github.com/lestrrat-go/jwx/v2@v2.0.21/jws/headers_gen.go (about) 1 // Code generated by tools/cmd/genjws/main.go. DO NOT EDIT. 2 3 package jws 4 5 import ( 6 "bytes" 7 "context" 8 "fmt" 9 "sort" 10 "sync" 11 12 "github.com/lestrrat-go/jwx/v2/cert" 13 "github.com/lestrrat-go/jwx/v2/internal/base64" 14 "github.com/lestrrat-go/jwx/v2/internal/json" 15 "github.com/lestrrat-go/jwx/v2/internal/pool" 16 "github.com/lestrrat-go/jwx/v2/jwa" 17 "github.com/lestrrat-go/jwx/v2/jwk" 18 ) 19 20 const ( 21 AlgorithmKey = "alg" 22 ContentTypeKey = "cty" 23 CriticalKey = "crit" 24 JWKKey = "jwk" 25 JWKSetURLKey = "jku" 26 KeyIDKey = "kid" 27 TypeKey = "typ" 28 X509CertChainKey = "x5c" 29 X509CertThumbprintKey = "x5t" 30 X509CertThumbprintS256Key = "x5t#S256" 31 X509URLKey = "x5u" 32 ) 33 34 // Headers describe a standard Header set. 35 type Headers interface { 36 json.Marshaler 37 json.Unmarshaler 38 Algorithm() jwa.SignatureAlgorithm 39 ContentType() string 40 Critical() []string 41 JWK() jwk.Key 42 JWKSetURL() string 43 KeyID() string 44 Type() string 45 X509CertChain() *cert.Chain 46 X509CertThumbprint() string 47 X509CertThumbprintS256() string 48 X509URL() string 49 Iterate(ctx context.Context) Iterator 50 Walk(context.Context, Visitor) error 51 AsMap(context.Context) (map[string]interface{}, error) 52 Copy(context.Context, Headers) error 53 Merge(context.Context, Headers) (Headers, error) 54 Get(string) (interface{}, bool) 55 Set(string, interface{}) error 56 Remove(string) error 57 58 // PrivateParams returns the non-standard elements in the source structure 59 // WARNING: DO NOT USE PrivateParams() IF YOU HAVE CONCURRENT CODE ACCESSING THEM. 60 // Use AsMap() to get a copy of the entire header instead 61 PrivateParams() map[string]interface{} 62 } 63 64 type stdHeaders struct { 65 algorithm *jwa.SignatureAlgorithm // https://tools.ietf.org/html/rfc7515#section-4.1.1 66 contentType *string // https://tools.ietf.org/html/rfc7515#section-4.1.10 67 critical []string // https://tools.ietf.org/html/rfc7515#section-4.1.11 68 jwk jwk.Key // https://tools.ietf.org/html/rfc7515#section-4.1.3 69 jwkSetURL *string // https://tools.ietf.org/html/rfc7515#section-4.1.2 70 keyID *string // https://tools.ietf.org/html/rfc7515#section-4.1.4 71 typ *string // https://tools.ietf.org/html/rfc7515#section-4.1.9 72 x509CertChain *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6 73 x509CertThumbprint *string // https://tools.ietf.org/html/rfc7515#section-4.1.7 74 x509CertThumbprintS256 *string // https://tools.ietf.org/html/rfc7515#section-4.1.8 75 x509URL *string // https://tools.ietf.org/html/rfc7515#section-4.1.5 76 privateParams map[string]interface{} 77 mu *sync.RWMutex 78 dc DecodeCtx 79 raw []byte // stores the raw version of the header so it can be used later 80 } 81 82 func NewHeaders() Headers { 83 return &stdHeaders{ 84 mu: &sync.RWMutex{}, 85 } 86 } 87 88 func (h *stdHeaders) Algorithm() jwa.SignatureAlgorithm { 89 h.mu.RLock() 90 defer h.mu.RUnlock() 91 if h.algorithm == nil { 92 return "" 93 } 94 return *(h.algorithm) 95 } 96 97 func (h *stdHeaders) ContentType() string { 98 h.mu.RLock() 99 defer h.mu.RUnlock() 100 if h.contentType == nil { 101 return "" 102 } 103 return *(h.contentType) 104 } 105 106 func (h *stdHeaders) Critical() []string { 107 h.mu.RLock() 108 defer h.mu.RUnlock() 109 return h.critical 110 } 111 112 func (h *stdHeaders) JWK() jwk.Key { 113 h.mu.RLock() 114 defer h.mu.RUnlock() 115 return h.jwk 116 } 117 118 func (h *stdHeaders) JWKSetURL() string { 119 h.mu.RLock() 120 defer h.mu.RUnlock() 121 if h.jwkSetURL == nil { 122 return "" 123 } 124 return *(h.jwkSetURL) 125 } 126 127 func (h *stdHeaders) KeyID() string { 128 h.mu.RLock() 129 defer h.mu.RUnlock() 130 if h.keyID == nil { 131 return "" 132 } 133 return *(h.keyID) 134 } 135 136 func (h *stdHeaders) Type() string { 137 h.mu.RLock() 138 defer h.mu.RUnlock() 139 if h.typ == nil { 140 return "" 141 } 142 return *(h.typ) 143 } 144 145 func (h *stdHeaders) X509CertChain() *cert.Chain { 146 h.mu.RLock() 147 defer h.mu.RUnlock() 148 return h.x509CertChain 149 } 150 151 func (h *stdHeaders) X509CertThumbprint() string { 152 h.mu.RLock() 153 defer h.mu.RUnlock() 154 if h.x509CertThumbprint == nil { 155 return "" 156 } 157 return *(h.x509CertThumbprint) 158 } 159 160 func (h *stdHeaders) X509CertThumbprintS256() string { 161 h.mu.RLock() 162 defer h.mu.RUnlock() 163 if h.x509CertThumbprintS256 == nil { 164 return "" 165 } 166 return *(h.x509CertThumbprintS256) 167 } 168 169 func (h *stdHeaders) X509URL() string { 170 h.mu.RLock() 171 defer h.mu.RUnlock() 172 if h.x509URL == nil { 173 return "" 174 } 175 return *(h.x509URL) 176 } 177 178 func (h *stdHeaders) clear() { 179 h.algorithm = nil 180 h.contentType = nil 181 h.critical = nil 182 h.jwk = nil 183 h.jwkSetURL = nil 184 h.keyID = nil 185 h.typ = nil 186 h.x509CertChain = nil 187 h.x509CertThumbprint = nil 188 h.x509CertThumbprintS256 = nil 189 h.x509URL = nil 190 h.privateParams = nil 191 h.raw = nil 192 } 193 194 func (h *stdHeaders) DecodeCtx() DecodeCtx { 195 h.mu.RLock() 196 defer h.mu.RUnlock() 197 return h.dc 198 } 199 200 func (h *stdHeaders) SetDecodeCtx(dc DecodeCtx) { 201 h.mu.Lock() 202 defer h.mu.Unlock() 203 h.dc = dc 204 } 205 206 func (h *stdHeaders) rawBuffer() []byte { 207 return h.raw 208 } 209 210 func (h *stdHeaders) makePairs() []*HeaderPair { 211 h.mu.RLock() 212 defer h.mu.RUnlock() 213 var pairs []*HeaderPair 214 if h.algorithm != nil { 215 pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)}) 216 } 217 if h.contentType != nil { 218 pairs = append(pairs, &HeaderPair{Key: ContentTypeKey, Value: *(h.contentType)}) 219 } 220 if h.critical != nil { 221 pairs = append(pairs, &HeaderPair{Key: CriticalKey, Value: h.critical}) 222 } 223 if h.jwk != nil { 224 pairs = append(pairs, &HeaderPair{Key: JWKKey, Value: h.jwk}) 225 } 226 if h.jwkSetURL != nil { 227 pairs = append(pairs, &HeaderPair{Key: JWKSetURLKey, Value: *(h.jwkSetURL)}) 228 } 229 if h.keyID != nil { 230 pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)}) 231 } 232 if h.typ != nil { 233 pairs = append(pairs, &HeaderPair{Key: TypeKey, Value: *(h.typ)}) 234 } 235 if h.x509CertChain != nil { 236 pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain}) 237 } 238 if h.x509CertThumbprint != nil { 239 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)}) 240 } 241 if h.x509CertThumbprintS256 != nil { 242 pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)}) 243 } 244 if h.x509URL != nil { 245 pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)}) 246 } 247 for k, v := range h.privateParams { 248 pairs = append(pairs, &HeaderPair{Key: k, Value: v}) 249 } 250 sort.Slice(pairs, func(i, j int) bool { 251 return pairs[i].Key.(string) < pairs[j].Key.(string) 252 }) 253 return pairs 254 } 255 256 func (h *stdHeaders) PrivateParams() map[string]interface{} { 257 h.mu.RLock() 258 defer h.mu.RUnlock() 259 return h.privateParams 260 } 261 262 func (h *stdHeaders) Get(name string) (interface{}, bool) { 263 h.mu.RLock() 264 defer h.mu.RUnlock() 265 switch name { 266 case AlgorithmKey: 267 if h.algorithm == nil { 268 return nil, false 269 } 270 return *(h.algorithm), true 271 case ContentTypeKey: 272 if h.contentType == nil { 273 return nil, false 274 } 275 return *(h.contentType), true 276 case CriticalKey: 277 if h.critical == nil { 278 return nil, false 279 } 280 return h.critical, true 281 case JWKKey: 282 if h.jwk == nil { 283 return nil, false 284 } 285 return h.jwk, true 286 case JWKSetURLKey: 287 if h.jwkSetURL == nil { 288 return nil, false 289 } 290 return *(h.jwkSetURL), true 291 case KeyIDKey: 292 if h.keyID == nil { 293 return nil, false 