jose

package
Version: v0.0.0-...-9823ec8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 13, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package jose provides Javascript Object Signing and Encryption

Index

Constants

View Source
const (
	ValidatorNamespace = "github.com/starvn/sonic/auth/jose/validator"
	SignerNamespace    = "github.com/starvn/sonic/auth/jose/signer"
)

Variables

View Source
var (
	ErrInsecureJWKSource = errors.New("JWK client is using an insecure connection to the JWK service")
	ErrPinnedKeyNotFound = errors.New("JWK client did not find a pinned key")
)
View Source
var (
	ErrNoValidatorCfg = errors.New("no validator config")
	ErrNoSignerCfg    = errors.New("no signer config")
)
View Source
var (
	ErrNoKeyFound    = errors.New("no Keys have been found")
	ErrKeyExpired    = errors.New("key exists but is expired")
	MaxKeyAgeNoCheck = time.Duration(-1)
)

Functions

func CalculateHeadersToPropagate

func CalculateHeadersToPropagate(propagationCfg [][]string, claims map[string]interface{}) (map[string]string, error)

func CanAccess

func CanAccess(roleKey string, claims map[string]interface{}, required []string) bool

func CanAccessNested

func CanAccessNested(roleKey string, claims map[string]interface{}, required []string) bool

func CompoundX5TKeyIDGetter

func CompoundX5TKeyIDGetter(key *jose.JSONWebKey) string

func CompoundX5TTokenKeyIDGetter

func CompoundX5TTokenKeyIDGetter(token *jwt.JSONWebToken) string

func DecodeFingerprints

func DecodeFingerprints(in []string) ([][]byte, error)

func DefaultKeyIDGetter

func DefaultKeyIDGetter(key *jose.JSONWebKey) string

func DefaultTokenKeyIDGetter

func DefaultTokenKeyIDGetter(token *jwt.JSONWebToken) string

func NewSigner

func NewSigner(cfg *config.EndpointConfig, te auth0.RequestTokenExtractor) (*SignerConfig, Signer, error)

func NewValidator

func NewValidator(signatureConfig *SignatureConfig, ef ExtractorFactory) (*auth0.JWTValidator, error)

func ScopesAllMatcher

func ScopesAllMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func ScopesAnyMatcher

func ScopesAnyMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func ScopesDefaultMatcher

func ScopesDefaultMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func SignFields

func SignFields(keys []string, signer Signer, response *proxy.Response) error

func X5TKeyIDGetter

func X5TKeyIDGetter(key *jose.JSONWebKey) string

func X5TTokenKeyIDGetter

func X5TTokenKeyIDGetter(token *jwt.JSONWebToken) string

Types

type ChainedRejecterFactory

type ChainedRejecterFactory []RejecterFactory

func (ChainedRejecterFactory) New

type Claims

type Claims map[string]interface{}

func (Claims) Get

func (c Claims) Get(name string) (string, bool)

type Dialer

type Dialer struct {
	// contains filtered or unexported fields
}

func NewDialer

func NewDialer(cfg SecretProviderConfig) *Dialer

func (*Dialer) DialContext

func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

func (*Dialer) DialTLS

func (d *Dialer) DialTLS(network, addr string) (net.Conn, error)

type ExtractorFactory

type ExtractorFactory func(string) func(r *http.Request) (*jwt.JSONWebToken, error)

type FileKeyCacher

type FileKeyCacher struct {
	// contains filtered or unexported fields
}

func NewFileKeyCacher

func NewFileKeyCacher(data []byte, keyIdentifyStrategy string) (*FileKeyCacher, error)

func (*FileKeyCacher) Add

func (f *FileKeyCacher) Add(keyID string, _ []jose.JSONWebKey) (*jose.JSONWebKey, error)

func (*FileKeyCacher) Get

func (f *FileKeyCacher) Get(keyID string) (*jose.JSONWebKey, error)

type FixedRejecter

type FixedRejecter bool

func (FixedRejecter) Reject

func (f FixedRejecter) Reject(_ map[string]interface{}) bool

type JWKClient

type JWKClient struct {
	*auth0.JWKClient
	// contains filtered or unexported fields
}

func NewJWKClientWithCache

func NewJWKClientWithCache(options JWKClientOptions, extractor auth0.RequestTokenExtractor, keyCacher auth0.KeyCacher) *JWKClient

func SecretProvider

func SecretProvider(cfg SecretProviderConfig, te auth0.RequestTokenExtractor) (*JWKClient, error)

func (*JWKClient) GetSecret

func (j *JWKClient) GetSecret(r *http.Request) (interface{}, error)

type JWKClientOptions

type JWKClientOptions struct {
	auth0.JWKClientOptions
	KeyIdentifyStrategy string
}

type KeyCacher

type KeyCacher interface {
	Get(keyID string) (*jose.JSONWebKey, error)
	Add(keyID string, webKeys []jose.JSONWebKey) (*jose.JSONWebKey, error)
}

func NewMemoryKeyCacher

func NewMemoryKeyCacher(maxKeyAge time.Duration, maxCacheSize int, keyIdentifyStrategy string) KeyCacher

