indispensable-josef/at.asitplus.signum.indispensable.josef

Package-level declarations

Types

@Serializable

data class ConfirmationClaim( val jsonWebKey: JsonWebKey? = null, val encryptedSymmetricKey: JweEncrypted? = null, val keyId: String? = null, val jsonWebKeySetUrl: String? = null, val jsonWebKeyThumbprint: String? = null)

Structure to declare posession of a particular proof-of-possesion key, to be included in JsonWebToken.confirmationClaim

JsonWebAlgorithm

@Serializable(with = JwaSerializer::class)

interface JsonWebAlgorithm

JsonWebKey

@Serializable

data class JsonWebKey( val algorithm: JsonWebAlgorithm? = null, val curve: ECCurve? = null, val e: ByteArray? = null, val k: ByteArray? = null, val keyOperations: Set<String>? = null, val keyId: String? = null, val type: JwkType? = null, val n: ByteArray? = null, val publicKeyUse: String? = null, val x: ByteArray? = null, val certificateChain: CertificateChain? = null, val certificateSha1Thumbprint: ByteArray? = null, val certificateUrl: String? = null, val certificateSha256Thumbprint: ByteArray? = null, val y: ByteArray? = null) : SpecializedCryptoPublicKey, SpecializedSymmetricKey

JSON Web Key as per RFC 7517.

JsonWebKeySet

@Serializable

data class JsonWebKeySet(val keys: Collection<JsonWebKey>)

JSON Web Key Set as per RFC 7517

JsonWebToken

@Serializable

data class JsonWebToken( val issuer: String? = null, val subject: String? = null, val audience: String? = null, val nonce: String? = null, val notBefore: Instant? = null, val issuedAt: Instant? = null, val expiration: Instant? = null, val jwtId: String? = null, val confirmationClaim: ConfirmationClaim? = null, val httpMethod: String? = null, val httpTargetUrl: String? = null, val accessTokenHash: String? = null, val walletName: String? = null, val walletLink: String? = null, val status: JsonObject? = null)

Content of a JWT (JsonWebToken), with many optional keys, since no claim is strongly required.

JwaSerializer

object JwaSerializer : KSerializer<JsonWebAlgorithm>

JweAlgorithm

@Serializable(with = JweAlgorithmSerializer::class)

sealed class JweAlgorithm : JsonWebAlgorithm

JweAlgorithmSerializer

object JweAlgorithmSerializer : KSerializer<JweAlgorithm>

JweDecrypted

data class JweDecrypted<T : Any>(val header: JweHeader, val payload: T)

Representation of a decrypted JSON Web Encryption object, i.e. header and payload.

JweEncrypted

data class JweEncrypted( val header: JweHeader, val headerAsParsed: ByteArray, val encryptedKey: ByteArray? = null, val iv: ByteArray, val ciphertext: ByteArray, val authTag: ByteArray)

Representation of an encrypted JSON Web Encryption object, consisting of its 5 parts: Header, encrypted key, IV, ciphertext, authentication tag.

JweEncryptedSerializer

object JweEncryptedSerializer : KSerializer<JweEncrypted>

JweEncryption

@Serializable(with = JweEncryptionSerializer::class)

enum JweEncryption : Enum<JweEncryption>

Supported JWE algorithms.

JweEncryptionSerializer

object JweEncryptionSerializer : KSerializer<JweEncryption?>

JweHeader

@Serializable

data class JweHeader( val algorithm: JweAlgorithm?, val encryption: JweEncryption?, val keyId: String? = null, val type: String? = null, val contentType: String? = null, val jsonWebKey: JsonWebKey? = null, val jsonWebKeyUrl: String? = null, val ephemeralKeyPair: JsonWebKey? = null, val agreementPartyUInfo: ByteArray? = null, val agreementPartyVInfo: ByteArray? = null, val initializationVector: ByteArray? = null, val authenticationTag: ByteArray? = null, val certificateUrl: String? = null, val certificateChain: CertificateChain? = null, val certificateSha1Thumbprint: ByteArray? = null, val certificateSha256Thumbprint: ByteArray? = null)

Header of a JweEncrypted or JweDecrypted.

JwkType

@Serializable(with = JwkTypeSerializer::class)

enum JwkType : Enum<JwkType>

Supported JSON Web Key types.

JwkTypeSerializer

object JwkTypeSerializer : KSerializer<JwkType?>

JwsAlgorithm

@Serializable(with = JwsAlgorithmSerializer::class)

sealed class JwsAlgorithm : JsonWebAlgorithm, SpecializedDataIntegrityAlgorithm

Since we support only JWS algorithms (with one exception), this class is called what it's called.

JwsAlgorithmSerializer

object JwsAlgorithmSerializer : KSerializer<JwsAlgorithm>

JwsExtensions

object JwsExtensions

JwsHeader

@Serializable

data class JwsHeader( val keyId: String? = null, val type: String? = null, val algorithm: JwsAlgorithm, val contentType: String? = null, val certificateChain: CertificateChain? = null, val notBefore: Instant? = null, val issuedAt: Instant? = null, val expiration: Instant? = null, val jsonWebKey: JsonWebKey? = null, val jsonWebKeySetUrl: String? = null, val certificateUrl: String? = null, val certificateSha1Thumbprint: ByteArray? = null, val certificateSha256Thumbprint: ByteArray? = null, val attestationJwt: String? = null, val keyAttestation: String? = null)

Header of a JwsSigned.

JwsSigned

data class JwsSigned<out P : Any>( val header: JwsHeader, val payload: P, val signature: CryptoSignature.RawByteEncodable, val plainSignatureInput: ByteArray)

Representation of a signed JSON Web Signature object, i.e. consisting of header, payload and signature.

KeyAttestationJwt

@Serializable

data class KeyAttestationJwt( val issuer: String? = null, val subject: String? = null, val audience: String? = null, val nonce: String? = null, val notBefore: Instant? = null, val issuedAt: Instant, val expiration: Instant? = null, val attestedKeys: Collection<JsonWebKey>, val keyStorage: Collection<String>? = null, val userAuthentication: Collection<String>? = null, val certification: String? = null, val status: JsonObject? = null)

Content of a Key Attestation in JWT format, according to OpenID for Verifiable Credential Issuance

Properties

jcaName

val JweAlgorithm.jcaName: String?

jsonWebKeyBytes

val SymmetricKey<*, *, *>.jsonWebKeyBytes: <Error class: unknown class>

converts a symmetric key to its JWE serializable form (i.e. a single bytearray)

jwkId

var CryptoPublicKey.jwkId: String?

var SymmetricKey<*, *, *>.jwkId: String?

Holds JsonWebKey.keyId when transforming a JsonWebKey to a CryptoPublicKey

Functions

toJsonWebKey

fun CryptoPublicKey.toJsonWebKey(keyId: String? = this.jwkId): JsonWebKey

Converts a CryptoPublicKey to a JsonWebKey

fun SymmetricKey<*, *, *>.toJsonWebKey(keyId: String? = this.jwkId): JsonWebKey?

Converts a at.asitplus.signum.indispensable.symmetric.SymmetricKey to a JsonWebKey

fun SymmetricKey<*, *, *>.toJsonWebKey(keyId: String? = this.jwkId, vararg includedOps: String): KmmResult<JsonWebKey>

Converts this symmetric key to a JsonWebKey. algorithm may be null for algorithms, which do not directly correspond to a valid JWA alg identifier but will still be encoded.

toJweEncryptionAlgorithm

fun SymmetricEncryptionAlgorithm<*, *, *>.toJweEncryptionAlgorithm(): JweEncryption?

Convenience conversion function to get a matching JweEncryption algorithm (if any).

toJweKwAlgorithm

fun SymmetricEncryptionAlgorithm<*, *, *>.toJweKwAlgorithm(): JweAlgorithm?

Tries to map this algorithm to a matching JsonWebAlgorithm for key wrapping. Mappings exist for the following algorithms (as others are not direct mappings of symmetric algorithms):

toJwsAlgorithm

fun DataIntegrityAlgorithm.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

fun MessageAuthenticationCode.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

fun SignatureAlgorithm.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

Tries to find a matching JWS algorithm. Note that JWS imposes curve restrictions on ECDSA based on the digest.

fun SpecializedDataIntegrityAlgorithm.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

Tries to find a matching JWS algorithm

fun SpecializedMessageAuthenticationCode.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

fun SpecializedSignatureAlgorithm.toJwsAlgorithm(): KmmResult<JwsAlgorithm>

Tries to find a matching JWS algorithm.