type NonceSource … type Signer … type SigningKey … type SignerOptions … // WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it // if necessary. It returns itself and so can be used in a fluent style. func (so *SignerOptions) WithHeader(k HeaderKey, v interface{ … } // WithContentType adds a content type ("cty") header and returns the updated // SignerOptions. func (so *SignerOptions) WithContentType(contentType ContentType) *SignerOptions { … } // WithType adds a type ("typ") header and returns the updated SignerOptions. func (so *SignerOptions) WithType(typ ContentType) *SignerOptions { … } // WithCritical adds the given names to the critical ("crit") header and returns // the updated SignerOptions. func (so *SignerOptions) WithCritical(names ...string) *SignerOptions { … } // WithBase64 adds a base64url-encode payload ("b64") header and returns the updated // SignerOptions. When the "b64" value is "false", the payload is not base64 encoded. func (so *SignerOptions) WithBase64(b64 bool) *SignerOptions { … } type payloadSigner … type payloadVerifier … type genericSigner … type recipientSigInfo … func staticPublicKey(jwk *JSONWebKey) func() *JSONWebKey { … } // NewSigner creates an appropriate signer based on the key type func NewSigner(sig SigningKey, opts *SignerOptions) (Signer, error) { … } // NewMultiSigner creates a signer for multiple recipients func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) { … } // newVerifier creates a verifier based on the key type func newVerifier(verificationKey interface{ … } func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interface{ … } func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{ … } func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigInfo, error) { … } func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) { … } func (ctx *genericSigner) Options() SignerOptions { … } // Verify validates the signature on the object and returns the payload. // This function does not support multi-signature, if you desire multi-sig // verification use VerifyMulti instead. // // Be careful when verifying signatures based on embedded JWKs inside the // payload header. You cannot assume that the key received in a payload is // trusted. func (obj JSONWebSignature) Verify(verificationKey interface{ … } // UnsafePayloadWithoutVerification returns the payload without // verifying it. The content returned from this function cannot be // trusted. func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte { … } // DetachedVerify validates a detached signature on the given payload. In // most cases, you will probably want to use Verify instead. DetachedVerify // is only useful if you have a payload and signature that are separated from // each other. func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{ … } // VerifyMulti validates (one of the multiple) signatures on the object and // returns the index of the signature that was verified, along with the signature // object and the payload. We return the signature and index to guarantee that // callers are getting the verified value. func (obj JSONWebSignature) VerifyMulti(verificationKey interface{ … } // DetachedVerifyMulti validates a detached signature on the given payload with // a signature/object that has potentially multiple signers. This returns the index // of the signature that was verified, along with the signature object. We return // the signature and index to guarantee that callers are getting the verified value. // // In most cases, you will probably want to use Verify or VerifyMulti instead. // DetachedVerifyMulti is only useful if you have a payload and signature that are // separated from each other, and the signature can have multiple signers at the // same time. func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{ … }