Documentation
¶
Overview ¶
Code generated by go generate; DO NOT EDIT.
Index ¶
- Constants
- Variables
- func DisableDebugLogging()
- func EnableDebugLogging()
- func RegisterPolicyOperator(operator PolicyOperator)
- func RegisterPolicyVerifier(v PolicyVerifier)
- func TrustChainScoringPathLen(c TrustChain) int
- type AllowedTrustMarkIssuers
- type CollectedEntity
- type ConstraintSpecification
- type DelegationJWT
- type DisplayNameGuesser
- type EntityCollectionFilter
- func EntityCollectionFilterOPSupportedGrantTypesIncludes(trustAnchorIDs []string, neededGrantTypes ...string) EntityCollectionFilter
- func EntityCollectionFilterOPSupportedScopesIncludes(trustAnchorIDs []string, neededScopes ...string) EntityCollectionFilter
- func EntityCollectionFilterOPSupportsAutomaticRegistration(trustAnchorIDs []string) EntityCollectionFilter
- func EntityCollectionFilterOPSupportsExplicitRegistration(trustAnchorIDs []string) EntityCollectionFilter
- func EntityCollectionFilterOPs() EntityCollectionFilter
- func NewEntityCollectionFilter(filter func(entity *CollectedEntity) bool) EntityCollectionFilter
- type EntityCollectionFilterVerifiedChains
- type EntityCollectionResponse
- type EntityCollector
- type EntityConfigurationTrustMarkConfig
- type EntityStatement
- type EntityStatementPayload
- type EntityStatementSigner
- type Error
- func ErrorInvalidClient(description string) Error
- func ErrorInvalidIssuer(description string) Error
- func ErrorInvalidMetadata(description string) Error
- func ErrorInvalidRequest(description string) Error
- func ErrorInvalidSubject(description string) Error
- func ErrorInvalidTrustAnchor(description string) Error
- func ErrorInvalidTrustChain(description string) Error
- func ErrorNotFound(description string) Error
- func ErrorServerError(description string) Error
- func ErrorTemporarilyUnavailable(description string) Error
- func ErrorUnsupportedParameter(description string) Error
- type FederationEntity
- type FederationEntityMetadata
- func (m FederationEntityMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
- func (m FederationEntityMetadata) GuessDisplayName() string
- func (m FederationEntityMetadata) MarshalJSON() ([]byte, error)
- func (m *FederationEntityMetadata) UnmarshalJSON(data []byte) error
- func (m *FederationEntityMetadata) UnmarshalMsgpack(data []byte) error
- type FederationLeaf
- func (f FederationLeaf) CodeExchange(issuer, code, redirectURI string, additionalParameter url.Values) (*OIDCTokenResponse, *OIDCErrorResponse, error)
- func (f FederationLeaf) GetAuthorizationURL(issuer, redirectURI, state, scope string, additionalParams url.Values) (string, error)
- func (f FederationLeaf) RequestObjectProducer() *RequestObjectProducer
- func (f FederationLeaf) ResolveOPMetadata(issuer string) (*OpenIDProviderMetadata, error)
- type FilterableVerifiedChainsEntityCollector
- type GeneralJWTSigner
- func (s *GeneralJWTSigner) EntityStatementSigner() *EntityStatementSigner
- func (s *GeneralJWTSigner) JWKS() jwks.JWKS
- func (s GeneralJWTSigner) JWT(i any, headerType string) (jwt []byte, err error)
- func (s *GeneralJWTSigner) ResolveResponseSigner() *ResolveResponseSigner
- func (s *GeneralJWTSigner) TrustMarkDelegationSigner() *TrustMarkDelegationSigner
- func (s *GeneralJWTSigner) TrustMarkSigner() *TrustMarkSigner
- func (s *GeneralJWTSigner) Typed(headerType string) *TypedJWTSigner
- type JWSMessages
- type JWTSigner
- type LocalMetadataResolver
- type Metadata
- func (m Metadata) ApplyPolicy(p *MetadataPolicies) (*Metadata, error)
- func (m *Metadata) FindEntityMetadata(entityType string, metadata any) error
- func (m Metadata) GuessDisplayNames() map[string]string
- func (m Metadata) GuessEntityTypes() (entityTypes []string)
- func (m Metadata) IterateStringClaim(tag string, iterator func(entityType, value string))
- func (m Metadata) IterateStringSliceClaim(tag string, iterator func(entityType string, value []string))
- func (m Metadata) MarshalJSON() ([]byte, error)
- func (m *Metadata) UnmarshalJSON(data []byte) error
- type MetadataPolicies
- type MetadataPolicy
- type MetadataPolicyEntry
- type MetadataResolver
- type NamingConstraints
- type OAuthAuthorizationServerMetadata
- func (m OAuthAuthorizationServerMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
- func (m OAuthAuthorizationServerMetadata) GuessDisplayName() string
- func (m OAuthAuthorizationServerMetadata) MarshalJSON() ([]byte, error)
- func (m *OAuthAuthorizationServerMetadata) UnmarshalJSON(data []byte) error
- type OAuthClientMetadata
- type OAuthProtectedResourceMetadata
- func (m OAuthProtectedResourceMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
- func (m OAuthProtectedResourceMetadata) GuessDisplayName() string
- func (m OAuthProtectedResourceMetadata) MarshalJSON() ([]byte, error)
- func (m *OAuthProtectedResourceMetadata) UnmarshalJSON(data []byte) error
- func (m *OAuthProtectedResourceMetadata) UnmarshalMsgpack(data []byte) error
- type OIDCErrorResponse
- type OIDCTokenResponse
- type OpenIDProviderMetadata
- func (m OpenIDProviderMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
- func (m OpenIDProviderMetadata) GuessDisplayName() string
- func (m OpenIDProviderMetadata) MarshalJSON() ([]byte, error)
- func (m *OpenIDProviderMetadata) UnmarshalJSON(data []byte) error
- func (m *OpenIDProviderMetadata) UnmarshalMsgpack(data []byte) error
- type OpenIDRelyingPartyMetadata
- func (m OpenIDRelyingPartyMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
- func (m OpenIDRelyingPartyMetadata) GuessDisplayName() string
- func (m OpenIDRelyingPartyMetadata) MarshalJSON() ([]byte, error)
- func (m *OpenIDRelyingPartyMetadata) UnmarshalJSON(data []byte) error
- func (m *OpenIDRelyingPartyMetadata) UnmarshalMsgpack(data []byte) error
- type OwnedTrustMark
- type PolicyOperator
- type PolicyOperatorName
- type PolicyVerifier
- type RequestObjectProducer
- type ResolveResponse
- type ResolveResponsePayload
- type ResolveResponseSigner
- type SimpleEntityCollector
- type SimpleOPCollector
- type SimpleRemoteEntityCollector
- type SimpleRemoteMetadataResolver
- func (r SimpleRemoteMetadataResolver) Resolve(req apimodel.ResolveRequest) (*Metadata, error)
- func (r SimpleRemoteMetadataResolver) ResolvePossible(req apimodel.ResolveRequest) (bool, bool)
- func (r SimpleRemoteMetadataResolver) ResolveResponse(req apimodel.ResolveRequest) (*ResolveResponse, int, error)
- func (r SimpleRemoteMetadataResolver) ResolveResponsePayload(req apimodel.ResolveRequest) (ResolveResponsePayload, error)
- type SliceOrSingleValue
- type SmartRemoteEntityCollector
- type SmartRemoteMetadataResolver
- func (r SmartRemoteMetadataResolver) Resolve(req apimodel.ResolveRequest) (*Metadata, error)
- func (SmartRemoteMetadataResolver) ResolvePossible(req apimodel.ResolveRequest) (bool, bool)
- func (SmartRemoteMetadataResolver) ResolveResponsePayload(req apimodel.ResolveRequest) (ResolveResponsePayload, error)
- type TrustAnchor
- type TrustAnchors
- type TrustChain
- type TrustChainChecker
- type TrustChainScoringFnc
- type TrustChains
- type TrustChainsFilter
- func NewTrustChainsFilterFromCheckerFnc(checker func(TrustChain) bool) TrustChainsFilter
- func NewTrustChainsFilterFromTrustChainChecker(f TrustChainChecker) TrustChainsFilter
- func TrustChainsFilterMaxPathLength(maxPathLen int) TrustChainsFilter
- func TrustChainsFilterTrustAnchor(anchor string) TrustChainsFilter
- type TrustMark
- func (tm *TrustMark) Delegation() (*DelegationJWT, error)
- func (tm TrustMark) MarshalJSON() ([]byte, error)
- func (tm *TrustMark) UnmarshalJSON(data []byte) error
- func (tm *TrustMark) VerifyExternal(jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec) error
- func (tm *TrustMark) VerifyFederation(ta *EntityStatementPayload) error
- type TrustMarkDelegationSigner
- type TrustMarkInfo
- func (tm TrustMarkInfo) MarshalJSON() ([]byte, error)
- func (tm *TrustMarkInfo) TrustMark() (*TrustMark, error)
- func (tm *TrustMarkInfo) UnmarshalJSON(data []byte) error
- func (tm *TrustMarkInfo) VerifyExternal(jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec) error
- func (tm *TrustMarkInfo) VerifyFederation(ta *EntityStatementPayload) error
- type TrustMarkInfos
- func (tms TrustMarkInfos) Find(matcher func(info TrustMarkInfo) bool) *TrustMarkInfo
- func (tms TrustMarkInfos) FindByID(id string) *TrustMarkInfo
- func (tms TrustMarkInfos) VerifiedExternal(jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec) (verified TrustMarkInfos)
- func (tms TrustMarkInfos) VerifiedFederation(ta *EntityStatementPayload) (verified TrustMarkInfos)
- type TrustMarkIssuer
- type TrustMarkOwner
- type TrustMarkOwnerSpec
- type TrustMarkOwners
- type TrustMarkSigner
- type TrustMarkSpec
- type TrustResolver
- type TypedJWTSigner
- type UIInfo
- type VerifiedChainsEntityCollector
Constants ¶
const ( MatchModeSubstringCaseInsensitive matchMode = "substring-case-insensitive" MatchModeSubstringCaseSensitive matchMode = "substring-case-sensitive" MatchModeExactCaseSensitive matchMode = "exact-case-sensitive" MatchModeExactCaseInsensitive matchMode = "exact-case-insensitive" MatchModeFuzzy matchMode = "fuzzy" )
const ( InvalidRequest = "invalid_request" InvalidClient = "invalid_client" InvalidIssuer = "invalid_issuer" InvalidSubject = "invalid_subject" InvalidTrustAnchor = "invalid_trust_anchor" InvalidTrustChain = "invalid_trust_chain" InvalidMetadata = "invalid_metadata" NotFound = "not_found" ServerError = "server_error" UnsupportedParameter = "unsupported_parameter" )
Constants for some error
Variables ¶
var OperatorOrder = []PolicyOperatorName{ PolicyOperatorValue, PolicyOperatorAdd, PolicyOperatorDefault, PolicyOperatorOneOf, PolicyOperatorSubsetOf, PolicyOperatorSupersetOf, PolicyOperatorEssential, }
OperatorOrder defines the order in which the PolicyOperator are applied. If custom PolicyOperator are implemented they must be added to this slice at the correct position
var ResolverCacheGracePeriod = time.Hour
ResolverCacheGracePeriod is a grace period for the resolver. If a cached statement is not yet expired but will expire within that period, the cached statement will be used but a fresh statement might be requested in the background ( see also ResolverCacheLifetimeElapsedGraceFactor).
