jwk

package
v0.0.0-...-ccd4941 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2023 License: MPL-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package jwk implements JWK functionality as defined in RFC 7517.

Index

Constants

View Source 
const (
	KeyType              ParamaterName = "kty"
	PublicKeyUse         ParamaterName = "use"
	KeyOperations        ParamaterName = "key_ops"
	Algorithm            ParamaterName = "alg"
	KeyID                ParamaterName = "kid"
	X509URL              ParamaterName = "x5u"
	X509CertificateChain ParamaterName = "x5c"
	X509SHA1Thumbprint   ParamaterName = "x5t"
	X509SHA256Thumbprint ParamaterName = "x5t#S256"

	K Symmetric = "k"

	Curve ECDSA = "crv"
	X     ECDSA = "x"
	Y     ECDSA = "y"

	N RSA = "n"
	E RSA = "e"
	D RSA = "d"
)

Variables

This section is empty.

Functions

func ECDSAPublicKey 

func ECDSAPublicKey(v Value) (pkey *ecdsa.PublicKey, blindingValue []byte, err error)

ECDSAPublicKey returns the ECDSA public key and blinding value, or an error if the key is not an ECDSA public key.

func ECDSAValues 

func ECDSAValues(v Value) (crv, x, y string, err error)

ECDSAValues returns the values for the ECDSA key type.

func Ed25519PublicKey 

func Ed25519PublicKey(v Value) (pkey ed25519.PublicKey, err error)

Ed25519PublicKey returns the Ed25519 public key, or an error if the key is not an Ed25519 public key.

func Ed25519Values 

func Ed25519Values(v Value) (x string, err error)

Ed25519Values returns the values for the Ed25519 key type.

func HMACSecretKey 

func HMACSecretKey(v Value) ([]byte, error)

HMACSecretKey returns the HMAC secret key (symmetric key).

func RSAPublicKey 

func RSAPublicKey(v Value) (pkey *rsa.PublicKey, blindingValue []byte, err error)

RSAPublicKey returns the RSA public key and blinding value, or an error if the key is not an RSA public key.

func RSAValues 

func RSAValues(v Value) (n, e, d string, err error)

RSAValues returns the values for the RSA key type.

func SymmetricKey 

func SymmetricKey(v Value) (k string, err error)

SymmetricKey returns the symmetric key.

func Validate 

func Validate(v Value) error

Validate checks that the required parameters are present for the given key type, and that the values are valid.

Types

type ECDSA 

type ECDSA = ParamaterName

https://datatracker.ietf.org/doc/html/rfc7517#section-4

type ParamaterName 

type ParamaterName = string

https://datatracker.ietf.org/doc/html/rfc7517#section-4

type RSA 

type RSA = ParamaterName

https://datatracker.ietf.org/doc/html/rfc7517#section-4

type Set 

type Set struct {
	// Keys is a list of JWK values.
	//
	// https://datatracker.ietf.org/doc/html/rfc7517#section-5.1
	Keys []Value `json:"keys"`
}

Set is a JWK set as defined in RFC 7517.

https://datatracker.ietf.org/doc/html/rfc7517#section-5

func FetchSet 

func FetchSet(ctx context.Context, url string, client *http.Client) (*Set, error)

FetchSet fetches a JWK set from the given URL and HTTP client.

func (*Set) Get 

func (s *Set) Get(keyID string) (Value, error)

Get returns the key that matches the given key id.

func (*Set) Validate 

func (s *Set) Validate() error

Validate validates the JWK set, returning an error if any of the keys are invalid.

type Symmetric 

type Symmetric = ParamaterName

https://datatracker.ietf.org/doc/html/rfc7517#section-4

type URLSetCache 

type URLSetCache struct {
	// contains filtered or unexported fields
}

URLSetCache is a cache of JWK sets keyed by URL that can be easily used to verify JWTs from multiple issuers. It handles refreshing the JWK sets when they expire, retrying failed fetches, and caching the JWK sets for a configurable amount of time.

func NewURLSetCache 

func NewURLSetCache(client *http.Client, refreshInterval, cacheDuration time.Duration) *URLSetCache

NewURLSetCache returns a new JWK set cache.

func (*URLSetCache) Fetch 

func (c *URLSetCache) Fetch(ctx context.Context, url string) (*Set, error)

Fetch fetches the JWK set for the given URL.

func (*URLSetCache) Get 

func (c *URLSetCache) Get(ctx context.Context, url string) (*Set, error)

Get returns the JWK set for the given URL, fetching it if it is not already cached.

func (*URLSetCache) GetKey 

func (c *URLSetCache) GetKey(ctx context.Context, url string, keyID string) (Value, error)

Get returns the first key from the JWK set for the given URL that matches the given key id, fetching the JWK set if it is not already cached.

func (*URLSetCache) Range 

func (c *URLSetCache) Range(fn func(url string, key Value) bool)

Range iterates over the JWK sets in the cache, calling the given function for each URL and key. If the function returns false, the iteration will stop.

func (*URLSetCache) Refresh 

func (c *URLSetCache) Refresh(ctx context.Context, url string) (*Set, error)

Refresh refreshes the JWK set for the given URL.

func (*URLSetCache) RefreshAll 

func (c *URLSetCache) RefreshAll(ctx context.Context) error

RefreshAll refreshes all JWK sets in the cache.

func (*URLSetCache) Start 

func (c *URLSetCache) Start(ctx context.Context) error

Start starts the JWK set cache, refreshing the JWK sets at the given interval. It will block until the context is canceled, and will only return an error if the refresh fails, possibly due to a network error.

Most callers will want to call this in a goroutine after creating the cache.

type Value 

type Value = map[ParamaterName]any

Values is a JSON object containing the parameters describing the cryptographic operations and parameters employed.

https://datatracker.ietf.org/doc/html/rfc7517#section-4

func ValueFromPublicKey 

func ValueFromPublicKey(pubKey any) (Value, error)

ValueFromPublicKey returns a JWK value from the given public key.

Source Files

View all Source files

Directories

Path Synopsis
Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638.
 Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.