jwt

package module
v0.0.0-...-49e7716 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2025 License: Apache-2.0 Imports: 25 Imported by: 0

README

jwt

fastest jwt implementation

Documentation

Index

Constants

View Source 
const (
	KB    = 1 << 10  // 1KB
	KB_32 = 32 << 10 // 32KB
	MB    = 1 << 20  // 1MB
	MB_32 = 32 << 20 // 32MB
	GB    = 1 << 30  // 1GB
	GB_32 = 32 << 30 // 32GB

	B_8      = 8         // 8B
	B_256    = 256       // 256B
	KB_8     = 8 << 10   // 8KB
	KB_256   = 256 << 10 // 256KB
	MB_8     = 8 << 20   // 8MB
	MAX_SIZE = GB        // Maximum allowed size

)
View Source 
const (
	INITIAL = 1
)

Domain separation prefixes used to disambiguate Ed25519/Ed25519ph/Ed25519ctx. See RFC 8032, Section 2 and Section 5.1.

Variables

View Source 
var (
	ErrInvalid              = errors.New("invalid bytes")
	ErrTokenIsINVALID       = errors.New("token is invalid")
	ErrNil                  = errors.New("jwt key is nil")
	ErrSubjectNil           = errors.New("subject is nil")
	ErrIssuerNil            = errors.New("issuer is nil")
	ErrInvalidToken         = errors.New("invalid token")
	ErrUnknownAlgorithm     = errors.New("unknown algorithm")
	ErrInvalidKey           = errors.New("invalid key")
	ErrDateInvalid          = errors.New("invalid date")
	ErrSignatureInvalid     = errors.New("invalid signature")
	ErrUnitializedToken     = errors.New("unitialized token")
	ErrInvalidSignature     = errors.New("invalid signature")
	ErrSeedNil              = errors.New("seed is nil")
	ErrPayloadIsEmpty       = errors.New("payload is empty")
	ErrInvalidSeed          = errors.New("invalid seed")
	ErrInvalidKeySize       = errors.New("invalid key size")
	ErrPointerToArray       = errors.New("pointer to array")
	ErrCannotGetObjFromPool = errors.New("cannot get object from pool")
	ErrSizeNotVald          = errors.New("size not valid")
	ErrCapNotValid          = errors.New("cap not valid")

	ErrTokenExpired     = errors.New("jwt: token is expired")
	ErrTokenNotYetValid = errors.New("jwt: token is not yet valid")
)

Functions

func BeAppendUint64 

func BeAppendUint64(b []byte, v uint64) []byte

func BePutUint64 

func BePutUint64(b []byte, v uint64)

func BeUint64 

func BeUint64(b []byte) uint64

func CpuId 

func CpuId(eax uint32) (eaxOut, ebx, ecx, edx uint32)

func ExportingAVX2_32 

func ExportingAVX2_32(src []byte, src2 []byte) int

func ExportingAVX2_64 

func ExportingAVX2_64(src []byte, src2 []byte) int

func ExportingAVX2_128 

func ExportingAVX2_128(src []byte, src2 []byte) int

func ExportingAVX2_256 

func ExportingAVX2_256(src []byte, src2 []byte) int

func ExportingAVX2_512 

func ExportingAVX2_512(src []byte, src2 []byte) int

func ExportingAVX2_1024 

func ExportingAVX2_1024(src []byte, src2 []byte) int

func GenerateED25519 

func GenerateED25519(rand io.Reader) (*PublicKeyEd, *PrivateKeyEd, error)

func GenerateEDDSARandom 

func GenerateEDDSARandom(rand io.Reader) (*PrivateKeyEd, *PublicKeyEd, error)

func GuardSlice 

func GuardSlice(buf *[]byte, n int)

func List 

func List(pkg string) []string

List returns the names of all alternative implementations registered for the given package, whether available or not. The implicit base implementation is not included.

func MoreStack 

func MoreStack(size uintptr)

func NewDigest 

func NewDigest() *digest

func NewEddsa 

func NewEddsa(private *PrivateKeyEd, public *PublicKeyEd) (*_EDDSA, error)

func Register 

func Register(pkg, name string, available *bool)