var ResolverCacheLifetimeElapsedGraceFactor = 0.5
ResolverCacheLifetimeElapsedGraceFactor is a factor relevant for the grace period for the resolver. If a cached stmt will expire within the ResolverCacheGracePeriod it might be requested in the background before expiration. A fresh statement will only be requested if a certain time already has elapsed. This factor defines how much time (relative to the total lifetime of that statement) must have elapsed so that the statement is refreshed. E.g. a factor of 0. 75 means that a statement will only be refreshed if the statement expires within the ResolverCacheGracePeriod and 75% of the statement's lifetime already have elapsed. The purpose of this factor is to allow a bigger ResolverCacheGracePeriod and still deal with smaller statement lifetimes.
var TrustChainsFilterValidMetadata = NewTrustChainsFilterFromCheckerFnc( func(chain TrustChain) bool { _, err := chain.Metadata() return err == nil }, )
TrustChainsFilterValidMetadata returns a TrustChainsFilter that filters the TrustChains to the ones with valid Metadata
Functions ¶
func RegisterPolicyOperator ¶
func RegisterPolicyOperator(operator PolicyOperator)
RegisterPolicyOperator registers a new PolicyOperator and therefore makes it available to be used
func RegisterPolicyVerifier ¶
func RegisterPolicyVerifier(v PolicyVerifier)
RegisterPolicyVerifier registers a PolicyVerifier
func TrustChainScoringPathLen ¶
func TrustChainScoringPathLen(c TrustChain) int
TrustChainScoringPathLen is a TrustChainScoringFnc that uses the chain's path len
Types ¶
type AllowedTrustMarkIssuers ¶
AllowedTrustMarkIssuers is type for defining which TrustMark can be issued by which entities
type CollectedEntity ¶
type CollectedEntity struct { EntityID string `json:"entity_id"` TrustMarks TrustMarkInfos `json:"trust_marks,omitempty"` TrustChain JWSMessages `json:"trust_chain,omitempty"` EntityTypes []string `json:"entity_types,omitempty"` UIInfos map[string]UIInfo `json:"ui_infos,omitempty"` Extra map[string]any `json:"-"` // contains filtered or unexported fields }
CollectedEntity is a type describing a single collected entity
func (CollectedEntity) MarshalJSON ¶
func (e CollectedEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*CollectedEntity) UnmarshalJSON ¶
func (e *CollectedEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type ConstraintSpecification ¶
type ConstraintSpecification struct { MaxPathLength *int `json:"max_path_length,omitempty"` NamingConstraints *NamingConstraints `json:"naming_constraints,omitempty"` AllowedEntityTypes []string `json:"allowed_entity_types,omitempty"` }
ConstraintSpecification is type for holding constraints according to the oidc fed spec
type DelegationJWT ¶
type DelegationJWT struct { Issuer string `json:"iss"` Subject string `json:"sub"` TrustMarkType string `json:"trust_mark_type"` IssuedAt unixtime.Unixtime `json:"iat"` ExpiresAt *unixtime.Unixtime `json:"exp,omitempty"` Ref string `json:"ref,omitempty"` Extra map[string]interface{} `json:"-"` // contains filtered or unexported fields }
DelegationJWT is a type for holding information about a delegation jwt
func (DelegationJWT) MarshalJSON ¶
func (djwt DelegationJWT) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*DelegationJWT) UnmarshalJSON ¶
func (djwt *DelegationJWT) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
func (DelegationJWT) VerifyExternal ¶
func (djwt DelegationJWT) VerifyExternal(jwks jwks.JWKS) error
VerifyExternal verifies the DelegationJWT by using the passed trust mark owner jwks
func (DelegationJWT) VerifyFederation ¶
func (djwt DelegationJWT) VerifyFederation(ta *EntityStatementPayload) error
VerifyFederation verifies the DelegationJWT by using the passed trust anchor
type DisplayNameGuesser ¶
type DisplayNameGuesser interface {
GuessDisplayName() string
}
DisplayNameGuesser is an interface for types to return a (guessed) display name
type EntityCollectionFilter ¶
type EntityCollectionFilter interface {
Filter(*CollectedEntity) bool
}
EntityCollectionFilter is an interface to filter discovered entities
func EntityCollectionFilterOPSupportedGrantTypesIncludes ¶
func EntityCollectionFilterOPSupportedGrantTypesIncludes( trustAnchorIDs []string, neededGrantTypes ...string, ) EntityCollectionFilter
EntityCollectionFilterOPSupportedGrantTypesIncludes returns an EntityCollectionFilter that filters to OPs that support the passed grant types
func EntityCollectionFilterOPSupportedScopesIncludes ¶
func EntityCollectionFilterOPSupportedScopesIncludes( trustAnchorIDs []string, neededScopes ...string, ) EntityCollectionFilter
EntityCollectionFilterOPSupportedScopesIncludes returns an EntityCollectionFilter that filters to OPs that support the passed scopes
func EntityCollectionFilterOPSupportsAutomaticRegistration ¶
func EntityCollectionFilterOPSupportsAutomaticRegistration( trustAnchorIDs []string, ) EntityCollectionFilter
EntityCollectionFilterOPSupportsAutomaticRegistration returns an EntityCollectionFilter that filters to OPs that support automatic registration
func EntityCollectionFilterOPSupportsExplicitRegistration ¶
func EntityCollectionFilterOPSupportsExplicitRegistration( trustAnchorIDs []string, ) EntityCollectionFilter
EntityCollectionFilterOPSupportsExplicitRegistration returns an EntityCollectionFilter that filters to OPs that support explicit registration
func EntityCollectionFilterOPs ¶
func EntityCollectionFilterOPs() EntityCollectionFilter
EntityCollectionFilterOPs returns an EntityCollectionFilter that filters to OPs
func NewEntityCollectionFilter ¶
func NewEntityCollectionFilter(filter func(entity *CollectedEntity) bool) EntityCollectionFilter
NewEntityCollectionFilter returns an EntityCollectionFilter for a filter func
type EntityCollectionFilterVerifiedChains ¶
type EntityCollectionFilterVerifiedChains struct {
TrustAnchors TrustAnchors
}
EntityCollectionFilterVerifiedChains is a EntityCollectionFilter that filters the discovered OPs to the one that have a valid TrustChain to one of the specified TrustAnchors
func (EntityCollectionFilterVerifiedChains) Filter ¶
func (f EntityCollectionFilterVerifiedChains) Filter(e *CollectedEntity) bool
Filter implements the EntityCollectionFilter interface
type EntityCollectionResponse ¶
type EntityCollectionResponse struct { FederationEntities []*CollectedEntity `json:"federation_entities"` NextEntityID string `json:"next_entity_id,omitempty"` LastUpdated *unixtime.Unixtime `json:"last_updated,omitempty"` Extra map[string]any `json:"-"` }
EntityCollectionResponse is a type describing the response of an entity collection request
type EntityCollector ¶
type EntityCollector interface {
CollectEntities(req apimodel.EntityCollectionRequest) []*CollectedEntity
}
EntityCollector is an interface that discovers / collects Entities in a federation
type EntityConfigurationTrustMarkConfig ¶
type EntityConfigurationTrustMarkConfig struct { TrustMarkType string `yaml:"trust_mark_type"` TrustMarkIssuer string `yaml:"trust_mark_issuer"` SelfIssued bool `yaml:"self_issued"` SelfIssuanceSpec TrustMarkSpec `yaml:"self_issuance_spec"` JWT string `yaml:"trust_mark_jwt"` Refresh bool `yaml:"refresh"` MinLifetime unixtime.DurationInSeconds `yaml:"min_lifetime"` RefreshGracePeriod unixtime.DurationInSeconds `yaml:"refresh_grace_period"` // contains filtered or unexported fields }
EntityConfigurationTrustMarkConfig is a type for specifying the configuration of a TrustMark that should be included in an EntityConfiguration
func (*EntityConfigurationTrustMarkConfig) TrustMarkJWT ¶
func (c *EntityConfigurationTrustMarkConfig) TrustMarkJWT() (string, error)
TrustMarkJWT returns a trust mark jwt for the linked trust mark, if needed the trust mark is refreshed using the trust mark issuer's trust mark endpoint
func (*EntityConfigurationTrustMarkConfig) Verify ¶
func (c *EntityConfigurationTrustMarkConfig) Verify( sub, ownTrustMarkEndpoint string, ownTrustMarkSigner *TrustMarkSigner, ) error
Verify verifies that the EntityConfigurationTrustMarkConfig is correct and also extracts trust mark id and issuer if a trust mark jwt is given as well as sets default values
type EntityStatement ¶
type EntityStatement struct { EntityStatementPayload // contains filtered or unexported fields }
EntityStatement is a type for holding an entity statement, more precisely an entity statement that was obtained as a jwt and created by us
func FetchEntityStatement ¶
func FetchEntityStatement(fetchEndpoint, subID, issID string) (*EntityStatement, error)
FetchEntityStatement fetches an EntityStatement from a fetch endpoint
func GetEntityConfiguration ¶
func GetEntityConfiguration(entityID string) (*EntityStatement, error)
GetEntityConfiguration obtains the entity configuration for the passed entity id and returns it as an EntityStatement
func ParseEntityStatement ¶
func ParseEntityStatement(statementJWT []byte) (*EntityStatement, error)
ParseEntityStatement parses a jwt into an EntityStatement
func (EntityStatement) MarshalMsgpack ¶
func (e EntityStatement) MarshalMsgpack() ([]byte, error)
MarshalMsgpack implements the msgpack.Marshaler interface for usage with caching
func (*EntityStatement) UnmarshalMsgpack ¶
func (e *EntityStatement) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface for usage with caching
type EntityStatementPayload ¶
type EntityStatementPayload struct { Issuer string `json:"iss"` Subject string `json:"sub"` IssuedAt unixtime.Unixtime `json:"iat"` ExpiresAt unixtime.Unixtime `json:"exp"` JWKS jwks.JWKS `json:"jwks"` Audience string `json:"aud,omitempty"` AuthorityHints []string `json:"authority_hints,omitempty"` Metadata *Metadata `json:"metadata,omitempty"` MetadataPolicy *MetadataPolicies `json:"metadata_policy,omitempty"` Constraints *ConstraintSpecification `json:"constraints,omitempty"` CriticalExtensions []string `json:"crit,omitempty"` MetadataPolicyCrit []PolicyOperatorName `json:"metadata_policy_crit,omitempty"` TrustMarks TrustMarkInfos `json:"trust_marks,omitempty"` TrustMarkIssuers AllowedTrustMarkIssuers `json:"trust_mark_issuers,omitempty"` TrustMarkOwners TrustMarkOwners `json:"trust_mark_owners,omitempty"` SourceEndpoint string `json:"source_endpoint,omitempty"` TrustAnchorID string `json:"trust_anchor_id,omitempty"` Extra map[string]interface{} `json:"-"` }
EntityStatementPayload is a type for holding the actual payload of an EntityStatement or EntityConfiguration; additional fields can be set in the Extra claim
func (EntityStatementPayload) MarshalJSON ¶
func (e EntityStatementPayload) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (EntityStatementPayload) TimeValid ¶
func (e EntityStatementPayload) TimeValid() bool
TimeValid checks if the EntityStatementPayload is already valid and not yet expired.
