func TestHeader_Kty(t *testing.T) {
h := &EssentialHeader{}
for _, value := range []interface{}{jwa.RSA, "RSA"} {
if !assert.NoError(t, h.Set("kty", value), "Set for kty should succeed") {
return
}
got, err := h.Get("kty")
if !assert.NoError(t, err, "Get for kty should succeed") {
return
}
var s string
switch value.(type) {
case jwa.KeyType:
s = value.(jwa.KeyType).String()
case string:
s = value.(string)
}
if !assert.Equal(t, jwa.KeyType(s), got, "values match") {
return
}
}
}
func constructEssentialHeader(m map[string]interface{}) (*EssentialHeader, error) {
r := emap.Hmap(m)
e := &EssentialHeader{}
// https://tools.ietf.org/html/rfc7517#section-4.1
kty, err := r.GetString("kty")
if err != nil {
return nil, err
}
e.KeyType = jwa.KeyType(kty)
// https://tools.ietf.org/html/rfc7517#section-4.2
e.KeyUsage, _ = r.GetString("use")
// https://tools.ietf.org/html/rfc7517#section-4.3
if v, err := r.GetStringSlice("key_ops"); err != nil {
if len(v) > 0 {
e.KeyOps = make([]KeyOperation, len(v))
for i, x := range v {
e.KeyOps[i] = KeyOperation(x)
}
}
}
// https://tools.ietf.org/html/rfc7517#section-4.4
e.Algorithm, _ = r.GetString("alg")
// https://tools.ietf.org/html/rfc7517#section-4.5
e.KeyID, _ = r.GetString("kid")
// https://tools.ietf.org/html/rfc7517#section-4.6
if v, err := r.GetString("x5u"); err == nil {
u, err := url.Parse(v)
if err != nil {
return nil, err
}
e.X509Url = u
}
// https://tools.ietf.org/html/rfc7517#section-4.7
if v, err := r.Get("x5c", reflect.TypeOf(e.X509CertChain)); err == nil {
e.X509CertChain = v.([]string)
}
return e, nil
}
func constructKey(m map[string]interface{}) (Key, error) {
kty, ok := m["kty"].(string)
if !ok {
return nil, ErrUnsupportedKty
}
switch jwa.KeyType(kty) {
case jwa.RSA:
if _, ok := m["d"]; ok {
return constructRsaPrivateKey(m)
}
return constructRsaPublicKey(m)
case jwa.EC:
if _, ok := m["d"]; ok {
return constructEcdsaPrivateKey(m)
}
return constructEcdsaPublicKey(m)
case jwa.OctetSeq:
return constructSymmetricKey(m)
default:
return nil, ErrUnsupportedKty
}
}
// Set sets the value of the corresponding header. `key` should
// be the same as the JSON key name (e.g. `alg`, `kid`, etc)
func (h *EssentialHeader) Set(key string, value interface{}) error {
switch key {
case "alg":
switch value.(type) {
case jwa.SignatureAlgorithm:
h.Algorithm = value.(jwa.SignatureAlgorithm).String()
case jwa.KeyEncryptionAlgorithm:
h.Algorithm = value.(jwa.KeyEncryptionAlgorithm).String()
default:
return ErrInvalidHeaderValue
}
return nil
case "kid":
v, ok := value.(string)
if !ok {
return ErrInvalidHeaderValue
}
h.KeyID = v
return nil
case "kty":
switch value.(type) {
case jwa.KeyType:
h.KeyType = value.(jwa.KeyType)
case string:
h.KeyType = jwa.KeyType(value.(string))
default:
return ErrInvalidHeaderValue
}
return nil
case "use":
v, ok := value.(string)
if !ok {
return ErrInvalidHeaderValue
}
h.KeyUsage = v
return nil
case "x5t":
v, ok := value.(string)
if !ok {
return ErrInvalidHeaderValue
}
h.X509CertThumbprint = v
return nil
case "x5t#256":
v, ok := value.(string)
if !ok {
return ErrInvalidHeaderValue
}
h.X509CertThumbprintS256 = v
return nil
case "x5c":
v, ok := value.([]string)
if !ok {
return ErrInvalidHeaderValue
}
h.X509CertChain = v
return nil
case "x5u":
switch value.(type) {
case string:
u, err := url.Parse(value.(string))
if err != nil {
return ErrInvalidHeaderValue
}
h.X509Url = u
case *url.URL:
h.X509Url = value.(*url.URL)
default:
return ErrInvalidHeaderName
}
return nil
default:
return ErrInvalidHeaderName
}
}