Example #1
0
func constructRsaPublicKey(m map[string]interface{}) (*RsaPublicKey, error) {
	e, err := constructEssentialHeader(m)
	if err != nil {
		return nil, err
	}

	for _, name := range []string{"n", "e"} {
		v, ok := m[name]
		if !ok {
			return nil, errors.New("missing parameter '" + name + "'")
		}
		if _, ok := v.(string); !ok {
			return nil, errors.New("missing parameter '" + name + "'")
		}
	}

	k := &RsaPublicKey{EssentialHeader: e}

	r := emap.Hmap(m)
	if v, err := r.GetBuffer("e"); err == nil {
		k.E = v
	}

	if v, err := r.GetBuffer("n"); err == nil {
		k.N = v
	}

	return k, nil
}
Example #2
0
func (h *EssentialHeader) Construct(m map[string]interface{}) error {
	r := emap.Hmap(m)
	if alg, err := r.GetString("alg"); err == nil {
		h.Algorithm = jwa.SignatureAlgorithm(alg)
	}
	if h.Algorithm == "" {
		h.Algorithm = jwa.NoSignature
	}
	h.ContentType, _ = r.GetString("cty")
	h.KeyID, _ = r.GetString("kid")
	h.Type, _ = r.GetString("typ")
	h.X509CertThumbprint, _ = r.GetString("x5t")
	h.X509CertThumbprintS256, _ = r.GetString("x5t#256")
	if v, err := r.GetStringSlice("crit"); err != nil {
		h.Critical = v
	}
	if v, err := r.GetStringSlice("x5c"); err != nil {
		h.X509CertChain = v
	}
	if v, err := r.GetString("jku"); err == nil {
		u, err := url.Parse(v)
		if err == nil {
			h.JwkSetURL = u
		}
	}

	if v, err := r.GetString("x5u"); err == nil {
		u, err := url.Parse(v)
		if err == nil {
			h.X509Url = u
		}
	}

	return nil
}
Example #3
0
// Construct walks through the map (most likely parsed from a JSON buffer)
// and populates the necessary fields on this header
func (h *EssentialHeader) Construct(m map[string]interface{}) error {
	r := emap.Hmap(m)
	if alg, err := r.GetString("alg"); err == nil {
		h.Algorithm = jwa.SignatureAlgorithm(alg)
	}
	if h.Algorithm == "" {
		h.Algorithm = jwa.NoSignature
	}
	h.ContentType, _ = r.GetString("cty")
	h.KeyID, _ = r.GetString("kid")
	h.Type, _ = r.GetString("typ")
	h.X509CertThumbprint, _ = r.GetString("x5t")
	h.X509CertThumbprintS256, _ = r.GetString("x5t#256")
	if v, err := r.GetStringSlice("crit"); err != nil {
		h.Critical = v
	}
	if v, err := r.GetStringSlice("x5c"); err != nil {
		h.X509CertChain = v
	}
	if v, err := r.GetByteSlice("jwk"); err == nil {
		if jwks, err := jwk.Parse(v); err == nil {
			if len(jwks.Keys) != 1 {
				// The spec says "a JWK", so I believe this should represent
				// one JWK. check for that, and if not, return an error because
				// the JWS is probably invalid (XXX: send in a PR if there are
				// cases where this must work in the wild)
				return errors.New("expected a single JWK in this field")
			}
			h.Jwk = jwks.Keys[0]
		}
	}
	if v, err := r.GetString("jku"); err == nil {
		u, err := url.Parse(v)
		if err == nil {
			h.JwkSetURL = u
		}
	}

	if v, err := r.GetString("x5u"); err == nil {
		u, err := url.Parse(v)
		if err == nil {
			h.X509Url = u
		}
	}

	return nil
}
Example #4
0
func constructEcdsaPrivateKey(m map[string]interface{}) (*EcdsaPrivateKey, error) {
	pubkey, err := constructEcdsaPublicKey(m)
	if err != nil {
		return nil, err
	}

	r := emap.Hmap(m)
	d, err := r.GetBuffer("d")
	if err != nil {
		return nil, err
	}

	return &EcdsaPrivateKey{
		EcdsaPublicKey: pubkey,
		D:              d,
	}, nil
}
Example #5
0
func constructEssentialHeader(m map[string]interface{}) (*EssentialHeader, error) {
	r := emap.Hmap(m)
	e := &EssentialHeader{}

	// https://tools.ietf.org/html/rfc7517#section-4.1
	kty, err := r.GetString("kty")
	if err != nil {
		return nil, err
	}
	e.KeyType = jwa.KeyType(kty)

