Documentation
¶
Index ¶
- Variables
- func CalcKID(key jwk.Key) (string, error)
- func GetEndorsedKID(t jwt.Token) (string, error)
- func GetKID(key jwk.Key) (string, error)
- func SetKID(key jwk.Key, force bool) error
- func SetKIDs(set jwk.Set, alg *jwa.SignatureAlgorithm) (jwk.Set, error)
- func VerifyConstraints(emblem jwt.Token, endorsement jwt.Token) error
- type ChannelMask
- type EmbeddedKey
- type EmblemConstraints
- type LeafHash
- type LogConfig
- type PurposeMask
Constants ¶
This section is empty.
Variables ¶
View Source
var EmblemValidator = jwt.ValidatorFunc(func(_ context.Context, t jwt.Token) jwt.ValidationError { if err := validateCommon(t); err != nil { return err } if _, ok := t.Get("ass"); !ok { return ErrAssMissing } if _, ok := t.Get("log"); ok { return ErrLogClaim } return nil })
Validation function for emblem tokens.
View Source
var EndorsementValidator = jwt.ValidatorFunc(func(_ context.Context, t jwt.Token) jwt.ValidationError { if err := validateCommon(t); err != nil { return err } end, ok := t.Get("end") if ok { _, check := end.(bool) if !check { return ErrIllegalType } } else { return ErrEndMissing } return nil })
Validation function for endorsement tokens.
View Source
var ErrAlgMissing = errors.New("input key misses algorithm")
View Source
var ErrAssMissing = jwt.NewValidationError(errors.New("emblems require ass claim"))
View Source
var ErrAssetConstraint = errors.New("emblem does not satisfy asset constraint")
View Source
var ErrDstConstraint = errors.New("emblem does not satisfy dst constraint")
View Source
var ErrEndMissing = jwt.NewValidationError(errors.New("endorsements require end claim"))
View Source
var ErrIllegalConst = errors.New("json element is illegal constant")
View Source
var ErrIllegalType = jwt.NewValidationError(errors.New("illegal claim type"))
View Source
var ErrIllegalVersion = jwt.NewValidationError(errors.New("illegal version"))
View Source
var ErrLogClaim = jwt.NewValidationError(errors.New("emblems must not contain a log claim"))
View Source
var ErrNoEndorsedKey = errors.New("no endorsed key present")
View Source
var ErrPrpConstraint = errors.New("emblem does not satisfy prp constraint")
View Source
var ErrWndConstraint = errors.New("emblem does not satisfy wnd constraint")
Functions ¶
func CalcKID ¶
Calculate a key's KID by hashing it using a canonical JSON representation and SHA256. This function will drop any private-key parameters.
func GetEndorsedKID ¶
Get the KID of a key endorsed in an emblem. If the endorsed key has no KID, it will be calculated.
Types ¶
type ChannelMask ¶
type ChannelMask byte
const DNS ChannelMask = 0b0000_0001
const TLS ChannelMask = 0b0000_0010
const UDP ChannelMask = 0b0000_0100
func (*ChannelMask) MarshalJSON ¶
func (cm *ChannelMask) MarshalJSON() ([]byte, error)
func (*ChannelMask) UnmarshalJSON ¶
func (cm *ChannelMask) UnmarshalJSON(bs []byte) error
type EmbeddedKey ¶
Wrapper type to parse "key" field as jwk.Key.
func (*EmbeddedKey) UnmarshalJSON ¶
func (ek *EmbeddedKey) UnmarshalJSON(bs []byte) (err error)
Attempt to parse a JSON value as string that contains a single JWK in JSON encoding.
type EmblemConstraints ¶
type EmblemConstraints struct {
Purpose *PurposeMask `json:"prp,omitempty"`
Distribution *ChannelMask `json:"dst,omitempty"`
Assets []*ident.AI `json:"ass,omitempty"`
Window *int `json:"wnd,omitempty"`
}
type LeafHash ¶
Wrapper type for easier JSON unmarshalling of base64-encoded JSON strings of leaf hashes.
func (*LeafHash) MarshalJSON ¶
func (*LeafHash) UnmarshalJSON ¶
Attempt to parse a JSON value as string that contains a base64-encoded leaf hash.
type PurposeMask ¶
type PurposeMask byte
const Indicative PurposeMask = 0b0000_0010
const Protective PurposeMask = 0b0000_0001
func (*PurposeMask) MarshalJSON ¶
func (pm *PurposeMask) MarshalJSON() ([]byte, error)
func (*PurposeMask) UnmarshalJSON ¶
func (pm *PurposeMask) UnmarshalJSON(in []byte) error
Source Files
Click to show internal directories.
Click to hide internal directories.