Documentation
¶
Overview ¶
Package jws handles JSON Web Signatures defined in RFC 7515.
Index ¶
- Variables
- type AlgorithmVerifier
- type AllowedAlgorithms
- type FindKeyFunc
- type Header
- func (h *Header) Algorithm() jwa.SignatureAlgorithm
- func (h *Header) Base64() bool
- func (h *Header) ContentType() string
- func (h *Header) Critical() []string
- func (h *Header) JWK() *jwk.Key
- func (h *Header) JWKSetURL() *url.URL
- func (h *Header) KeyID() string
- func (h *Header) MarshalJSON() ([]byte, error)
- func (h *Header) SetAlgorithm(alg jwa.SignatureAlgorithm)
- func (h *Header) SetBase64(b64 bool)
- func (h *Header) SetContentType(cty string)
- func (h *Header) SetCritical(crit []string)
- func (h *Header) SetJWK(jwk *jwk.Key)
- func (h *Header) SetJWKSetURL(jku *url.URL)
- func (h *Header) SetKeyID(kid string)
- func (h *Header) SetType(typ string)
- func (h *Header) SetX509CertificateChain(x5c []*x509.Certificate)
- func (h *Header) SetX509CertificateSHA1(x5t []byte)
- func (h *Header) SetX509CertificateSHA256(x5tS256 []byte)
- func (h *Header) SetX509URL(x5u *url.URL)
- func (h *Header) Type() string
- func (h *Header) UnmarshalJSON(data []byte) error
- func (h *Header) X509CertificateChain() []*x509.Certificate
- func (h *Header) X509CertificateSHA1() []byte
- func (h *Header) X509CertificateSHA256() []byte
- func (h *Header) X509URL() *url.URL
- type JWKKeyFinder
- type KeyFinder
- type Message
- type Signature
- type Verifier
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var UnsecureAnyAlgorithm = unsecureAnyAlgorithmVerifier{}
UnsecureAnyAlgorithm is an AlgorithmVerifier that accepts any algorithm.
Functions ¶
This section is empty.
Types ¶
type AlgorithmVerifier ¶ added in v0.1.0
type AlgorithmVerifier interface {
VerifyAlgorithm(ctx context.Context, alg jwa.SignatureAlgorithm) error
}
AlgorithmVerifier verifies the algorithm used for signing.
type AllowedAlgorithms ¶ added in v0.1.0
type AllowedAlgorithms []jwa.SignatureAlgorithm
func (AllowedAlgorithms) VerifyAlgorithm ¶ added in v0.1.0
func (a AllowedAlgorithms) VerifyAlgorithm(ctx context.Context, alg jwa.SignatureAlgorithm) error
type FindKeyFunc ¶
type FindKeyFunc func(ctx context.Context, protected, unprotected *Header) (key sig.SigningKey, err error)
FindKeyFunc is an adapter to allow the use of ordinary functions as KeyFinder.
func (FindKeyFunc) FindKey ¶
func (f FindKeyFunc) FindKey(ctx context.Context, protected, unprotected *Header) (key sig.SigningKey, err error)
type Header ¶
type Header struct {
// Raw is the raw data of JSON-decoded JOSE header.
// JSON numbers are decoded as json.Number to avoid data loss.
Raw map[string]any
// contains filtered or unexported fields
}
Header is a decoded JSON Object Signing and Encryption (JOSE) Header.
func (*Header) Algorithm ¶
func (h *Header) Algorithm() jwa.SignatureAlgorithm
Algorithm is RFC 7515 Section 4.1.1. "alg" (Algorithm) Header Parameter.
func (*Header) Base64 ¶ added in v0.0.5
Base64 gets RFC 7797 Section 3. The "b64" Header Parameter.
func (*Header) ContentType ¶
ContentType is RFC 7517 Section 4.1.10. "cty" (Content Type) Header Parameter.
func (*Header) Critical ¶
Critical gets RFC 7515 Section 4.1.11. "crit" (Critical) Header Parameter.
