pktoken

package

v0.3.1 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 12 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openpubkey/openpubkey

Documentation ¶

Index ¶

func CompactPKToken(tokens [][]byte, refIDToken []byte) ([]byte, error)
func SplitCompactPKToken(pktCom []byte) ([][]byte, []byte, error)
type CosignerClaims
type PKToken
- func New(idToken []byte, cicToken []byte) (*PKToken, error)
- func NewFromCompact(pktCom []byte) (*PKToken, error)
type Signature
type SignatureType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CompactPKToken ¶ added in v0.3.1

func CompactPKToken(tokens [][]byte, refIDToken []byte) ([]byte, error)

CompactPKToken creates a compact representation of a PK Token from a list of tokens

func SplitCompactPKToken ¶ added in v0.3.1

func SplitCompactPKToken(pktCom []byte) ([][]byte, []byte, error)

SplitCompactPKToken breaks a compact representation of a PK Token into its constituent tokens

Types ¶

type CosignerClaims ¶ added in v0.2.0

type CosignerClaims struct {
	Issuer      string `json:"iss"`
	KeyID       string `json:"kid"`
	Algorithm   string `json:"alg"`
	AuthID      string `json:"eid"`
	AuthTime    int64  `json:"auth_time"`
	IssuedAt    int64  `json:"iat"` // may differ from auth_time because of refresh
	Expiration  int64  `json:"exp"`
	RedirectURI string `json:"ruri"`
	Nonce       string `json:"nonce"`
	Typ         string `json:"typ"`
}

type PKToken ¶

type PKToken struct {
	Payload []byte     // decoded payload
	Op      *Signature // Provider Signature
	Cic     *Signature // Client Signature
	Cos     *Signature // Cosigner Signature

	// We keep the tokens around as  unmarshalled values can no longer be verified
	OpToken  []byte // Base64 encoded ID Token signed by the OP
	CicToken []byte // Base64 encoded Token signed by the Client
	CosToken []byte // Base64 encoded Token signed by the Cosigner
	// contains filtered or unexported fields
}

func New ¶

func New(idToken []byte, cicToken []byte) (*PKToken, error)

func NewFromCompact ¶ added in v0.3.1

func NewFromCompact(pktCom []byte) (*PKToken, error)

NewFromCompact creates a PK Token from a compact representation

func (*PKToken) AddJKTHeader ¶ added in v0.3.0

func (p *PKToken) AddJKTHeader(opKey crypto.PublicKey) error

kid isn't always present, and is only guaranteed to be unique within a given key set, so we can use the thumbprint of the key instead to identify it at verification time

func (*PKToken) AddSignature ¶

func (p *PKToken) AddSignature(token []byte, sigType SignatureType) error

func (*PKToken) Compact ¶

func (p *PKToken) Compact() ([]byte, error)

Compact serializes a PK Token into a compact representation.

func (*PKToken) GetCicValues ¶

func (p *PKToken) GetCicValues() (*clientinstance.Claims, error)

func (*PKToken) Hash ¶

func (p *PKToken) Hash() (string, error)

func (*PKToken) Issuer ¶ added in v0.3.0

func (p *PKToken) Issuer() (string, error)

func (*PKToken) MarshalJSON ¶

func (p *PKToken) MarshalJSON() ([]byte, error)

func (*PKToken) NewSignedMessage ¶

func (p *PKToken) NewSignedMessage(content []byte, signer crypto.Signer) ([]byte, error)

NewSignedMessage signs a message with the signer provided. The signed message is OSM (OpenPubkey Signed Message) which is a type of JWS (JSON Web Signature). OSMs commit to the PK Token which was used to generate the OSM.

func (*PKToken) ParseCosignerClaims ¶ added in v0.3.0

func (p *PKToken) ParseCosignerClaims() (*CosignerClaims, error)

func (*PKToken) ProviderAlgorithm ¶ added in v0.3.0

func (p *PKToken) ProviderAlgorithm() (jwa.SignatureAlgorithm, bool)

func (*PKToken) Sign ¶ added in v0.2.0

func (p *PKToken) Sign(
	sigType SignatureType,
	signer crypto.Signer,
	alg jwa.KeyAlgorithm,
	protected map[string]any,
) error

func (*PKToken) SignToken ¶ added in v0.3.0

func (p *PKToken) SignToken(
	signer crypto.Signer,
	alg jwa.KeyAlgorithm,
	protected map[string]any,
) ([]byte, error)

Signs PK Token and then returns only the payload, header and signature as a JWT

func (*PKToken) UnmarshalJSON ¶

func (p *PKToken) UnmarshalJSON(data []byte) error

func (*PKToken) VerifySignedMessage ¶

func (p *PKToken) VerifySignedMessage(osm []byte) ([]byte, error)

NewSignedMessage verifies that an OSM (OpenPubkey Signed Message) using the public key in this PK Token. If verification is successful, VerifySignedMessage returns the content of the signed message. Otherwise it returns an error explaining why verification failed.

Note: VerifySignedMessage does not check this the PK Token is valid. The PK Token should always be verified first before calling VerifySignedMessage

type Signature ¶

type Signature = jws.Signature

type SignatureType ¶

type SignatureType string

const (
	OIDC SignatureType = "JWT"
	CIC  SignatureType = "CIC"
	COS  SignatureType = "COS"
)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clientinstance
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL