forked from hyperledger-archives/aries-framework-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
jws.go
91 lines (71 loc) · 2.02 KB
/
jws.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package verifiable
import (
"fmt"
"github.com/hyperledger/aries-framework-go/pkg/doc/jose"
"github.com/hyperledger/aries-framework-go/pkg/doc/jwt"
)
// Signer defines signer interface which is used to sign VC JWT.
type Signer interface {
Sign(data []byte) ([]byte, error)
}
// jwtSigner implement jose.Signer interface.
type jwtSigner struct {
signer Signer
headers map[string]interface{}
}
func getJWTSigner(signer Signer, algorithm string) *jwtSigner {
headers := map[string]interface{}{
jose.HeaderAlgorithm: algorithm,
jose.HeaderType: jwt.TypeJWT,
}
return &jwtSigner{signer: signer, headers: headers}
}
func (s jwtSigner) Sign(data []byte) ([]byte, error) {
return s.signer.Sign(data)
}
func (s jwtSigner) Headers() jose.Headers {
return s.headers
}
// noVerifier is used when no JWT signature verification is needed.
// To be used with precaution.
type noVerifier struct {
}
func (v noVerifier) Verify(_ jose.Headers, _, _, _ []byte) error {
return nil
}
// MarshalJWS serializes JWT presentation claims into signed form (JWS).
func marshalJWS(jwtClaims interface{}, signatureAlg JWSAlgorithm, signer Signer, keyID string) (string, error) {
algName, err := signatureAlg.name()
if err != nil {
return "", err
}
headers := map[string]interface{}{
jose.HeaderKeyID: keyID,
}
token, err := jwt.NewSigned(jwtClaims, headers, getJWTSigner(signer, algName))
if err != nil {
return "", err
}
return token.Serialize(false)
}
func unmarshalJWS(rawJwt string, checkProof bool, fetcher PublicKeyFetcher, claims interface{}) error {
var verifier jose.SignatureVerifier
if checkProof {
verifier = jwt.NewVerifier(jwt.KeyResolverFunc(fetcher))
} else {
verifier = &noVerifier{}
}
jsonWebToken, err := jwt.Parse(rawJwt, jwt.WithSignatureVerifier(verifier))
if err != nil {
return fmt.Errorf("parse JWT: %w", err)
}
err = jsonWebToken.DecodeClaims(claims)
if err != nil {
return err
}
return nil
}