120 lines
3.2 KiB
Go
120 lines
3.2 KiB
Go
package jws
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/lestrrat-go/backoff/v2"
|
|
"github.com/lestrrat-go/jwx/jwk"
|
|
"github.com/lestrrat-go/option"
|
|
)
|
|
|
|
type Option = option.Interface
|
|
|
|
type identPayloadSigner struct{}
|
|
type identDetachedPayload struct{}
|
|
type identHeaders struct{}
|
|
type identMessage struct{}
|
|
type identFetchBackoff struct{}
|
|
type identFetchWhitelist struct{}
|
|
type identHTTPClient struct{}
|
|
type identJWKSetFetcher struct{}
|
|
|
|
func WithSigner(signer Signer, key interface{}, public, protected Headers) Option {
|
|
return option.New(identPayloadSigner{}, &payloadSigner{
|
|
signer: signer,
|
|
key: key,
|
|
protected: protected,
|
|
public: public,
|
|
})
|
|
}
|
|
|
|
type SignOption interface {
|
|
Option
|
|
signOption()
|
|
}
|
|
|
|
type signOption struct {
|
|
Option
|
|
}
|
|
|
|
func (*signOption) signOption() {}
|
|
|
|
// WithHeaders allows you to specify extra header values to include in the
|
|
// final JWS message
|
|
func WithHeaders(h Headers) SignOption {
|
|
return &signOption{option.New(identHeaders{}, h)}
|
|
}
|
|
|
|
// VerifyOption describes an option that can be passed to the jws.Verify function
|
|
type VerifyOption interface {
|
|
Option
|
|
verifyOption()
|
|
}
|
|
|
|
type verifyOption struct {
|
|
Option
|
|
}
|
|
|
|
func (*verifyOption) verifyOption() {}
|
|
|
|
// WithMessage can be passed to Verify() to obtain the jws.Message upon
|
|
// a successful verification.
|
|
func WithMessage(m *Message) VerifyOption {
|
|
return &verifyOption{option.New(identMessage{}, m)}
|
|
}
|
|
|
|
type SignVerifyOption interface {
|
|
SignOption
|
|
VerifyOption
|
|
}
|
|
|
|
type signVerifyOption struct {
|
|
Option
|
|
}
|
|
|
|
func (*signVerifyOption) signOption() {}
|
|
func (*signVerifyOption) verifyOption() {}
|
|
|
|
// WithDetachedPayload can be used to both sign or verify a JWS message with a
|
|
// detached payload.
|
|
//
|
|
// When this option is used for `jws.Sign()`, the first parameter (normally the payload)
|
|
// must be set to `nil`.
|
|
//
|
|
// If you have to verify using this option, you should know exactly how and why this works.
|
|
func WithDetachedPayload(v []byte) SignVerifyOption {
|
|
return &signVerifyOption{option.New(identDetachedPayload{}, v)}
|
|
}
|
|
|
|
// WithFetchWhitelist specifies the whitelist object to be passed
|
|
// to `jwk.Fetch()` when `jws.VerifyAuto()` is used. If you do not
|
|
// specify a whitelist, `jws.VerifyAuto()` will ALWAYS fail.
|
|
//
|
|
// This option is ignored if WithJWKSetFetcher is specified.
|
|
func WithFetchWhitelist(wl jwk.Whitelist) VerifyOption {
|
|
return &verifyOption{option.New(identFetchWhitelist{}, wl)}
|
|
}
|
|
|
|
// WithFetchBackoff specifies the backoff.Policy object to be passed
|
|
// to `jwk.Fetch()` when `jws.VerifyAuto()` is used.
|
|
//
|
|
// This option is ignored if WithJWKSetFetcher is specified.
|
|
func WithFetchBackoff(b backoff.Policy) VerifyOption {
|
|
return &verifyOption{option.New(identFetchBackoff{}, b)}
|
|
}
|
|
|
|
// WithHTTPClient specifies the *http.Client object to be passed
|
|
// to `jwk.Fetch()` when `jws.VerifyAuto()` is used.
|
|
//
|
|
// This option is ignored if WithJWKSetFetcher is specified.
|
|
func WithHTTPClient(httpcl *http.Client) VerifyOption {
|
|
return &verifyOption{option.New(identHTTPClient{}, httpcl)}
|
|
}
|
|
|
|
// WithJWKSetFetcher specifies the JWKSetFetcher object to be
|
|
// used when `jws.VerifyAuto()`, for example, to use `jwk.AutoRefetch`
|
|
// instead of the default `jwk.Fetch()`
|
|
func WithJWKSetFetcher(f JWKSetFetcher) VerifyOption {
|
|
return &verifyOption{option.New(identJWKSetFetcher{}, f)}
|
|
}
|