294 } 295 return *(h.keyID), true 296 case TypeKey: 297 if h.typ == nil { 298 return nil, false 299 } 300 return *(h.typ), true 301 case X509CertChainKey: 302 if h.x509CertChain == nil { 303 return nil, false 304 } 305 return h.x509CertChain, true 306 case X509CertThumbprintKey: 307 if h.x509CertThumbprint == nil { 308 return nil, false 309 } 310 return *(h.x509CertThumbprint), true 311 case X509CertThumbprintS256Key: 312 if h.x509CertThumbprintS256 == nil { 313 return nil, false 314 } 315 return *(h.x509CertThumbprintS256), true 316 case X509URLKey: 317 if h.x509URL == nil { 318 return nil, false 319 } 320 return *(h.x509URL), true 321 default: 322 v, ok := h.privateParams[name] 323 return v, ok 324 } 325 } 326 327 func (h *stdHeaders) Set(name string, value interface{}) error { 328 h.mu.Lock() 329 defer h.mu.Unlock() 330 return h.setNoLock(name, value) 331 } 332 333 func (h *stdHeaders) setNoLock(name string, value interface{}) error { 334 switch name { 335 case AlgorithmKey: 336 var acceptor jwa.SignatureAlgorithm 337 if err := acceptor.Accept(value); err != nil { 338 return fmt.Errorf(`invalid value for %s key: %w`, AlgorithmKey, err) 339 } 340 h.algorithm = &acceptor 341 return nil 342 case ContentTypeKey: 343 if v, ok := value.(string); ok { 344 h.contentType = &v 345 return nil 346 } 347 return fmt.Errorf(`invalid value for %s key: %T`, ContentTypeKey, value) 348 case CriticalKey: 349 if v, ok := value.([]string); ok { 350 h.critical = v 351 return nil 352 } 353 return fmt.Errorf(`invalid value for %s key: %T`, CriticalKey, value) 354 case JWKKey: 355 if v, ok := value.(jwk.Key); ok { 356 h.jwk = v 357 return nil 358 } 359 return fmt.Errorf(`invalid value for %s key: %T`, JWKKey, value) 360 case JWKSetURLKey: 361 if v, ok := value.(string); ok { 362 h.jwkSetURL = &v 363 return nil 364 } 365 return fmt.Errorf(`invalid value for %s key: %T`, JWKSetURLKey, value) 366 case KeyIDKey: 367 if v, ok := value.(string); ok { 368 h.keyID = &v 369 return nil 370 } 371 return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value) 372 case TypeKey: 373 if v, ok := value.(string); ok { 374 h.typ = &v 375 return nil 376 } 377 return fmt.Errorf(`invalid value for %s key: %T`, TypeKey, value) 378 case X509CertChainKey: 379 if v, ok := value.(*cert.Chain); ok { 380 h.x509CertChain = v 381 return nil 382 } 383 return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value) 384 case X509CertThumbprintKey: 385 if v, ok := value.(string); ok { 386 h.x509CertThumbprint = &v 387 return nil 388 } 389 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value) 390 case X509CertThumbprintS256Key: 391 if v, ok := value.(string); ok { 392 h.x509CertThumbprintS256 = &v 393 return nil 394 } 395 return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value) 396 case X509URLKey: 397 if v, ok := value.(string); ok { 398 h.x509URL = &v 399 return nil 400 } 401 return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value) 402 default: 403 if h.privateParams == nil { 404 h.privateParams = map[string]interface{}{} 405 } 406 h.privateParams[name] = value 407 } 408 return nil 409 } 410 411 func (h *stdHeaders) Remove(key string) error { 412 h.mu.Lock() 413 defer h.mu.Unlock() 414 switch key { 415 case AlgorithmKey: 416 h.algorithm = nil 417 case ContentTypeKey: 418 h.contentType = nil 419 case CriticalKey: 420 h.critical = nil 421 case JWKKey: 422 h.jwk = nil 423 case JWKSetURLKey: 424 h.jwkSetURL = nil 425 case KeyIDKey: 426 h.keyID = nil 427 case TypeKey: 428 h.typ = nil 429 case X509CertChainKey: 430 h.x509CertChain = nil 431 case X509CertThumbprintKey: 432 h.x509CertThumbprint = nil 433 case X509CertThumbprintS256Key: 434 h.x509CertThumbprintS256 = nil 435 case X509URLKey: 436 h.x509URL = nil 437 default: 438 delete(h.privateParams, key) 439 } 440 return nil 441 } 442 443 func (h *stdHeaders) UnmarshalJSON(buf []byte) error { 444 h.mu.Lock() 445 defer h.mu.Unlock() 446 h.clear() 447 dec := json.NewDecoder(bytes.NewReader(buf)) 448 LOOP: 449 for { 450 tok, err := dec.Token() 451 if err != nil { 452 return fmt.Errorf(`error reading token: %w`, err) 453 } 454 switch tok := tok.