jwx

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: MIT Imports: 21 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateKeyPair added in v0.10.0 

func GenerateKeyPair(alg jwa.SignatureAlgorithm, rsaKeyLen int) (
	sk crypto.Signer, pk jwk.Key, kid string, err error,
)

GenerateKeyPair generates a cryptographic private key with the passed properties and returns the corresponding public key as a jwk.Key

func ReadSignerFromFile added in v0.10.0 

func ReadSignerFromFile(keyfile string, alg jwa.SignatureAlgorithm) (crypto.Signer, error)

ReadSignerFromFile loads the private key from the passed keyfile

func SignPayload 

func SignPayload(payload []byte, signingAlg jwa.SignatureAlgorithm, key crypto.Signer, headers jws.Headers) (
	[]byte,
	error,
)

SignPayload signs a payload with the passed properties and adds the kid to the jwt header

func SignWithType 

func SignWithType(
	payload []byte, headers jws.Headers, typ string, signingAlg jwa.SignatureAlgorithm, key crypto.Signer,
) ([]byte, error)

SignWithType creates a signed JWT of the passed type for the passed payload using the passed crypto.Signer with the passed jwa.SignatureAlgorithm

func SignerToPublicJWK added in v0.10.0 

func SignerToPublicJWK(sk crypto.Signer, alg jwa.SignatureAlgorithm) (
	pk jwk.Key, kid string, err error,
)

func SupportedAlgs 

func SupportedAlgs() []jwa.SignatureAlgorithm

SupportedAlgs returns the supported signing algorithms as a slice of jwa.SignatureAlgorithm

func SupportedAlgsStrings 

func SupportedAlgsStrings() []string

SupportedAlgsStrings returns the supported signing algorithms as a slice of string

func WriteSignerToFile added in v0.10.0 

func WriteSignerToFile(sk crypto.Signer, filePath string) error

Types

type EntityStatementSigner 

type EntityStatementSigner struct {
	*GeneralJWTSigner
}

EntityStatementSigner is a JWTSigner for oidfedconst.JWTTypeEntityStatement

func NewEntityStatementSigner 

func NewEntityStatementSigner(signer VersatileSigner) *EntityStatementSigner

NewEntityStatementSigner creates a new EntityStatementSigner

func (EntityStatementSigner) JWT 

func (s EntityStatementSigner) JWT(i any) (jwt []byte, err error)

JWT implements the JWTSigner interface

func (EntityStatementSigner) JWTWithHeaders added in v0.9.0 

func (s EntityStatementSigner) JWTWithHeaders(i any, headers jws.Headers) (jwt []byte, err error)

JWTWithHeaders implements the JWTSigner interface

type GeneralJWTSigner 

type GeneralJWTSigner struct {
	// contains filtered or unexported fields
}

GeneralJWTSigner is a general jwt signer with no specific typ

func NewGeneralJWTSigner 

func NewGeneralJWTSigner(
	signer VersatileSigner, algs []jwa.SignatureAlgorithm,
) *GeneralJWTSigner

NewGeneralJWTSigner creates a new GeneralJWTSigner using the passed VersatileSigner. The passed algorithms define which algorithms can be used; the order also implies a preference, where the first alg is the preferred signing algorithm.

func (*GeneralJWTSigner) EntityStatementSigner 

func (s *GeneralJWTSigner) EntityStatementSigner() *EntityStatementSigner

EntityStatementSigner returns an EntityStatementSigner using the same crypto.Signer

func (*GeneralJWTSigner) JWKS 

func (s *GeneralJWTSigner) JWKS() (JWKS, error)

JWKS returns the jwks.JWKS used with this signer

func (GeneralJWTSigner) JWT 

func (s GeneralJWTSigner) JWT(i any, headerType string, algs ...string) (jwt []byte, err error)

JWT returns a signed jwt representation of the passed data with the passed header type

func (GeneralJWTSigner) JWTWithHeaders added in v0.9.0 

func (s GeneralJWTSigner) JWTWithHeaders(i any, headers jws.Headers, headerType string, algs ...string) (
	jwt []byte, err error,
)

