1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17// Package jwt implements a subset of JSON Web Token (JWT) as defined by RFC 7519 (https://tools.ietf.org/html/rfc7519) that is considered safe and most often used. 18package jwt 19 20import ( 21 "errors" 22 "fmt" 23 24 "github.com/google/tink/go/core/registry" 25) 26 27// A generic error returned when something went wrong before validation 28var errJwtVerification = errors.New("verification failed") 29var errJwtExpired = errors.New("token has expired") 30 31// IsExpirationErr returns true if err was returned by a JWT verification for a token 32// with a valid signature that is expired. 33// 34// Note that if the corresponding verification key has been removed from the keyset, 35// verification will not return an expiration error even if the token is expired, because 36// the expiration is only verified if the signature is valid. 37func IsExpirationErr(err error) bool { 38 return err == errJwtExpired 39} 40 41func init() { 42 if err := registry.RegisterKeyManager(new(jwtHMACKeyManager)); err != nil { 43 panic(fmt.Sprintf("jwt.init() failed registering JWT HMAC key manager: %v", err)) 44 } 45 if err := registry.RegisterKeyManager(new(jwtECDSAVerifierKeyManager)); err != nil { 46 panic(fmt.Sprintf("jwt.init() failed registering JWT ECDSA verifier key manager: %v", err)) 47 } 48 if err := registry.RegisterKeyManager(new(jwtECDSASignerKeyManager)); err != nil { 49 panic(fmt.Sprintf("jwt.init() failed registering JWT ECDSA signer key manager: %v", err)) 50 } 51 if err := registry.RegisterKeyManager(new(jwtRSSignerKeyManager)); err != nil { 52 panic(fmt.Sprintf("jwt.init() failed registering JWT RSA SSA PKCS1 signer key manager: %v", err)) 53 } 54 if err := registry.RegisterKeyManager(new(jwtRSVerifierKeyManager)); err != nil { 55 panic(fmt.Sprintf("jwt.init() failed registering JWT RSA SSA PKCS1 verifier key manager: %v", err)) 56 } 57 if err := registry.RegisterKeyManager(new(jwtPSSignerKeyManager)); err != nil { 58 panic(fmt.Sprintf("jwt.init() failed registering JWT RSA SSA PSS signer key manager: %v", err)) 59 } 60 if err := registry.RegisterKeyManager(new(jwtPSVerifierKeyManager)); err != nil { 61 panic(fmt.Sprintf("jwt.init() failed registering JWT RSA SSA PSS verifier key manager: %v", err)) 62 } 63} 64