/
jose_wrappers.go
68 lines (54 loc) · 1.5 KB
/
jose_wrappers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/*
Copyright Gen Digital Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package jwt
import (
"fmt"
"strings"
"github.com/trustbloc/kms-go/doc/jose"
)
// NewJOSESigner wraps ProofCreator into jose signer.
func NewJOSESigner(params SignParameters, signer ProofCreator) (*JoseSigner, error) {
headers, err := signer.CreateJWTHeaders(params)
if err != nil {
return nil, err
}
return &JoseSigner{
signer: signer,
signParams: params,
headers: headers,
}, nil
}
// JoseSigner implement jose.proofCreator interface.
type JoseSigner struct {
signer ProofCreator
signParams SignParameters
headers jose.Headers
}
// Sign returns signature.
func (s JoseSigner) Sign(data []byte) ([]byte, error) {
return s.signer.SignJWT(s.signParams, data)
}
// Headers returns headers.
func (s JoseSigner) Headers() jose.Headers {
return s.headers
}
type joseVerifier struct {
proofChecker ProofChecker
expectedProofIssuer *string
}
func (v *joseVerifier) Verify(joseHeaders jose.Headers, _, signingInput, signature []byte) error {
var expectedProofIssuer string
if v.expectedProofIssuer != nil {
expectedProofIssuer = *v.expectedProofIssuer
} else {
// if expectedProofIssuer not set, we get issuer DID from first part of key id.
keyID, ok := joseHeaders.KeyID()
if !ok {
return fmt.Errorf("missed kid in jwt header")
}
expectedProofIssuer = strings.Split(keyID, "#")[0]
}
return v.proofChecker.CheckJWTProof(joseHeaders, expectedProofIssuer, signingInput, signature)
}