1package jwe 2 3import ( 4 "github.com/lestrrat-go/iter/mapiter" 5 "github.com/lestrrat-go/jwx/internal/iter" 6 "github.com/lestrrat-go/jwx/jwa" 7 "github.com/lestrrat-go/jwx/jwe/internal/keyenc" 8 "github.com/lestrrat-go/jwx/jwe/internal/keygen" 9) 10 11// Recipient holds the encrypted key and hints to decrypt the key 12type Recipient interface { 13 Headers() Headers 14 EncryptedKey() []byte 15 SetHeaders(Headers) error 16 SetEncryptedKey([]byte) error 17} 18 19type stdRecipient struct { 20 headers Headers 21 encryptedKey []byte 22} 23 24// Message contains the entire encrypted JWE message. You should not 25// expect to use Message for anything other than inspecting the 26// state of an encrypted message. This is because encryption is 27// highly context sensitive, and once we parse the original payload 28// into an object, we may not always be able to recreate the exact 29// context in which the encryption happened. 30// 31// For example, it is totally valid for if the protected header's 32// integrity was calculated using a non-standard line breaks: 33// 34// {"a dummy": 35// "protected header"} 36// 37// Once parsed, though, we can only serialize the protected header as: 38// 39// {"a dummy":"protected header"} 40// 41// which would obviously result in a contradicting integrity value 42// if we tried to re-calculate it from a parsed message. 43//nolint:govet 44type Message struct { 45 authenticatedData []byte 46 cipherText []byte 47 initializationVector []byte 48 tag []byte 49 recipients []Recipient 50 protectedHeaders Headers 51 unprotectedHeaders Headers 52 53 // These two fields below are not available for the public consumers of this object. 54 // rawProtectedHeaders stores the original protected header buffer 55 rawProtectedHeaders []byte 56 // storeProtectedHeaders is a hint to be used in UnmarshalJSON(). 57 // When this flag is true, UnmarshalJSON() will populate the 58 // rawProtectedHeaders field 59 storeProtectedHeaders bool 60} 61 62// contentEncrypter encrypts the content using the content using the 63// encrypted key 64type contentEncrypter interface { 65 Algorithm() jwa.ContentEncryptionAlgorithm 66 Encrypt([]byte, []byte, []byte) ([]byte, []byte, []byte, error) 67} 68 69//nolint:govet 70type encryptCtx struct { 71 keyEncrypters []keyenc.Encrypter 72 protected Headers 73 contentEncrypter contentEncrypter 74 generator keygen.Generator 75 compress jwa.CompressionAlgorithm 76} 77 78// populater is an interface for things that may modify the 79// JWE header. e.g. ByteWithECPrivateKey 80type populater interface { 81 Populate(keygen.Setter) error 82} 83 84type Visitor = iter.MapVisitor 85type VisitorFunc = iter.MapVisitorFunc 86type HeaderPair = mapiter.Pair 87type Iterator = mapiter.Iterator 88 89// PostParser is used in conjunction with jwe.WithPostParser(). 90// This hook is called right after the JWE message has been parsed 91// but before the actual decryption takes place during `jwe.Decrypt()`. 92type PostParser interface { 93 PostParse(DecryptCtx) error 94} 95 96// PostParseFunc is a PostParser that is represented by a single function 97type PostParseFunc func(DecryptCtx) error 98 99func (fn PostParseFunc) PostParse(ctx DecryptCtx) error { 100 return fn(ctx) 101} 102