JWTWithHeaders returns a signed jwt representation of the passed data with the passed headers and the typ header

func (*GeneralJWTSigner) ResolveResponseSigner 

func (s *GeneralJWTSigner) ResolveResponseSigner() *ResolveResponseSigner

ResolveResponseSigner returns an ResolveResponseSigner using the same crypto.Signer

func (*GeneralJWTSigner) TrustMarkDelegationSigner 

func (s *GeneralJWTSigner) TrustMarkDelegationSigner() *TrustMarkDelegationSigner

TrustMarkDelegationSigner returns an TrustMarkDelegationSigner using the same crypto.Signer

func (*GeneralJWTSigner) TrustMarkSigner 

func (s *GeneralJWTSigner) TrustMarkSigner() *TrustMarkSigner

TrustMarkSigner returns an TrustMarkSigner using the same crypto.Signer

func (*GeneralJWTSigner) Typed 

func (s *GeneralJWTSigner) Typed(headerType string) *TypedJWTSigner

Typed returns a TypedJWTSigner for the passed header type using the same crypto.Signer

type JWKS 

type JWKS struct {
	jwk.Set
}

JWKS is a wrapper type for jwk.Set to implement custom marshaling

func KeyToJWKS 

func KeyToJWKS(publicKey interface{}, alg jwa.SignatureAlgorithm) (JWKS, error)

KeyToJWKS creates a jwk.Set from the passed publicKey and sets the algorithm key in the jwk.Key to the passed jwa.SignatureAlgorithm

func NewJWKS 

func NewJWKS() JWKS

NewJWKS returns a new JWKS

func (JWKS) MarshalJSON 

func (jwks JWKS) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

func (JWKS) MarshalMsgpack 

func (jwks JWKS) MarshalMsgpack() ([]byte, error)

MarshalMsgpack implements the msgpack.Marshaler interface

func (JWKS) MarshalYAML 

func (jwks JWKS) MarshalYAML() (any, error)

MarshalYAML implements the yaml.Marshaler interface.

func (JWKS) MaximalExpirationTime added in v0.10.0 

func (jwks JWKS) MaximalExpirationTime() unixtime.Unixtime

MaximalExpirationTime iterates over all keys in the JWKS if they have an exp claim set and returns the maximal expiration time of all keys.

func (JWKS) MinimalExpirationTime 

func (jwks JWKS) MinimalExpirationTime() unixtime.Unixtime

MinimalExpirationTime iterates over all keys in the JWKS if they have an exp claim set and returns the minimal expiration time of all keys

func (*JWKS) UnmarshalJSON 

func (jwks *JWKS) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

func (*JWKS) UnmarshalMsgpack 

func (jwks *JWKS) UnmarshalMsgpack(data []byte) error

UnmarshalMsgpack implements the msgpack.Unmarshaler interface

func (*JWKS) UnmarshalYAML 

func (jwks *JWKS) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler interface

type JWTSigner 

type JWTSigner interface {
	JWT(i any, alg ...jwa.SignatureAlgorithm) (jwt []byte, err error)
	JWTWithHeaders(i any, headers jws.Headers, alg ...jwa.SignatureAlgorithm) (jwt []byte, err error)
	JWKS() (JWKS, error)
}

JWTSigner is an interface that can give signed jwts

type ResolveResponseSigner 

type ResolveResponseSigner struct {
	*GeneralJWTSigner
}

ResolveResponseSigner is a JWTSigner for oidfedconst.JWTTypeResolveResponse

func NewResolveResponseSigner 

func NewResolveResponseSigner(signer VersatileSigner) *ResolveResponseSigner

NewResolveResponseSigner creates a new ResolveResponseSigner

func (ResolveResponseSigner) JWT 

func (s ResolveResponseSigner) JWT(i any) (jwt []byte, err error)

JWT implements the JWTSigner interface

func (ResolveResponseSigner) JWTWithHeaders added in v0.9.0 

func (s ResolveResponseSigner) JWTWithHeaders(i any, headers jws.Headers) (jwt []byte, err error)

JWTWithHeaders implements the JWTSigner interface

type SingleKeySigner added in v0.10.0 

type SingleKeySigner struct {
	// contains filtered or unexported fields
}

SingleKeySigner is a type implementing the oidfed.VersatileSigner interface but only uses a single key / alg

func NewSingleKeyVersatileSigner 

func NewSingleKeyVersatileSigner(sk crypto.Signer, alg jwa.SignatureAlgorithm) SingleKeySigner

