 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Constants
- func ParseJwtHeaders(jwtValue string) (map[string]interface{}, error)
- type CryptoKeyProperties
- type CryptoProperties
- type FileJwkStore
- func (s *FileJwkStore) LoadAll(_ context.Context, names ...string) ([]Jwk, error)
- func (s *FileJwkStore) LoadByKid(_ context.Context, kid string) (Jwk, error)
- func (s *FileJwkStore) LoadByName(_ context.Context, name string) (Jwk, error)
- func (s *FileJwkStore) Rotate(_ context.Context, name string) error
 
- type Jwk
- type JwkRotator
- type JwkStore
- type JwtDecoder
- type JwtEncoder
- type JwtProperties
- type KeyFormatType
- type PlaintextJwtDecoder
- type PrivateJwk
- type RSJwtDecoder
- type RSJwtEncoder
- type RsaKeyPair
- type RsaPublicKey
- type SingleJwkStore
- type StaticJwkStore
- func (s *StaticJwkStore) LoadAll(ctx context.Context, names ...string) ([]Jwk, error)
- func (s *StaticJwkStore) LoadByKid(_ context.Context, kid string) (Jwk, error)
- func (s *StaticJwkStore) LoadByName(_ context.Context, name string) (Jwk, error)
- func (s *StaticJwkStore) Rotate(ctx context.Context, name string) error
 
Constants ¶
const ( JwtHeaderType = "typ" JwtHeaderAlgorithm = "alg" JwtHeaderKid = "kid" )
const CryptoKeysPropertiesPrefix = "security"
    Variables ¶
This section is empty.
Functions ¶
func ParseJwtHeaders ¶
ParseJwtHeaders extract JWT's headers without verifying the token
Types ¶
type CryptoKeyProperties ¶
type CryptoKeyProperties struct {
	Id        string `json:"id"`
	KeyFormat string `json:"format"`
	Location  string `json:"file"`
	Password  string `json:"password"`
}
    func (CryptoKeyProperties) Format ¶
func (p CryptoKeyProperties) Format() KeyFormatType
type CryptoProperties ¶
type CryptoProperties struct {
	Keys map[string]CryptoKeyProperties `json:"keys"`
	Jwt  JwtProperties                  `json:"jwt"`
}
    func BindCryptoProperties ¶
func BindCryptoProperties(ctx *bootstrap.ApplicationContext) CryptoProperties
BindCryptoProperties create and bind CryptoProperties, with a optional prefix
func NewCryptoProperties ¶
func NewCryptoProperties() *CryptoProperties
CryptoProperties create a SessionProperties with default values
type FileJwkStore ¶
type FileJwkStore struct {
	// contains filtered or unexported fields
}
    FileJwkStore implements JwkStore and JwkRotator This store uses load key files for public and private keys. File locations and "kids" are read from properties. And rotate between pre-defined keys
func NewFileJwkStore ¶
func NewFileJwkStore(props CryptoProperties) *FileJwkStore
func (*FileJwkStore) LoadByName ¶
type JwkRotator ¶
type JwkStore ¶
type JwkStore interface {
	// LoadByKid returns the JWK associated with given KID.
	// This method is usually used when decoding/verifiying JWT token
	LoadByKid(ctx context.Context, kid string) (Jwk, error)
	// LoadByKid returns the JWK associated with given name.
	// The method might return different JWK for same name, if the store is also support rotation
	// This method is usually used when encoding/encrypt JWT token
	LoadByName(ctx context.Context, name string) (Jwk, error)
	// LoadAll return all JWK with given names. If name is not provided, all JWK is returned
	LoadAll(ctx context.Context, names ...string) ([]Jwk, error)
}
    type JwtDecoder ¶
type JwtEncoder ¶
type JwtProperties ¶
type JwtProperties struct {
	KeyName string `json:"key-name"`
}
    type PlaintextJwtDecoder ¶
type PlaintextJwtDecoder struct {
	// contains filtered or unexported fields
}
    PlaintextJwtDecoder implements JwtEncoder
func NewPlaintextJwtDecoder ¶
func NewPlaintextJwtDecoder() *PlaintextJwtDecoder
func (*PlaintextJwtDecoder) DecodeWithClaims ¶
func (dec *PlaintextJwtDecoder) DecodeWithClaims(_ context.Context, tokenString string, claims interface{}) (err error)
type PrivateJwk ¶
type PrivateJwk interface {
	Jwk
	Private() crypto.PrivateKey
}
    type RSJwtDecoder ¶
type RSJwtDecoder struct {
	// contains filtered or unexported fields
}
    RSJwtDecoder implements JwtEncoder
func NewRS256JwtDecoder ¶
func NewRS256JwtDecoder(jwkStore JwkStore, defaultJwkName string) *RSJwtDecoder
func (*RSJwtDecoder) DecodeWithClaims ¶
func (dec *RSJwtDecoder) DecodeWithClaims(ctx context.Context, tokenString string, claims interface{}) (err error)
type RSJwtEncoder ¶
type RSJwtEncoder struct {
	// contains filtered or unexported fields
}
    RSJwtEncoder implements JwtEncoder
func NewRS256JwtEncoder ¶
func NewRS256JwtEncoder(jwkStore JwkStore, jwkName string) *RSJwtEncoder
type RsaKeyPair ¶
type RsaKeyPair struct {
	// contains filtered or unexported fields
}
    ********************
Implements ********************
RsaKeyPair implements Jwk and PrivateJwk
func NewRsaPrivateJwk ¶
func NewRsaPrivateJwk(kid string, name string, privateKey *rsa.PrivateKey) *RsaKeyPair
func (*RsaKeyPair) Id ¶
func (k *RsaKeyPair) Id() string
func (*RsaKeyPair) Name ¶
func (k *RsaKeyPair) Name() string
func (*RsaKeyPair) Private ¶
func (k *RsaKeyPair) Private() crypto.PrivateKey
func (*RsaKeyPair) Public ¶
func (k *RsaKeyPair) Public() crypto.PublicKey
type RsaPublicKey ¶
type RsaPublicKey struct {
	// contains filtered or unexported fields
}
    RsaPublicKey implements Jwk
func (*RsaPublicKey) Id ¶
func (k *RsaPublicKey) Id() string
func (*RsaPublicKey) Name ¶
func (k *RsaPublicKey) Name() string
func (*RsaPublicKey) Public ¶
func (k *RsaPublicKey) Public() crypto.PublicKey
type SingleJwkStore ¶
type SingleJwkStore struct {
	// contains filtered or unexported fields
}
    SingleJwkStore implements JwkStore This store always returns single JWK if kid matches, return error if not This store is majorly for testing
func NewSingleJwkStore ¶
func NewSingleJwkStore(kid string) *SingleJwkStore
func (*SingleJwkStore) LoadByName ¶
type StaticJwkStore ¶
type StaticJwkStore struct {
	// contains filtered or unexported fields
}
    StaticJwkStore implements JwkStore and JwkRotator This store uses "kid" as seed to generate PrivateJwk. For same "kid" the returned key is same this one is not thread safe
func NewStaticJwkStore ¶
func NewStaticJwkStore(kids ...string) *StaticJwkStore