Register records an alternative implementation of a cryptographic primitive. The implementation might be available or not based on CPU support. If available is false, the implementation is unavailable and can't be tested on this machine. If available is true, it can be set to false to disable the implementation. If all alternative implementations but one are disabled, the remaining one must be used (i.e. disabling one implementation must not implicitly disable any other). Each package has an implicit base implementation that is selected when all alternatives are unavailable or disabled.

func Reset 

func Reset(pkg string)

func Select 

func Select(pkg, name string) bool

Select disables all implementations for the given package except the one with the given name. If name is empty, the base implementation is selected. It returns whether the selected implementation is available.

func Sign 

func Sign(privateKey *PrivateKeyEd, message []byte, domPrefix, context string) [64]byte

func SupportedCPU 

func SupportedCPU() bool

func Verify__ 

func Verify__(publicKey *PublicKeyEd, message, sig []byte) bool

Types

type Algorithm 

type Algorithm int8
const (
	EDDSA Algorithm = iota

	ES256
	ES384
	ES512

	RS256
	RS384
	RS512

	PS256
	PS384
	PS512

	HS256
	HS384
	HS512
)

func None 

func None() Algorithm

func (Algorithm) Algorithm 

func (a Algorithm) Algorithm() Algorithm

func (Algorithm) NoneString 

func (Algorithm) NoneString() string

func (Algorithm) String 

func (a Algorithm) String() string

type AlignedBuffer 

type AlignedBuffer struct {
	// contains filtered or unexported fields
}

func NewAlignedBuffer 

func NewAlignedBuffer() *AlignedBuffer

func (*AlignedBuffer) Bytes 

func (b *AlignedBuffer) Bytes() []byte

func (*AlignedBuffer) GetInput 

func (b *AlignedBuffer) GetInput() []byte

func (*AlignedBuffer) GetInput32 

func (b *AlignedBuffer) GetInput32() []byte

func (*AlignedBuffer) GetOutput 

func (b *AlignedBuffer) GetOutput() []byte

func (*AlignedBuffer) GetOutput32 

func (b *AlignedBuffer) GetOutput32() []byte

func (*AlignedBuffer) Reset 

func (b *AlignedBuffer) Reset()

func (*AlignedBuffer) Reset32_input 

func (b *AlignedBuffer) Reset32_input()

func (*AlignedBuffer) Reset32_output 

func (b *AlignedBuffer) Reset32_output()

func (*AlignedBuffer) Reset64_input 

func (b *AlignedBuffer) Reset64_input()

func (*AlignedBuffer) Reset64_output 

func (b *AlignedBuffer) Reset64_output()

func (AlignedBuffer) WriteResult 

func (b AlignedBuffer) WriteResult() []byte

func (AlignedBuffer) WriteResult32 

func (b AlignedBuffer) WriteResult32() []byte

func (*AlignedBuffer) WriteToInput 

func (b *AlignedBuffer) WriteToInput(b2 []byte)

func (*AlignedBuffer) WriteToInput32 

func (b *AlignedBuffer) WriteToInput32(b2 []byte)

func (*AlignedBuffer) WriteToOutput 

func (b *AlignedBuffer) WriteToOutput(b2 []byte)

func (*AlignedBuffer) WriteToOutput32 

func (b *AlignedBuffer) WriteToOutput32(b2 []byte)

type AmdZEN 

type AmdZEN int8

func (AmdZEN) String 

func (a AmdZEN) String() string

type Audience 

type Audience struct {
	// contains filtered or unexported fields
}

https://tools.ietf.org/html/rfc7519

func NewAudience 

func NewAudience(aud []string) Audience

func (*Audience) Get 

func (ap *Audience) Get() []string

func (*Audience) MarshalJSON 

func (ap *Audience) MarshalJSON() ([]byte, error)

func (*Audience) UnmarshalJSON 

func (ap *Audience) UnmarshalJSON(data []byte) error

type CPU 

type CPU uint64
var (
	X86 CPU = ABIx86()
)

