github.com/trustbloc/kms-go@v1.1.2/doc/jose/kidresolver/resolver.go

github.com/trustbloc/kms-go@v1.1.2/doc/jose/kidresolver/resolver.go (about)

     1  /*
     2  Copyright SecureKey Technologies Inc. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package kidresolver
     8  
     9  import (
    10  	"encoding/json"
    11  	"fmt"
    12  
    13  	"github.com/trustbloc/kms-go/doc/util/kmsdidkey"
    14  
    15  	cryptoapi "github.com/trustbloc/kms-go/spi/crypto"
    16  	"github.com/trustbloc/kms-go/spi/storage"
    17  )
    18  
    19  // KIDResolver helps resolve the kid public key from a recipient 'kid' or a sender 'skid' during JWE decryption.
    20  // The JWEDecrypter should be able to load the public key using a resolution scheme for a key reference found in the
    21  // 'skid' JWE protected header/'kid' recipient header.
    22  type KIDResolver interface {
    23  	// Resolve a 'kid'/'skid' into a marshalled public key or error if key resolution fails.
    24  	Resolve(string) (*cryptoapi.PublicKey, error)
    25  }
    26  
    27  // DIDKeyResolver resolves a 'kid'/'skid' containing a did:key value.
    28  type DIDKeyResolver struct{}
    29  
    30  // Resolve a 'kid'/'skid' protected header with a did:key value into a marshalled public key or error if key
    31  // resolution fails.
    32  func (k *DIDKeyResolver) Resolve(kid string) (*cryptoapi.PublicKey, error) {
    33  	return kmsdidkey.EncryptionPubKeyFromDIDKey(kid)
    34  }
    35  
    36  // StoreResolver resolves a 'kid'/'skid' containing a kms ID value (JWK fingerprint) from a dedicated pre-loaded store.
    37  // Note: this is not a kms keystore. This StoreResolver is useful in cases where a thirdparty store is needed. This is
    38  // useful in unit tests and especially for test vectors using the ECDH-1PU Appendix B example to load the sender key
    39  // so that recipients can resolve a predefined 'skid'. Aries Framework Go is using the DIDKeyResolver by default (for
    40  // request without DID docs) and DIDDocResolver (for requests with existing DID connections).
    41  type StoreResolver struct {
    42  	// store where the kid key is potentially stored.
    43  	Store storage.Store
    44  }
    45  
    46  // Resolve a 'kid'/'skid' by loading kid's PublicKey from a store or return an error if it fails.
    47  func (s *StoreResolver) Resolve(kid string) (*cryptoapi.PublicKey, error) {
    48  	var pubKey *cryptoapi.PublicKey
    49  
    50  	mPubKey, err := s.Store.Get(kid)
    51  	if err != nil {
    52  		return nil, fmt.Errorf("storeResolver: failed to resolve kid from store: %w", err)
    53  	}
    54  
    55  	err = json.Unmarshal(mPubKey, &pubKey)
    56  	if err != nil {
    57  		return nil, fmt.Errorf("storeResolver: failed to unmarshal public key from DB: %w", err)
    58  	}
    59  
    60  	return pubKey, nil
    61  }