type KeyIDGetter

type KeyIDGetter interface {
	Get(*jose.JSONWebKey) string
}

func KeyIDGetterFactory

func KeyIDGetterFactory(keyIdentifyStrategy string) KeyIDGetter

type KeyIDGetterFunc

type KeyIDGetterFunc func(*jose.JSONWebKey) string

func (KeyIDGetterFunc) Get

func (f KeyIDGetterFunc) Get(key *jose.JSONWebKey) string

type MemoryKeyCacher

type MemoryKeyCacher struct {
	// contains filtered or unexported fields
}

func (*MemoryKeyCacher) Add

func (mkc *MemoryKeyCacher) Add(keyID string, downloadedKeys []jose.JSONWebKey) (*jose.JSONWebKey, error)

func (*MemoryKeyCacher) Get

func (mkc *MemoryKeyCacher) Get(keyID string) (*jose.JSONWebKey, error)

type NopRejecterFactory

type NopRejecterFactory struct{}

func (NopRejecterFactory) New

type Rejecter

type Rejecter interface {
	Reject(map[string]interface{}) bool
}

type RejecterFactory

type RejecterFactory interface {
	New(log.Logger, *config.EndpointConfig) Rejecter
}

type RejecterFactoryFunc

type RejecterFactoryFunc func(log.Logger, *config.EndpointConfig) Rejecter

func (RejecterFactoryFunc) New

type RejecterFunc

type RejecterFunc func(map[string]interface{}) bool

func (RejecterFunc) Reject

func (r RejecterFunc) Reject(v map[string]interface{}) bool

type SecretProviderConfig

type SecretProviderConfig struct {
	URI                 string
	CacheEnabled        bool
	CacheDuration       uint32
	Fingerprints        [][]byte
	Cs                  []uint16
	LocalCA             string
	AllowInsecure       bool
	LocalPath           string
	SecretURL           string
	CipherKey           []byte
	KeyIdentifyStrategy string
}

type SignatureConfig

type SignatureConfig struct {
	Alg                     string     `json:"alg"`
	URI                     string     `json:"jwk_url"`
	CacheEnabled            bool       `json:"cache,omitempty"`
	CacheDuration           uint32     `json:"cache_duration,omitempty"`
	Issuer                  string     `json:"issuer,omitempty"`
	Audience                []string   `json:"audience,omitempty"`
	Roles                   []string   `json:"roles,omitempty"`
	PropagateClaimsToHeader [][]string `json:"propagate_claims,omitempty"`
	RolesKey                string     `json:"roles_key,omitempty"`
	RolesKeyIsNested        bool       `json:"roles_key_is_nested,omitempty"`
	CookieKey               string     `json:"cookie_key,omitempty"`
	CipherSuites            []uint16   `json:"cipher_suites,omitempty"`
	DisableJWKSecurity      bool       `json:"disable_jwk_security"`
	Fingerprints            []string   `json:"jwk_fingerprints,omitempty"`
	LocalCA                 string     `json:"jwk_local_ca,omitempty"`
	LocalPath               string     `json:"jwk_local_path,omitempty"`
	SecretURL               string     `json:"secret_url,omitempty"`
	CipherKey               []byte     `json:"cypher_key,omitempty"`
	Scopes                  []string   `json:"scopes,omitempty"`
	ScopesKey               string     `json:"scopes_key,omitempty"`
	ScopesMatcher           string     `json:"scopes_matcher,omitempty"`
	KeyIdentifyStrategy     string     `json:"key_identify_strategy"`
	OperationDebug          bool       `json:"operation_debug,omitempty"`
}

func GetSignatureConfig

func GetSignatureConfig(cfg *config.EndpointConfig) (*SignatureConfig, error)

type Signer

type Signer func(interface{}) (string, error)

type SignerConfig

type SignerConfig struct {
	Alg                string   `json:"alg"`
	KeyID              string   `json:"kid"`
	URI                string   `json:"jwk_url"`
	FullSerialization  bool     `json:"full,omitempty"`
	KeysToSign         []string `json:"keys_to_sign,omitempty"`
	CipherSuites       []uint16 `json:"cipher_suites,omitempty"`
	DisableJWKSecurity bool     `json:"disable_jwk_security"`
	Fingerprints       []string `json:"jwk_fingerprints,omitempty"`
	LocalCA            string   `json:"jwk_local_ca,omitempty"`
	LocalPath          string   `json:"jwk_local_path,omitempty"`
	SecretURL          string   `json:"secret_url,omitempty"`
	CipherKey          []byte   `json:"cypher_key,omitempty"`
}

type TokenIDGetter

type TokenIDGetter interface {
	Get(*jwt.JSONWebToken) string
}

func TokenIDGetterFactory

func TokenIDGetterFactory(keyIdentifyStrategy string) TokenIDGetter

type TokenKeyIDGetterFunc

type TokenKeyIDGetterFunc func(*jwt.JSONWebToken) string

func (TokenKeyIDGetterFunc) Get

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL