github.com/lestrrat-go/jwx/v2@v2.0.21/jwk/rsa_gen.go (about) 1 // Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT. 2 3 package jwk 4 5 import ( 6 "bytes" 7 "context" 8 "crypto/rsa" 9 "fmt" 10 "sort" 11 "sync" 12 13 "github.com/lestrrat-go/iter/mapiter" 14 "github.com/lestrrat-go/jwx/v2/cert" 15 "github.com/lestrrat-go/jwx/v2/internal/base64" 16 "github.com/lestrrat-go/jwx/v2/internal/iter" 17 "github.com/lestrrat-go/jwx/v2/internal/json" 18 "github.com/lestrrat-go/jwx/v2/internal/pool" 19 "github.com/lestrrat-go/jwx/v2/jwa" 20 ) 21 22 const ( 23 RSADKey = "d" 24 RSADPKey = "dp" 25 RSADQKey = "dq" 26 RSAEKey = "e" 27 RSANKey = "n" 28 RSAPKey = "p" 29 RSAQIKey = "qi" 30 RSAQKey = "q" 31 ) 32 33 type RSAPublicKey interface { 34 Key 35 FromRaw(*rsa.PublicKey) error 36 E() []byte 37 N() []byte 38 } 39 40 type rsaPublicKey struct { 41 algorithm *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4 42 e []byte 43 keyID *string // https://tools.ietf.org/html/rfc7515#section-4.1.4 44 keyOps *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3 45 keyUsage *string // https://tools.ietf.org/html/rfc7517#section-4.2 46 n []byte 47 x509CertChain *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6 48 x509CertThumbprint *string // https://tools.ietf.org/html/rfc7515#section-4.1.7 49 x509CertThumbprintS256 *string // https://tools.ietf.org/html/rfc7515#section-4.1.8 50 x509URL *string // https://tools.ietf.org/html/rfc7515#section-4.1.5 51 privateParams map[string]interface{} 52 mu *sync.RWMutex 53 dc json.DecodeCtx 54 } 55 56 var _ RSAPublicKey = &rsaPublicKey{} 57 var _ Key = &rsaPublicKey{} 58 59 func newRSAPublicKey() *rsaPublicKey { 60 return &rsaPublicKey{ 61 mu: &sync.RWMutex{}, 62 privateParams: make(map[string]interface{}), 63 } 64 } 65 66 func (h rsaPublicKey) KeyType() jwa.KeyType { 67 return jwa.RSA 68 } 69 70 func (h rsaPublicKey) IsPrivate() bool { 71 return false 72 } 73 74 func (h *rsaPublicKey) Algorithm() jwa.KeyAlgorithm { 75 if h.algorithm != nil { 76 return *(h.algorithm) 77 } 78 return jwa.InvalidKeyAlgorithm("") 79 } 80 81 func (h *rsaPublicKey) E() []byte { 82 return h.e 83 } 84 85 func (h *rsaPublicKey) KeyID() string { 86 if h.keyID != nil { 87 return *(h.keyID) 88 } 89 return "" 90 } 91 92 func (h *rsaPublicKey) KeyOps() KeyOperationList { 93 if h.keyOps != nil { 94 return *(h.keyOps) 95 } 96 return nil 97 } 98 99 func (h *rsaPublicKey) KeyUsage() string { 100 if h.keyUsage != nil { 101 return *(h.keyUsage) 102 } 103 return "" 104 } 105 106 func (h *rsaPublicKey) N() []byte { 107 return h.n 108 } 109 110 func (h *rsaPublicKey) X509CertChain() *cert.Chain { 111 return h.x509CertChain 112 } 113 114 func (h *rsaPublicKey) X509CertThumbprint() string { 115 if h.x509CertThumbprint != nil { 116 return *(h.x509CertThumbprint) 117 } 118 return "" 119 } 120 121 func (h *rsaPublicKey) X509CertThumbprintS256() string { 122 if h.x509CertThumbprintS256 != nil { 123 return *(h.x509CertThumbprintS256) 124 } 125 return "" 126 } 127 128 func (h *rsaPublicKey) X509URL() string { 129 if h.x509URL != nil { 130 return *(h.x509URL) 131 } 132 return "" 133 } 134 135 func (h *rsaPublicKey) makePairs() []*HeaderPair { 136 h.mu.RLock() 137 defer h.mu.RUnlock() 138 139 var pairs []*HeaderPair 140 pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.RSA}) 141 if h.algorithm != nil { 142 pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)}) 143 } 144 if h.e != nil { 145 pairs = append(pairs, &HeaderPair{Key: RSAEKey, Value: h.e}) 146 } 147 if h.keyID != nil { 148 pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)}) 149 } 150 if h.keyOps != nil { 151 pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)}) 152 } 153 if h.keyUsage != nil { 154 pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)}) 155 } 156 if h.n != nil { 157 pairs = append(pairs, &HeaderPair{Key: RSANKey, Value: h.n}) 158 } 159 if h.x509CertChain != nil { 160 pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain}) 161 } 162 if h.x509CertThumbprint != nil { 163 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)}) 164 } 165 if h.x509CertThumbprintS256 != nil { 166 