1
2
3 package jwk
4
5 import (
6 "bytes"
7 "context"
8 "crypto/ecdsa"
9 "crypto/x509"
10 "fmt"
11 "sort"
12 "sync"
13
14 "github.com/lestrrat-go/iter/mapiter"
15 "github.com/lestrrat-go/jwx/internal/base64"
16 "github.com/lestrrat-go/jwx/internal/iter"
17 "github.com/lestrrat-go/jwx/internal/json"
18 "github.com/lestrrat-go/jwx/internal/pool"
19 "github.com/lestrrat-go/jwx/jwa"
20 "github.com/pkg/errors"
21 )
22
23 const (
24 ECDSACrvKey = "crv"
25 ECDSADKey = "d"
26 ECDSAXKey = "x"
27 ECDSAYKey = "y"
28 )
29
30 type ECDSAPublicKey interface {
31 Key
32 FromRaw(*ecdsa.PublicKey) error
33 Crv() jwa.EllipticCurveAlgorithm
34 X() []byte
35 Y() []byte
36 }
37
38 type ecdsaPublicKey struct {
39 algorithm *string
40 crv *jwa.EllipticCurveAlgorithm
41 keyID *string
42 keyOps *KeyOperationList
43 keyUsage *string
44 x []byte
45 x509CertChain *CertificateChain
46 x509CertThumbprint *string
47 x509CertThumbprintS256 *string
48 x509URL *string
49 y []byte
50 privateParams map[string]interface{}
51 mu *sync.RWMutex
52 dc json.DecodeCtx
53 }
54
55 func NewECDSAPublicKey() ECDSAPublicKey {
56 return newECDSAPublicKey()
57 }
58
59 func newECDSAPublicKey() *ecdsaPublicKey {
60 return &ecdsaPublicKey{
61 mu: &sync.RWMutex{},
62 privateParams: make(map[string]interface{}),
63 }
64 }
65
66 func (h ecdsaPublicKey) KeyType() jwa.KeyType {
67 return jwa.EC
68 }
69
70 func (h *ecdsaPublicKey) Algorithm() string {
71 if h.algorithm != nil {
72 return *(h.algorithm)
73 }
74 return ""
75 }
76
77 func (h *ecdsaPublicKey) Crv() jwa.EllipticCurveAlgorithm {
78 if h.crv != nil {
79 return *(h.crv)
80 }
81 return jwa.InvalidEllipticCurve
82 }
83
84 func (h *ecdsaPublicKey) KeyID() string {
85 if h.keyID != nil {
86 return *(h.keyID)
87 }
88 return ""
89 }
90
91 func (h *ecdsaPublicKey) KeyOps() KeyOperationList {
92 if h.keyOps != nil {
93 return *(h.keyOps)
94 }
95 return nil
96 }
97
98 func (h *ecdsaPublicKey) KeyUsage() string {
99 if h.keyUsage != nil {
100 return *(h.keyUsage)
101 }
102 return ""
103 }
104
105 func (h *ecdsaPublicKey) X() []byte {
106 return h.x
107 }
108
109 func (h *ecdsaPublicKey) X509CertChain() []*x509.Certificate {
110 if h.x509CertChain != nil {
111 return h.x509CertChain.Get()
112 }
113 return nil
114 }
115
116 func (h *ecdsaPublicKey) X509CertThumbprint() string {
117 if h.x509CertThumbprint != nil {
118 return *(h.x509CertThumbprint)
119 }
120 return ""
121 }
122
123 func (h *ecdsaPublicKey) X509CertThumbprintS256() string {
124 if h.x509CertThumbprintS256 != nil {
125 return *(h.x509CertThumbprintS256)
126 }
127 return ""
128 }
129
130 func (h *ecdsaPublicKey) X509URL() string {
131 if h.x509URL != nil {
132 return *(h.x509URL)
133 }
134 return ""
135 }
136
137 func (h *ecdsaPublicKey) Y() []byte {
138 return h.y
139 }
140
141 func (h *ecdsaPublicKey) makePairs() []*HeaderPair {
142 h.mu.RLock()
143 defer h.mu.RUnlock()
144
145 var pairs []*HeaderPair
146 pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.EC})
147 if h.algorithm != nil {
148 pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
149 }
150 if h.crv != nil {
151 pairs = append(pairs, &HeaderPair{Key: ECDSACrvKey, Value: *(h.crv)})
152 }
153 if h.keyID != nil {
154 pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
155 }
156 if h.keyOps != nil {
157 pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
158 }
159 if h.keyUsage != nil {
160 pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
161 }
162 if h.x != nil {
163 pairs = append(pairs, &HeaderPair{Key: ECDSAXKey, Value: h.x})
164 }
165 if h.x509CertChain != nil {
166 pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: *(h.x509CertChain)})
167 }
168 if h.x509CertThumbprint != nil {
169 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
170 }
171 if h.x509CertThumbprintS256 != nil {
