File: signature_gen.go

package info (click to toggle)
golang-github-lestrrat-go-jwx 2.1.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,872 kB
  • sloc: sh: 222; makefile: 86; perl: 62
file content (162 lines) | stat: -rw-r--r-- 6,247 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 
// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.

package jwa

import (
	"fmt"
	"sort"
	"sync"
)

// SignatureAlgorithm represents the various signature algorithms as described in https://tools.ietf.org/html/rfc7518#section-3.1
type SignatureAlgorithm string

// Supported values for SignatureAlgorithm
const (
	ES256       SignatureAlgorithm = "ES256"  // ECDSA using P-256 and SHA-256
	ES256K      SignatureAlgorithm = "ES256K" // ECDSA using secp256k1 and SHA-256
	ES384       SignatureAlgorithm = "ES384"  // ECDSA using P-384 and SHA-384
	ES512       SignatureAlgorithm = "ES512"  // ECDSA using P-521 and SHA-512
	EdDSA       SignatureAlgorithm = "EdDSA"  // EdDSA signature algorithms
	HS256       SignatureAlgorithm = "HS256"  // HMAC using SHA-256
	HS384       SignatureAlgorithm = "HS384"  // HMAC using SHA-384
	HS512       SignatureAlgorithm = "HS512"  // HMAC using SHA-512
	NoSignature SignatureAlgorithm = "none"
	PS256       SignatureAlgorithm = "PS256" // RSASSA-PSS using SHA256 and MGF1-SHA256
	PS384       SignatureAlgorithm = "PS384" // RSASSA-PSS using SHA384 and MGF1-SHA384
	PS512       SignatureAlgorithm = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512
	RS256       SignatureAlgorithm = "RS256" // RSASSA-PKCS-v1.5 using SHA-256
	RS384       SignatureAlgorithm = "RS384" // RSASSA-PKCS-v1.5 using SHA-384
	RS512       SignatureAlgorithm = "RS512" // RSASSA-PKCS-v1.5 using SHA-512
)

var muSignatureAlgorithms sync.RWMutex
var allSignatureAlgorithms map[SignatureAlgorithm]struct{}
var listSignatureAlgorithm []SignatureAlgorithm
var symmetricSignatureAlgorithms map[SignatureAlgorithm]struct{}

func init() {
	muSignatureAlgorithms.Lock()
	defer muSignatureAlgorithms.Unlock()
	allSignatureAlgorithms = make(map[SignatureAlgorithm]struct{})
	allSignatureAlgorithms[ES256] = struct{}{}
	allSignatureAlgorithms[ES256K] = struct{}{}
	allSignatureAlgorithms[ES384] = struct{}{}
	allSignatureAlgorithms[ES512] = struct{}{}
	allSignatureAlgorithms[EdDSA] = struct{}{}
	allSignatureAlgorithms[HS256] = struct{}{}
	allSignatureAlgorithms[HS384] = struct{}{}
	allSignatureAlgorithms[HS512] = struct{}{}
	allSignatureAlgorithms[NoSignature] = struct{}{}
	allSignatureAlgorithms[PS256] = struct{}{}
	allSignatureAlgorithms[PS384] = struct{}{}
	allSignatureAlgorithms[PS512] = struct{}{}
	allSignatureAlgorithms[RS256] = struct{}{}
	allSignatureAlgorithms[RS384] = struct{}{}
	allSignatureAlgorithms[RS512] = struct{}{}
	symmetricSignatureAlgorithms = make(map[SignatureAlgorithm]struct{})
	symmetricSignatureAlgorithms[HS256] = struct{}{}
	symmetricSignatureAlgorithms[HS384] = struct{}{}
	symmetricSignatureAlgorithms[HS512] = struct{}{}
	rebuildSignatureAlgorithm()
}

// RegisterSignatureAlgorithm registers a new SignatureAlgorithm so that the jwx can properly handle the new value.
// Duplicates will silently be ignored
func RegisterSignatureAlgorithm(v SignatureAlgorithm) {
	RegisterSignatureAlgorithmWithOptions(v)
}