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)}) 167 } 168 if h.x509URL != nil { 169 pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)}) 170 } 171 for k, v := range h.privateParams { 172 pairs = append(pairs, &HeaderPair{Key: k, Value: v}) 173 } 174 return pairs 175 } 176 177 func (h *rsaPublicKey) PrivateParams() map[string]interface{} { 178 return h.privateParams 179 } 180 181 func (h *rsaPublicKey) Get(name string) (interface{}, bool) { 182 h.mu.RLock() 183 defer h.mu.RUnlock() 184 switch name { 185 case KeyTypeKey: 186 return h.KeyType(), true 187 case AlgorithmKey: 188 if h.algorithm == nil { 189 return nil, false 190 } 191 return *(h.algorithm), true 192 case RSAEKey: 193 if h.e == nil { 194 return nil, false 195 } 196 return h.e, true 197 case KeyIDKey: 198 if h.keyID == nil { 199 return nil, false 200 } 201 return *(h.keyID), true 202 case KeyOpsKey: 203 if h.keyOps == nil { 204 return nil, false 205 } 206 return *(h.keyOps), true 207 case KeyUsageKey: 208 if h.keyUsage == nil { 209 return nil, false 210 } 211 return *(h.keyUsage), true 212 case RSANKey: 213 if h.n == nil { 214 return nil, false 215 } 216 return h.n, true 217 case X509CertChainKey: 218 if h.x509CertChain == nil { 219 return nil, false 220 } 221 return h.x509CertChain, true 222 case X509CertThumbprintKey: 223 if h.x509CertThumbprint == nil { 224 return nil, false 225 } 226 return *(h.x509CertThumbprint), true 227 case X509CertThumbprintS256Key: 228 if h.x509CertThumbprintS256 == nil { 229 return nil, false 230 } 231 return *(h.x509CertThumbprintS256), true 232 case X509URLKey: 233 if h.x509URL == nil { 234 return nil, false 235 } 236 return *(h.x509URL), true 237 default: 238 v, ok := h.privateParams[name] 239 return v, ok 240 } 241 } 242 243 func (h *rsaPublicKey) Set(name string, value interface{}) error { 244 h.mu.Lock() 245 defer h.mu.Unlock() 246 return h.setNoLock(name, value) 247 } 248 249 func (h *rsaPublicKey) setNoLock(name string, value interface{}) error { 250 switch name { 251 case "kty": 252 return nil 253 case AlgorithmKey: 254 switch v := value.(type) { 255 case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm: 256 var tmp = jwa.KeyAlgorithmFrom(v) 257 h.algorithm = &tmp 258 case fmt.Stringer: 259 s := v.String() 260 var tmp = jwa.KeyAlgorithmFrom(s) 261 h.algorithm = &tmp 262 default: 263 return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value) 264 } 265 return nil 266 case RSAEKey: 267 if v, ok := value.([]byte); ok { 268 h.e = v 269 return nil 270 } 271 return fmt.Errorf(`invalid value for %s key: %T`, RSAEKey, value) 272 case KeyIDKey: 273 if v, ok := value.(string); ok { 274 h.keyID = &v 275 return nil 276 } 277 return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value) 278 case KeyOpsKey: 279 var acceptor KeyOperationList 280 if err := acceptor.Accept(value); err != nil { 281 return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err) 282 } 283 h.keyOps = &acceptor 284 return nil 285 case KeyUsageKey: 286 switch v := value.(type) { 287 case KeyUsageType: 288 switch v { 289 case ForSignature, ForEncryption: 290 tmp := v.String() 291 h.keyUsage = &tmp 292 default: 293 return fmt.Errorf(`invalid key usage type %s`, v) 294 } 295 case string: 296 h.keyUsage = &v 297 default: 298 return fmt.Errorf(`invalid key usage type %s`, v) 299 } 300 case RSANKey: 301 if v, ok := value.([]byte); ok { 302 h.n = v 303 return nil 304 } 305 return fmt.Errorf(`invalid value for %s key: %T`, RSANKey, value) 306 case X509CertChainKey: 307 if v, ok := value.(*cert.Chain); ok { 308 h.x509CertChain = v 309 return nil 310 } 311 return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value) 312 case X509CertThumbprintKey: 313 if v, ok := value.(string); ok { 314 h.x509CertThumbprint = &v 315 return nil 316 } 317 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value) 318 case X509CertThumbprintS256Key: 319 if v, ok := value.(string); ok { 320 h.x509CertThumbprintS256 = &v 321 return nil 322 } 323 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value) 324 case X509URLKey: 325 if v, ok := value.