forked from ThalesGroup/gose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
interfaces.go
159 lines (139 loc) · 5.66 KB
/
interfaces.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
// Copyright 2019 Thales e-Security, Inc
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
package gose
import (
"crypto"
"crypto/x509"
"fmt"
"github.com/ThalesIgnite/gose/jose"
)
//InvalidFormat is an interface for handling invalid format errors
type InvalidFormat struct {
what string
}
func (err *InvalidFormat) Error() string {
return fmt.Sprintf("Invalid format: %s", err.what)
}
// Algorithmed is an interface that exposes which algorithm a type can be used
// with.
type Algorithmed interface {
Algorithm() jose.Alg
}
// Key is an interface representing a cryptographic key.
type Key interface {
// Kid returns the identity of the key.
Kid() string
}
// MarshalableKey is an interface representing a key that can be marshaled into a JWK.
type MarshalableKey interface {
// Jwk returns the Key as a JSON Web Key.
Jwk() (jose.Jwk, error)
// Marshal marshals a key to it's compact JWK string representation.
Marshal() (string, error)
}
// CertifiableKey is an interface representing a key that can have an associated certificate and PEM representation.
type CertifiableKey interface {
// MarshalPem marshals a key to it's PEM representation.
MarshalPem() (string, error)
// Certificates returns the certificate chain for the given key.
Certificates() []*x509.Certificate
}
// SigningKey interface implementers both digest and signing of data.
type SigningKey interface {
Key
MarshalableKey
CertifiableKey
Algorithmed
// Key returns the underlying key used to sign
Key() crypto.Signer
// Sign digest and sign the given data.
Sign(jose.KeyOps, []byte) ([]byte, error)
// Verifier get the matching verification key.
Verifier() (VerificationKey, error)
}
// VerificationKey implements verification of a cryptographic signature.
type VerificationKey interface {
Key
MarshalableKey
CertifiableKey
Algorithmed
// Verify verifies the operation being performed is supported and
// that the signature is derived from the data.
Verify(operation jose.KeyOps, data []byte, signature []byte) bool
}
// AsymmetricEncryptionKey implements encryption using an asymmetric key.
type AsymmetricEncryptionKey interface {
Key
MarshalableKey
CertifiableKey
Algorithmed
Encrypt(jose.KeyOps, []byte) ([]byte, error)
}
// AsymmetricDecryptionKey provides asymmetric decryption (private key) capabilities.
type AsymmetricDecryptionKey interface {
Key
Algorithmed
Decrypt(jose.KeyOps, []byte) ([]byte, error)
// Encryptor get the matching encryption key.
Encryptor() (AsymmetricEncryptionKey, error)
}
// AuthenticatedEncryptionKey implements authenticated encryption and decryption.
type AuthenticatedEncryptionKey interface {
Key
Algorithmed
// GenerateNonce generates a nonce of the correct size for use in Sealinging operations.
GenerateNonce() ([]byte, error)
// Seal the given plaintext returning ciphertext and authentication tag.
Seal(operation jose.KeyOps, nonce, plaintext, aad []byte) (ciphertext, tag []byte, err error)
// Open and validate the given ciphertext and tag returning the plaintext.
Open(operation jose.KeyOps, nonce, ciphertext, aad, tag []byte) (plaintext []byte, err error)
}
// JwtSigner implements generation of signed compact JWTs as defined by https://tools.ietf.org/html/rfc7519.
type JwtSigner interface {
// Issuer returns the identity of the issuing authority
Issuer() string
// Sign signs a set of claims returning a serialized JWT.
Sign(claims *jose.SettableJwtClaims, untyped map[string]interface{}) (string, error)
}
// JwtVerifier implements verification of signed compact JWTs as defined by https://tools.ietf.org/html/rfc7519.
type JwtVerifier interface {
// Verify verifies a JWT is a valid jwt where the caller can specify a number of allowable audiences.
Verify(jwt string, audience []string) (kid string, claims *jose.JwtClaims, err error)
}
// TrustStore provides the ability to manage trusted root public keys for use when verifying cryptographic
// signatures.
type TrustStore interface {
Add(issuer string, jwk jose.Jwk) error
Remove(issuer, kid string) bool
Get(issuer, kid string) (vk VerificationKey, err error)
}
// AsymmetricDecryptionKeyStore provides the ability to access asymmetric decryption keys.
type AsymmetricDecryptionKeyStore interface {
Get(kid string) (k AsymmetricDecryptionKey, err error)
}
// JweEncryptor implements encryption of arbitary plaintext into a compact JWE as defined by https://tools.ietf.org/html/rfc7516.
type JweEncryptor interface {
Encrypt(plaintext, aad []byte) (string, error)
}
// JweDecryptor implements decryption and verification of a given ciphertext and aad to a plaintext as defined by https://tools.ietf.org/html/rfc7516.
type JweDecryptor interface {
Decrypt(jwe string) (plaintext, aad []byte, err error)
}