172 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
173 }
174 if h.x509URL != nil {
175 pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
176 }
177 if h.y != nil {
178 pairs = append(pairs, &HeaderPair{Key: ECDSAYKey, Value: h.y})
179 }
180 for k, v := range h.privateParams {
181 pairs = append(pairs, &HeaderPair{Key: k, Value: v})
182 }
183 return pairs
184 }
185
186 func (h *ecdsaPublicKey) PrivateParams() map[string]interface{} {
187 return h.privateParams
188 }
189
190 func (h *ecdsaPublicKey) Get(name string) (interface{}, bool) {
191 h.mu.RLock()
192 defer h.mu.RUnlock()
193 switch name {
194 case KeyTypeKey:
195 return h.KeyType(), true
196 case AlgorithmKey:
197 if h.algorithm == nil {
198 return nil, false
199 }
200 return *(h.algorithm), true
201 case ECDSACrvKey:
202 if h.crv == nil {
203 return nil, false
204 }
205 return *(h.crv), true
206 case KeyIDKey:
207 if h.keyID == nil {
208 return nil, false
209 }
210 return *(h.keyID), true
211 case KeyOpsKey:
212 if h.keyOps == nil {
213 return nil, false
214 }
215 return *(h.keyOps), true
216 case KeyUsageKey:
217 if h.keyUsage == nil {
218 return nil, false
219 }
220 return *(h.keyUsage), true
221 case ECDSAXKey:
222 if h.x == nil {
223 return nil, false
224 }
225 return h.x, true
226 case X509CertChainKey:
227 if h.x509CertChain == nil {
228 return nil, false
229 }
230 return h.x509CertChain.Get(), true
231 case X509CertThumbprintKey:
232 if h.x509CertThumbprint == nil {
233 return nil, false
234 }
235 return *(h.x509CertThumbprint), true
236 case X509CertThumbprintS256Key:
237 if h.x509CertThumbprintS256 == nil {
238 return nil, false
239 }
240 return *(h.x509CertThumbprintS256), true
241 case X509URLKey:
242 if h.x509URL == nil {
243 return nil, false
244 }
245 return *(h.x509URL), true
246 case ECDSAYKey:
247 if h.y == nil {
248 return nil, false
249 }
250 return h.y, true
251 default:
252 v, ok := h.privateParams[name]
253 return v, ok
254 }
255 }
256
257 func (h *ecdsaPublicKey) Set(name string, value interface{}) error {
258 h.mu.Lock()
259 defer h.mu.Unlock()
260 return h.setNoLock(name, value)
261 }
262
263 func (h *ecdsaPublicKey) setNoLock(name string, value interface{}) error {
264 switch name {
265 case "kty":
266 return nil
267 case AlgorithmKey:
268 switch v := value.(type) {
269 case string:
270 h.algorithm = &v
271 case fmt.Stringer:
272 tmp := v.String()
273 h.algorithm = &tmp
274 default:
275 return errors.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
276 }
277 return nil
278 case ECDSACrvKey:
279 if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
280 h.crv = &v
281 return nil
282 }
283 return errors.Errorf(`invalid value for %s key: %T`, ECDSACrvKey, value)
284 case KeyIDKey:
285 if v, ok := value.(string); ok {
286 h.keyID = &v
287 return nil
288 }
289 return errors.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
290 case KeyOpsKey:
291 var acceptor KeyOperationList
292 if err := acceptor.Accept(value); err != nil {
293 return errors.Wrapf(err, `invalid value for %s key`, KeyOpsKey)
294 }
295 h.keyOps = &acceptor
296 return nil
297 case KeyUsageKey:
298 switch v := value.(type) {
299 case KeyUsageType:
300 switch v {
301 case ForSignature, ForEncryption:
302 tmp := v.String()
303 h.keyUsage = &tmp
304 default:
305 return errors.Errorf(`invalid key usage type %s`, v)
306 }
307 case string:
308 h.keyUsage = &v
309 default:
310 return errors.Errorf(`invalid key usage type %s`, v)
311 }
312 case ECDSAXKey:
313 if v, ok := value.([]byte); ok {
314 h.x = v
315 return nil
316 }
317 return errors.Errorf(`invalid value for %s key: %T`, ECDSAXKey, value)
318 case X509CertChainKey:
319 var acceptor CertificateChain
320 if err := acceptor.Accept(value); err != nil {
321 return errors.Wrapf(err, `invalid value for %s key`, X509CertChainKey)