func ABIx86 

func ABIx86() CPU

func (CPU) Has 

func (cpu CPU) Has(feature Feature) bool

type Cyt 

type Cyt uint8
const (
	ContentTypeUnknown     = 0
	ContentTypeJWT     Cyt = 1
	ContentTypeJWS     Cyt = 2
	ContentTypeJSON    Cyt = 3
	ContentTypeCustom  Cyt = 4 //TODO hold custom content type
)

func (Cyt) String 

func (c Cyt) String() string

type Feature 

type Feature cpuid.FeatureID
const (
	SSE Feature = 1 << iota
	SSE2
	SSE3
	SSE41
	SSE42
	SSE4A
	SSSE3
	AVX
	AVX2
	AVX512BF16
	AVX512BITALG
	AVX512BW
	AVX512CD
	AVX512DQ
	AVX512ER
	AVX512F
	AVX512IFMA
	AVX512PF
	AVX512VBMI
	AVX512VBMI2
	AVX512VL
	AVX512VNNI
	AVX512VP2INTERSECT
	AVX512VPOPCNTDQ
	CMOV
)

type HashBorrower 

type HashBorrower[T hash.Hash] struct {
	// contains filtered or unexported fields
}

func (*HashBorrower[T]) Borrow 

func (h *HashBorrower[T]) Borrow() hash.Hash

func (*HashBorrower[T]) ReturnAll 

func (h *HashBorrower[T]) ReturnAll()
type Header struct {
	KeyID       []byte    `json:"kid,omitempty"`
	ContentType Cyt       `json:"cty,omitempty"`
	Algorithm   Algorithm `json:"alg,omitempty"`
	Type        Typ       `json:"typ,omitempty"`
}

func (*Header) MarshalJSON 

func (h *Header) MarshalJSON() []byte

func (*Header) UnmarshalJSON 

func (h *Header) UnmarshalJSON(b []byte) error

type HeaderOption 

type HeaderOption func(*Header)

func WithContentType 

func WithContentType(cty Cyt) HeaderOption

func WithKeyID 

func WithKeyID(kid []byte) HeaderOption

type Hmac 

type Hmac struct {
	// contains filtered or unexported fields
}

func (*Hmac) Algorithm 

func (h *Hmac) Algorithm() Algorithm

func (*Hmac) Bytes 

func (h *Hmac) Bytes() []byte

func (*Hmac) Sign 

func (h *Hmac) Sign(payload []byte) ([]byte, error)

type JWTTime 

type JWTTime struct {
	time.Time
}

https://tools.ietf.org/html/rfc7519#section-2

func NumericDate 

func NumericDate(tt time.Time) *JWTTime

func (*JWTTime) Format 

func (t *JWTTime) Format(layout string) string

func (*JWTTime) GetTime 

func (t *JWTTime) GetTime() []byte

func (*JWTTime) MarshalJSON 

func (t *JWTTime) MarshalJSON() ([]byte, error)

func (*JWTTime) UnmarshalJSON 

func (t *JWTTime) UnmarshalJSON(b []byte) error

type KeySource 

type KeySource interface {
	~[]byte | ~string | ~*[privateKeyLen]byte | ~[privateKeyLen]byte
}

type Payload 

type Payload struct {
	JWTID          string   `json:"jti,omitempty"` // https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
	Issuer         string   `json:"iss,omitempty"`
	Subject        string   `json:"sub,omitempty"`
	Audience       Audience `json:"aud,omitempty"` // aud admin
	ExpirationTime *JWTTime `json:"exp,omitempty"`
	NotBefore      *JWTTime `json:"nbf,omitempty"`
	IssuedAt       *JWTTime `json:"iat,omitempty"`
}

func (*Payload) GetExpiration 

func (p *Payload) GetExpiration() *JWTTime

get ExpirationTime

func (*Payload) GetIssuedAt 

func (p *Payload) GetIssuedAt() *time.Time

return issued at timestamp

func (*Payload) GetIssuer 

func (p *Payload) GetIssuer() (string, error)

func (*Payload) GetSubject 

func (p *Payload) GetSubject() (string, error)