func (*EntityStatementPayload) UnmarshalJSON ¶
func (e *EntityStatementPayload) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
func (*EntityStatementPayload) UnmarshalMsgpack ¶
func (e *EntityStatementPayload) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface.
type EntityStatementSigner ¶
type EntityStatementSigner struct {
*GeneralJWTSigner
}
EntityStatementSigner is a JWTSigner for oidfedconst.JWTTypeEntityStatement
func NewEntityStatementSigner ¶
func NewEntityStatementSigner(key crypto.Signer, alg jwa.SignatureAlgorithm) *EntityStatementSigner
NewEntityStatementSigner creates a new EntityStatementSigner
type Error ¶
type Error struct { Error string `json:"error"` ErrorDescription string `json:"error_description"` }
Error is type for holding an error
func ErrorInvalidClient ¶
ErrorInvalidClient returns an Error for using InvalidClient
func ErrorInvalidIssuer ¶
ErrorInvalidIssuer returns an Error for using InvalidIssuer
func ErrorInvalidMetadata ¶
ErrorInvalidMetadata returns an Error for using InvalidMetadata
func ErrorInvalidRequest ¶
ErrorInvalidRequest returns an Error for using InvalidRequest
func ErrorInvalidSubject ¶
ErrorInvalidSubject returns an Error for using InvalidSubject
func ErrorInvalidTrustAnchor ¶
ErrorInvalidTrustAnchor returns an Error for using InvalidTrustAnchor
func ErrorInvalidTrustChain ¶
ErrorInvalidTrustChain returns an Error for using InvalidTrustChain
func ErrorNotFound ¶
ErrorNotFound returns an Error for using NotFound
func ErrorServerError ¶
ErrorServerError returns an Error for using ServerError
func ErrorTemporarilyUnavailable ¶
ErrorTemporarilyUnavailable returns an Error for using TemporarilyUnavailable
func ErrorUnsupportedParameter ¶
ErrorUnsupportedParameter returns an Error for using UnsupportedParameter
type FederationEntity ¶
type FederationEntity struct { EntityID string Metadata *Metadata AuthorityHints []string ConfigurationLifetime int64 *EntityStatementSigner TrustMarks []*EntityConfigurationTrustMarkConfig TrustMarkIssuers AllowedTrustMarkIssuers TrustMarkOwners TrustMarkOwners Extra map[string]any // contains filtered or unexported fields }
FederationEntity is a type for an entity participating in federations. It holds all relevant information about the federation entity and can be used to create an EntityConfiguration about it
func NewFederationEntity ¶
func NewFederationEntity( entityID string, authorityHints []string, metadata *Metadata, signer *EntityStatementSigner, configurationLifetime int64, extra map[string]any, ) (*FederationEntity, error)
NewFederationEntity creates a new FederationEntity with the passed properties
func (FederationEntity) EntityConfigurationJWT ¶
func (f FederationEntity) EntityConfigurationJWT() ([]byte, error)
EntityConfigurationJWT creates and returns the signed jwt as a []byte for the entity's entity configuration
func (FederationEntity) EntityConfigurationPayload ¶
func (f FederationEntity) EntityConfigurationPayload() *EntityStatementPayload
EntityConfigurationPayload returns an EntityStatementPayload for this FederationEntity
func (FederationEntity) SignEntityStatement ¶
func (f FederationEntity) SignEntityStatement(payload EntityStatementPayload) ([]byte, error)
SignEntityStatement creates a signed JWT for the given EntityStatementPayload; this function is intended to be used on TA/IA
type FederationEntityMetadata ¶
type FederationEntityMetadata struct { FederationFetchEndpoint string `json:"federation_fetch_endpoint,omitempty"` FederationListEndpoint string `json:"federation_list_endpoint,omitempty"` FederationResolveEndpoint string `json:"federation_resolve_endpoint,omitempty"` FederationTrustMarkStatusEndpoint string `json:"federation_trust_mark_status_endpoint,omitempty"` FederationTrustMarkListEndpoint string `json:"federation_trust_mark_list_endpoint,omitempty"` FederationTrustMarkEndpoint string `json:"federation_trust_mark_endpoint,omitempty"` FederationHistoricalLKeysEndpoint string `json:"federation_historical_keys_endpoint,omitempty"` Extra map[string]any `json:"-"` DisplayName string `json:"display_name,omitempty"` Description string `json:"description,omitempty"` Keywords []string `json:"keywords,omitempty"` Contacts []string `json:"contacts,omitempty"` LogoURI string `json:"logo_uri,omitempty"` PolicyURI string `json:"policy_uri,omitempty"` InformationURI string `json:"information_uri,omitempty"` OrganizationName string `json:"organization_name,omitempty"` OrganizationURI string `json:"organization_uri,omitempty"` // contains filtered or unexported fields }
func (FederationEntityMetadata) ApplyPolicy ¶
func (m FederationEntityMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the FederationEntityMetadata
func (FederationEntityMetadata) GuessDisplayName ¶
func (m FederationEntityMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (FederationEntityMetadata) MarshalJSON ¶
func (m FederationEntityMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*FederationEntityMetadata) UnmarshalJSON ¶
func (m *FederationEntityMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*FederationEntityMetadata) UnmarshalMsgpack ¶
func (m *FederationEntityMetadata) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface
type FederationLeaf ¶
type FederationLeaf struct { FederationEntity TrustAnchors TrustAnchors // contains filtered or unexported fields }
FederationLeaf is a type for a leaf entity and holds all relevant information about it; it can also be used to create an EntityConfiguration about it or to start OIDC flows
func NewFederationLeaf ¶
func NewFederationLeaf( entityID string, authorityHints []string, trustAnchors TrustAnchors, metadata *Metadata, signer *EntityStatementSigner, configurationLifetime int64, oidcSigningKey crypto.Signer, oidcSigningAlg jwa.SignatureAlgorithm, extra map[string]any, ) (*FederationLeaf, error)
NewFederationLeaf creates a new FederationLeaf with the passed properties
func (FederationLeaf) CodeExchange ¶
func (f FederationLeaf) CodeExchange( issuer, code, redirectURI string, additionalParameter url.Values, ) (*OIDCTokenResponse, *OIDCErrorResponse, error)
CodeExchange performs an oidc code exchange it creates the mytoken and stores it in the database
func (FederationLeaf) GetAuthorizationURL ¶
func (f FederationLeaf) GetAuthorizationURL( issuer, redirectURI, state, scope string, additionalParams url.Values, ) (string, error)
GetAuthorizationURL creates an authorization url
func (FederationLeaf) RequestObjectProducer ¶
func (f FederationLeaf) RequestObjectProducer() *RequestObjectProducer
RequestObjectProducer returns the entity's RequestObjectProducer
func (FederationLeaf) ResolveOPMetadata ¶
func (f FederationLeaf) ResolveOPMetadata(issuer string) (*OpenIDProviderMetadata, error)
ResolveOPMetadata resolves and returns OpenIDProviderMetadata for the passed issuer url
type FilterableVerifiedChainsEntityCollector ¶
type FilterableVerifiedChainsEntityCollector struct { Collector EntityCollector Filters []EntityCollectionFilter }
FilterableVerifiedChainsEntityCollector is a type implementing EntityCollector that is able to filter the discovered OPs through a number of EntityCollectionFilter
func (FilterableVerifiedChainsEntityCollector) CollectEntities ¶
func (d FilterableVerifiedChainsEntityCollector) CollectEntities(req apimodel.EntityCollectionRequest) (entities []*CollectedEntity)
CollectEntities implements the EntityCollector interface
type GeneralJWTSigner ¶
type GeneralJWTSigner struct {
// contains filtered or unexported fields
}
GeneralJWTSigner is a general jwt signer with no specific typ
func NewGeneralJWTSigner ¶
func NewGeneralJWTSigner(key crypto.Signer, alg jwa.SignatureAlgorithm) *GeneralJWTSigner
NewGeneralJWTSigner creates a new GeneralJWTSigner
func (*GeneralJWTSigner) EntityStatementSigner ¶
func (s *GeneralJWTSigner) EntityStatementSigner() *EntityStatementSigner
EntityStatementSigner returns an EntityStatementSigner using the same crypto.Signer
func (*GeneralJWTSigner) JWKS ¶
func (s *GeneralJWTSigner) JWKS() jwks.JWKS
JWKS returns the jwks.JWKS used with this signer
func (GeneralJWTSigner) JWT ¶
func (s GeneralJWTSigner) JWT(i any, headerType string) (jwt []byte, err error)
JWT returns a signed jwt representation of the passed data with the passed header type
func (*GeneralJWTSigner) ResolveResponseSigner ¶
func (s *GeneralJWTSigner) ResolveResponseSigner() *ResolveResponseSigner
ResolveResponseSigner returns an ResolveResponseSigner using the same crypto.Signer
func (*GeneralJWTSigner) TrustMarkDelegationSigner ¶
func (s *GeneralJWTSigner) TrustMarkDelegationSigner() *TrustMarkDelegationSigner
TrustMarkDelegationSigner returns an TrustMarkDelegationSigner using the same crypto.Signer
func (*GeneralJWTSigner) TrustMarkSigner ¶
func (s *GeneralJWTSigner) TrustMarkSigner() *TrustMarkSigner
TrustMarkSigner returns an TrustMarkSigner using the same crypto.Signer
func (*GeneralJWTSigner) Typed ¶
func (s *GeneralJWTSigner) Typed(headerType string) *TypedJWTSigner
Typed returns a TypedJWTSigner for the passed header type using the same crypto.Signer
type JWSMessages ¶
JWSMessages is a slices of jwx.ParseJWT
func (JWSMessages) MarshalJSON ¶
func (m JWSMessages) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (*JWSMessages) UnmarshalJSON ¶
func (m *JWSMessages) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Marshaler interface.