322 }
323 h.x509CertChain = &acceptor
324 return nil
325 case X509CertThumbprintKey:
326 if v, ok := value.(string); ok {
327 h.x509CertThumbprint = &v
328 return nil
329 }
330 return errors.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
331 case X509CertThumbprintS256Key:
332 if v, ok := value.(string); ok {
333 h.x509CertThumbprintS256 = &v
334 return nil
335 }
336 return errors.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
337 case X509URLKey:
338 if v, ok := value.(string); ok {
339 h.x509URL = &v
340 return nil
341 }
342 return errors.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
343 case ECDSAYKey:
344 if v, ok := value.([]byte); ok {
345 h.y = v
346 return nil
347 }
348 return errors.Errorf(`invalid value for %s key: %T`, ECDSAYKey, value)
349 default:
350 if h.privateParams == nil {
351 h.privateParams = map[string]interface{}{}
352 }
353 h.privateParams[name] = value
354 }
355 return nil
356 }
357
358 func (k *ecdsaPublicKey) Remove(key string) error {
359 k.mu.Lock()
360 defer k.mu.Unlock()
361 switch key {
362 case AlgorithmKey:
363 k.algorithm = nil
364 case ECDSACrvKey:
365 k.crv = nil
366 case KeyIDKey:
367 k.keyID = nil
368 case KeyOpsKey:
369 k.keyOps = nil
370 case KeyUsageKey:
371 k.keyUsage = nil
372 case ECDSAXKey:
373 k.x = nil
374 case X509CertChainKey:
375 k.x509CertChain = nil
376 case X509CertThumbprintKey:
377 k.x509CertThumbprint = nil
378 case X509CertThumbprintS256Key:
379 k.x509CertThumbprintS256 = nil
380 case X509URLKey:
381 k.x509URL = nil
382 case ECDSAYKey:
383 k.y = nil
384 default:
385 delete(k.privateParams, key)
386 }
387 return nil
388 }
389
390 func (k *ecdsaPublicKey) Clone() (Key, error) {
391 return cloneKey(k)
392 }
393
394 func (k *ecdsaPublicKey) DecodeCtx() json.DecodeCtx {
395 k.mu.RLock()
396 defer k.mu.RUnlock()
397 return k.dc
398 }
399
400 func (k *ecdsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
401 k.mu.Lock()
402 defer k.mu.Unlock()
403 k.dc = dc
404 }
405
406 func (h *ecdsaPublicKey) UnmarshalJSON(buf []byte) error {
407 h.algorithm = nil
408 h.crv = nil
409 h.keyID = nil
410 h.keyOps = nil
411 h.keyUsage = nil
412 h.x = nil
413 h.x509CertChain = nil
414 h.x509CertThumbprint = nil
415 h.x509CertThumbprintS256 = nil
416 h.x509URL = nil
417 h.y = nil
418 dec := json.NewDecoder(bytes.NewReader(buf))
419 LOOP:
420 for {
421 tok, err := dec.Token()
422 if err != nil {
423 return errors.Wrap(err, `error reading token`)
424 }
425 switch tok := tok.(type) {
426 case json.Delim:
427
428
429 if tok == '}' {
430 break LOOP
431 } else if tok != '{' {
432 return errors.Errorf(`expected '{', but got '%c'`, tok)
433 }
434 case string:
435 switch tok {
436 case KeyTypeKey:
437 val, err := json.ReadNextStringToken(dec)
438 if err != nil {
439 return errors.Wrap(err, `error reading token`)
440 }
441 if val != jwa.EC.String() {
442 return errors.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
443 }
444 case AlgorithmKey:
445 if err := json.AssignNextStringToken(&h.algorithm, dec); err != nil {
446 return errors.Wrapf(err, `failed to decode value for key %s`, AlgorithmKey)
447 }
448 case ECDSACrvKey:
449 var decoded jwa.EllipticCurveAlgorithm
450 if err := dec.Decode(&decoded); err != nil {
451 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSACrvKey)
452 }
453 h.crv = &decoded
454 case KeyIDKey:
455 if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
456 return errors.Wrapf(err, `failed to decode value for key %s`, KeyIDKey)
457 }
458 case KeyOpsKey:
459 var decoded KeyOperationList
460 if err := dec.Decode(&decoded); err != nil {
461 return errors.Wrapf(err, `failed to decode value for key %s`, KeyOpsKey)
462 }
463 h.keyOps = &decoded
464 case KeyUsageKey:
465 if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