(type) { 455 case json.Delim: 456 // Assuming we're doing everything correctly, we should ONLY 457 // get either '{' or '}' here. 458 if tok == '}' { // End of object 459 break LOOP 460 } else if tok != '{' { 461 return fmt.Errorf(`expected '{', but got '%c'`, tok) 462 } 463 case string: // Objects can only have string keys 464 switch tok { 465 case AlgorithmKey: 466 var decoded jwa.SignatureAlgorithm 467 if err := dec.Decode(&decoded); err != nil { 468 return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err) 469 } 470 h.algorithm = &decoded 471 case ContentTypeKey: 472 if err := json.AssignNextStringToken(&h.contentType, dec); err != nil { 473 return fmt.Errorf(`failed to decode value for key %s: %w`, ContentTypeKey, err) 474 } 475 case CriticalKey: 476 var decoded []string 477 if err := dec.Decode(&decoded); err != nil { 478 return fmt.Errorf(`failed to decode value for key %s: %w`, CriticalKey, err) 479 } 480 h.critical = decoded 481 case JWKKey: 482 var buf json.RawMessage 483 if err := dec.Decode(&buf); err != nil { 484 return fmt.Errorf(`failed to decode value for key %s: %w`, JWKKey, err) 485 } 486 key, err := jwk.ParseKey(buf) 487 if err != nil { 488 return fmt.Errorf(`failed to parse JWK for key %s: %w`, JWKKey, err) 489 } 490 h.jwk = key 491 case JWKSetURLKey: 492 if err := json.AssignNextStringToken(&h.jwkSetURL, dec); err != nil { 493 return fmt.Errorf(`failed to decode value for key %s: %w`, JWKSetURLKey, err) 494 } 495 case KeyIDKey: 496 if err := json.AssignNextStringToken(&h.keyID, dec); err != nil { 497 return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err) 498 } 499 case TypeKey: 500 if err := json.AssignNextStringToken(&h.typ, dec); err != nil { 501 return fmt.Errorf(`failed to decode value for key %s: %w`, TypeKey, err) 502 } 503 case X509CertChainKey: 504 var decoded cert.Chain 505 if err := dec.Decode(&decoded); err != nil { 506 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err) 507 } 508 h.x509CertChain = &decoded 509 case X509CertThumbprintKey: 510 if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil { 511 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err) 512 } 513 case X509CertThumbprintS256Key: 514 if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil { 515 return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err) 516 } 517 case X509URLKey: 518 if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil { 519 return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err) 520 } 521 default: 522 decoded, err := registry.Decode(dec, tok) 523 if err != nil { 524 return err 525 } 526 h.setNoLock(tok, decoded) 527 } 528 default: 529 return fmt.Errorf(`invalid token %T`, tok) 530 } 531 } 532 h.raw = buf 533 return nil 534 } 535 536 func (h stdHeaders) MarshalJSON() ([]byte, error) { 537 buf := pool.GetBytesBuffer() 538 defer pool.ReleaseBytesBuffer(buf) 539 buf.WriteByte('{') 540 enc := json.NewEncoder(buf) 541 for i, p := range h.makePairs() { 542 if i > 0 { 543 buf.WriteRune(',') 544 } 545 buf.WriteRune('"') 546 buf.WriteString(p.Key.(string)) 547 buf.WriteString(`":`) 548 v := p.Value 549 switch v := v.(type) { 550 case []byte: 551 buf.WriteRune('"') 552 buf.WriteString(base64.EncodeToString(v)) 553 buf.WriteRune('"') 554 default: 555 if err := enc.Encode(v); err != nil { 556 return nil, fmt.Errorf(`failed to encode value for field %s: %w`, p.Key, err) 557 } 558 buf.Truncate(buf.Len() - 1) 559 } 560 } 561 buf.WriteByte('}') 562 ret := make([]byte, buf.Len()) 563 copy(ret, buf.Bytes()) 564 return ret, nil 565 }