(string); ok { 326 h.x509URL = &v 327 return nil 328 } 329 return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value) 330 default: 331 if h.privateParams == nil { 332 h.privateParams = map[string]interface{}{} 333 } 334 h.privateParams[name] = value 335 } 336 return nil 337 } 338 339 func (k *rsaPublicKey) Remove(key string) error { 340 k.mu.Lock() 341 defer k.mu.Unlock() 342 switch key { 343 case AlgorithmKey: 344 k.algorithm = nil 345 case RSAEKey: 346 k.e = nil 347 case KeyIDKey: 348 k.keyID = nil 349 case KeyOpsKey: 350 k.keyOps = nil 351 case KeyUsageKey: 352 k.keyUsage = nil 353 case RSANKey: 354 k.n = nil 355 case X509CertChainKey: 356 k.x509CertChain = nil 357 case X509CertThumbprintKey: 358 k.x509CertThumbprint = nil 359 case X509CertThumbprintS256Key: 360 k.x509CertThumbprintS256 = nil 361 case X509URLKey: 362 k.x509URL = nil 363 default: 364 delete(k.privateParams, key) 365 } 366 return nil 367 } 368 369 func (k *rsaPublicKey) Clone() (Key, error) { 370 return cloneKey(k) 371 } 372 373 func (k *rsaPublicKey) DecodeCtx() json.DecodeCtx { 374 k.mu.RLock() 375 defer k.mu.RUnlock() 376 return k.dc 377 } 378 379 func (k *rsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) { 380 k.mu.Lock() 381 defer k.mu.Unlock() 382 k.dc = dc 383 } 384 385 func (h *rsaPublicKey) UnmarshalJSON(buf []byte) error { 386 h.mu.Lock() 387 defer h.mu.Unlock() 388 h.algorithm = nil 389 h.e = nil 390 h.keyID = nil 391 h.keyOps = nil 392 h.keyUsage = nil 393 h.n = nil 394 h.x509CertChain = nil 395 h.x509CertThumbprint = nil 396 h.x509CertThumbprintS256 = nil 397 h.x509URL = nil 398 dec := json.NewDecoder(bytes.NewReader(buf)) 399 LOOP: 400 for { 401 tok, err := dec.Token() 402 if err != nil { 403 return fmt.Errorf(`error reading token: %w`, err) 404 } 405 switch tok := tok.(type) { 406 case json.Delim: 407 // Assuming we're doing everything correctly, we should ONLY 408 // get either '{' or '}' here. 409 if tok == '}' { // End of object 410 break LOOP 411 } else if tok != '{' { 412 return fmt.Errorf(`expected '{', but got '%c'`, tok) 413 } 414 case string: // Objects can only have string keys 415 switch tok { 416 case KeyTypeKey: 417 val, err := json.ReadNextStringToken(dec) 418 if err != nil { 419 return fmt.Errorf(`error reading token: %w`, err) 420 } 421 if val != jwa.RSA.String() { 422 return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val) 423 } 424 case AlgorithmKey: 425 var s string 426 if err := dec.Decode(&s); err != nil { 427 return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err) 428 } 429 alg := jwa.KeyAlgorithmFrom(s) 430 h.algorithm = &alg 431 case RSAEKey: 432 if err := json.AssignNextBytesToken(&h.e, dec); err != nil { 433 return fmt.Errorf(`failed to decode value for key %s: %w`, RSAEKey, err) 434 } 435 case KeyIDKey: 436 if err := json.AssignNextStringToken(&h.keyID, dec); err != nil { 437 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err) 438 } 439 case KeyOpsKey: 440 var decoded KeyOperationList 441 if err := dec.Decode(&decoded); err != nil { 442 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err) 443 } 444 h.keyOps = &decoded 445 case KeyUsageKey: 446 if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil { 447 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err) 448 } 449 case RSANKey: 450 if err := json.AssignNextBytesToken(&h.n, dec); err != nil { 451 return fmt.Errorf(`failed to decode value for key %s: %w`, RSANKey, err) 452 } 453 case X509CertChainKey: 454 var decoded cert.Chain 455 if err := dec.Decode(&decoded); err != nil { 456 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err) 457 } 458 h.x509CertChain = &decoded 459 case X509CertThumbprintKey: 460 if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil { 461 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err) 462 } 463 case X509CertThumbprintS256Key: 464 if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil { 465 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err) 466 } 467 case X509URLKey: 468 if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil { 469 return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err) 470 } 471 default: 472 if dc := h.dc; dc != nil { 473 if localReg := dc.Registry(); localReg != nil { 474 decoded, err := localReg.Decode(dec, tok) 475 if err == nil { 476 h.setNoLock(tok, decoded) 477 continue 478 } 479 } 480 } 481 decoded, err := registry.Decode(dec, tok) 482 if err == nil { 483 h.setNoLock(tok, decoded) 484 continue 485 } 486 return fmt.Errorf(`could not decode field %s: %w`, tok, err) 487 } 488 default: 489 return fmt.Errorf(`invalid token %T`, tok) 490 } 491 } 492 if h.e == nil { 493 return fmt.Errorf(`required field e is missing`) 494 } 495 if h.n == nil { 496 return fmt.Errorf(`required field n is missing`) 497 } 498 return nil 499 } 500 501 func (h rsaPublicKey) MarshalJSON() ([]byte, error) { 502 data := make(map[string]interface{}) 503 fields := make([]string, 0, 10) 504 for _, pair := range h.makePairs() { 505 fields = append(fields, pair.Key.(string)) 506 data[pair.Key.(string)] = pair.Value 507 } 508 509 sort.Strings(fields) 510 buf := pool.GetBytesBuffer() 511 defer pool.ReleaseBytesBuffer(buf) 512 buf.WriteByte('{') 513 enc := json.NewEncoder(buf) 514 for i, f := range fields { 515 if i > 0 { 516 buf.WriteRune(',') 517 } 518 buf.WriteRune('"') 519 buf.WriteString(f) 520 buf.WriteString(`":`) 521 v := data[f] 522 switch v := v.(type) { 523 case []byte: 524 buf.WriteRune('"') 525 buf.WriteString(base64.EncodeToString(v)) 526 buf.WriteRune('"') 527 default: 528 if err := enc.Encode(v); err != nil { 529 return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err) 530 } 531 buf.Truncate(buf.Len() - 1) 532 } 533 } 534 buf.WriteByte('}') 535 ret := make([]byte, buf.Len()) 536 copy(ret, buf.Bytes()) 537 return ret, nil 538 } 539 540 func (h *rsaPublicKey) Iterate(ctx context.Context) HeaderIterator { 541 pairs := h.makePairs() 542 ch := make(chan *HeaderPair, len(pairs)) 543 go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) { 544 defer close(ch) 545 for _, pair := range pairs { 546 select { 547 case <-ctx.Done(): 548 return 549 case ch <- pair: 550 } 551 } 552 }(ctx, ch, pairs) 553 return mapiter.New(ch) 554 } 555 556 func (h *rsaPublicKey) Walk(ctx context.Context, visitor HeaderVisitor) error { 557 return iter.WalkMap(ctx, h, visitor) 558 } 559 560 func (h *rsaPublicKey) AsMap(ctx context.Context) (map[string]interface{}, error) { 561 return iter.AsMap(ctx, h) 562 } 563 564 type RSAPrivateKey interface { 565 Key 566 FromRaw(*rsa.PrivateKey) error 567 D() []byte 568 DP() []byte 569 DQ() []byte 570 E() []byte 571 N() []byte 572 P() []byte 573 Q() []byte 574 QI() []byte 575 } 576 577 type rsaPrivateKey struct { 578 algorithm *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4 579 d []byte 580 dp []byte 581 dq []byte 582 e []byte 583 keyID *string // https://tools.ietf.org/html/rfc7515#section-4.1.4 584 keyOps *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3 585 keyUsage *string // https://tools.ietf.org/html/rfc7517#section-4.2 586 n []byte 587 p []byte 588 q []byte 589 qi []byte 590 x509CertChain *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6 591 x509CertThumbprint *string // https://tools.ietf.org/html/rfc7515#section-4.1.7 592 x509CertThumbprintS256 *string // https://tools.ietf.org/html/rfc7515#section-4.1.8 593 x509URL *string // https://tools.ietf.org/html/rfc7515#section-4.1.5 594 privateParams map[string]interface{} 595 mu *sync.RWMutex 596 dc json.DecodeCtx 597 } 598 599 var _ RSAPrivateKey = &rsaPrivateKey{} 600 var _ Key = &rsaPrivateKey{} 601 602 func newRSAPrivateKey() *rsaPrivateKey { 603 return &rsaPrivateKey{ 604 mu: &sync.RWMutex{}, 605 privateParams: make(map[string]interface{}), 606 } 607 } 608 609 func (h rsaPrivateKey) KeyType() jwa.KeyType { 610 return jwa.RSA 611 } 612 613 func (h rsaPrivateKey) IsPrivate() bool { 614 return true 615 } 616 617 func (h *rsaPrivateKey) Algorithm() jwa.KeyAlgorithm { 618 if h.algorithm != nil { 619 return *(h.algorithm) 620 } 621 return jwa.InvalidKeyAlgorithm("") 622 } 623 624 func (h *rsaPrivateKey) D() []byte { 625 return h.d 626 } 627 628 func (h *rsaPrivateKey) DP() []byte { 629 return h.dp 630 } 631 632 func (h *rsaPrivateKey) DQ() []byte { 633 return h.dq 634 } 635 636 func (h *rsaPrivateKey) E() []byte { 637 return h.e 638 } 639 640 func (h *rsaPrivateKey) KeyID() string { 641 if h.keyID != nil { 642 return *(h.keyID) 643 } 644 return "" 645 } 646 647 func (h *rsaPrivateKey) KeyOps() KeyOperationList { 648 if h.keyOps != nil { 649 return *(h.keyOps) 650 } 651 return nil 652 } 653 654 func (h *rsaPrivateKey) KeyUsage() string { 655 if h.keyUsage != nil { 656 return *(h.keyUsage) 657 } 658 return "" 659 } 660 661 func (h *rsaPrivateKey) N() []byte { 662 return h.n 663 } 664 665 func (h *rsaPrivateKey) P() []byte { 666 return h.p 667 } 668 669 func (h *rsaPrivateKey) Q() []byte { 670 return h.q 671 } 672 673 func (h *rsaPrivateKey) QI() []byte { 674 return h.qi 675 } 676 677 func (h *rsaPrivateKey) X509CertChain() *cert.Chain { 678 return h.x509CertChain 679 } 680 681 func (h *rsaPrivateKey) X509CertThumbprint() string { 682 if h.x509CertThumbprint != nil { 683 return *(h.x509CertThumbprint) 684 } 685 return "" 686 } 687 688 func (h *rsaPrivateKey) X509CertThumbprintS256() string { 689 if h.x509CertThumbprintS256 != nil { 690 return *(h.x509CertThumbprintS256) 691 } 692 return "" 693 } 694 695 func (h *rsaPrivateKey) X509URL() string { 696 if h.x509URL != nil { 697 return *(h.x509URL) 698 } 699 return "" 700 } 701 702 func (h *rsaPrivateKey) makePairs() []*HeaderPair { 703 h.mu.RLock() 704 defer h.mu.RUnlock() 705 706 var pairs []*HeaderPair 707 pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.RSA}) 708 if h.algorithm != nil { 709 pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)}) 710 } 711 if h.d != nil { 712 pairs = append(pairs, &HeaderPair{Key: RSADKey, Value: h.d}) 713 } 714 if h.dp != nil { 715 pairs = append(pairs, &HeaderPair{Key: RSADPKey, Value: h.dp}) 716 } 717 if h.dq != nil { 718 pairs = append(pairs, &HeaderPair{Key: RSADQKey, Value: h.dq}) 719 } 720 if h.e != nil { 721 pairs = append(pairs, &HeaderPair{Key: RSAEKey, Value: h.e}) 722 } 723 if h.keyID != nil { 724 pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)}) 725 } 726 if h.keyOps != nil { 727 pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)}) 728 } 729 if h.keyUsage != nil { 730 pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)}) 731 } 732 if h.n != nil { 733 pairs = append(pairs, &HeaderPair{Key: RSANKey, Value: h.n}) 734 } 735 if h.p != nil { 736 pairs = append(pairs, &HeaderPair{Key: RSAPKey, Value: h.p}) 737 } 738 if h.q != nil { 739 pairs = append(pairs, &HeaderPair{Key: RSAQKey, Value: h.q}) 740 } 741 if h.qi != nil { 742 pairs = append(pairs, &HeaderPair{Key: RSAQIKey, Value: h.qi}) 743 } 744 if h.x509CertChain != nil { 745 pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain}) 746 } 747 if h.x509CertThumbprint != nil { 748 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)}) 749 } 750 if h.x509CertThumbprintS256 != nil { 751 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)}) 752 } 753 if h.x509URL != nil { 754 pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)}) 755 } 756 for k, v := range h.privateParams { 757 pairs = append(pairs, &HeaderPair{Key: k, Value: v}) 758 } 759 return pairs 760 } 761 762 func (h *rsaPrivateKey) PrivateParams() map[string]interface{} { 763 return h.privateParams 764 } 765 766 func (h *rsaPrivateKey) Get(name string) (interface{}, bool) { 767 h.mu.RLock() 768 defer h.mu.RUnlock() 769 switch name { 770 case KeyTypeKey: 771 return h.KeyType(), true 772 case AlgorithmKey: 773 if h.algorithm == nil { 774 return nil, false 775 } 776 return *(h.algorithm), true 777 case RSADKey: 778 if h.d == nil { 779 return nil, false 780 } 781 return h.d, true 782 case RSADPKey: 783 if h.dp == nil { 784 return nil, false 785 } 786 return h.dp, true 787 case RSADQKey: 788 if h.dq == nil { 789 return nil, false 790 } 791 return h.dq, true 792 case RSAEKey: 793 if h.e == nil { 794 return nil, false 795 } 796 return h.e, true 797 case KeyIDKey: 798 if h.keyID == nil { 799 return nil, false 800 } 801 return *(h.keyID), true 802 case KeyOpsKey: 803 if h.keyOps == nil { 804 return nil, false 805 } 806 return *(h.keyOps), true 807 case KeyUsageKey: 808 if h.keyUsage == nil { 809 return nil, false 