The cl-jwk Reference Manual

This is the cl-jwk Reference Manual, version 0.1.0, generated automatically by Declt version 4.0 beta 2 "William Riker" on Sun Sep 15 04:08:00 2024 GMT+0.

Table of Contents


1 Introduction


2 Systems

The main system appears first, followed by any subsystem dependency.


2.1 cl-jwk

Common Lisp system for decoding public JSON Web Keys (JWK)

Long Name

cl-jwk

Maintainer

Marin Atanasov Nikolov <>

Author

Marin Atanasov Nikolov <>

Home Page

https://github.com/dnaeon/cl-jwk

Source Control

https://github.com/dnaeon/cl-jwk

Bug Tracker

https://github.com/dnaeon/cl-jwk

License

BSD 2-Clause

Long Description

* cl-jwk

=cl-jwk= is a Common Lisp system for parsing public JSON Web Keys
(JWK).

The following JWK keys are supported by the system.

- =RSA=
- =EC P-256=
- =EC P-384=
- =EC P-521=
- =EC secp256k1=
- =oct= (symmetric key)

* Requirements

- [[https://www.quicklisp.org/beta/][Quicklisp]]

* Installation

Clone the repo in your [[https://www.quicklisp.org/beta/faq.html][Quicklisp local-projects]] directory.

#+begin_src lisp
(ql:register-local-projects)
#+end_src

Then load the system.

#+begin_src lisp
(ql:quickload :cl-jwk)
#+end_src

NOTE: =cl-jwk= uses features from latest =ironclad=, so make sure that
you are using the latest =ironclad= release from Github, until it gets
published on Quicklisp.

* Usage

In order to decode a public JWK key from a JSON object, simply call
the =CL-JWK:DECODE= generic function.

For instance, in order to decode one of the test keys used by the
=cl-jwk.test= system, you can call =CL-JWK:DECODE= like this.

#+begin_src lisp
CL-USER> (defparameter *json-data*
(uiop:read-file-string
(asdf:system-relative-pathname :cl-jwk.test "tests/test-keys/rsa-3072-pub.json"))) *JSON-DATA*
CL-USER> (cl-jwk:decode :json *json-data*)
#<CL-JWK.CORE:JWK {100510EB73}>
#+end_src

Upon successful decoding of the JSON data the =CL-JWK:DECODE= method
will return a =CL-JWK:JWK= class instance. Use the available readers
to get more details about the decoded public key. The following reader
methods are available for a =CL-JWK:JWK= instance.

- =CL-JWK:JWK-KTY=
- =CL-JWK:JWK-USE=
- =CL-JWK:JWK-KID=
- =CL-JWK:JWK-ALG=
- =CL-JWK:JWK-KEY-OPS=
- =CL-JWK:JWK-KEY=

The =CL-JWK:JWK-KEY= method returns an instance of an =ironclad=
public key.

You can also fetch public JWKs from an OpenID Provider. For example:

#+begin_src lisp
CL-USER> (defparameter *client*
(cl-jwk:make-client :hostname "accounts.google.com"))
*CLIENT*
CL-USER> (cl-jwk:public-keys *client*)
(#<CL-JWK.CORE:JWK {10021B5FD3}> #<CL-JWK.CORE:JWK {10021B6053}>
#<CL-JWK.CORE:JWK {10021B60D3}>)
#+end_src

Token verification can be done using the =CL-JWK:VERIFY-TOKEN= generic
function. =CL-JWK:VERIFY-TOKEN= is implemented for both =CL-JWK:JWK=
and =CL-JWK:CLIENT= classes.

* Tests

The =cl-jwk= tests are provided as part of the
=:cl-jwk.test= system.

In order to run the tests you can evaluate the following expressions.

#+begin_src lisp
CL-USER> (ql:quickload :cl-jwk.test)
CL-USER> (asdf:test-system :cl-jwk.test)
#+end_src

Or you can run the tests using the =scripts/run-tests.sh= shell script
instead, e.g.

#+begin_src shell
env LISP=sbcl ./scripts/run-tests.sh
#+end_src

* Contributing

=cl-jwk= is hosted on [[https://github.com/dnaeon/cl-jwk][Github]]. Please contribute by reporting
issues, suggesting features or by sending patches using pull requests.