	// https://tools.ietf.org/html/rfc7517#section-4.2
	e.KeyUsage, _ = r.GetString("use")

	// https://tools.ietf.org/html/rfc7517#section-4.3
	if v, err := r.GetStringSlice("key_ops"); err != nil {
		if len(v) > 0 {
			e.KeyOps = make([]KeyOperation, len(v))
			for i, x := range v {
				e.KeyOps[i] = KeyOperation(x)
			}
		}
	}

	// https://tools.ietf.org/html/rfc7517#section-4.4
	e.Algorithm, _ = r.GetString("alg")

	// https://tools.ietf.org/html/rfc7517#section-4.5
	e.KeyID, _ = r.GetString("kid")

	// https://tools.ietf.org/html/rfc7517#section-4.6
	if v, err := r.GetString("x5u"); err == nil {
		u, err := url.Parse(v)
		if err != nil {
			return nil, err
		}
		e.X509Url = u
	}

	// https://tools.ietf.org/html/rfc7517#section-4.7
	if v, err := r.Get("x5c", reflect.TypeOf(e.X509CertChain)); err == nil {
		e.X509CertChain = v.([]string)
	}

	return e, nil
}
Example #6
0
func constructRsaPrivateKey(m map[string]interface{}) (*RsaPrivateKey, error) {
	for _, name := range []string{"d", "q", "p"} {
		v, ok := m[name]
		if !ok {
			return nil, errors.New("missing parameter '" + name + "'")
		}
		if _, ok := v.(string); !ok {
			return nil, errors.New("missing parameter '" + name + "'")
		}
	}

	pubkey, err := constructRsaPublicKey(m)
	if err != nil {
		return nil, err
	}

	k := &RsaPrivateKey{RsaPublicKey: pubkey}

	r := emap.Hmap(m)
	if v, err := r.GetBuffer("d"); err == nil {
		k.D = v
	}

	if v, err := r.GetBuffer("p"); err == nil {
		k.P = v
	}

	if v, err := r.GetBuffer("q"); err == nil {
		k.Q = v
	}

	if v, err := r.GetBuffer("dp"); err == nil {
		k.Dp = v
	}

	if v, err := r.GetBuffer("dq"); err == nil {
		k.Dq = v
	}

	if v, err := r.GetBuffer("qi"); err == nil {
		k.Qi = v
	}

	return k, nil
}
Example #7
0
func constructSymmetricKey(m map[string]interface{}) (*SymmetricKey, error) {
	r := emap.Hmap(m)

	h, err := constructEssentialHeader(m)
	if err != nil {
		return nil, err
	}

	key := &SymmetricKey{EssentialHeader: h}

	k, err := r.GetBuffer("k")
	if err != nil {
		return nil, err
	}
	key.Key = k

	return key, nil
}
Example #8
0
// Construct takes a map and initializes the essential claims with its values
func (c *EssentialClaims) Construct(m map[string]interface{}) error {
	r := emap.Hmap(m)
	c.Audience, _ = r.GetStringSlice("aud")
	c.Expiration, _ = r.GetInt64("exp")
	c.IssuedAt, _ = r.GetInt64("iat")
	c.Issuer, _ = r.GetString("iss")
	c.JwtID, _ = r.GetString("jti")
	if v, err := r.GetString("nbf"); err == nil {
		if v != "" {
			t, err := time.Parse(numericDateFmt, v)
			if err != nil {
				return err
			}
			c.NotBefore = &NumericDate{t}
		}
	}
	c.Subject, _ = r.GetString("sub")
	return nil
}
Example #9
0
func constructEcdsaPublicKey(m map[string]interface{}) (*EcdsaPublicKey, error) {
	e, err := constructEssentialHeader(m)
	if err != nil {
		return nil, err
	}
	r := emap.Hmap(m)

	crvstr, err := r.GetString("crv")
	if err != nil {
		return nil, err
	}
	crv := jwa.EllipticCurveAlgorithm(crvstr)

	x, err := r.GetBuffer("x")
	if err != nil {
		return nil, err
	}

	if x.Len() != crv.Size() {
		return nil, errors.New("size of x does not match crv size")
	}

	y, err := r.GetBuffer("y")
	if err != nil {
		return nil, err
	}

	if y.Len() != crv.Size() {
		return nil, errors.New("size of y does not match crv size")
	}

	return &EcdsaPublicKey{
		EssentialHeader: e,
		Curve:           jwa.EllipticCurveAlgorithm(crv),
		X:               x,
		Y:               y,
	}, nil
}