810 } 811 return *(h.keyUsage), true 812 case RSANKey: 813 if h.n == nil { 814 return nil, false 815 } 816 return h.n, true 817 case RSAPKey: 818 if h.p == nil { 819 return nil, false 820 } 821 return h.p, true 822 case RSAQKey: 823 if h.q == nil { 824 return nil, false 825 } 826 return h.q, true 827 case RSAQIKey: 828 if h.qi == nil { 829 return nil, false 830 } 831 return h.qi, true 832 case X509CertChainKey: 833 if h.x509CertChain == nil { 834 return nil, false 835 } 836 return h.x509CertChain, true 837 case X509CertThumbprintKey: 838 if h.x509CertThumbprint == nil { 839 return nil, false 840 } 841 return *(h.x509CertThumbprint), true 842 case X509CertThumbprintS256Key: 843 if h.x509CertThumbprintS256 == nil { 844 return nil, false 845 } 846 return *(h.x509CertThumbprintS256), true 847 case X509URLKey: 848 if h.x509URL == nil { 849 return nil, false 850 } 851 return *(h.x509URL), true 852 default: 853 v, ok := h.privateParams[name] 854 return v, ok 855 } 856 } 857 858 func (h *rsaPrivateKey) Set(name string, value interface{}) error { 859 h.mu.Lock() 860 defer h.mu.Unlock() 861 return h.setNoLock(name, value) 862 } 863 864 func (h *rsaPrivateKey) setNoLock(name string, value interface{}) error { 865 switch name { 866 case "kty": 867 return nil 868 case AlgorithmKey: 869 switch v := value.(type) { 870 case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm: 871 var tmp = jwa.KeyAlgorithmFrom(v) 872 h.algorithm = &tmp 873 case fmt.Stringer: 874 s := v.String() 875 var tmp = jwa.KeyAlgorithmFrom(s) 876 h.algorithm = &tmp 877 default: 878 return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value) 879 } 880 return nil 881 case RSADKey: 882 if v, ok := value.([]byte); ok { 883 h.d = v 884 return nil 885 } 886 return fmt.Errorf(`invalid value for %s key: %T`, RSADKey, value) 887 case RSADPKey: 888 if v, ok := value.([]byte); ok { 889 h.dp = v 890 return nil 891 } 892 return fmt.Errorf(`invalid value for %s key: %T`, RSADPKey, value) 893 case RSADQKey: 894 if v, ok := value.([]byte); ok { 895 h.dq = v 896 return nil 897 } 898 return fmt.Errorf(`invalid value for %s key: %T`, RSADQKey, value) 899 case RSAEKey: 900 if v, ok := value.([]byte); ok { 901 h.e = v 902 return nil 903 } 904 return fmt.Errorf(`invalid value for %s key: %T`, RSAEKey, value) 905 case KeyIDKey: 906 if v, ok := value.(string); ok { 907 h.keyID = &v 908 return nil 909 } 910 return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value) 911 case KeyOpsKey: 912 var acceptor KeyOperationList 913 if err := acceptor.Accept(value); err != nil { 914 return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err) 915 } 916 h.keyOps = &acceptor 917 return nil 918 case KeyUsageKey: 919 switch v := value.(type) { 920 case KeyUsageType: 921 switch v { 922 case ForSignature, ForEncryption: 923 tmp := v.String() 924 h.keyUsage = &tmp 925 default: 926 return fmt.Errorf(`invalid key usage type %s`, v) 927 } 928 case string: 929 h.keyUsage = &v 930 default: 931 return fmt.Errorf(`invalid key usage type %s`, v) 932 } 933 case RSANKey: 934 if v, ok := value.([]byte); ok { 935 h.n = v 936 return nil 937 } 938 return fmt.Errorf(`invalid value for %s key: %T`, RSANKey, value) 939 case RSAPKey: 940 if v, ok := value.([]byte); ok { 941 h.p = v 942 return nil 943 } 944 return fmt.Errorf(`invalid value for %s key: %T`, RSAPKey, value) 945 case RSAQKey: 946 if v, ok := value.([]byte); ok { 947 h.q = v 948 return nil 949 } 950 return fmt.Errorf(`invalid value for %s key: %T`, RSAQKey, value) 951 case RSAQIKey: 952 if v, ok := value.([]byte); ok { 953 h.qi = v 954 return nil 955 } 956 return fmt.Errorf(`invalid value for %s key: %T`, RSAQIKey, value) 957 case X509CertChainKey: 958 if v, ok := value.(*cert.Chain); ok { 959 h.x509CertChain = v 960 return nil 961 } 962 return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value) 963 case X509CertThumbprintKey: 964 if v, ok := value.(string); ok { 965 h.x509CertThumbprint = &v 966 return nil 967 } 968 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value) 969 case X509CertThumbprintS256Key: 970 if v, ok := value.