github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/signature/jws/builders.go

github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/signature/jws/builders.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package jws
    19  
    20  import (
    21  	"encoding/base64"
    22  	"encoding/json"
    23  	"fmt"
    24  	"strings"
    25  
    26  	"github.com/dchest/uniuri"
    27  	"gopkg.in/square/go-jose.v2"
    28  
    29  	"github.com/zntrio/harp/v2/pkg/sdk/value"
    30  	"github.com/zntrio/harp/v2/pkg/sdk/value/signature"
    31  )
    32  
    33  func init() {
    34  	signature.Register("jws", Transformer)
    35  }
    36  
    37  // Transformer returns a JWS signature value transformer instance.
    38  func Transformer(key string) (value.Transformer, error) {
    39  	// Remove prefix
    40  	key = strings.TrimPrefix(key, "jws:")
    41  
    42  	// Decode key
    43  	keyRaw, err := base64.RawURLEncoding.DecodeString(key)
    44  	if err != nil {
    45  		return nil, fmt.Errorf("unable to decode transformer key: %w", err)
    46  	}
    47  
    48  	// Check JWK encoding
    49  	var jwk jose.JSONWebKey
    50  	if errJSON := json.Unmarshal(keyRaw, &jwk); errJSON != nil {
    51  		return nil, fmt.Errorf("unable to decode the transformer key: %w", errJSON)
    52  	}
    53  
    54  	// Return transformer implementation
    55  	return &jwsTransformer{
    56  		key: jose.SigningKey{
    57  			Algorithm: jose.SignatureAlgorithm(jwk.Algorithm),
    58  			Key:       &jwk,
    59  		},
    60  	}, nil
    61  }
    62  
    63  // -----------------------------------------------------------------------------
    64  
    65  type nonceSource struct{}
    66  
    67  func (n *nonceSource) Nonce() (string, error) {
    68  	return uniuri.NewLen(8), nil
    69  }