dumb-jose/jwk/jwk.go

package jwk

import (
	"crypto"
	"encoding/json"
	"fmt"
	"io"
	"mercan.dev/dumb-jose/internal/publickey"
)

type PublicKeyHeader interface{}

type JWK struct {
	KeyID     string           `json:"kid"`
	KeyType   string           `json:"kty"`
	Algorithm string           `json:"alg"`
	UseCase   string           `json:"use"`
	PublicKey crypto.PublicKey `json:"-"`
}

type jwkHeader struct {
	Keys []json.RawMessage `json:"keys"`
}

func ParseKeysFromSet(r io.Reader) ([]JWK, error) {
	dec := json.NewDecoder(r)

	keys := jwkHeader{}

	err := dec.Decode(&keys)
	if err != nil {
		return nil, err
	}

	var set []JWK

	for _, key := range keys.Keys {
		var jwk JWK
		err := json.Unmarshal(key, &jwk)
		if err != nil {
			return nil, err

		}

		if jwk.UseCase != "sig" {
			return nil, fmt.Errorf("Non-signing use case %s", jwk.UseCase)
		}

		switch jwk.Algorithm {
		case "ES256", "ES384", "ES512":
			if jwk.KeyType != "EC" {
				return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)
			}

			jwk.PublicKey, err = publickey.ParseECDSAPublicKey(key)
		case "RS256", "RS384", "RS512", "PS256", "PS384", "PS512":
			if jwk.KeyType != "RSA" {
				return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)
			}

			jwk.PublicKey, err = publickey.ParseRSAPublicKey(key)
		case "EdDSA":
			if jwk.KeyType != "OKP" {
				return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)
			}

			jwk.PublicKey, err = publickey.ParseEdDSAPublicKey(key)
		default:
			return nil, fmt.Errorf("Invalid/Unsupported JWK Algorithm %s", jwk.Algorithm)
		}

		if err != nil {
			return nil, err
		}

		set = append(set, jwk)
	}

	return set, nil
}
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`package jwk`

			`import (`
			`"crypto"`
			`"encoding/json"`
			`"fmt"`
jwk, internal/publickey: unmarshal -> decode Currently encoding/json accepts duplicate fields in the json. Since https://github.com/golang/go/issues/48298 got accepted, we should use the decoder interface with Decoder.DisallowDuplicateFields turned on when available. Its exact behavior will determine whether json.RawMessage's will be re-unmarshaled or will follow the byte reader path. 2021-12-04 07:55:00 +00:00			`"io"`
internal/publickey: move from public jwk add tests Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. 2021-11-03 17:41:03 +00:00			`"mercan.dev/dumb-jose/internal/publickey"`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`)`

			`type PublicKeyHeader interface{}`

			`type JWK struct {`
			KeyID string `json:"kid"`
			KeyType string `json:"kty"`
			Algorithm string `json:"alg"`
			UseCase string `json:"use"`
			PublicKey crypto.PublicKey `json:"-"`
			`}`

			`type jwkHeader struct {`
			Keys []json.RawMessage `json:"keys"`
			`}`

jwk, internal/publickey: unmarshal -> decode Currently encoding/json accepts duplicate fields in the json. Since https://github.com/golang/go/issues/48298 got accepted, we should use the decoder interface with Decoder.DisallowDuplicateFields turned on when available. Its exact behavior will determine whether json.RawMessage's will be re-unmarshaled or will follow the byte reader path. 2021-12-04 07:55:00 +00:00			`func ParseKeysFromSet(r io.Reader) ([]JWK, error) {`
			`dec := json.NewDecoder(r)`

initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`keys := jwkHeader{}`

jwk, internal/publickey: unmarshal -> decode Currently encoding/json accepts duplicate fields in the json. Since https://github.com/golang/go/issues/48298 got accepted, we should use the decoder interface with Decoder.DisallowDuplicateFields turned on when available. Its exact behavior will determine whether json.RawMessage's will be re-unmarshaled or will follow the byte reader path. 2021-12-04 07:55:00 +00:00			`err := dec.Decode(&keys)`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`var set []JWK`

			`for _, key := range keys.Keys {`
			`var jwk JWK`
			`err := json.Unmarshal(key, &jwk)`
			`if err != nil {`
			`return nil, err`

			`}`

			`if jwk.UseCase != "sig" {`
			`return nil, fmt.Errorf("Non-signing use case %s", jwk.UseCase)`
			`}`

			`switch jwk.Algorithm {`
			`case "ES256", "ES384", "ES512":`
			`if jwk.KeyType != "EC" {`
			`return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)`
			`}`

internal/publickey: move from public jwk add tests Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. 2021-11-03 17:41:03 +00:00			`jwk.PublicKey, err = publickey.ParseECDSAPublicKey(key)`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`case "RS256", "RS384", "RS512", "PS256", "PS384", "PS512":`
			`if jwk.KeyType != "RSA" {`
			`return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)`
			`}`

internal/publickey: move from public jwk add tests Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. 2021-11-03 17:41:03 +00:00			`jwk.PublicKey, err = publickey.ParseRSAPublicKey(key)`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`case "EdDSA":`
			`if jwk.KeyType != "OKP" {`
			`return nil, fmt.Errorf("Insuitable key type %s for algorithm %s", jwk.KeyType, jwk.Algorithm)`
			`}`

internal/publickey: move from public jwk add tests Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. 2021-11-03 17:41:03 +00:00			`jwk.PublicKey, err = publickey.ParseEdDSAPublicKey(key)`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`default:`
			`return nil, fmt.Errorf("Invalid/Unsupported JWK Algorithm %s", jwk.Algorithm)`
			`}`

			`if err != nil {`
			`return nil, err`
			`}`

			`set = append(set, jwk)`
			`}`

			`return set, nil`
			`}`