(string); ok { 971 h.x509CertThumbprintS256 = &v 972 return nil 973 } 974 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value) 975 case X509URLKey: 976 if v, ok := value.(string); ok { 977 h.x509URL = &v 978 return nil 979 } 980 return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value) 981 default: 982 if h.privateParams == nil { 983 h.privateParams = map[string]interface{}{} 984 } 985 h.privateParams[name] = value 986 } 987 return nil 988 } 989 990 func (k *rsaPrivateKey) Remove(key string) error { 991 k.mu.Lock() 992 defer k.mu.Unlock() 993 switch key { 994 case AlgorithmKey: 995 k.algorithm = nil 996 case RSADKey: 997 k.d = nil 998 case RSADPKey: 999 k.dp = nil 1000 case RSADQKey: 1001 k.dq = nil 1002 case RSAEKey: 1003 k.e = nil 1004 case KeyIDKey: 1005 k.keyID = nil 1006 case KeyOpsKey: 1007 k.keyOps = nil 1008 case KeyUsageKey: 1009 k.keyUsage = nil 1010 case RSANKey: 1011 k.n = nil 1012 case RSAPKey: 1013 k.p = nil 1014 case RSAQKey: 1015 k.q = nil 1016 case RSAQIKey: 1017 k.qi = nil 1018 case X509CertChainKey: 1019 k.x509CertChain = nil 1020 case X509CertThumbprintKey: 1021 k.x509CertThumbprint = nil 1022 case X509CertThumbprintS256Key: 1023 k.x509CertThumbprintS256 = nil 1024 case X509URLKey: 1025 k.x509URL = nil 1026 default: 1027 delete(k.privateParams, key) 1028 } 1029 return nil 1030 } 1031 1032 func (k *rsaPrivateKey) Clone() (Key, error) { 1033 return cloneKey(k) 1034 } 1035 1036 func (k *rsaPrivateKey) DecodeCtx() json.DecodeCtx { 1037 k.mu.RLock() 1038 defer k.mu.RUnlock() 1039 return k.dc 1040 } 1041 1042 func (k *rsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) { 1043 k.mu.Lock() 1044 defer k.mu.Unlock() 1045 k.dc = dc 1046 } 1047 1048 func (h *rsaPrivateKey) UnmarshalJSON(buf []byte) error { 1049 h.mu.Lock() 1050 defer h.mu.Unlock() 1051 h.algorithm = nil 1052 h.d = nil 1053 h.dp = nil 1054 h.dq = nil 1055 h.e = nil 1056 h.keyID = nil 1057 h.keyOps = nil 1058 h.keyUsage = nil 1059 h.n = nil 1060 h.p = nil 1061 h.q = nil 1062 h.qi = nil 1063 h.x509CertChain = nil 1064 h.x509CertThumbprint = nil 1065 h.x509CertThumbprintS256 = nil 1066 h.x509URL = nil 1067 dec := json.NewDecoder(bytes.NewReader(buf)) 1068 LOOP: 1069 for { 1070 tok, err := dec.Token() 1071 if err != nil { 1072 return fmt.Errorf(`error reading token: %w`, err) 1073 } 1074 switch tok := tok.(type) { 1075 case json.Delim: 1076 // Assuming we're doing everything correctly, we should ONLY 1077 // get either '{' or '}' here. 1078 if tok == '}' { // End of object 1079 break LOOP 1080 } else if tok != '{' { 1081 return fmt.Errorf(`expected '{', but got '%c'`, tok) 1082 } 1083 case string: // Objects can only have string keys 1084 switch tok { 1085 case KeyTypeKey: 1086 val, err := json.ReadNextStringToken(dec) 1087 if err != nil { 1088 return fmt.Errorf(`error reading token: %w`, err) 1089 } 1090 if val != jwa.RSA.String() { 1091 return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val) 1092 } 1093 case AlgorithmKey: 1094 var s string 1095 if err := dec.Decode(&s); err != nil { 1096 return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err) 1097 } 1098 alg := jwa.KeyAlgorithmFrom(s) 1099 h.algorithm = &alg 1100 case RSADKey: 1101 if err := json.AssignNextBytesToken(&h.d, dec); err != nil { 1102 return fmt.Errorf(`failed to decode value for key %s: %w`, RSADKey, err) 1103 } 1104 case RSADPKey: 1105 if err := json.AssignNextBytesToken(&h.dp, dec); err != nil { 1106 return fmt.Errorf(`failed to decode value for key %s: %w`, RSADPKey, err) 1107 } 1108 case RSADQKey: 1109 if err := json.AssignNextBytesToken(&h.dq, dec); err != nil { 1110 return fmt.Errorf(`failed to decode value for key %s: %w`, RSADQKey, err) 1111 } 1112 case RSAEKey: 1113 if err := json.AssignNextBytesToken(&h.e, dec); err != nil { 1114 return fmt.Errorf(`failed to decode value for key %s: %w`, RSAEKey, err) 1115 } 1116 case KeyIDKey: 1117 if err := json.AssignNextStringToken(&h.keyID, dec); err != nil { 1118 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err) 1119 } 1120 case KeyOpsKey: 1121 var decoded KeyOperationList 1122 if err := dec.Decode(&decoded); err != nil { 1123 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err) 