466 return errors.Wrapf(err, `failed to decode value for key %s`, KeyUsageKey)
467 }
468 case ECDSAXKey:
469 if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
470 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSAXKey)
471 }
472 case X509CertChainKey:
473 var decoded CertificateChain
474 if err := dec.Decode(&decoded); err != nil {
475 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertChainKey)
476 }
477 h.x509CertChain = &decoded
478 case X509CertThumbprintKey:
479 if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
480 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertThumbprintKey)
481 }
482 case X509CertThumbprintS256Key:
483 if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
484 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertThumbprintS256Key)
485 }
486 case X509URLKey:
487 if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
488 return errors.Wrapf(err, `failed to decode value for key %s`, X509URLKey)
489 }
490 case ECDSAYKey:
491 if err := json.AssignNextBytesToken(&h.y, dec); err != nil {
492 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSAYKey)
493 }
494 default:
495 if dc := h.dc; dc != nil {
496 if localReg := dc.Registry(); localReg != nil {
497 decoded, err := localReg.Decode(dec, tok)
498 if err == nil {
499 h.setNoLock(tok, decoded)
500 continue
501 }
502 }
503 }
504 decoded, err := registry.Decode(dec, tok)
505 if err == nil {
506 h.setNoLock(tok, decoded)
507 continue
508 }
509 return errors.Wrapf(err, `could not decode field %s`, tok)
510 }
511 default:
512 return errors.Errorf(`invalid token %T`, tok)
513 }
514 }
515 if h.crv == nil {
516 return errors.Errorf(`required field crv is missing`)
517 }
518 if h.x == nil {
519 return errors.Errorf(`required field x is missing`)
520 }
521 if h.y == nil {
522 return errors.Errorf(`required field y is missing`)
523 }
524 return nil
525 }
526
527 func (h ecdsaPublicKey) MarshalJSON() ([]byte, error) {
528 data := make(map[string]interface{})
529 fields := make([]string, 0, 11)
530 for _, pair := range h.makePairs() {
531 fields = append(fields, pair.Key.(string))
532 data[pair.Key.(string)] = pair.Value
533 }
534
535 sort.Strings(fields)
536 buf := pool.GetBytesBuffer()
537 defer pool.ReleaseBytesBuffer(buf)
538 buf.WriteByte('{')
539 enc := json.NewEncoder(buf)
540 for i, f := range fields {
541 if i > 0 {
542 buf.WriteRune(',')
543 }
544 buf.WriteRune('"')
545 buf.WriteString(f)
546 buf.WriteString(`":`)
547 v := data[f]
548 switch v := v.(type) {
549 case []byte:
550 buf.WriteRune('"')
551 buf.WriteString(base64.EncodeToString(v))
552 buf.WriteRune('"')
553 default:
554 if err := enc.Encode(v); err != nil {
555 return nil, errors.Wrapf(err, `failed to encode value for field %s`, f)
556 }
557 buf.Truncate(buf.Len() - 1)
558 }
559 }
560 buf.WriteByte('}')
561 ret := make([]byte, buf.Len())
562 copy(ret, buf.Bytes())
563 return ret, nil
564 }
565
566 func (h *ecdsaPublicKey) Iterate(ctx context.Context) HeaderIterator {
567 pairs := h.makePairs()
568 ch := make(chan *HeaderPair, len(pairs))
569 go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
570 defer close(ch)
571 for _, pair := range pairs {
572 select {
573 case <-ctx.Done():
574 return
575 case ch <- pair:
576 }
577 }
578 }(ctx, ch, pairs)
579 return mapiter.New(ch)
580 }
581
582 func (h *ecdsaPublicKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
583 return iter.WalkMap(ctx, h, visitor)
584 }
585
586 func (h *ecdsaPublicKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
587 return iter.AsMap(ctx, h)
588 }
589
590 type ECDSAPrivateKey interface {
591 Key
592 FromRaw(*ecdsa.PrivateKey) error
593 Crv() jwa.EllipticCurveAlgorithm
594 D() []byte
595 X() []byte
596 Y() []byte
597 }
598
599 type ecdsaPrivateKey struct {
600 algorithm *string
601 crv *jwa.EllipticCurveAlgorithm
