168 lines
6.4 KiB
YAML
168 lines
6.4 KiB
YAML
package_name: jws
|
|
output: jws/options_gen.go
|
|
interfaces:
|
|
- name: CompactOption
|
|
comment: |
|
|
CompactOption describes options that can be passed to `jws.Compact`
|
|
- name: VerifyOption
|
|
comment: |
|
|
VerifyOption describes options that can be passed to `jws.Verify`
|
|
- name: SignOption
|
|
comment: |
|
|
SignOption describes options that can be passed to `jws.Sign`
|
|
- name: SignVerifyOption
|
|
methods:
|
|
- signOption
|
|
- verifyOption
|
|
comment: |
|
|
SignVerifyOption describes options that can be passed to either `jws.Verify` or `jws.Sign`
|
|
- name: WithJSONSuboption
|
|
concrete_type: withJSONSuboption
|
|
comment: |
|
|
JSONSuboption describes suboptions that can be passed to `jws.WithJSON()` option
|
|
- name: WithKeySuboption
|
|
comment: |
|
|
WithKeySuboption describes option types that can be passed to the `jws.WithKey()`
|
|
option.
|
|
- name: WithKeySetSuboption
|
|
comment: |
|
|
WithKeySetSuboption is a suboption passed to the `jws.WithKeySet()` option
|
|
- name: ParseOption
|
|
methods:
|
|
- readFileOption
|
|
comment: |
|
|
ReadFileOption is a type of `Option` that can be passed to `jwe.Parse`
|
|
- name: ReadFileOption
|
|
comment: |
|
|
ReadFileOption is a type of `Option` that can be passed to `jws.ReadFile`
|
|
options:
|
|
- ident: Key
|
|
skip_option: true
|
|
- ident: Serialization
|
|
skip_option: true
|
|
- ident: Serialization
|
|
option_name: WithCompact
|
|
interface: SignOption
|
|
constant_value: fmtCompact
|
|
comment: |
|
|
WithCompact specifies that the result of `jws.Sign()` is serialized in
|
|
compact format.
|
|
|
|
By default `jws.Sign()` will opt to use compact format, so you usually
|
|
do not need to specify this option other than to be explicit about it
|
|
- ident: Detached
|
|
interface: CompactOption
|
|
argument_type: bool
|
|
comment: |
|
|
WithDetached specifies that the `jws.Message` should be serialized in
|
|
JWS compact serialization with detached payload. The resulting octet
|
|
sequence will not contain the payload section.
|
|
- ident: DetachedPayload
|
|
interface: SignVerifyOption
|
|
argument_type: '[]byte'
|
|
comment: |
|
|
WithDetachedPayload can be used to both sign or verify a JWS message with a
|
|
detached payload.
|
|
|
|
When this option is used for `jws.Sign()`, the first parameter (normally the payload)
|
|
must be set to `nil`.
|
|
|
|
If you have to verify using this option, you should know exactly how and why this works.
|
|
- ident: Message
|
|
interface: VerifyOption
|
|
argument_type: '*Message'
|
|
comment: |
|
|
WithMessage can be passed to Verify() to obtain the jws.Message upon
|
|
a successful verification.
|
|
- ident: KeyUsed
|
|
interface: VerifyOption
|
|
argument_type: 'interface{}'
|
|
comment: |
|
|
WithKeyUsed allows you to specify the `jws.Verify()` function to
|
|
return the key used for verification. This may be useful when
|
|
you specify multiple key sources or if you pass a `jwk.Set`
|
|
and you want to know which key was successful at verifying the
|
|
signature.
|
|
|
|
`v` must be a pointer to an empty `interface{}`. Do not use
|
|
`jwk.Key` here unless you are 100% sure that all keys that you
|
|
have provided are instances of `jwk.Key` (remember that the
|
|
jwx API allows users to specify a raw key such as *rsa.PublicKey)
|
|
- ident: InferAlgorithmFromKey
|
|
interface: WithKeySetSuboption
|
|
argument_type: bool
|
|
comment: |
|
|
WithInferAlgorithmFromKey specifies whether the JWS signing algorithm name
|
|
should be inferred by looking at the provided key, in case the JWS
|
|
message or the key does not have a proper `alg` header.
|
|
|
|
Compared to providing explicit `alg` from the key this is slower, and
|
|
verification may fail to verify if some how our heuristics are wrong
|
|
or outdated.
|
|
|
|
Also, automatic detection of signature verification methods are always
|
|
more vulnerable for potential attack vectors.
|
|
|
|
It is highly recommended that you fix your key to contain a proper `alg`
|
|
header field instead of resorting to using this option, but sometimes
|
|
it just needs to happen.
|
|
- ident: UseDefault
|
|
interface: WithKeySetSuboption
|
|
argument_type: bool
|
|
comment: |
|
|
WithUseDefault specifies that if and only if a jwk.Key contains
|
|
exactly one jwk.Key, that tkey should be used.
|
|
(I think this should be removed)
|
|
- ident: RequireKid
|
|
interface: WithKeySetSuboption
|
|
argument_type: bool
|
|
comment: |
|
|
WithRequiredKid specifies whether the keys in the jwk.Set should
|
|
only be matched if the target JWS message's Key ID and the Key ID
|
|
in the given key matches.
|
|
- ident: MultipleKeysPerKeyID
|
|
interface: WithKeySetSuboption
|
|
argument_type: bool
|
|
comment: |
|
|
WithMultipleKeysPerKeyID specifies if we should expect multiple keys
|
|
to match against a key ID. By default it is assumed that key IDs are
|
|
unique, i.e. for a given key ID, the key set only contains a single
|
|
key that has the matching ID. When this option is set to true,
|
|
multiple keys that match the same key ID in the set can be tried.
|
|
- ident: Pretty
|
|
interface: WithJSONSuboption
|
|
argument_type: bool
|
|
comment: |
|
|
WithPretty specifies whether the JSON output should be formatted and
|
|
indented
|
|
- ident: KeyProvider
|
|
interface: VerifyOption
|
|
argument_type: KeyProvider
|
|
- ident: Context
|
|
interface: VerifyOption
|
|
argument_type: context.Context
|
|
- ident: ProtectedHeaders
|
|
interface: WithKeySuboption
|
|
argument_type: Headers
|
|
comment: |
|
|
WithProtected is used with `jws.WithKey()` option when used with `jws.Sign()`
|
|
to specify a protected header to be attached to the JWS signature.
|
|
|
|
It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
|
|
- ident: PublicHeaders
|
|
interface: WithKeySuboption
|
|
argument_type: Headers
|
|
comment: |
|
|
WithPublic is used with `jws.WithKey()` option when used with `jws.Sign()`
|
|
to specify a public header to be attached to the JWS signature.
|
|
|
|
It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
|
|
|
|
`jws.Sign()` will result in an error if `jws.WithPublic()` is used
|
|
and the serialization format is compact serialization.
|
|
- ident: FS
|
|
interface: ReadFileOption
|
|
argument_type: fs.FS
|
|
comment: |
|
|
WithFS specifies the source `fs.FS` object to read the file from.
|