func (*Payload) HasAudience 

func (p *Payload) HasAudience(audience string) bool

func (*Payload) HasAudiences 

func (p *Payload) HasAudiences(aud []string) bool

func (*Payload) IsExpired 

func (p *Payload) IsExpired(now time.Time) bool

check if expired

func (*Payload) IsID 

func (sc *Payload) IsID(id string) bool

func (*Payload) IsIssuer 

func (p *Payload) IsIssuer(issuer string) bool

func (*Payload) IsNotBefore 

func (p *Payload) IsNotBefore(now time.Time) bool

checks that the current time (now) is later than or equal to the NotBefore value

func (*Payload) IsSubject 

func (p *Payload) IsSubject(subject string) bool

func (*Payload) IsValidExpiresAt 

func (sc *Payload) IsValidExpiresAt(now time.Time) bool

valid if token currently not expired but it can be nil

func (*Payload) IsValidIssuedAt 

func (sc *Payload) IsValidIssuedAt(now time.Time) bool

func (*Payload) IsValidNotBefore 

func (sc *Payload) IsValidNotBefore(now time.Time) bool

func (*Payload) MarshalJSON 

func (p *Payload) MarshalJSON() ([]byte, error)

func (*Payload) UnmarshalJSON 

func (p *Payload) UnmarshalJSON(b []byte) error

type PoolChan 

type PoolChan[T any] struct {
	// contains filtered or unexported fields
}

func NewPoolChan 

func NewPoolChan[T any](size int, new func() T) *PoolChan[T]

func (*PoolChan[T]) CurrentSize 

func (p *PoolChan[T]) CurrentSize() int

func (*PoolChan[T]) Get 

func (p *PoolChan[T]) Get() T

func (*PoolChan[T]) Put 

func (p *PoolChan[T]) Put(obj T)

type PrivateKeyEd 

type PrivateKeyEd struct {
	// contains filtered or unexported fields
}

func NewKeyFromSeed 

func NewKeyFromSeed(seed [32]byte) *PrivateKeyEd

func NewPrivateKey 

func NewPrivateKey(privBytes [64]byte) *PrivateKeyEd

func (*PrivateKeyEd) Public 

func (p *PrivateKeyEd) Public() *PublicKeyEd

type PublicKeyEd 

type PublicKeyEd struct {
	// contains filtered or unexported fields
}

func NewPublicKey 

func NewPublicKey(pubBytes *[publicKeyLen]byte) *PublicKeyEd

type Token 

type Token[T any] struct {
	// contains filtered or unexported fields
}

xxxxx.yyyyy.zzzzz

func New 

func New(alg Algorithm, payload *Payload, opts ...HeaderOption) *Token[Algorithm]

func ParseNoVerify 

func ParseNoVerify(raw []byte) (*Token[any], error)

func ParseVerifySignature 

func ParseVerifySignature(raw []byte, signature [64]byte) (*Token[any], error)

func (*Token[T]) BeforeSignature 

func (t *Token[T]) BeforeSignature() []byte

func (*Token[T]) Build 

func (t *Token[T]) Build()

func (*Token[T]) Bytes 

func (t *Token[T]) Bytes() []byte

func (*Token[T]) Header 

func (t *Token[T]) Header() *Header

func (*Token[T]) HeaderPart 

func (t *Token[T]) HeaderPart() []byte

func (*Token[T]) PayloadPart 

func (t *Token[T]) PayloadPart() []byte

func (*Token[T]) SetToken 

func (t *Token[T]) SetToken(token []byte, sep1, sep2 int32)

func (*Token[T]) Signature 

func (t *Token[T]) Signature() []byte

func (*Token[T]) SignedEddsa 

func (t *Token[T]) SignedEddsa(privateKey *PrivateKeyEd, publicKey *PublicKeyEd) (string, error)

func (*Token[T]) SignedString 

func (t *Token[T]) SignedString(key []byte) (string, error)

func (*Token[T]) SigningString 

func (t *Token[T]) SigningString() []byte

func (*Token[T]) VerifyEddsa 

func (t *Token[T]) VerifyEddsa(public *PublicKeyEd) (bool, error)

type Typ 

type Typ uint8
const (
	TypeJWT Typ = 1
)

func (Typ) String 

func (t Typ) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.