602 d []byte
603 keyID *string
604 keyOps *KeyOperationList
605 keyUsage *string
606 x []byte
607 x509CertChain *CertificateChain
608 x509CertThumbprint *string
609 x509CertThumbprintS256 *string
610 x509URL *string
611 y []byte
612 privateParams map[string]interface{}
613 mu *sync.RWMutex
614 dc json.DecodeCtx
615 }
616
617 func NewECDSAPrivateKey() ECDSAPrivateKey {
618 return newECDSAPrivateKey()
619 }
620
621 func newECDSAPrivateKey() *ecdsaPrivateKey {
622 return &ecdsaPrivateKey{
623 mu: &sync.RWMutex{},
624 privateParams: make(map[string]interface{}),
625 }
626 }
627
628 func (h ecdsaPrivateKey) KeyType() jwa.KeyType {
629 return jwa.EC
630 }
631
632 func (h *ecdsaPrivateKey) Algorithm() string {
633 if h.algorithm != nil {
634 return *(h.algorithm)
635 }
636 return ""
637 }
638
639 func (h *ecdsaPrivateKey) Crv() jwa.EllipticCurveAlgorithm {
640 if h.crv != nil {
641 return *(h.crv)
642 }
643 return jwa.InvalidEllipticCurve
644 }
645
646 func (h *ecdsaPrivateKey) D() []byte {
647 return h.d
648 }
649
650 func (h *ecdsaPrivateKey) KeyID() string {
651 if h.keyID != nil {
652 return *(h.keyID)
653 }
654 return ""
655 }
656
657 func (h *ecdsaPrivateKey) KeyOps() KeyOperationList {
658 if h.keyOps != nil {
659 return *(h.keyOps)
660 }
661 return nil
662 }
663
664 func (h *ecdsaPrivateKey) KeyUsage() string {
665 if h.keyUsage != nil {
666 return *(h.keyUsage)
667 }
668 return ""
669 }
670
671 func (h *ecdsaPrivateKey) X() []byte {
672 return h.x
673 }
674
675 func (h *ecdsaPrivateKey) X509CertChain() []*x509.Certificate {
676 if h.x509CertChain != nil {
677 return h.x509CertChain.Get()
678 }
679 return nil
680 }
681
682 func (h *ecdsaPrivateKey) X509CertThumbprint() string {
683 if h.x509CertThumbprint != nil {
684 return *(h.x509CertThumbprint)
685 }
686 return ""
687 }
688
689 func (h *ecdsaPrivateKey) X509CertThumbprintS256() string {
690 if h.x509CertThumbprintS256 != nil {
691 return *(h.x509CertThumbprintS256)
692 }
693 return ""
694 }
695
696 func (h *ecdsaPrivateKey) X509URL() string {
697 if h.x509URL != nil {
698 return *(h.x509URL)
699 }
700 return ""
701 }
702
703 func (h *ecdsaPrivateKey) Y() []byte {
704 return h.y
705 }
706
707 func (h *ecdsaPrivateKey) makePairs() []*HeaderPair {
708 h.mu.RLock()
709 defer h.mu.RUnlock()
710
711 var pairs []*HeaderPair
712 pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.EC})
713 if h.algorithm != nil {
714 pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
715 }
716 if h.crv != nil {
717 pairs = append(pairs, &HeaderPair{Key: ECDSACrvKey, Value: *(h.crv)})
718 }
719 if h.d != nil {
720 pairs = append(pairs, &HeaderPair{Key: ECDSADKey, Value: h.d})
721 }
722 if h.keyID != nil {
723 pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
724 }
725 if h.keyOps != nil {
726 pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
727 }
728 if h.keyUsage != nil {
729 pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
730 }
731 if h.x != nil {
732 pairs = append(pairs, &HeaderPair{Key: ECDSAXKey, Value: h.x})
733 }
734 if h.x509CertChain != nil {
735 pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: *(h.x509CertChain)})
736 }
737 if h.x509CertThumbprint != nil {
738 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
739 }
740 if h.x509CertThumbprintS256 != nil {
741 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
742 }
743 if h.x509URL != nil {
744 pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
745 }
746 if h.y != nil {
747 pairs = append(pairs, &HeaderPair{Key: ECDSAYKey, Value: h.y})
748 }
749 for k, v := range h.privateParams {
750 pairs = append(pairs, &HeaderPair{Key: k, Value: v})
751 }
752 return pairs
753 }
754
755 func (h *ecdsaPrivateKey) PrivateParams() map[string]interface{} {
756 return h.privateParams
757 }
758