// RegisterSignatureAlgorithmWithOptions is the same as RegisterSignatureAlgorithm when used without options,
// but allows its behavior to change based on the provided options.
// This is an experimental AND stopgap function which will most likely be merged in RegisterSignatureAlgorithm, and subsequently removed in the future. As such it should not be considered part of the stable API -- it is still subject to change.
//
// You can pass `WithSymmetricAlgorithm(true)` to let the library know that it's a symmetric algorithm. This library makes no attempt to verify if the algorithm is indeed symmetric or not.
func RegisterSignatureAlgorithmWithOptions(v SignatureAlgorithm, options ...RegisterAlgorithmOption) {
	var symmetric bool
	//nolint:forcetypeassert
	for _, option := range options {
		switch option.Ident() {
		case identSymmetricAlgorithm{}:
			symmetric = option.Value().(bool)
		}
	}
	muSignatureAlgorithms.Lock()
	defer muSignatureAlgorithms.Unlock()
	if _, ok := allSignatureAlgorithms[v]; !ok {
		allSignatureAlgorithms[v] = struct{}{}
		if symmetric {
			symmetricSignatureAlgorithms[v] = struct{}{}
		}
		rebuildSignatureAlgorithm()
	}
}

// UnregisterSignatureAlgorithm unregisters a SignatureAlgorithm from its known database.
// Non-existent entries will silently be ignored
func UnregisterSignatureAlgorithm(v SignatureAlgorithm) {
	muSignatureAlgorithms.Lock()
	defer muSignatureAlgorithms.Unlock()
	if _, ok := allSignatureAlgorithms[v]; ok {
		delete(allSignatureAlgorithms, v)
		if _, ok := symmetricSignatureAlgorithms[v]; ok {
			delete(symmetricSignatureAlgorithms, v)
		}
		rebuildSignatureAlgorithm()
	}
}

func rebuildSignatureAlgorithm() {
	listSignatureAlgorithm = make([]SignatureAlgorithm, 0, len(allSignatureAlgorithms))
	for v := range allSignatureAlgorithms {
		listSignatureAlgorithm = append(listSignatureAlgorithm, v)
	}
	sort.Slice(listSignatureAlgorithm, func(i, j int) bool {
		return string(listSignatureAlgorithm[i]) < string(listSignatureAlgorithm[j])
	})
}

// SignatureAlgorithms returns a list of all available values for SignatureAlgorithm
func SignatureAlgorithms() []SignatureAlgorithm {
	muSignatureAlgorithms.RLock()
	defer muSignatureAlgorithms.RUnlock()
	return listSignatureAlgorithm
}

// Accept is used when conversion from values given by
// outside sources (such as JSON payloads) is required
func (v *SignatureAlgorithm) Accept(value interface{}) error {
	var tmp SignatureAlgorithm
	if x, ok := value.(SignatureAlgorithm); ok {
		tmp = x
	} else {
		var s string
		switch x := value.(type) {
		case fmt.Stringer:
			s = x.String()
		case string:
			s = x
		default:
			return fmt.Errorf(`invalid type for jwa.SignatureAlgorithm: %T`, value)
		}
		tmp = SignatureAlgorithm(s)
	}
	if _, ok := allSignatureAlgorithms[tmp]; !ok {
		return fmt.Errorf(`invalid jwa.SignatureAlgorithm value`)
	}

	*v = tmp
	return nil
}

// String returns the string representation of a SignatureAlgorithm
func (v SignatureAlgorithm) String() string {
	return string(v)
}

// IsSymmetric returns true if the algorithm is a symmetric type.
// Keep in mind that the NoSignature algorithm is neither a symmetric nor an asymmetric algorithm.
func (v SignatureAlgorithm) IsSymmetric() bool {
	_, ok := symmetricSignatureAlgorithms[v]
	return ok
}