github.com/lestrrat-go/jwx/v2@v2.0.21/jwe/options.go

github.com/lestrrat-go/jwx/v2@v2.0.21/jwe/options.go (about)

     1  package jwe
     2  
     3  import (
     4  	"context"
     5  
     6  	"github.com/lestrrat-go/jwx/v2/jwa"
     7  	"github.com/lestrrat-go/jwx/v2/jwk"
     8  	"github.com/lestrrat-go/option"
     9  )
    10  
    11  // Specify contents of the protected header. Some fields such as
    12  // "enc" and "zip" will be overwritten when encryption is performed.
    13  //
    14  // There is no equivalent for unprotected headers in this implementation
    15  func WithProtectedHeaders(h Headers) EncryptOption {
    16  	cloned, _ := h.Clone(context.Background())
    17  	return &encryptOption{option.New(identProtectedHeaders{}, cloned)}
    18  }
    19  
    20  type withKey struct {
    21  	alg     jwa.KeyAlgorithm
    22  	key     interface{}
    23  	headers Headers
    24  }
    25  
    26  type WithKeySuboption interface {
    27  	Option
    28  	withKeySuboption()
    29  }
    30  
    31  type withKeySuboption struct {
    32  	Option
    33  }
    34  
    35  func (*withKeySuboption) withKeySuboption() {}
    36  
    37  // WithPerRecipientHeaders is used to pass header values for each recipient.
    38  // Note that these headers are by definition _unprotected_.
    39  func WithPerRecipientHeaders(hdr Headers) WithKeySuboption {
    40  	return &withKeySuboption{option.New(identPerRecipientHeaders{}, hdr)}
    41  }
    42  
    43  // WithKey is used to pass a static algorithm/key pair to either `jwe.Encrypt()` or `jwe.Decrypt()`.
    44  // either a raw key or `jwk.Key` may be passed as `key`.
    45  //
    46  // The `alg` parameter is the identifier for the key encryption algorithm that should be used.
    47  // It is of type `jwa.KeyAlgorithm` but in reality you can only pass `jwa.SignatureAlgorithm`
    48  // types. It is this way so that the value in `(jwk.Key).Algorithm()` can be directly
    49  // passed to the option. If you specify other algorithm types such as `jwa.ContentEncryptionAlgorithm`,
    50  // then you will get an error when `jwe.Encrypt()` or `jwe.Decrypt()` is executed.
    51  //
    52  // Unlike `jwe.WithKeySet()`, the `kid` field does not need to match for the key
    53  // to be tried.
    54  func WithKey(alg jwa.KeyAlgorithm, key interface{}, options ...WithKeySuboption) EncryptDecryptOption {
    55  	var hdr Headers
    56  	for _, option := range options {
    57  		//nolint:forcetypeassert
    58  		switch option.Ident() {
    59  		case identPerRecipientHeaders{}:
    60  			hdr = option.Value().(Headers)
    61  		}
    62  	}
    63  
    64  	return &encryptDecryptOption{option.New(identKey{}, &withKey{
    65  		alg:     alg,
    66  		key:     key,
    67  		headers: hdr,
    68  	})}
    69  }
    70  
    71  func WithKeySet(set jwk.Set, options ...WithKeySetSuboption) DecryptOption {
    72  	requireKid := true
    73  	for _, option := range options {
    74  		//nolint:forcetypeassert
    75  		switch option.Ident() {
    76  		case identRequireKid{}:
    77  			requireKid = option.Value().(bool)
    78  		}
    79  	}
    80  
    81  	return WithKeyProvider(&keySetProvider{
    82  		set:        set,
    83  		requireKid: requireKid,
    84  	})
    85  }
    86  
    87  // WithJSON specifies that the result of `jwe.Encrypt()` is serialized in
    88  // JSON format.
    89  //
    90  // If you pass multiple keys to `jwe.Encrypt()`, it will fail unless
    91  // you also pass this option.
    92  func WithJSON(options ...WithJSONSuboption) EncryptOption {
    93  	var pretty bool
    94  	for _, option := range options {
    95  		//nolint:forcetypeassert
    96  		switch option.Ident() {
    97  		case identPretty{}:
    98  			pretty = option.Value().(bool)
    99  		}
   100  	}
   101  
   102  	format := fmtJSON
   103  	if pretty {
   104  		format = fmtJSONPretty
   105  	}
   106  	return &encryptOption{option.New(identSerialization{}, format)}
   107  }