759 func (h *ecdsaPrivateKey) Get(name string) (interface{}, bool) {
760 h.mu.RLock()
761 defer h.mu.RUnlock()
762 switch name {
763 case KeyTypeKey:
764 return h.KeyType(), true
765 case AlgorithmKey:
766 if h.algorithm == nil {
767 return nil, false
768 }
769 return *(h.algorithm), true
770 case ECDSACrvKey:
771 if h.crv == nil {
772 return nil, false
773 }
774 return *(h.crv), true
775 case ECDSADKey:
776 if h.d == nil {
777 return nil, false
778 }
779 return h.d, true
780 case KeyIDKey:
781 if h.keyID == nil {
782 return nil, false
783 }
784 return *(h.keyID), true
785 case KeyOpsKey:
786 if h.keyOps == nil {
787 return nil, false
788 }
789 return *(h.keyOps), true
790 case KeyUsageKey:
791 if h.keyUsage == nil {
792 return nil, false
793 }
794 return *(h.keyUsage), true
795 case ECDSAXKey:
796 if h.x == nil {
797 return nil, false
798 }
799 return h.x, true
800 case X509CertChainKey:
801 if h.x509CertChain == nil {
802 return nil, false
803 }
804 return h.x509CertChain.Get(), true
805 case X509CertThumbprintKey:
806 if h.x509CertThumbprint == nil {
807 return nil, false
808 }
809 return *(h.x509CertThumbprint), true
810 case X509CertThumbprintS256Key:
811 if h.x509CertThumbprintS256 == nil {
812 return nil, false
813 }
814 return *(h.x509CertThumbprintS256), true
815 case X509URLKey:
816 if h.x509URL == nil {
817 return nil, false
818 }
819 return *(h.x509URL), true
820 case ECDSAYKey:
821 if h.y == nil {
822 return nil, false
823 }
824 return h.y, true
825 default:
826 v, ok := h.privateParams[name]
827 return v, ok
828 }
829 }
830
831 func (h *ecdsaPrivateKey) Set(name string, value interface{}) error {
832 h.mu.Lock()
833 defer h.mu.Unlock()
834 return h.setNoLock(name, value)
835 }
836
837 func (h *ecdsaPrivateKey) setNoLock(name string, value interface{}) error {
838 switch name {
839 case "kty":
840 return nil
841 case AlgorithmKey:
842 switch v := value.(type) {
843 case string:
844 h.algorithm = &v
845 case fmt.Stringer:
846 tmp := v.String()
847 h.algorithm = &tmp
848 default:
849 return errors.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
850 }
851 return nil
852 case ECDSACrvKey:
853 if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
854 h.crv = &v
855 return nil
856 }
857 return errors.Errorf(`invalid value for %s key: %T`, ECDSACrvKey, value)
858 case ECDSADKey:
859 if v, ok := value.([]byte); ok {
860 h.d = v
861 return nil
862 }
863 return errors.Errorf(`invalid value for %s key: %T`, ECDSADKey, value)
864 case KeyIDKey:
865 if v, ok := value.(string); ok {
866 h.keyID = &v
867 return nil
868 }
869 return errors.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
870 case KeyOpsKey:
871 var acceptor KeyOperationList
872 if err := acceptor.Accept(value); err != nil {
873 return errors.Wrapf(err, `invalid value for %s key`, KeyOpsKey)
874 }
875 h.keyOps = &acceptor
876 return nil
877 case KeyUsageKey:
878 switch v := value.(type) {
879 case KeyUsageType:
880 switch v {
881 case ForSignature, ForEncryption:
882 tmp := v.String()
883 h.keyUsage = &tmp
884 default:
885 return errors.Errorf(`invalid key usage type %s`, v)
886 }
887 case string:
888 h.keyUsage = &v
889 default:
890 return errors.Errorf(`invalid key usage type %s`, v)
891 }
892 case ECDSAXKey:
893 if v, ok := value.([]byte); ok {
894 h.x = v
895 return nil
896 }
897 return errors.Errorf(`invalid value for %s key: %T`, ECDSAXKey, value)
898 case X509CertChainKey:
899 var acceptor CertificateChain
900 if err := acceptor.Accept(value); err != nil {
901 return errors.Wrapf(err, `invalid value for %s key`, X509CertChainKey)
902 }
903 h.x509CertChain = &acceptor
904 return nil
905 case X509CertThumbprintKey:
906 if v, ok := value.(string); ok {
907 h.x509CertThumbprint = &v
908 return nil
909 }
910 return errors.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
