields
}

func NewHandler Uses

func NewHandler(r InternalRegistry, c Configuration) *Handler

func (*Handler) Create Uses

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route POST /keys/{set} admin createJsonWebKeySet

Generate a New JSON Web Key

This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  201: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) DeleteKey Uses

func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set}/{kid} admin deleteJsonWebKey

Delete a JSON Web Key

Use this endpoint to delete a single JSON Web Key.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: genericError
  403: genericError
  500: genericError

func (*Handler) DeleteKeySet Uses

func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /keys/{set} admin deleteJsonWebKeySet

Delete a JSON Web Key Set

Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  401: genericError
  403: genericError
  500: genericError

func (*Handler) GetKey Uses

func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set}/{kid} admin getJsonWebKey

Fetch a JSON Web Key

This endpoint returns a singular JSON Web Key, identified by the set and the specific key ID (kid).

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  404: genericError
  500: genericError

func (*Handler) GetKeySet Uses

func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /keys/{set} admin getJsonWebKeySet

Retrieve a JSON Web Key Set

This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) SetRoutes Uses

func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMiddleware func(http.Handler) http.Handler)

func (*Handler) UpdateKey Uses

func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set}/{kid} admin updateJsonWebKey

Update a JSON Web Key

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKey
  401: genericError
  403: genericError
  500: genericError

func (*Handler) UpdateKeySet Uses

func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /keys/{set} admin updateJsonWebKeySet

Update a JSON Web Key Set

Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  401: genericError
  403: genericError
  500: genericError

func (*Handler) WellKnown Uses

func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request)

swagger:route GET /.well-known/jwks.json public wellKnown

JSON Web Keys Discovery

This endpoint returns JSON Web Keys to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: JSONWebKeySet
  500: genericError

type InternalRegistry Uses

type InternalRegistry interface {
    x.RegistryWriter
    x.RegistryLogger
    Registry
}

type JWTStrategy Uses

type JWTStrategy interface {
    GetPublicKeyID(ctx context.Context) (string, error)

    jwt.JWTStrategy
}

type KeyGenerator Uses

type KeyGenerator interface {
    Generate(id, use string) (*jose.JSONWebKeySet, error)
}

type Manager Uses

type Manager interface {
    AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

    AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

    GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

    GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

    DeleteKey(ctx context.Context, set, kid string) error

    DeleteKeySet(ctx context.Context, set string) error
}

type MemoryManager Uses

type MemoryManager struct {
    Keys map[string]*jose.JSONWebKeySet
    sync.RWMutex
}

func NewMemoryManager Uses

func NewMemoryManager() *MemoryManager

func (*MemoryManager) AddKey Uses

func (m *MemoryManager) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (*MemoryManager) AddKeySet Uses

func (m *MemoryManager) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

func (*MemoryManager) DeleteKey Uses

func (m *MemoryManager) DeleteKey(ctx context.Context, set, kid string) error

func (*MemoryManager) DeleteKeySet Uses

func (m *MemoryManager) DeleteKeySet(ctx context.Context, set string) error

func (*MemoryManager) GetKey Uses

func (m *MemoryManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

func (*MemoryManager) GetKeySet Uses

func (m *MemoryManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

type RS256Generator Uses

type RS256Generator struct {
    KeyLength int
}

func (*RS256Generator) Generate Uses

func (g *RS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)

type RS256JWTStrategy Uses

type RS256JWTStrategy struct {
    sync.RWMutex

    RS256JWTStrategy *jwt.RS256JWTStrategy
    // contains filtered or unexported fields
}

func NewRS256JWTStrategy Uses

func NewRS256JWTStrategy(r InternalRegistry, rs func() string) (*RS256JWTStrategy, error)

func (*RS256JWTStrategy) Decode Uses

func (j *RS256JWTStrategy) Decode(ctx context.Context, token string) (*jwt2.Token, error)

func (*RS256JWTStrategy) Generate Uses

func (j *RS256JWTStrategy) Generate(ctx context.Context, claims jwt2.Claims, header jwt.Mapper) (string, string, error)

func (*RS256JWTStrategy) GetPublicKeyID Uses

func (j *RS256JWTStrategy) GetPublicKeyID(ctx context.Context) (string, error)

func (*RS256JWTStrategy) GetSignature Uses

func (j *RS256JWTStrategy) GetSignature(ctx context.Context, token string) (string, error)

func (*RS256JWTStrategy) GetSigningMethodLength Uses

func (j *RS256JWTStrategy) GetSigningMethodLength() int

GetSigningMethodLength will return the length of the signing method

func (*RS256JWTStrategy) Hash Uses

func (j *RS256JWTStrategy) Hash(ctx context.Context, in []byte) ([]byte, error)

func (*RS256JWTStrategy) Validate Uses

func (j *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error)

type Registry Uses

type Registry interface {
    KeyManager() Manager
    KeyGenerators() map[string]KeyGenerator
    KeyCipher() *AEAD
}

type SQLData Uses

type SQLData struct {
    PK        int       `db:"pk"`
    Set       string    `db:"sid"`
    KID       string    `db:"kid"`
    Version   int       `db:"version"`
    CreatedAt time.Time `db:"created_at"`
    Key       string    `db:"keydata"`
}

func (SQLData) TableName Uses

func (d SQLData) TableName() string

type SQLManager Uses

type SQLManager struct {
    DB  *sqlx.DB
    R   InternalRegistry
}

func NewSQLManager Uses

func NewSQLManager(db *sqlx.DB, r InternalRegistry) *SQLManager

func (*SQLManager) AddKey Uses

func (m *SQLManager) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error

func (*SQLManager) AddKeySet Uses

func (m *SQLManager) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error

func (*SQLManager) DeleteKey Uses

func (m *SQLManager) DeleteKey(ctx context.Context, set, kid string) error

func (*SQLManager) DeleteKeySet Uses

func (m *SQLManager) DeleteKeySet(ctx context.Context, set string) error

func (*SQLManager) GetKey Uses

func (m *SQLManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error)

func (*SQLManager) GetKeySet Uses

func (m *SQLManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error)

Package jwk imports 31 packages (graph) and is imported by 85 packages. Updated 2020-08-28. Refresh now. Tools for package owners.