Example #1
0
func TestHeader_Kty(t *testing.T) {
	h := &EssentialHeader{}

	for _, value := range []interface{}{jwa.RSA, "RSA"} {
		if !assert.NoError(t, h.Set("kty", value), "Set for kty should succeed") {
			return
		}

		got, err := h.Get("kty")
		if !assert.NoError(t, err, "Get for kty should succeed") {
			return
		}

		var s string
		switch value.(type) {
		case jwa.KeyType:
			s = value.(jwa.KeyType).String()
		case string:
			s = value.(string)
		}

		if !assert.Equal(t, jwa.KeyType(s), got, "values match") {
			return
		}
	}
}
Example #2
0
func constructEssentialHeader(m map[string]interface{}) (*EssentialHeader, error) {
	r := emap.Hmap(m)
	e := &EssentialHeader{}

	// https://tools.ietf.org/html/rfc7517#section-4.1
	kty, err := r.GetString("kty")
	if err != nil {
		return nil, err
	}
	e.KeyType = jwa.KeyType(kty)

	// https://tools.ietf.org/html/rfc7517#section-4.2
	e.KeyUsage, _ = r.GetString("use")

	// https://tools.ietf.org/html/rfc7517#section-4.3
	if v, err := r.GetStringSlice("key_ops"); err != nil {
		if len(v) > 0 {
			e.KeyOps = make([]KeyOperation, len(v))
			for i, x := range v {
				e.KeyOps[i] = KeyOperation(x)
			}
		}
	}

	// https://tools.ietf.org/html/rfc7517#section-4.4
	e.Algorithm, _ = r.GetString("alg")

	// https://tools.ietf.org/html/rfc7517#section-4.5
	e.KeyID, _ = r.GetString("kid")

	// https://tools.ietf.org/html/rfc7517#section-4.6
	if v, err := r.GetString("x5u"); err == nil {
		u, err := url.Parse(v)
		if err != nil {
			return nil, err
		}
		e.X509Url = u
	}

	// https://tools.ietf.org/html/rfc7517#section-4.7
	if v, err := r.Get("x5c", reflect.TypeOf(e.X509CertChain)); err == nil {
		e.X509CertChain = v.([]string)
	}

	return e, nil
}
Example #3
0
func constructKey(m map[string]interface{}) (Key, error) {
	kty, ok := m["kty"].(string)
	if !ok {
		return nil, ErrUnsupportedKty
	}

	switch jwa.KeyType(kty) {
	case jwa.RSA:
		if _, ok := m["d"]; ok {
			return constructRsaPrivateKey(m)
		}
		return constructRsaPublicKey(m)
	case jwa.EC:
		if _, ok := m["d"]; ok {
			return constructEcdsaPrivateKey(m)
		}
		return constructEcdsaPublicKey(m)
	case jwa.OctetSeq:
		return constructSymmetricKey(m)
	default:
		return nil, ErrUnsupportedKty
	}
}
Example #4
0
// Set sets the value of the corresponding header. `key` should
// be the same as the JSON key name (e.g. `alg`, `kid`, etc)
func (h *EssentialHeader) Set(key string, value interface{}) error {
	switch key {
	case "alg":
		switch value.(type) {
		case jwa.SignatureAlgorithm:
			h.Algorithm = value.(jwa.SignatureAlgorithm).String()
		case jwa.KeyEncryptionAlgorithm:
			h.Algorithm = value.(jwa.KeyEncryptionAlgorithm).String()
		default:
			return ErrInvalidHeaderValue
		}
		return nil
	case "kid":
		v, ok := value.(string)
		if !ok {
			return ErrInvalidHeaderValue
		}
		h.KeyID = v
		return nil
	case "kty":
		switch value.(type) {
		case jwa.KeyType:
			h.KeyType = value.(jwa.KeyType)
		case string:
			h.KeyType = jwa.KeyType(value.(string))
		default:
			return ErrInvalidHeaderValue
		}
		return nil
	case "use":
		v, ok := value.(string)
		if !ok {
			return ErrInvalidHeaderValue
		}
		h.KeyUsage = v
		return nil
	case "x5t":
		v, ok := value.(string)
		if !ok {
			return ErrInvalidHeaderValue
		}
		h.X509CertThumbprint = v
		return nil
	case "x5t#256":
		v, ok := value.(string)
		if !ok {
			return ErrInvalidHeaderValue
		}
		h.X509CertThumbprintS256 = v
		return nil
	case "x5c":
		v, ok := value.([]string)
		if !ok {
			return ErrInvalidHeaderValue
		}
		h.X509CertChain = v
		return nil
	case "x5u":
		switch value.(type) {
		case string:
			u, err := url.Parse(value.(string))
			if err != nil {
				return ErrInvalidHeaderValue
			}
			h.X509Url = u
		case *url.URL:
			h.X509Url = value.(*url.URL)
		default:
			return ErrInvalidHeaderName
		}
		return nil
	default:
		return ErrInvalidHeaderName
	}
}