911 case X509CertThumbprintS256Key:
912 if v, ok := value.(string); ok {
913 h.x509CertThumbprintS256 = &v
914 return nil
915 }
916 return errors.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
917 case X509URLKey:
918 if v, ok := value.(string); ok {
919 h.x509URL = &v
920 return nil
921 }
922 return errors.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
923 case ECDSAYKey:
924 if v, ok := value.([]byte); ok {
925 h.y = v
926 return nil
927 }
928 return errors.Errorf(`invalid value for %s key: %T`, ECDSAYKey, value)
929 default:
930 if h.privateParams == nil {
931 h.privateParams = map[string]interface{}{}
932 }
933 h.privateParams[name] = value
934 }
935 return nil
936 }
937
938 func (k *ecdsaPrivateKey) Remove(key string) error {
939 k.mu.Lock()
940 defer k.mu.Unlock()
941 switch key {
942 case AlgorithmKey:
943 k.algorithm = nil
944 case ECDSACrvKey:
945 k.crv = nil
946 case ECDSADKey:
947 k.d = nil
948 case KeyIDKey:
949 k.keyID = nil
950 case KeyOpsKey:
951 k.keyOps = nil
952 case KeyUsageKey:
953 k.keyUsage = nil
954 case ECDSAXKey:
955 k.x = nil
956 case X509CertChainKey:
957 k.x509CertChain = nil
958 case X509CertThumbprintKey:
959 k.x509CertThumbprint = nil
960 case X509CertThumbprintS256Key:
961 k.x509CertThumbprintS256 = nil
962 case X509URLKey:
963 k.x509URL = nil
964 case ECDSAYKey:
965 k.y = nil
966 default:
967 delete(k.privateParams, key)
968 }
969 return nil
970 }
971
972 func (k *ecdsaPrivateKey) Clone() (Key, error) {
973 return cloneKey(k)
974 }
975
976 func (k *ecdsaPrivateKey) DecodeCtx() json.DecodeCtx {
977 k.mu.RLock()
978 defer k.mu.RUnlock()
979 return k.dc
980 }
981
982 func (k *ecdsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
983 k.mu.Lock()
984 defer k.mu.Unlock()
985 k.dc = dc
986 }
987
988 func (h *ecdsaPrivateKey) UnmarshalJSON(buf []byte) error {
989 h.algorithm = nil
990 h.crv = nil
991 h.d = nil
992 h.keyID = nil
993 h.keyOps = nil
994 h.keyUsage = nil
995 h.x = nil
996 h.x509CertChain = nil
997 h.x509CertThumbprint = nil
998 h.x509CertThumbprintS256 = nil
999 h.x509URL = nil
1000 h.y = nil
1001 dec := json.NewDecoder(bytes.NewReader(buf))
1002 LOOP:
1003 for {
1004 tok, err := dec.Token()
1005 if err != nil {
1006 return errors.Wrap(err, `error reading token`)
1007 }
1008 switch tok := tok.(type) {
1009 case json.Delim:
1010
1011
1012 if tok == '}' {
1013 break LOOP
1014 } else if tok != '{' {
1015 return errors.Errorf(`expected '{', but got '%c'`, tok)
1016 }
1017 case string:
1018 switch tok {
1019 case KeyTypeKey:
1020 val, err := json.ReadNextStringToken(dec)
1021 if err != nil {
1022 return errors.Wrap(err, `error reading token`)
1023 }
1024 if val != jwa.EC.String() {
1025 return errors.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
1026 }
1027 case AlgorithmKey:
1028 if err := json.AssignNextStringToken(&h.algorithm, dec); err != nil {
1029 return errors.Wrapf(err, `failed to decode value for key %s`, AlgorithmKey)
1030 }
1031 case ECDSACrvKey:
1032 var decoded jwa.EllipticCurveAlgorithm
1033 if err := dec.Decode(&decoded); err != nil {
1034 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSACrvKey)
1035 }
1036 h.crv = &decoded
1037 case ECDSADKey:
1038 if err := json.AssignNextBytesToken(&h.d, dec); err != nil {
1039 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSADKey)
1040 }
1041 case KeyIDKey:
1042 if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
1043 return errors.Wrapf(err, `failed to decode value for key %s`, KeyIDKey)
1044 }
1045 case KeyOpsKey:
1046 var decoded KeyOperationList
1047 if err := dec.Decode(&decoded); err != nil {
1048 return errors.Wrapf(err, `failed to decode value for key %s`, KeyOpsKey)
1049 }
1050 h.keyOps = &decoded
1051 case KeyUsageKey:
1052 if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