* Authors

- Marin Atanasov Nikolov <[[mailto:dnaeon@gmail.com][dnaeon@gmail.com]]>

* License

This project is Open Source and licensed under the [[http://opensource.org/licenses/BSD-2-Clause][BSD License]].

Version

0.1.0

Dependencies
  • alexandria (system).
  • binascii (system).
  • cl-reexport (system).
  • dexador (system).
  • ironclad (system).
  • jonathan (system).
  • jose (system).
Source

cl-jwk.asd.

Child Components

3 Modules

Modules are listed depth-first from the system components tree.


3.1 cl-jwk/core

Source

cl-jwk.asd.

Parent Component

cl-jwk (system).

Child Component

core.lisp (file).


3.2 cl-jwk/client-package

Dependency

core (module).

Source

cl-jwk.asd.

Parent Component

cl-jwk (system).

Child Component

package.lisp (file).


4 Files

Files are sorted by type and then listed depth-first from the systems components trees.


4.1 Lisp


4.1.1 cl-jwk/cl-jwk.asd

Source

cl-jwk.asd.

Parent Component

cl-jwk (system).

ASDF Systems

cl-jwk.

Packages

cl-jwk-system.


4.1.2 cl-jwk/core/core.lisp

Source

cl-jwk.asd.

Parent Component

core (module).

Packages

cl-jwk.core.

Public Interface
Internals

%get-hmac (function).


4.1.3 cl-jwk/client-package/package.lisp

Source

cl-jwk.asd.

Parent Component

client-package (module).

Packages

cl-jwk.


5 Packages

Packages are listed by definition order.


5.1 cl-jwk.core

Source

core.lisp.

Nickname

jwk.core

Use List

common-lisp.

Public Interface
Internals

%get-hmac (function).


5.2 cl-jwk-system

Source

cl-jwk.asd.

Use List
  • asdf/interface.
  • common-lisp.

5.3 cl-jwk

Source

package.lisp.

Nickname

jwk

Use List

common-lisp.


6 Definitions

Definitions are sorted by export status, category, package, and then by lexicographic order.


6.1 Public Interface


6.1.1 Special variables

Special Variable: *user-agent*

User-Agent header to use

Package

cl-jwk.core.

Source

core.lisp.


6.1.2 Ordinary functions

Function: keywordize (name)

Returns a keyword from the given NAME

Package

cl-jwk.core.

Source

core.lisp.

Function: make-client (&rest rest)

Creates a new client for interfacing with the CSP APIs

Package

cl-jwk.core.

Source

core.lisp.


6.1.3 Generic functions

Generic Reader: client-api-prefix (object)
Generic Writer: (setf client-api-prefix) (object)
Package

cl-jwk.core.

Methods
Reader Method: client-api-prefix ((client client))
Writer Method: (setf client-api-prefix) ((client client))

API prefix

Source

core.lisp.

Target Slot

api-prefix.

Generic Reader: client-hostname (object)
Generic Writer: (setf client-hostname) (object)
Package

cl-jwk.core.

Methods
Reader Method: client-hostname ((client client))
Writer Method: (setf client-hostname) ((client client))

Hostname to connect to

Source

core.lisp.

Target Slot

hostname.

Generic Reader: client-port (object)
Generic Writer: (setf client-port) (object)
Package

cl-jwk.core.

Methods
Reader Method: client-port ((client client))
Writer Method: (setf client-port) ((client client))

Port to connect to

Source

core.lisp.

Target Slot

port.

Generic Reader: client-scheme (object)
Generic Writer: (setf client-scheme) (object)
Package

cl-jwk.core.

Methods
Reader Method: client-scheme ((client client))
Writer Method: (setf client-scheme) ((client client))

Scheme to use

Source

core.lisp.

Target Slot

scheme.

Generic Function: decode (kind data)

Decodes a JWK key of the given kind using the provided data

Package

cl-jwk.core.

Source

core.lisp.

Methods
Method: decode ((kind (eql :oct)) data)

Decodes a JWK ‘octet-sequence’ symmetric key from the given plist data. See RFC 7518, Section 6.4 for more details about Symmetric Keys format.