NewSingleKeyVersatileSigner creates a new SingleKeySigner

func (SingleKeySigner) DefaultSigner added in v0.10.0 

func (s SingleKeySigner) DefaultSigner() (crypto.Signer, jwa.SignatureAlgorithm)

DefaultSigner returns a crypto.Signer and the corresponding jwa.SignatureAlgorithm

func (SingleKeySigner) JWKS added in v0.10.0 

func (s SingleKeySigner) JWKS() (JWKS, error)

JWKS returns the jwks.JWKS containing all public keys of this VersatileSigner

func (SingleKeySigner) Signer added in v0.10.0 

func (s SingleKeySigner) Signer(algs ...string) (crypto.Signer, jwa.SignatureAlgorithm)

Signer takes a list of acceptable signature algorithms and returns a usable crypto.Signer or nil as well as the corresponding jwa.SignatureAlgorithm

type TrustMarkDelegationSigner 

type TrustMarkDelegationSigner struct {
	*GeneralJWTSigner
}

TrustMarkDelegationSigner is a JWTSigner for constants. JWTTypeTrustMarkDelegation

func NewTrustMarkDelegationSigner 

func NewTrustMarkDelegationSigner(signer VersatileSigner) *TrustMarkDelegationSigner

NewTrustMarkDelegationSigner creates a new TrustMarkDelegationSigner

func (TrustMarkDelegationSigner) JWT 

func (s TrustMarkDelegationSigner) JWT(i any) (jwt []byte, err error)

JWT implements the JWTSigner interface

func (TrustMarkDelegationSigner) JWTWithHeaders added in v0.9.0 

func (s TrustMarkDelegationSigner) JWTWithHeaders(i any, headers jws.Headers) (
	jwt []byte,
	err error,
)

JWTWithHeaders implements the JWTSigner interface

type TrustMarkSigner 

type TrustMarkSigner struct {
	*GeneralJWTSigner
}

TrustMarkSigner is a JWTSigner for oidfedconst.JWTTypeTrustMark

func NewTrustMarkSigner 

func NewTrustMarkSigner(signer VersatileSigner) *TrustMarkSigner

NewTrustMarkSigner creates a new TrustMarkSigner

func (TrustMarkSigner) JWT 

func (s TrustMarkSigner) JWT(i any) (jwt []byte, err error)

JWT implements the JWTSigner interface

func (TrustMarkSigner) JWTWithHeaders added in v0.9.0 

func (s TrustMarkSigner) JWTWithHeaders(i any, headers jws.Headers) (jwt []byte, err error)

JWTWithHeaders implements the JWTSigner interface

type TypedJWTSigner 

type TypedJWTSigner struct {
	*GeneralJWTSigner
	HeaderType string
}

TypedJWTSigner is a JWTSigner for a specific header type

func (TypedJWTSigner) JWT 

func (s TypedJWTSigner) JWT(i any) (jwt []byte, err error)

JWT implements the JWTSigner interface

type VersatileSigner 

type VersatileSigner interface {
	// Signer takes a list of acceptable signature algorithms and returns a
	// usable crypto.Signer or nil as well as the corresponding
	// jwa.SignatureAlgorithm
	Signer(algs ...string) (crypto.Signer, jwa.SignatureAlgorithm)
	// DefaultSigner returns a crypto.Signer and the corresponding jwa.SignatureAlgorithm
	DefaultSigner() (crypto.Signer, jwa.SignatureAlgorithm)
	// JWKS returns the jwks.JWKS containing all public keys of this VersatileSigner
	JWKS() (JWKS, error)
}

VersatileSigner is an interface type for obtaining a crypto.Signer for a specific jwa. SignatureAlgorithm and the corresponding (full) jwks.JWKS The purpose of this interface is to enable: (1) easy usage of signing with potentially multiple algs, e.g. in oidc the public_key_jwt client auth method might use one alg with one OP and another alg with another OP; this requires different crypto.Signer but we still want to easily access a single combined jwks.JWKS (2) key rotation; by using a function to obtain the crypto.Signer it is possible that the used crypto. Signer changes over time

Source Files

View all Source files

Directories

Path Synopsis
keymanagement
kms
public

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.