1053 return errors.Wrapf(err, `failed to decode value for key %s`, KeyUsageKey)
1054 }
1055 case ECDSAXKey:
1056 if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
1057 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSAXKey)
1058 }
1059 case X509CertChainKey:
1060 var decoded CertificateChain
1061 if err := dec.Decode(&decoded); err != nil {
1062 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertChainKey)
1063 }
1064 h.x509CertChain = &decoded
1065 case X509CertThumbprintKey:
1066 if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
1067 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertThumbprintKey)
1068 }
1069 case X509CertThumbprintS256Key:
1070 if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
1071 return errors.Wrapf(err, `failed to decode value for key %s`, X509CertThumbprintS256Key)
1072 }
1073 case X509URLKey:
1074 if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
1075 return errors.Wrapf(err, `failed to decode value for key %s`, X509URLKey)
1076 }
1077 case ECDSAYKey:
1078 if err := json.AssignNextBytesToken(&h.y, dec); err != nil {
1079 return errors.Wrapf(err, `failed to decode value for key %s`, ECDSAYKey)
1080 }
1081 default:
1082 if dc := h.dc; dc != nil {
1083 if localReg := dc.Registry(); localReg != nil {
1084 decoded, err := localReg.Decode(dec, tok)
1085 if err == nil {
1086 h.setNoLock(tok, decoded)
1087 continue
1088 }
1089 }
1090 }
1091 decoded, err := registry.Decode(dec, tok)
1092 if err == nil {
1093 h.setNoLock(tok, decoded)
1094 continue
1095 }
1096 return errors.Wrapf(err, `could not decode field %s`, tok)
1097 }
1098 default:
1099 return errors.Errorf(`invalid token %T`, tok)
1100 }
1101 }
1102 if h.crv == nil {
1103 return errors.Errorf(`required field crv is missing`)
1104 }
1105 if h.d == nil {
1106 return errors.Errorf(`required field d is missing`)
1107 }
1108 if h.x == nil {
1109 return errors.Errorf(`required field x is missing`)
1110 }
1111 if h.y == nil {
1112 return errors.Errorf(`required field y is missing`)
1113 }
1114 return nil
1115 }
1116
1117 func (h ecdsaPrivateKey) MarshalJSON() ([]byte, error) {
1118 data := make(map[string]interface{})
1119 fields := make([]string, 0, 12)
1120 for _, pair := range h.makePairs() {
1121 fields = append(fields, pair.Key.(string))
1122 data[pair.Key.(string)] = pair.Value
1123 }
1124
1125 sort.Strings(fields)
1126 buf := pool.GetBytesBuffer()
1127 defer pool.ReleaseBytesBuffer(buf)
1128 buf.WriteByte('{')
1129 enc := json.NewEncoder(buf)
1130 for i, f := range fields {
1131 if i > 0 {
1132 buf.WriteRune(',')
1133 }
1134 buf.WriteRune('"')
1135 buf.WriteString(f)
1136 buf.WriteString(`":`)
1137 v := data[f]
1138 switch v := v.(type) {
1139 case []byte:
1140 buf.WriteRune('"')
1141 buf.WriteString(base64.EncodeToString(v))
1142 buf.WriteRune('"')
1143 default:
1144 if err := enc.Encode(v); err != nil {
1145 return nil, errors.Wrapf(err, `failed to encode value for field %s`, f)
1146 }
1147 buf.Truncate(buf.Len() - 1)
1148 }
1149 }
1150 buf.WriteByte('}')
1151 ret := make([]byte, buf.Len())
1152 copy(ret, buf.Bytes())
1153 return ret, nil
1154 }
1155
1156 func (h *ecdsaPrivateKey) Iterate(ctx context.Context) HeaderIterator {
1157 pairs := h.makePairs()
1158 ch := make(chan *HeaderPair, len(pairs))
1159 go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
1160 defer close(ch)
1161 for _, pair := range pairs {
1162 select {
1163 case <-ctx.Done():
1164 return
1165 case ch <- pair:
1166 }
1167 }
1168 }(ctx, ch, pairs)
1169 return mapiter.New(ch)
1170 }
1171
1172 func (h *ecdsaPrivateKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
1173 return iter.WalkMap(ctx, h, visitor)
1174 }
1175
1176 func (h *ecdsaPrivateKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
1177 return iter.AsMap(ctx, h)
1178 }
1179
View as plain text