Method: decode ((kind (eql :secp256k1)) data)

Decodes Secp256k1 public key from the given plist data.
See RFC 7518, Section 6.2.1 for more details about Elliptic Curve public keys format.

Method: decode ((kind (eql :secp521r1)) data)

Decodes Secp521r1 (NIST P-521) public key from the given plist data. See RFC 7518, Section 6.2.1 for more details about Elliptic Curve public keys format.

Method: decode ((kind (eql :secp384r1)) data)

Decodes Secp384r1 (NIST P-384) public key from the given plist data. See RFC 7518, Section 6.2.1 for more details about Elliptic Curve public keys format.

Method: decode ((kind (eql :secp256r1)) data)

Decodes Secp256r1 (NIST P-256) public key from the given plist data. See RFC 7518, Section 6.2.1 for more details about Elliptic Curve public keys format.

Method: decode ((kind (eql :rsa)) data)

Decodes RSA public key using the provided plist data.
See RFC 7517 about the JWK format and RFC 7518, Section 6.3 about the RSA key parameters.

Method: decode ((kind (eql :ec)) data)

Decodes an Elliptic Curve public key from the given data

Method: decode ((kind (eql :key)) data)

Decodes a JWK public key by inferring the key from the given plist data and dispatches further decoding to the respective implementation

Method: decode ((kind (eql :json)) json-string)

Decodes JWK public key from the given JSON string

Generic Reader: invalid-key-data (condition)
Package

cl-jwk.core.

Methods
Reader Method: invalid-key-data ((condition invalid-key))
Source

core.lisp.

Target Slot

data.

Generic Reader: invalid-key-message (condition)
Package

cl-jwk.core.

Methods
Reader Method: invalid-key-message ((condition invalid-key))
Source

core.lisp.

Target Slot

message.

Generic Reader: jwk-alg (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-alg ((jwk jwk))

Algorithm parameter

Source

core.lisp.

Target Slot

alg.

Generic Reader: jwk-key (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-key ((jwk jwk))

The associated public key

Source

core.lisp.

Target Slot

key.

Generic Reader: jwk-key-ops (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-key-ops ((jwk jwk))

Key Operations Parameter

Source

core.lisp.

Target Slot

key-ops.

Generic Reader: jwk-kid (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-kid ((jwk jwk))

Key ID parameter

Source

core.lisp.

Target Slot

kid.

Generic Reader: jwk-kty (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-kty ((jwk jwk))

Key Type parameter

Source

core.lisp.

Target Slot

kty.

Generic Reader: jwk-use (object)
Package

cl-jwk.core.

Methods
Reader Method: jwk-use ((jwk jwk))

Public Key Use parameter

Source

core.lisp.

Target Slot

use.

Generic Function: make-api-uri (client path &key query-params)

Returns an URI to the given API path

Package

cl-jwk.core.

Source

core.lisp.

Methods
Method: make-api-uri ((client client) path &key query-params)

Creates an URI to the given API path

Generic Function: openid-provider-metadata (client)

Returns the OpenID Provider Metadata

Package

cl-jwk.core.

Source

core.lisp.

Methods
Method: openid-provider-metadata ((client client))

Returns the OpenID Provider Metadata

Generic Function: public-keys (client)

Returns the public keys used to verify the authenticity of tokens

Package

cl-jwk.core.

Source

core.lisp.

Methods
Method: public-keys ((client client))

Returns the public keys used to verify the authenticity of tokens

Generic Function: verify-token (object token &optional algorithm)

Verifies and decodes the given JWT token

Package

cl-jwk.core.

Source

core.lisp.

Methods
Method: verify-token ((object client) token &optional algorithm)

Verifies and decodes the given JWT token

Method: verify-token ((object jwk) token &optional algorithm)

Verifies and decodes the given JWT token


6.1.4 Conditions

Condition: invalid-key

Condition which is signalled when an invalid key is detected

Package

cl-jwk.core.

Source

core.lisp.

Direct superclasses

simple-error.

Direct methods
Direct slots
Slot: message

Human-friendly error message

Initform

(quote (error "must specify error message"))

Initargs

:message

Readers

invalid-key-message.