1124 } 1125 h.keyOps = &decoded 1126 case KeyUsageKey: 1127 if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil { 1128 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err) 1129 } 1130 case RSANKey: 1131 if err := json.AssignNextBytesToken(&h.n, dec); err != nil { 1132 return fmt.Errorf(`failed to decode value for key %s: %w`, RSANKey, err) 1133 } 1134 case RSAPKey: 1135 if err := json.AssignNextBytesToken(&h.p, dec); err != nil { 1136 return fmt.Errorf(`failed to decode value for key %s: %w`, RSAPKey, err) 1137 } 1138 case RSAQKey: 1139 if err := json.AssignNextBytesToken(&h.q, dec); err != nil { 1140 return fmt.Errorf(`failed to decode value for key %s: %w`, RSAQKey, err) 1141 } 1142 case RSAQIKey: 1143 if err := json.AssignNextBytesToken(&h.qi, dec); err != nil { 1144 return fmt.Errorf(`failed to decode value for key %s: %w`, RSAQIKey, err) 1145 } 1146 case X509CertChainKey: 1147 var decoded cert.Chain 1148 if err := dec.Decode(&decoded); err != nil { 1149 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err) 1150 } 1151 h.x509CertChain = &decoded 1152 case X509CertThumbprintKey: 1153 if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil { 1154 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err) 1155 } 1156 case X509CertThumbprintS256Key: 1157 if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil { 1158 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err) 1159 } 1160 case X509URLKey: 1161 if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil { 1162 return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err) 1163 } 1164 default: 1165 if dc := h.dc; dc != nil { 1166 if localReg := dc.Registry(); localReg != nil { 1167 decoded, err := localReg.Decode(dec, tok) 1168 if err == nil { 1169 h.setNoLock(tok, decoded) 1170 continue 1171 } 1172 } 1173 } 1174 decoded, err := registry.Decode(dec, tok) 1175 if err == nil { 1176 h.setNoLock(tok, decoded) 1177 continue 1178 } 1179 return fmt.Errorf(`could not decode field %s: %w`, tok, err) 1180 } 1181 default: 1182 return fmt.Errorf(`invalid token %T`, tok) 1183 } 1184 } 1185 if h.d == nil { 1186 return fmt.Errorf(`required field d is missing`) 1187 } 1188 if h.e == nil { 1189 return fmt.Errorf(`required field e is missing`) 1190 } 1191 if h.n == nil { 1192 return fmt.Errorf(`required field n is missing`) 1193 } 1194 return nil 1195 } 1196 1197 func (h rsaPrivateKey) MarshalJSON() ([]byte, error) { 1198 data := make(map[string]interface{}) 1199 fields := make([]string, 0, 16) 1200 for _, pair := range h.makePairs() { 1201 fields = append(fields, pair.Key.(string)) 1202 data[pair.Key.(string)] = pair.Value 1203 } 1204 1205 sort.Strings(fields) 1206 buf := pool.GetBytesBuffer() 1207 defer pool.ReleaseBytesBuffer(buf) 1208 buf.WriteByte('{') 1209 enc := json.NewEncoder(buf) 1210 for i, f := range fields { 1211 if i > 0 { 1212 buf.WriteRune(',') 1213 } 1214 buf.WriteRune('"') 1215 buf.WriteString(f) 1216 buf.WriteString(`":`) 1217 v := data[f] 1218 switch v := v.(type) { 1219 case []byte: 1220 buf.WriteRune('"') 1221 buf.WriteString(base64.EncodeToString(v)) 1222 buf.WriteRune('"') 1223 default: 1224 if err := enc.Encode(v); err != nil { 1225 return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err) 1226 } 1227 buf.Truncate(buf.Len() - 1) 1228 } 1229 } 1230 buf.WriteByte('}') 1231 ret := make([]byte, buf.Len()) 1232 copy(ret, buf.Bytes()) 1233 return ret, nil 1234 } 1235 1236 func (h *rsaPrivateKey) Iterate(ctx context.Context) HeaderIterator { 1237 pairs := h.makePairs() 1238 ch := make(chan *HeaderPair, len(pairs)) 1239 go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) { 1240 defer close(ch) 1241 for _, pair := range pairs { 1242 select { 1243 case <-ctx.Done(): 1244 return 1245 case ch <- pair: 1246 } 1247 } 1248 }(ctx, ch, pairs) 1249 return mapiter.New(ch) 1250 } 1251 1252 func (h *rsaPrivateKey) Walk(ctx context.Context, visitor HeaderVisitor) error { 1253 return iter.WalkMap(ctx, h, visitor) 1254 } 1255 1256 func (h *rsaPrivateKey) AsMap(ctx context.Context) (map[string]interface{}, error) { 1257 return iter.AsMap(ctx, h) 1258 }