func constructRsaPublicKey(m map[string]interface{}) (*RsaPublicKey, error) {
e, err := constructEssentialHeader(m)
if err != nil {
return nil, err
}
for _, name := range []string{"n", "e"} {
v, ok := m[name]
if !ok {
return nil, errors.New("missing parameter '" + name + "'")
}
if _, ok := v.(string); !ok {
return nil, errors.New("missing parameter '" + name + "'")
}
}
k := &RsaPublicKey{EssentialHeader: e}
r := emap.Hmap(m)
if v, err := r.GetBuffer("e"); err == nil {
k.E = v
}
if v, err := r.GetBuffer("n"); err == nil {
k.N = v
}
return k, nil
}
func (h *EssentialHeader) Construct(m map[string]interface{}) error {
r := emap.Hmap(m)
if alg, err := r.GetString("alg"); err == nil {
h.Algorithm = jwa.SignatureAlgorithm(alg)
}
if h.Algorithm == "" {
h.Algorithm = jwa.NoSignature
}
h.ContentType, _ = r.GetString("cty")
h.KeyID, _ = r.GetString("kid")
h.Type, _ = r.GetString("typ")
h.X509CertThumbprint, _ = r.GetString("x5t")
h.X509CertThumbprintS256, _ = r.GetString("x5t#256")
if v, err := r.GetStringSlice("crit"); err != nil {
h.Critical = v
}
if v, err := r.GetStringSlice("x5c"); err != nil {
h.X509CertChain = v
}
if v, err := r.GetString("jku"); err == nil {
u, err := url.Parse(v)
if err == nil {
h.JwkSetURL = u
}
}
if v, err := r.GetString("x5u"); err == nil {
u, err := url.Parse(v)
if err == nil {
h.X509Url = u
}
}
return nil
}
// Construct walks through the map (most likely parsed from a JSON buffer)
// and populates the necessary fields on this header
func (h *EssentialHeader) Construct(m map[string]interface{}) error {
r := emap.Hmap(m)
if alg, err := r.GetString("alg"); err == nil {
h.Algorithm = jwa.SignatureAlgorithm(alg)
}
if h.Algorithm == "" {
h.Algorithm = jwa.NoSignature
}
h.ContentType, _ = r.GetString("cty")
h.KeyID, _ = r.GetString("kid")
h.Type, _ = r.GetString("typ")
h.X509CertThumbprint, _ = r.GetString("x5t")
h.X509CertThumbprintS256, _ = r.GetString("x5t#256")
if v, err := r.GetStringSlice("crit"); err != nil {
h.Critical = v
}
if v, err := r.GetStringSlice("x5c"); err != nil {
h.X509CertChain = v
}
if v, err := r.GetByteSlice("jwk"); err == nil {
if jwks, err := jwk.Parse(v); err == nil {
if len(jwks.Keys) != 1 {
// The spec says "a JWK", so I believe this should represent
// one JWK. check for that, and if not, return an error because
// the JWS is probably invalid (XXX: send in a PR if there are
// cases where this must work in the wild)
return errors.New("expected a single JWK in this field")
}
h.Jwk = jwks.Keys[0]
}
}
if v, err := r.GetString("jku"); err == nil {
u, err := url.Parse(v)
if err == nil {
h.JwkSetURL = u
}
}
if v, err := r.GetString("x5u"); err == nil {
u, err := url.Parse(v)
if err == nil {
h.X509Url = u
}
}
return nil
}
func constructEcdsaPrivateKey(m map[string]interface{}) (*EcdsaPrivateKey, error) {
pubkey, err := constructEcdsaPublicKey(m)
if err != nil {
return nil, err
}
r := emap.Hmap(m)
d, err := r.GetBuffer("d")
if err != nil {
return nil, err
}
return &EcdsaPrivateKey{
EcdsaPublicKey: pubkey,
D: d,
}, nil
}
func constructEssentialHeader(m map[string]interface{}) (*EssentialHeader, error) {
r := emap.Hmap(m)
e := &EssentialHeader{}
// https://tools.ietf.org/html/rfc7517#section-4.1
kty, err := r.GetString("kty")