type LocalMetadataResolver ¶
type LocalMetadataResolver struct{}
LocalMetadataResolver is a MetadataResolver that resolves trust chains and evaluates metadata policies to obtain the final Metadata; it does not use a resolve endpoint
func (LocalMetadataResolver) Resolve ¶
func (r LocalMetadataResolver) Resolve(req apimodel.ResolveRequest) (*Metadata, error)
Resolve implements the MetadataResolver interface
func (LocalMetadataResolver) ResolvePossible ¶
func (LocalMetadataResolver) ResolvePossible(req apimodel.ResolveRequest) (bool, bool)
ResolvePossible implements the MetadataResolver interface
func (LocalMetadataResolver) ResolveResponsePayload ¶
func (r LocalMetadataResolver) ResolveResponsePayload(req apimodel.ResolveRequest) ( res ResolveResponsePayload, err error, )
ResolveResponsePayload implements the MetadataResolver interface
type Metadata ¶
type Metadata struct { OpenIDProvider *OpenIDProviderMetadata `json:"openid_provider,omitempty"` RelyingParty *OpenIDRelyingPartyMetadata `json:"openid_relying_party,omitempty"` OAuthAuthorizationServer *OAuthAuthorizationServerMetadata `json:"oauth_authorization_server,omitempty"` OAuthClient *OAuthClientMetadata `json:"oauth_client,omitempty"` OAuthProtectedResource *OAuthProtectedResourceMetadata `json:"oauth_resource,omitempty"` FederationEntity *FederationEntityMetadata `json:"federation_entity,omitempty"` // Extra contains additional metadata this entity should advertise. Extra map[string]any `json:"-"` }
Metadata is a type for holding the different metadata types
func (Metadata) ApplyPolicy ¶
func (m Metadata) ApplyPolicy(p *MetadataPolicies) (*Metadata, error)
ApplyPolicy applies MetadataPolicies to Metadata and returns the final Metadata
func (*Metadata) FindEntityMetadata ¶
FindEntityMetadata finds metadata for the specified entity type in the metadata and decodes it into the provided metadata object.
func (Metadata) GuessDisplayNames ¶
GuessDisplayNames collects (guessed) display names for all present metadata types.
func (Metadata) GuessEntityTypes ¶
GuessEntityTypes returns a slice of entity types for which metadata is set
func (Metadata) IterateStringClaim ¶
IterateStringClaim collects a claim that has a string value for all metadata types and calls the iterator on it.
func (Metadata) IterateStringSliceClaim ¶
func (m Metadata) IterateStringSliceClaim(tag string, iterator func(entityType string, value []string))
IterateStringSliceClaim collects a claim that has a []string value for all metadata types and calls the iterator on it.
func (Metadata) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*Metadata) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
type MetadataPolicies ¶
type MetadataPolicies struct { OpenIDProvider MetadataPolicy `json:"openid_provider,omitempty"` RelyingParty MetadataPolicy `json:"openid_relying_party,omitempty"` OAuthAuthorizationServer MetadataPolicy `json:"oauth_authorization_server,omitempty"` OAuthClient MetadataPolicy `json:"oauth_client,omitempty"` OAuthProtectedResource MetadataPolicy `json:"oauth_resource,omitempty"` FederationEntity MetadataPolicy `json:"federation_entity,omitempty"` // Extra contains metadata policies for entity types unknown to this module. Extra map[string]MetadataPolicy `json:"-"` }
MetadataPolicies is a type for holding the different MetadataPolicy
func MergeMetadataPolicies ¶
func MergeMetadataPolicies(policies ...*MetadataPolicies) (*MetadataPolicies, error)
MergeMetadataPolicies combines multiples MetadataPolicies from a chain into a single one
func (MetadataPolicies) MarshalJSON ¶
func (m MetadataPolicies) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*MetadataPolicies) UnmarshalJSON ¶
func (m *MetadataPolicies) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
type MetadataPolicy ¶
type MetadataPolicy map[string]MetadataPolicyEntry
MetadataPolicy is a type for holding MetadataPolicyEntry for each relevant attribute
func CombineMetadataPolicy ¶
func CombineMetadataPolicy(pathInfo string, policies ...MetadataPolicy) (MetadataPolicy, error)
CombineMetadataPolicy combines multiples MetadataPolicy into a single MetadataPolicy, at each step verifying that the result is valid
func (MetadataPolicy) Verify ¶
func (p MetadataPolicy) Verify(pathInfo string) error
Verify verifies that the MetadataPolicy is valid
type MetadataPolicyEntry ¶
type MetadataPolicyEntry map[PolicyOperatorName]any
MetadataPolicyEntry is a type for holding the operator value for each operator
func (MetadataPolicyEntry) ApplyTo ¶
ApplyTo applies this MetadataPolicyEntry to the passed value and returns the resulting value
func (MetadataPolicyEntry) Verify ¶
func (p MetadataPolicyEntry) Verify(pathInfo string) error
Verify verifies that the MetadataPolicyEntry is valid
type MetadataResolver ¶
type MetadataResolver interface { Resolve(request apimodel.ResolveRequest) (*Metadata, error) ResolveResponsePayload(request apimodel.ResolveRequest) (ResolveResponsePayload, error) ResolvePossible(request apimodel.ResolveRequest) (validConfirmed, invalidConfirmed bool) }
MetadataResolver is type for resolving the metadata from a StartingEntity to one or multiple TrustAnchors
var DefaultMetadataResolver MetadataResolver = LocalMetadataResolver{}
DefaultMetadataResolver is the default MetadataResolver used within the library to resolve Metadata
type NamingConstraints ¶
type NamingConstraints struct { Permitted []string `json:"permitted,omitempty"` Excluded []string `json:"excluded,omitempty"` }
NamingConstraints is a type for holding constraints about naming
type OAuthAuthorizationServerMetadata ¶
type OAuthAuthorizationServerMetadata OpenIDProviderMetadata
OAuthAuthorizationServerMetadata is a type for holding the metadata about an oauth authorization server
func (OAuthAuthorizationServerMetadata) ApplyPolicy ¶
func (m OAuthAuthorizationServerMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the OAuthAuthorizationServerMetadata
func (OAuthAuthorizationServerMetadata) GuessDisplayName ¶
func (m OAuthAuthorizationServerMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (OAuthAuthorizationServerMetadata) MarshalJSON ¶
func (m OAuthAuthorizationServerMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*OAuthAuthorizationServerMetadata) UnmarshalJSON ¶
func (m *OAuthAuthorizationServerMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type OAuthClientMetadata ¶
type OAuthClientMetadata OpenIDRelyingPartyMetadata
OAuthClientMetadata is a type for holding the metadata about an oauth client
func (OAuthClientMetadata) ApplyPolicy ¶
func (m OAuthClientMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the OAuthClientMetadata
func (OAuthClientMetadata) GuessDisplayName ¶
func (m OAuthClientMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (OAuthClientMetadata) MarshalJSON ¶
func (m OAuthClientMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*OAuthClientMetadata) UnmarshalJSON ¶
func (m *OAuthClientMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type OAuthProtectedResourceMetadata ¶
type OAuthProtectedResourceMetadata struct { Resource string `json:"resource,omitempty"` AuthorizationServers []string `json:"authorization_servers,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` BearerMethodsSupported []string `json:"bearer_methods_supported,omitempty"` ResourceSigningAlgValuesSupported []string `json:"resource_signing_alg_values_supported,omitempty"` ResourceEncryptionAlgValuesSupported []string `json:"resource_encryption_alg_values_supported"` ResourceEncryptionEncValuesSupported []string `json:"resource_encryption_enc_values_supported"` ResourceName string `json:"resource_name,omitempty"` ResourceDocumentation string `json:"resource_documentation,omitempty"` ResourcePolicyURI string `json:"resource_policy_uri,omitempty"` ResourceTOSURI string `json:"resource_tos_uri,omitempty"` Extra map[string]any `json:"-"` SignedJWKSURI string `json:"signed_jwks_uri,omitempty"` JWKSURI string `json:"jwks_uri,omitempty"` JWKS *jwks.JWKS `json:"jwks,omitempty"` DisplayName string `json:"display_name,omitempty"` Description string `json:"description,omitempty"` Keywords []string `json:"keywords,omitempty"` Contacts []string `json:"contacts,omitempty"` LogoURI string `json:"logo_uri,omitempty"` PolicyURI string `json:"policy_uri,omitempty"` InformationURI string `json:"information_uri,omitempty"` OrganizationName string `json:"organization_name,omitempty"` OrganizationURI string `json:"organization_uri,omitempty"` // contains filtered or unexported fields }
func (OAuthProtectedResourceMetadata) ApplyPolicy ¶
func (m OAuthProtectedResourceMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the OAuthProtectedResourceMetadata