func (*Header) JWK ¶
JWK is RFC 7515 Section 4.1.3. "jwk" (JSON Web Key) Header Parameter.
func (*Header) JWKSetURL ¶
JWKSetURL is RFC 7515 Section 4.1.2. "jku" (JWK Set URL) Header Parameter.
func (*Header) KeyID ¶
KeyID is RFC 7515 Section 4.1.4. "kid" (Key ID) Header Parameter.
func (*Header) MarshalJSON ¶
func (*Header) SetAlgorithm ¶
func (h *Header) SetAlgorithm(alg jwa.SignatureAlgorithm)
SetAlgorithm sets RFC 7515 Section 4.1.1. "alg" (Algorithm) Header Parameter.
func (*Header) SetBase64 ¶ added in v0.0.5
SetBase64 sets RFC 7797 Section 3. The "b64" Header Parameter. If b64 is false, it adds "b64" into "crit" (Critical) Header Parameter.
func (*Header) SetContentType ¶
SetContentType sets RFC 7517 Section 4.1.10. "cty" (Content Type) Header Parameter.
func (*Header) SetCritical ¶
SetCritical sets RFC 7515 Section 4.1.11. "crit" (Critical) Header Parameter.
func (*Header) SetJWK ¶
SetJWK sets RFC 7515 Section 4.1.3. "jwk" (JSON Web Key) Header Parameter.
func (*Header) SetJWKSetURL ¶
SetJWKSetURL sets RFC 7515 Section 4.1.2. "jku" (JWK Set URL) Header Parameter.
func (*Header) SetKeyID ¶
SetKeyID sets RFC 7515 Section 4.1.4. "kid" (Key ID) Header Parameter.
func (*Header) SetType ¶
SetType sets RFC 7517 Section 4.1.9. "typ" (Type) Header Parameter.
func (*Header) SetX509CertificateChain ¶
func (h *Header) SetX509CertificateChain(x5c []*x509.Certificate)
SetX509CertificateChain sets RFC 7515 Section 4.1.6. "x5c" (X.509 Certificate Chain) Header Parameter.
func (*Header) SetX509CertificateSHA1 ¶
SetX509CertificateSHA1 sets RFC 7515 Section 4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter.
func (*Header) SetX509CertificateSHA256 ¶
SetX509CertificateSHA256 sets RFC 7517 Section 4.1.8. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter.
func (*Header) SetX509URL ¶
SetX509URL sets RFC 7515 Section 4.1.5. "x5u" (X.509 URL) Header Parameter.
func (*Header) Type ¶
Type is RFC 7517 Section 4.1.9. "typ" (Type) Header Parameter.
func (*Header) UnmarshalJSON ¶
func (*Header) X509CertificateChain ¶
func (h *Header) X509CertificateChain() []*x509.Certificate
X509CertificateChain is RFC 7515 Section 4.1.6. "x5c" (X.509 Certificate Chain) Header Parameter.
func (*Header) X509CertificateSHA1 ¶
X509CertificateSHA1 is RFC 7515 Section 4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter.
func (*Header) X509CertificateSHA256 ¶
X509CertificateSHA256 is RFC 7517 Section 4.1.8. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter.
type JWKKeyFinder ¶ added in v0.1.0
JWKKeyFinder returns a specific signing key.
func (*JWKKeyFinder) FindKey ¶ added in v0.1.0
func (f *JWKKeyFinder) FindKey(ctx context.Context, protected, unprotected *Header) (key sig.SigningKey, err error)
type KeyFinder ¶
type KeyFinder interface {
FindKey(ctx context.Context, protected, unprotected *Header) (key sig.SigningKey, err error)
}
KeyFinder finds a signing key for the JWS message.
type Message ¶
type Message struct {
Signatures []*Signature
// contains filtered or unexported fields
}
Message is signed message.
func NewMessage ¶
NewMessage returns a new Message that has no signature.
func NewRawMessage ¶ added in v0.0.5
NewRawMessage returns a new Message that has no signature.
func Parse ¶
Parse parses a Compact Serialized JWS Signature.