if err != nil {
return nil, err
}
e.KeyType = jwa.KeyType(kty)
// https://tools.ietf.org/html/rfc7517#section-4.2
e.KeyUsage, _ = r.GetString("use")
// https://tools.ietf.org/html/rfc7517#section-4.3
if v, err := r.GetStringSlice("key_ops"); err != nil {
if len(v) > 0 {
e.KeyOps = make([]KeyOperation, len(v))
for i, x := range v {
e.KeyOps[i] = KeyOperation(x)
}
}
}
// https://tools.ietf.org/html/rfc7517#section-4.4
e.Algorithm, _ = r.GetString("alg")
// https://tools.ietf.org/html/rfc7517#section-4.5
e.KeyID, _ = r.GetString("kid")
// https://tools.ietf.org/html/rfc7517#section-4.6
if v, err := r.GetString("x5u"); err == nil {
u, err := url.Parse(v)
if err != nil {
return nil, err
}
e.X509Url = u
}
// https://tools.ietf.org/html/rfc7517#section-4.7
if v, err := r.Get("x5c", reflect.TypeOf(e.X509CertChain)); err == nil {
e.X509CertChain = v.([]string)
}
return e, nil
}
func constructRsaPrivateKey(m map[string]interface{}) (*RsaPrivateKey, error) {
for _, name := range []string{"d", "q", "p"} {
v, ok := m[name]
if !ok {
return nil, errors.New("missing parameter '" + name + "'")
}
if _, ok := v.(string); !ok {
return nil, errors.New("missing parameter '" + name + "'")
}
}
pubkey, err := constructRsaPublicKey(m)
if err != nil {
return nil, err
}
k := &RsaPrivateKey{RsaPublicKey: pubkey}
r := emap.Hmap(m)
if v, err := r.GetBuffer("d"); err == nil {
k.D = v
}
if v, err := r.GetBuffer("p"); err == nil {
k.P = v
}
if v, err := r.GetBuffer("q"); err == nil {
k.Q = v
}
if v, err := r.GetBuffer("dp"); err == nil {
k.Dp = v
}
if v, err := r.GetBuffer("dq"); err == nil {
k.Dq = v
}
if v, err := r.GetBuffer("qi"); err == nil {
k.Qi = v
}
return k, nil
}
func constructSymmetricKey(m map[string]interface{}) (*SymmetricKey, error) {
r := emap.Hmap(m)
h, err := constructEssentialHeader(m)
if err != nil {
return nil, err
}
key := &SymmetricKey{EssentialHeader: h}
k, err := r.GetBuffer("k")
if err != nil {
return nil, err
}
key.Key = k
return key, nil
}
// Construct takes a map and initializes the essential claims with its values
func (c *EssentialClaims) Construct(m map[string]interface{}) error {
r := emap.Hmap(m)
c.Audience, _ = r.GetStringSlice("aud")
c.Expiration, _ = r.GetInt64("exp")
c.IssuedAt, _ = r.GetInt64("iat")
c.Issuer, _ = r.GetString("iss")
c.JwtID, _ = r.GetString("jti")
if v, err := r.GetString("nbf"); err == nil {
if v != "" {
t, err := time.Parse(numericDateFmt, v)
if err != nil {
return err
}
c.NotBefore = &NumericDate{t}
}
}
c.Subject, _ = r.GetString("sub")
return nil
}
func constructEcdsaPublicKey(m map[string]interface{}) (*EcdsaPublicKey, error) {
e, err := constructEssentialHeader(m)
if err != nil {
return nil, err
}
r := emap.Hmap(m)
crvstr, err := r.GetString("crv")
if err != nil {
return nil, err
}
crv := jwa.EllipticCurveAlgorithm(crvstr)
x, err := r.GetBuffer("x")
if err != nil {
return nil, err
}
if x.Len() != crv.Size() {
return nil, errors.New("size of x does not match crv size")
}
y, err := r.GetBuffer("y")
if err != nil {
return nil, err
}
if y.Len() != crv.Size() {
return nil, errors.New("size of y does not match crv size")
}
return &EcdsaPublicKey{
EssentialHeader: e,
Curve: jwa.EllipticCurveAlgorithm(crv),
X: x,
Y: y,
}, nil
}