func (OAuthProtectedResourceMetadata) GuessDisplayName ¶
func (m OAuthProtectedResourceMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (OAuthProtectedResourceMetadata) MarshalJSON ¶
func (m OAuthProtectedResourceMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*OAuthProtectedResourceMetadata) UnmarshalJSON ¶
func (m *OAuthProtectedResourceMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*OAuthProtectedResourceMetadata) UnmarshalMsgpack ¶
func (m *OAuthProtectedResourceMetadata) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface
type OIDCErrorResponse ¶
type OIDCErrorResponse struct { Error string `json:"error"` ErrorDescription string `json:"error_description,omitempty"` }
OIDCErrorResponse is the error response of an oidc provider
type OIDCTokenResponse ¶
type OIDCTokenResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` ExpiresIn int64 `json:"expires_in"` RefreshToken string `json:"refresh_token"` Scopes string `json:"scope"` IDToken string `json:"id_token"` Extra map[string]any `json:"-"` }
OIDCTokenResponse is the token response of an oidc provider
func (*OIDCTokenResponse) UnmarshalJSON ¶
func (res *OIDCTokenResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type OpenIDProviderMetadata ¶
type OpenIDProviderMetadata struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"` RegistrationEndpoint string `json:"registration_endpoint,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` ResponseTypesSupported []string `json:"response_types_supported"` ResponseModesSupported []string `json:"response_modes_supported,omitempty"` GrantTypesSupported []string `json:"grant_types_supported,omitempty"` ACRValuesSupported []string `json:"acr_values_supported,omitempty"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSignedResponseAlgValuesSupported []string `json:"id_token_signed_response_alg_values_supported,omitempty"` IDTokenEncryptedResponseAlgValuesSupported []string `json:"id_token_encrypted_response_alg_values_supported,omitempty"` IDTokenEncryptedResponseEncValuesSupported []string `json:"id_token_encrypted_response_enc_values_supported,omitempty"` UserinfoSignedResponseAlgValuesSupported []string `json:"userinfo_signed_response_alg_values_supported,omitempty"` UserinfoEncryptedResponseAlgValuesSupported []string `json:"userinfo_encrypted_response_alg_values_supported,omitempty"` UserinfoEncryptedResponseEncValuesSupported []string `json:"userinfo_encrypted_response_enc_values_supported,omitempty"` RequestSignedResponseAlgValuesSupported []string `json:"request_signed_response_alg_values_supported,omitempty"` RequestEncryptedResponseAlgValuesSupported []string `json:"request_encrypted_response_alg_values_supported,omitempty"` RequestEncryptedResponseEncValuesSupported []string `json:"request_encrypted_response_enc_values_supported,omitempty"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"` DisplayValuesSupported []string `json:"display_values_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` ServiceDocumentation string `json:"service_documentation,omitempty"` ClaimsLocalesSupported []string `json:"claims_locales_supported,omitempty"` UILocalesSupported []string `json:"ui_locales_supported,omitempty"` ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"` RequestParameterSupported bool `json:"request_parameter_supported,omitempty"` RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"` RequireRequestURIRegistration bool `json:"require_request_uri_registration,omitempty"` OPPolicyURI string `json:"op_policy_uri,omitempty"` OPTOSURI string `json:"op_tos_uri,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported,omitempty"` RevocationEndpointAuthSigningAlgValuesSupported []string `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"` IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"` IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"` IntrospectionEndpointAuthSigningAlgValuesSupported []string `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"` IntrospectionSigningAlgValuesSupported []string `json:"introspection_signing_alg_values_supported,omitempty"` IntrospectionEncryptionAlgValuesSupported []string `json:"introspection_encryption_alg_values_supported,omitempty"` IntrospectionEncryptionEncValuesSupported []string `json:"introspection_encryption_enc_values_supported,omitempty"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` SignedMetadata string `json:"signed_metadata,omitempty"` DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint,omitempty"` TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty"` MTLSEndpointAliases map[string]string `json:"mtls_endpoint_aliases,omitempty"` NFVTokenSigningAlgValuesSupported []string `json:"nfv_token_signing_alg_values_supported,omitempty"` NFVTokenEncryptionAlgValuesSupported []string `json:"nfv_token_encryption_alg_values_supported,omitempty"` NFVTokenEncryptionEncValuesSupported []string `json:"nfv_token_encryption_enc_values_supported,omitempty"` RequireSignedRequestObject bool `json:"require_signed_request_object,omitempty"` PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint,omitempty"` RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty"` AuthorizationResponseIssParameterSupported bool `json:"authorization_response_iss_parameter_supported,omitempty"` CheckSessionIFrame string `json:"check_session_iframe,omitempty"` FrontchannelLogoutSupported bool `json:"frontchannel_logout_supported,omitempty"` BackchannelLogoutSupported bool `json:"backchannel_logout_supported,omitempty"` BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported,omitempty"` EndSessionEndpoint string `json:"end_session_endpoint,omitempty"` BackchannelTokenDeliveryModesSupported []string `json:"backchannel_token_delivery_modes_supported,omitempty"` BackchannelAuthenticationEndpoint string `json:"backchannel_authentication_endpoint,omitempty"` BackchannelAuthenticationRequestSigningAlgValuesSupported []string `json:"backchannel_authentication_request_signing_alg_values_supported,omitempty"` BackchannelUserCodeParameterSupported bool `json:"backchannel_user_code_parameter_supported,omitempty"` AuthorizationDetailsTypesSupported []string `json:"authorization_details_types_supported,omitempty"` ClientRegistrationTypesSupported []string `json:"client_registration_types_supported"` FederationRegistrationEndpoint string `json:"federation_registration_endpoint,omitempty"` RequestAuthenticationMethodsSupported map[string][]string `json:"request_authentication_methods_supported,omitempty"` RequestAuthenticationSigningAlgValuesSupported []string `json:"request_authentication_signing_alg_values_supported,omitempty"` Extra map[string]any `json:"-"` SignedJWKSURI string `json:"signed_jwks_uri,omitempty"` JWKSURI string `json:"jwks_uri,omitempty"` JWKS *jwks.JWKS `json:"jwks,omitempty"` DisplayName string `json:"display_name,omitempty"` Description string `json:"description,omitempty"` Keywords []string `json:"keywords,omitempty"` Contacts []string `json:"contacts,omitempty"` LogoURI string `json:"logo_uri,omitempty"` PolicyURI string `json:"policy_uri,omitempty"` InformationURI string `json:"information_uri,omitempty"` OrganizationName string `json:"organization_name,omitempty"` OrganizationURI string `json:"organization_uri,omitempty"` // contains filtered or unexported fields }
func (OpenIDProviderMetadata) ApplyPolicy ¶
func (m OpenIDProviderMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the OpenIDProviderMetadata
func (OpenIDProviderMetadata) GuessDisplayName ¶
func (m OpenIDProviderMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (OpenIDProviderMetadata) MarshalJSON ¶
func (m OpenIDProviderMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*OpenIDProviderMetadata) UnmarshalJSON ¶
func (m *OpenIDProviderMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*OpenIDProviderMetadata) UnmarshalMsgpack ¶
func (m *OpenIDProviderMetadata) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface
type OpenIDRelyingPartyMetadata ¶
type OpenIDRelyingPartyMetadata struct { Scope string `json:"scope,omitempty"` RedirectURIS []string `json:"redirect_uris,omitempty"` ResponseTypes []string `json:"response_types,omitempty"` GrantTypes []string `json:"grant_types,omitempty"` ApplicationType string `json:"application_type,omitempty"` Contacts []string `json:"contacts,omitempty"` ClientName string `json:"client_name,omitempty"` LogoURI string `json:"logo_uri,omitempty"` ClientURI string `json:"client_uri,omitempty"` PolicyURI string `json:"policy_uri,omitempty"` TOSURI string `json:"tos_uri,omitempty"` SectorIdentifierURI string `json:"sector_identifier_uri,omitempty"` SubjectType string `json:"subject_type,omitempty"` IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty"` IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty"` IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty"` UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty"` UserinfoEncryptedResponseAlg string `json:"userinfo_encrypted_response_alg,omitempty"` UserinfoEncryptedResponseEnc string `json:"userinfo_encrypted_response_enc,omitempty"` RequestSignedResponseAlg string `json:"request_signed_response_alg,omitempty"` RequestEncryptedResponseAlg string `json:"request_encrypted_response_alg,omitempty"` RequestEncryptedResponseEnc string `json:"request_encrypted_response_enc,omitempty"` TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty"` DefaultMaxAge int64 `json:"default_max_age,omitempty"` RequireAuthTime bool `json:"require_auth_time,omitempty"` DefaultACRValues []string `json:"default_acr_values,omitempty"` InitiateLoginURI string `json:"initiate_login_uri,omitempty"` RequestURIs []string `json:"request_uris,omitempty"` SoftwareID string `json:"software_id,omitempty"` SoftwareVersion string `json:"software_version,omitempty"` ClientID string `json:"client_id,omitempty"` ClientSecret string `json:"client_secret,omitempty"` ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty"` ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty"` RegistrationAccessToken string `json:"registration_access_token,omitempty"` RegistrationClientURI string `json:"registration_client_uri,omitempty"` ClaimsRedirectURIs []string `json:"claims_redirect_uris,omitempty"` NFVTokenSignedResponseAlg string `json:"nfv_token_signed_response_alg,omitempty"` NFVTokenEncryptedResponseAlg string `json:"nfv_token_encrypted_response_alg,omitempty"` NFVTokenEncryptedResponseEnc string `json:"nfv_token_encrypted_response_enc,omitempty"` TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty"` TLSClientAuthSubjectDN string `json:"tls_client_auth_subject_dn,omitempty"` TLSClientAuthSANDNS string `json:"tls_client_auth_san_dns,omitempty"` TLSClientAuthSANURI string `json:"tls_client_auth_san_uri,omitempty"` TLSClientAuthSANIP string `json:"tls_client_auth_san_ip,omitempty"` TLSClientAuthSANEMAIL string `json:"tls_client_auth_san_email,omitempty"` RequireSignedRequestObject bool `json:"require_signed_request_object,omitempty"` RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty"` IntrospectionSignedResponseAlg string `json:"introspection_signed_response_alg,omitempty"` IntrospectionEncryptedResponseAlg string `json:"introspection_encrypted_response_alg,omitempty"` IntrospectionEncryptedResponseEnc string `json:"introspection_encrypted_response_enc,omitempty"` FrontchannelLogoutURI string `json:"frontchannel_logout_uri,omitempty"` FrontchannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required,omitempty"` BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty"` BackchannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty"` PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"` AuthorizationDetailsTypes []string `json:"authorization_details_types,omitempty"` ClientRegistrationTypes []string `json:"client_registration_types"` Extra map[string]any `json:"-"` SignedJWKSURI string `json:"signed_jwks_uri,omitempty"` JWKSURI string `json:"jwks_uri,omitempty"` JWKS *jwks.JWKS `json:"jwks,omitempty"` DisplayName string `json:"display_name,omitempty"` Description string `json:"description,omitempty"` Keywords []string `json:"keywords,omitempty"` InformationURI string `json:"information_uri,omitempty"` OrganizationName string `json:"organization_name,omitempty"` OrganizationURI string `json:"organization_uri,omitempty"` // contains filtered or unexported fields }
func (OpenIDRelyingPartyMetadata) ApplyPolicy ¶
func (m OpenIDRelyingPartyMetadata) ApplyPolicy(policy MetadataPolicy) (any, error)
ApplyPolicy applies a MetadataPolicy to the OpenIDRelyingPartyMetadata
func (OpenIDRelyingPartyMetadata) GuessDisplayName ¶
func (m OpenIDRelyingPartyMetadata) GuessDisplayName() string
GuessDisplayName implements the DisplayNameGuesser interface
func (OpenIDRelyingPartyMetadata) MarshalJSON ¶
func (m OpenIDRelyingPartyMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*OpenIDRelyingPartyMetadata) UnmarshalJSON ¶
func (m *OpenIDRelyingPartyMetadata) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*OpenIDRelyingPartyMetadata) UnmarshalMsgpack ¶
func (m *OpenIDRelyingPartyMetadata) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface
type OwnedTrustMark ¶
type OwnedTrustMark struct { ID string DelegationLifetime time.Duration Ref string Extra map[string]any }
OwnedTrustMark is a type describing the trust marks owned by a TrustMarkOwner
type PolicyOperator ¶
type PolicyOperator interface { // Merge merges two policy operator values and returns the result Merge(a, b any, pathInfo string) (any, error) // Apply applies the policy operator value to the attribute value and returns the result Apply(value any, valueSet bool, policyValue any, essential bool, pathInfo string) (any, bool, error) // Name returns the PolicyOperatorName Name() PolicyOperatorName // MayCombineWith gives a list of PolicyOperatorName with which this PolicyOperator may be combined MayCombineWith() []PolicyOperatorName }
PolicyOperator is an interface implemented by policy operators
func NewPolicyOperator ¶
func NewPolicyOperator( name PolicyOperatorName, merger func(a, b any, pathInfo string) (any, error), applier func(value any, valueSet bool, policyValue any, essential bool, pathInfo string) (any, bool, error), mayCombineWith []PolicyOperatorName, ) PolicyOperator
NewPolicyOperator creates a new PolicyOperator from the passed functions and PolicyOperatorName
type PolicyOperatorName ¶
type PolicyOperatorName string
PolicyOperatorName is the name of a PolicyOperator
const ( PolicyOperatorValue PolicyOperatorName = "value" PolicyOperatorDefault PolicyOperatorName = "default" PolicyOperatorAdd PolicyOperatorName = "add" PolicyOperatorOneOf PolicyOperatorName = "one_of" PolicyOperatorSubsetOf PolicyOperatorName = "subset_of" PolicyOperatorSupersetOf PolicyOperatorName = "superset_of" PolicyOperatorEssential PolicyOperatorName = "essential" )
Constants for PolicyOperatorNames
type PolicyVerifier ¶
type PolicyVerifier func(p MetadataPolicyEntry, pathInfo string) error
PolicyVerifier is a function that verifies a MetadataPolicyEntry
type RequestObjectProducer ¶
type RequestObjectProducer struct { EntityID string // contains filtered or unexported fields }
RequestObjectProducer is a generator for signed request objects
func NewRequestObjectProducer ¶
func NewRequestObjectProducer( entityID string, privateSigningKey crypto.Signer, signingAlg jwa.SignatureAlgorithm, lifetime int64, ) *RequestObjectProducer
NewRequestObjectProducer creates a new RequestObjectProducer with the passed properties
func (RequestObjectProducer) ClientAssertion ¶
func (rop RequestObjectProducer) ClientAssertion(aud string) ([]byte, error)
ClientAssertion creates a new signed client assertion jwt for the passed audience
func (RequestObjectProducer) RequestObject ¶
func (rop RequestObjectProducer) RequestObject(requestValues map[string]any) ([]byte, error)
RequestObject generates a signed request object jwt from the passed requestValues
type ResolveResponse ¶
type ResolveResponse struct { Issuer string `json:"iss"` Subject string `json:"sub"` IssuedAt unixtime.Unixtime `json:"iat"` ExpiresAt unixtime.Unixtime `json:"exp"` Audience string `json:"aud,omitempty"` ResolveResponsePayload `json:",inline"` }
ResolveResponse is a type describing the response of a resolve request
func ParseResolveResponse ¶
func ParseResolveResponse(body []byte) (*ResolveResponse, error)
ParseResolveResponse parses a jwt into a ResolveResponse
func (ResolveResponse) MarshalJSON ¶
func (r ResolveResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
type ResolveResponsePayload ¶
type ResolveResponsePayload struct { Metadata *Metadata `json:"metadata,omitempty"` TrustMarks TrustMarkInfos `json:"trust_marks,omitempty"` TrustChain JWSMessages `json:"trust_chain,omitempty"` Extra map[string]interface{} `json:"-"` }
ResolveResponsePayload holds the actual payload of a resolve response
func (ResolveResponsePayload) MarshalJSON ¶
func (r ResolveResponsePayload) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*ResolveResponsePayload) UnmarshalJSON ¶
func (r *ResolveResponsePayload) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
type ResolveResponseSigner ¶
type ResolveResponseSigner struct {
*GeneralJWTSigner
}
ResolveResponseSigner is a JWTSigner for oidfedconst.JWTTypeResolveResponse
func NewResolveResponseSigner ¶
func NewResolveResponseSigner(key crypto.Signer, alg jwa.SignatureAlgorithm) *ResolveResponseSigner