Example ¶
package main
import (
"context"
"fmt"
"log"
"github.com/shogo82148/goat/jwa"
"github.com/shogo82148/goat/jwk"
"github.com/shogo82148/goat/jws"
)
func main() {
rawKey := `{"kty":"OKP","crv":"Ed25519",` +
`"x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}`
key, err := jwk.ParseKey([]byte(rawKey))
if err != nil {
log.Fatal(err)
}
v := &jws.Verifier{
AlgorithmVerifier: jws.AllowedAlgorithms{jwa.EdDSA},
KeyFinder: &jws.JWKKeyFinder{JWK: key},
}
raw := "eyJhbGciOiJFZERTQSJ9" +
"." +
"RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc" +
"." +
"hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt" +
"9g7sVvpAr_MuM0KAg"
msg, err := jws.Parse([]byte(raw))
if err != nil {
log.Fatal(err)
}
_, payload, err := v.Verify(context.Background(), msg)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(payload))
}
Output: Example of Ed25519 signing
func (*Message) Compact ¶
Compact encodes JWS Signature into Compact Serialization.
Example ¶
package main
import (
"fmt"
"log"
"github.com/shogo82148/goat/jwa"
"github.com/shogo82148/goat/jwk"
"github.com/shogo82148/goat/jws"
)
func main() {
rawKey := `{"kty":"OKP","crv":"Ed25519",` +
`"d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",` +
`"x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}`
key, err := jwk.ParseKey([]byte(rawKey))
if err != nil {
log.Fatal(err)
}
header := jws.NewHeader()
header.SetAlgorithm(jwa.EdDSA)
msg := jws.NewMessage([]byte("Example of Ed25519 signing"))
if err := msg.Sign(header, nil, jwa.EdDSA.New().NewSigningKey(key)); err != nil {
log.Fatal(err)
}
data, err := msg.Compact()
if err != nil {
log.Fatal(err)
}
fmt.Println(string(data))
}
Output: eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc.hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg
func (*Message) MarshalJSON ¶ added in v0.0.5
func (*Message) Sign ¶
func (msg *Message) Sign(protected, header *Header, key sig.SigningKey) error
Sign adds a new signature signed by key.
func (*Message) UnmarshalJSON ¶
UnmarshalJSON implements encoding/json.Unmarshaler. It parses data as JSON Serialized JWS.
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a signature of Message.
type Verifier ¶ added in v0.1.0
type Verifier struct {
AlgorithmVerifier AlgorithmVerifier
KeyFinder KeyFinder
// contains filtered or unexported fields
}
Verifier verifies the JWS message.
func (*Verifier) Verify ¶ added in v0.1.0
func (v *Verifier) Verify(ctx context.Context, msg *Message) (protected *Header, payload []byte, err error)
Verify verifies the JWS message.
Example ¶
package main
import (
"context"
"fmt"
"log"
"github.com/shogo82148/goat/jwa"
"github.com/shogo82148/goat/jwk"
"github.com/shogo82148/goat/jws"
)
func main() {
rawKey := `{"kty":"OKP","crv":"Ed25519",` +
`"x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}`
key, err := jwk.ParseKey([]byte(rawKey))
if err != nil {
log.Fatal(err)
}
v := &jws.Verifier{
AlgorithmVerifier: jws.AllowedAlgorithms{jwa.EdDSA},
KeyFinder: &jws.JWKKeyFinder{JWK: key},
}
raw := "eyJhbGciOiJFZERTQSJ9" +
"." +
"RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc" +
"." +
"hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt" +
"9g7sVvpAr_MuM0KAg"
msg, err := jws.Parse([]byte(raw))
if err != nil {
log.Fatal(err)
}
_, payload, err := v.Verify(context.Background(), msg)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(payload))
}
Output: Example of Ed25519 signing
Source Files