Documentation ¶
Overview ¶
Package jwk implements JWK functionality as defined in RFC 7517.
Index ¶
- Constants
- func ECDSAPublicKey(v Value) (pkey *ecdsa.PublicKey, blindingValue []byte, err error)
- func ECDSAValues(v Value) (crv, x, y string, err error)
- func Ed25519PublicKey(v Value) (pkey ed25519.PublicKey, err error)
- func Ed25519Values(v Value) (x string, err error)
- func HMACSecretKey(v Value) ([]byte, error)
- func RSAPublicKey(v Value) (pkey *rsa.PublicKey, blindingValue []byte, err error)
- func RSAValues(v Value) (n, e, d string, err error)
- func SymmetricKey(v Value) (k string, err error)
- func Validate(v Value) error
- type ECDSA
- type ParamaterName
- type RSA
- type Set
- type Symmetric
- type URLSetCache
- func (c *URLSetCache) Fetch(ctx context.Context, url string) (*Set, error)
- func (c *URLSetCache) Get(ctx context.Context, url string) (*Set, error)
- func (c *URLSetCache) GetKey(ctx context.Context, url string, keyID string) (Value, error)
- func (c *URLSetCache) Range(fn func(url string, key Value) bool)
- func (c *URLSetCache) Refresh(ctx context.Context, url string) (*Set, error)
- func (c *URLSetCache) RefreshAll(ctx context.Context) error
- func (c *URLSetCache) Start(ctx context.Context) error
- type Value
Constants ¶
const ( KeyType ParamaterName = "kty" PublicKeyUse ParamaterName = "use" KeyOperations ParamaterName = "key_ops" Algorithm ParamaterName = "alg" KeyID ParamaterName = "kid" X509URL ParamaterName = "x5u" X509CertificateChain ParamaterName = "x5c" X509SHA1Thumbprint ParamaterName = "x5t" X509SHA256Thumbprint ParamaterName = "x5t#S256" K Symmetric = "k" Curve ECDSA = "crv" X ECDSA = "x" Y ECDSA = "y" N RSA = "n" E RSA = "e" D RSA = "d" )
Variables ¶
This section is empty.
Functions ¶
func ECDSAPublicKey ¶
ECDSAPublicKey returns the ECDSA public key and blinding value, or an error if the key is not an ECDSA public key.
func ECDSAValues ¶
ECDSAValues returns the values for the ECDSA key type.
func Ed25519PublicKey ¶
Ed25519PublicKey returns the Ed25519 public key, or an error if the key is not an Ed25519 public key.
func Ed25519Values ¶
Ed25519Values returns the values for the Ed25519 key type.
func HMACSecretKey ¶
HMACSecretKey returns the HMAC secret key (symmetric key).
func RSAPublicKey ¶
RSAPublicKey returns the RSA public key and blinding value, or an error if the key is not an RSA public key.
func SymmetricKey ¶
SymmetricKey returns the symmetric key.
Types ¶
type ParamaterName ¶
type ParamaterName = string
type Set ¶
type Set struct { // Keys is a list of JWK values. // // https://datatracker.ietf.org/doc/html/rfc7517#section-5.1 Keys []Value `json:"keys"` }
Set is a JWK set as defined in RFC 7517.
type Symmetric ¶
type Symmetric = ParamaterName
type URLSetCache ¶
type URLSetCache struct {
// contains filtered or unexported fields
}
URLSetCache is a cache of JWK sets keyed by URL that can be easily used to verify JWTs from multiple issuers. It handles refreshing the JWK sets when they expire, retrying failed fetches, and caching the JWK sets for a configurable amount of time.
func NewURLSetCache ¶
func NewURLSetCache(client *http.Client, refreshInterval, cacheDuration time.Duration) *URLSetCache
NewURLSetCache returns a new JWK set cache.
func (*URLSetCache) Get ¶
Get returns the JWK set for the given URL, fetching it if it is not already cached.
func (*URLSetCache) GetKey ¶
Get returns the first key from the JWK set for the given URL that matches the given key id, fetching the JWK set if it is not already cached.
func (*URLSetCache) Range ¶
func (c *URLSetCache) Range(fn func(url string, key Value) bool)
Range iterates over the JWK sets in the cache, calling the given function for each URL and key. If the function returns false, the iteration will stop.
func (*URLSetCache) RefreshAll ¶
func (c *URLSetCache) RefreshAll(ctx context.Context) error
RefreshAll refreshes all JWK sets in the cache.
func (*URLSetCache) Start ¶
func (c *URLSetCache) Start(ctx context.Context) error
Start starts the JWK set cache, refreshing the JWK sets at the given interval. It will block until the context is canceled, and will only return an error if the refresh fails, possibly due to a network error.
Most callers will want to call this in a goroutine after creating the cache.
type Value ¶
type Value = map[ParamaterName]any
Values is a JSON object containing the parameters describing the cryptographic operations and parameters employed.
https://datatracker.ietf.org/doc/html/rfc7517#section-4
func ValueFromPublicKey ¶
ValueFromPublicKey returns a JWK value from the given public key.
Directories ¶
Path | Synopsis |
---|---|
Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638.
|
Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638. |