NewResolveResponseSigner creates a new ResolveResponseSigner
type SimpleEntityCollector ¶
type SimpleEntityCollector struct {
// contains filtered or unexported fields
}
SimpleEntityCollector is an EntityCollector that collects entities in a federation
func (*SimpleEntityCollector) CollectEntities ¶
func (d *SimpleEntityCollector) CollectEntities(req apimodel.EntityCollectionRequest) (entities []*CollectedEntity)
CollectEntities implements the EntityCollector interface
type SimpleOPCollector ¶
type SimpleOPCollector struct{}
SimpleOPCollector is an EntityCollector that uses the SimpleEntityCollector to collect OPs in a federation
func (*SimpleOPCollector) CollectEntities ¶
func (*SimpleOPCollector) CollectEntities(req apimodel.EntityCollectionRequest) (entities []*CollectedEntity)
CollectEntities implements the EntityCollector interface
type SimpleRemoteEntityCollector ¶
type SimpleRemoteEntityCollector struct {
EntityCollectionEndpoint string
}
SimpleRemoteEntityCollector is a EntityCollector that utilizes a given EntityCollectionEndpoint
func (SimpleRemoteEntityCollector) CollectEntities ¶
func (c SimpleRemoteEntityCollector) CollectEntities(req apimodel.EntityCollectionRequest) []*CollectedEntity
CollectEntities queries a remote EntityCollectionEndpoint for the collected entities and implements the EntityCollector interface
type SimpleRemoteMetadataResolver ¶
type SimpleRemoteMetadataResolver struct {
ResolveEndpoint string
}
SimpleRemoteMetadataResolver is a MetadataResolver that utilizes a given ResolveEndpoint
func (SimpleRemoteMetadataResolver) Resolve ¶
func (r SimpleRemoteMetadataResolver) Resolve(req apimodel.ResolveRequest) (*Metadata, error)
Resolve implements the MetadataResolver interface
func (SimpleRemoteMetadataResolver) ResolvePossible ¶
func (r SimpleRemoteMetadataResolver) ResolvePossible(req apimodel.ResolveRequest) (bool, bool)
ResolvePossible implements the MetadataResolver interface
func (SimpleRemoteMetadataResolver) ResolveResponse ¶
func (r SimpleRemoteMetadataResolver) ResolveResponse(req apimodel.ResolveRequest) ( *ResolveResponse, int, error, )
ResolveResponse returns the ResolveResponse from a response endpoint
func (SimpleRemoteMetadataResolver) ResolveResponsePayload ¶
func (r SimpleRemoteMetadataResolver) ResolveResponsePayload(req apimodel.ResolveRequest) ( ResolveResponsePayload, error, )
ResolveResponsePayload implements the MetadataResolver interface
type SliceOrSingleValue ¶
type SliceOrSingleValue[T any] []T
SliceOrSingleValue is a type that supports (un-)marshaling (json) of a slice where a single value might not be expressed as a slice
func (SliceOrSingleValue[T]) MarshalJSON ¶
func (v SliceOrSingleValue[T]) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (SliceOrSingleValue[T]) MarshalYAML ¶
func (v SliceOrSingleValue[T]) MarshalYAML() (interface{}, error)
MarshalYAML implements the yaml.Marshaler interface
func (*SliceOrSingleValue[T]) UnmarshalJSON ¶
func (v *SliceOrSingleValue[T]) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*SliceOrSingleValue[T]) UnmarshalYAML ¶
func (v *SliceOrSingleValue[T]) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML implements the yaml.Unmarshaler interface
type SmartRemoteEntityCollector ¶
type SmartRemoteEntityCollector struct {
TrustAnchors []string
}
SmartRemoteEntityCollector is a EntityCollector that utilizes remote entity collection endpoints. It will iterate through the entity collect endpoints of the given TrustAnchors and stop if one is successful, if no entity collection endpoint is successful, the SimpleEntityCollector is used
func (SmartRemoteEntityCollector) CollectEntities ¶
func (c SmartRemoteEntityCollector) CollectEntities(req apimodel.EntityCollectionRequest) []*CollectedEntity
CollectEntities implements the EntityCollector interface
type SmartRemoteMetadataResolver ¶
type SmartRemoteMetadataResolver struct{}
SmartRemoteMetadataResolver is a MetadataResolver that utilizes remote resolve endpoints. It will iterate through the resolve endpoints of the given TrustAnchors and stop if one is successful, if no resolve endpoint is successful, local resolving is used
func (SmartRemoteMetadataResolver) Resolve ¶
func (r SmartRemoteMetadataResolver) Resolve(req apimodel.ResolveRequest) (*Metadata, error)
Resolve implements the MetadataResolver interface
func (SmartRemoteMetadataResolver) ResolvePossible ¶
func (SmartRemoteMetadataResolver) ResolvePossible(req apimodel.ResolveRequest) (bool, bool)
ResolvePossible implements the MetadataResolver interface
func (SmartRemoteMetadataResolver) ResolveResponsePayload ¶
func (SmartRemoteMetadataResolver) ResolveResponsePayload(req apimodel.ResolveRequest) ( ResolveResponsePayload, error, )
ResolveResponsePayload implements the MetadataResolver interface
type TrustAnchor ¶
type TrustAnchor struct { EntityID string `yaml:"entity_id" json:"entity_id"` JWKS jwks.JWKS `yaml:"jwks" json:"jwks"` }
TrustAnchor is a type for specifying trust anchors
type TrustAnchors ¶
type TrustAnchors []TrustAnchor
TrustAnchors is a slice of TrustAnchor
func NewTrustAnchorsFromEntityIDs ¶
func NewTrustAnchorsFromEntityIDs(anchorIDs ...string) (anchors TrustAnchors)
NewTrustAnchorsFromEntityIDs returns TrustAnchors for the passed entity ids; this does not set jwks.JWKS
func (TrustAnchors) EntityIDs ¶
func (anchors TrustAnchors) EntityIDs() (entityIDs []string)
EntityIDs returns the entity ids as a []string
type TrustChain ¶
type TrustChain []*EntityStatement
TrustChain is a slice of *EntityStatements
func (TrustChain) ExpiresAt ¶
func (c TrustChain) ExpiresAt() unixtime.Unixtime
ExpiresAt returns the expiration time of the TrustChain as a UNIX time stamp
func (TrustChain) Messages ¶
func (c TrustChain) Messages() (msgs JWSMessages)
Messages returns the jwts of the TrustChain
func (TrustChain) Metadata ¶
func (c TrustChain) Metadata() (*Metadata, error)
Metadata returns the final Metadata for this TrustChain, i.e. the Metadata of the leaf entity with MetadataPolicies of authorities applied to it.
func (TrustChain) PathLen ¶
func (c TrustChain) PathLen() int
PathLen returns the path len of a chain as defined by the spec, i.e. the number of intermediates
type TrustChainChecker ¶
type TrustChainChecker interface {
Check(TrustChain) bool
}
TrustChainChecker can check a single TrustChain to determine if it should be included or not, i.e. in a TrustChainsFilter
type TrustChainScoringFnc ¶
type TrustChainScoringFnc func(c TrustChain) int
TrustChainScoringFnc a function type that takes a TrustChain and calculates a score for the chain. This score then can be used to sort TrustChains
type TrustChains ¶
type TrustChains []TrustChain
TrustChains is a slice of multiple TrustChain
func (TrustChains) Filter ¶
func (c TrustChains) Filter(filter ...TrustChainsFilter) TrustChains
Filter filters multiple TrustChains with the passed TrustChainsFilter to a subset
func (TrustChains) SortAsc ¶
func (c TrustChains) SortAsc(scorer TrustChainScoringFnc) TrustChains
SortAsc sorts multiple TrustChains ascending by using the passed TrustChainScoringFnc
func (TrustChains) SortDesc ¶
func (c TrustChains) SortDesc(scorer TrustChainScoringFnc) TrustChains
SortDesc sorts multiple TrustChains descending by using the passed TrustChainScoringFnc
type TrustChainsFilter ¶
type TrustChainsFilter interface {
Filter(TrustChains) TrustChains
}
TrustChainsFilter filters multiple TrustChains to a subset
var TrustChainsFilterMinPathLength TrustChainsFilter = trustChainsFilterPathLength{/* contains filtered or unexported fields */}
TrustChainsFilterMinPathLength is a TrustChainsFilter that filters TrustChains to the chains with the minimal path length
func NewTrustChainsFilterFromCheckerFnc ¶
func NewTrustChainsFilterFromCheckerFnc(checker func(TrustChain) bool) TrustChainsFilter
NewTrustChainsFilterFromCheckerFnc returns a new TrustChainsFilter from the passed checker function
func NewTrustChainsFilterFromTrustChainChecker ¶
func NewTrustChainsFilterFromTrustChainChecker(f TrustChainChecker) TrustChainsFilter
NewTrustChainsFilterFromTrustChainChecker creates a new TrustChainsFilter from a TrustChainChecker
func TrustChainsFilterMaxPathLength ¶
func TrustChainsFilterMaxPathLength(maxPathLen int) TrustChainsFilter
TrustChainsFilterMaxPathLength returns a TrustChainsFilter that filters TrustChains to only the chains that are not longer than the passed maximum path len.
func TrustChainsFilterTrustAnchor ¶
func TrustChainsFilterTrustAnchor(anchor string) TrustChainsFilter
TrustChainsFilterTrustAnchor returns a TrustChainsFilter for the passed trust anchor entity id. The return TrustChainsFilter will filter TrustChains to only chains ending with the passed anchor.
type TrustMark ¶
type TrustMark struct { Issuer string `json:"iss"` Subject string `json:"sub"` TrustMarkType string `json:"trust_mark_type"` IssuedAt unixtime.Unixtime `json:"iat"` LogoURI string `json:"logo_uri,omitempty"` ExpiresAt *unixtime.Unixtime `json:"exp,omitempty"` Ref string `json:"ref,omitempty"` DelegationJWT string `json:"delegation,omitempty"` Extra map[string]interface{} `json:"-"` // contains filtered or unexported fields }
TrustMark is a type for holding a trust mark
func ParseTrustMark ¶
ParseTrustMark parses a trust mark jwt into a TrustMark
func (*TrustMark) Delegation ¶
func (tm *TrustMark) Delegation() (*DelegationJWT, error)
Delegation returns the DelegationJWT (if any) for this TrustMark
func (TrustMark) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*TrustMark) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
func (*TrustMark) VerifyExternal ¶
func (tm *TrustMark) VerifyExternal(jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec) error
VerifyExternal verifies the TrustMark by using the passed trust mark issuer jwks and optionally the passed trust mark owner jwks
func (*TrustMark) VerifyFederation ¶
func (tm *TrustMark) VerifyFederation(ta *EntityStatementPayload) error
VerifyFederation verifies the TrustMark by using the passed trust anchor
type TrustMarkDelegationSigner ¶
type TrustMarkDelegationSigner struct {
*GeneralJWTSigner
}
TrustMarkDelegationSigner is a JWTSigner for constants. JWTTypeTrustMarkDelegation
func NewTrustMarkDelegationSigner ¶
func NewTrustMarkDelegationSigner(key crypto.Signer, alg jwa.SignatureAlgorithm) *TrustMarkDelegationSigner
NewTrustMarkDelegationSigner creates a new TrustMarkDelegationSigner
type TrustMarkInfo ¶
type TrustMarkInfo struct { TrustMarkType string `json:"trust_mark_type" yaml:"type"` TrustMarkJWT string `json:"trust_mark" yaml:"trust_mark"` Extra map[string]interface{} `json:"-" yaml:"-"` // contains filtered or unexported fields }
TrustMarkInfo is a type for holding a trust mark as represented in an EntityConfiguration
func (TrustMarkInfo) MarshalJSON ¶
func (tm TrustMarkInfo) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*TrustMarkInfo) TrustMark ¶
func (tm *TrustMarkInfo) TrustMark() (*TrustMark, error)
TrustMark returns the TrustMark for this TrustMarkInfo
func (*TrustMarkInfo) UnmarshalJSON ¶
func (tm *TrustMarkInfo) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
func (*TrustMarkInfo) VerifyExternal ¶
func (tm *TrustMarkInfo) VerifyExternal( jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec, ) error
VerifyExternal verifies the TrustMarkInfo by using the passed trust mark issuer jwks and optionally the passed trust mark owner jwks
func (*TrustMarkInfo) VerifyFederation ¶
func (tm *TrustMarkInfo) VerifyFederation(ta *EntityStatementPayload) error
VerifyFederation verifies the TrustMarkInfo by using the passed trust anchor
type TrustMarkInfos ¶
type TrustMarkInfos []TrustMarkInfo
TrustMarkInfos is a slice of TrustMarkInfo
func (TrustMarkInfos) Find ¶
func (tms TrustMarkInfos) Find(matcher func(info TrustMarkInfo) bool) *TrustMarkInfo
Find uses the passed function to find the first matching TrustMarkInfo
func (TrustMarkInfos) FindByID ¶
func (tms TrustMarkInfos) FindByID(id string) *TrustMarkInfo
FindByID returns the (first) TrustMarkInfo with the passed id
func (TrustMarkInfos) VerifiedExternal ¶
func (tms TrustMarkInfos) VerifiedExternal( jwks jwks.JWKS, tmo ...TrustMarkOwnerSpec, ) (verified TrustMarkInfos)
VerifiedExternal verifies all TrustMarkInfos by using the passed trust mark issuer jwks and optionally the passed trust mark owner jwks and returns only the valid TrustMarkInfos
func (TrustMarkInfos) VerifiedFederation ¶
func (tms TrustMarkInfos) VerifiedFederation(ta *EntityStatementPayload) (verified TrustMarkInfos)
VerifiedFederation verifies all TrustMarkInfos by using the passed trust anchor and returns only the valid TrustMarkInfos
type TrustMarkIssuer ¶
type TrustMarkIssuer struct { EntityID string *TrustMarkSigner // contains filtered or unexported fields }
TrustMarkIssuer is an entity that can issue TrustMarkInfo
func NewTrustMarkIssuer ¶
func NewTrustMarkIssuer( entityID string, signer *TrustMarkSigner, trustMarkSpecs []TrustMarkSpec, ) *TrustMarkIssuer
NewTrustMarkIssuer creates a new TrustMarkIssuer
func (*TrustMarkIssuer) AddTrustMark ¶
func (tmi *TrustMarkIssuer) AddTrustMark(spec TrustMarkSpec)
AddTrustMark adds a TrustMarkSpec to the TrustMarkIssuer enabling it to issue the TrustMarkInfo
func (TrustMarkIssuer) IssueTrustMark ¶
func (tmi TrustMarkIssuer) IssueTrustMark(trustMarkType, sub string, lifetime ...time.Duration) ( *TrustMarkInfo, error, )
IssueTrustMark issues a TrustMarkInfo for the passed trust mark id and subject; optionally a custom lifetime can be passed
func (*TrustMarkIssuer) TrustMarkTypes ¶
func (tmi *TrustMarkIssuer) TrustMarkTypes() []string
TrustMarkTypes returns a slice of the trust mark ids for which this TrustMarKIssuer can issue TrustMarks
type TrustMarkOwner ¶
type TrustMarkOwner struct { EntityID string *TrustMarkDelegationSigner // contains filtered or unexported fields }
TrustMarkOwner is a type describing the owning entity of a trust mark; it can be used to issue DelegationJWT
func NewTrustMarkOwner ¶
func NewTrustMarkOwner( entityID string, signer *TrustMarkDelegationSigner, ownedTrustMarks []OwnedTrustMark, ) *TrustMarkOwner
NewTrustMarkOwner creates a new TrustMarkOwner
func (*TrustMarkOwner) AddTrustMark ¶
func (tmo *TrustMarkOwner) AddTrustMark(spec OwnedTrustMark)
AddTrustMark adds a new OwnedTrustMark to the TrustMarkOwner
func (TrustMarkOwner) DelegationJWT ¶
func (tmo TrustMarkOwner) DelegationJWT(trustMarkType, sub string, lifetime ...time.Duration) ([]byte, error)
DelegationJWT issues a DelegationJWT (as []byte) for the passed trust mark id and subject; optionally a custom lifetime can be passed
type TrustMarkOwnerSpec ¶
type TrustMarkOwnerSpec struct { ID string `json:"sub" yaml:"entity_id"` JWKS jwks.JWKS `json:"jwks" yaml:"jwks"` }
TrustMarkOwnerSpec describes the owner of a trust mark
func (*TrustMarkOwnerSpec) UnmarshalJSON ¶
func (tmo *TrustMarkOwnerSpec) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
func (*TrustMarkOwnerSpec) UnmarshalMsgpack ¶
func (tmo *TrustMarkOwnerSpec) UnmarshalMsgpack(data []byte) error
UnmarshalMsgpack implements the msgpack.Unmarshaler interface.
type TrustMarkOwners ¶
type TrustMarkOwners map[string]TrustMarkOwnerSpec
TrustMarkOwners defines owners for TrustMarks
type TrustMarkSigner ¶
type TrustMarkSigner struct {
*GeneralJWTSigner
}
TrustMarkSigner is a JWTSigner for oidfedconst.JWTTypeTrustMark
func NewTrustMarkSigner ¶
func NewTrustMarkSigner(key crypto.Signer, alg jwa.SignatureAlgorithm) *TrustMarkSigner
NewTrustMarkSigner creates a new TrustMarkSigner
type TrustMarkSpec ¶
type TrustMarkSpec struct { TrustMarkType string `json:"trust_mark_type" yaml:"trust_mark_type"` Lifetime unixtime.DurationInSeconds `json:"lifetime" yaml:"lifetime"` Ref string `json:"ref" yaml:"ref"` LogoURI string `json:"logo_uri" yaml:"logo_uri"` Extra map[string]any `json:"-" yaml:"-"` IncludeExtraClaimsInInfo bool `json:"include_extra_claims_in_info" yaml:"include_extra_claims_in_info"` DelegationJWT string `json:"delegation_jwt" yaml:"delegation_jwt"` }
TrustMarkSpec describes a TrustMark for a TrustMarkIssuer
func (TrustMarkSpec) MarshalJSON ¶
func (tms TrustMarkSpec) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (TrustMarkSpec) MarshalYAML ¶
func (tms TrustMarkSpec) MarshalYAML() (any, error)
MarshalYAML implements the yaml.Marshaler interface
func (*TrustMarkSpec) UnmarshalJSON ¶
func (tms *TrustMarkSpec) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
func (*TrustMarkSpec) UnmarshalYAML ¶
func (tms *TrustMarkSpec) UnmarshalYAML(data *yaml.Node) error
UnmarshalYAML implements the yaml.Unmarshaler interface
type TrustResolver ¶
type TrustResolver struct { TrustAnchors []TrustAnchor StartingEntity string Types []string // contains filtered or unexported fields }
TrustResolver is type for resolving trust chains from a StartingEntity to one or multiple TrustAnchors
func (TrustResolver) Chains ¶
func (r TrustResolver) Chains() (chains TrustChains)
Chains returns the TrustChains in the internal trust tree
func (*TrustResolver) Resolve ¶
func (r *TrustResolver) Resolve()
Resolve starts the trust chain resolution process, building an internal trust tree
func (*TrustResolver) ResolveToValidChains ¶
func (r *TrustResolver) ResolveToValidChains() TrustChains
ResolveToValidChains starts the trust chain resolution process, building an internal trust tree, verifies the signatures, integrity, expirations, and metadata policies and returns all possible valid TrustChains
func (*TrustResolver) ResolveToValidChainsWithoutVerifyingMetadata ¶
func (r *TrustResolver) ResolveToValidChainsWithoutVerifyingMetadata() TrustChains
ResolveToValidChainsWithoutVerifyingMetadata starts the trust chain resolution process, building an internal trust tree, verifies the signatures, integrity, expirations, but not metadata policies and returns all possible valid TrustChains
func (*TrustResolver) VerifySignatures ¶
func (r *TrustResolver) VerifySignatures()
VerifySignatures verifies the signatures of the internal trust tree
type TypedJWTSigner ¶
type TypedJWTSigner struct { *GeneralJWTSigner HeaderType string }
TypedJWTSigner is a JWTSigner for a specific header type
type UIInfo ¶
type UIInfo struct { DisplayName string `json:"display_name,omitempty"` Description string `json:"description,omitempty"` Keywords []string `json:"keywords,omitempty"` LogoURI string `json:"logo_uri,omitempty"` PolicyURI string `json:"policy_uri,omitempty"` InformationURI string `json:"information_uri,omitempty"` Extra map[string]any `json:"-"` }
func (UIInfo) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface
func (*UIInfo) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface
type VerifiedChainsEntityCollector ¶
type VerifiedChainsEntityCollector struct{}
VerifiedChainsEntityCollector is an EntityCollector that compared to SimpleEntityCollector additionally verifies that there is a valid TrustChain between the entity and one of the specified trust anchors
func (VerifiedChainsEntityCollector) CollectEntities ¶
func (VerifiedChainsEntityCollector) CollectEntities(req apimodel.EntityCollectionRequest) (entities []*CollectedEntity)
CollectEntities implements the EntityCollector interface
Source Files
¶
- authcode.go
- discovery.go
- entitystatement.go
- error.go
- federation.go
- jwtsigning.go
- logging.go
- metadata.go
- metadataPolicy.go
- metadata_generated.go
- metadata_input.go
- metadata_resolver.go
- mock_authority.go
- mock_general.go
- mock_http.go
- mock_op.go
- mock_proxy.go
- mock_rp.go
- mock_tm.go
- policyoperators.go
- policyverifiers.go
- sliceorsinglevalue.go
- trustanchor.go
- trustchain.go
- trustchainfilter.go
- trustmark.go
- trustmark_refresher.go
- trustresolver.go