Writers

This slot is read-only.

Slot: data

The data of the invalid key

Initform

(quote (error "must specify key data"))

Initargs

:data

Readers

invalid-key-data.

Writers

This slot is read-only.


6.1.5 Classes

Class: client

API client for interfacing with an OpenID Provider endpoint

Package

cl-jwk.core.

Source

core.lisp.

Direct methods
Direct slots
Slot: scheme

Scheme to use

Initform

"https"

Initargs

:scheme

Readers

client-scheme.

Writers

(setf client-scheme).

Slot: port

Port to connect to

Initform

443

Initargs

:port

Readers

client-port.

Writers

(setf client-port).

Slot: hostname

Hostname to connect to

Initform

(error "must specify hostname")

Initargs

:hostname

Readers

client-hostname.

Writers

(setf client-hostname).

Slot: api-prefix

API prefix

Initform

""

Initargs

:api-prefix

Readers

client-api-prefix.

Writers

(setf client-api-prefix).

Class: jwk

JWK represents a public JSON Web Key (JWK) as per RFC 7517

Package

cl-jwk.core.

Source

core.lisp.

Direct methods
Direct slots
Slot: kty

Key Type parameter

Initform

(error "must specify key type")

Initargs

:kty

Readers

jwk-kty.

Writers

This slot is read-only.

Slot: use

Public Key Use parameter

Initargs

:use

Readers

jwk-use.

Writers

This slot is read-only.

Slot: kid

Key ID parameter

Initargs

:kid

Readers

jwk-kid.

Writers

This slot is read-only.

Slot: alg

Algorithm parameter

Initargs

:alg

Readers

jwk-alg.

Writers

This slot is read-only.

Slot: key-ops

Key Operations Parameter

Initargs

:key-ops

Readers

jwk-key-ops.

Writers

This slot is read-only.

Slot: key

The associated public key

Initform

(error "must specify public key")

Initargs

:key

Readers

jwk-key.

Writers

This slot is read-only.


6.2 Internals


6.2.1 Ordinary functions

Function: %get-hmac (key alg data)
Package

cl-jwk.core.

Source

core.lisp.


Appendix A Indexes


A.1 Concepts


A.2 Functions

Jump to:   %   (  
C   D   F   G   I   J   K   M   O   P   V  
Index Entry  Section

%
%get-hmac: Private ordinary functions

(
(setf client-api-prefix): Public generic functions
(setf client-api-prefix): Public generic functions
(setf client-hostname): Public generic functions
(setf client-hostname): Public generic functions
(setf client-port): Public generic functions
(setf client-port): Public generic functions
(setf client-scheme): Public generic functions
(setf client-scheme): Public generic functions

C
client-api-prefix: Public generic functions
client-api-prefix: Public generic functions
client-hostname: Public generic functions
client-hostname: Public generic functions
client-port: Public generic functions
client-port: Public generic functions
client-scheme: Public generic functions
client-scheme: Public generic functions

D
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions
decode: Public generic functions

F
Function, %get-hmac: Private ordinary functions
Function, keywordize: Public ordinary functions
Function, make-client: Public ordinary functions

G
Generic Function, (setf client-api-prefix): Public generic functions
Generic Function, (setf client-hostname): Public generic functions
Generic Function, (setf client-port): Public generic functions
Generic Function, (setf client-scheme): Public generic functions
Generic Function, client-api-prefix: Public generic functions
Generic Function, client-hostname: Public generic functions
Generic Function, client-port: Public generic functions
Generic Function, client-scheme: Public generic functions
Generic Function, decode: Public generic functions
Generic Function, invalid-key-data: Public generic functions
Generic Function, invalid-key-message: Public generic functions
Generic Function, jwk-alg: Public generic functions
Generic Function, jwk-key: Public generic functions
Generic Function, jwk-key-ops: Public generic functions
Generic Function, jwk-kid: Public generic functions
Generic Function, jwk-kty: Public generic functions
Generic Function, jwk-use: Public generic functions
Generic Function, make-api-uri: Public generic functions
Generic Function, openid-provider-metadata: Public generic functions
Generic Function, public-keys: Public generic functions
Generic Function, verify-token: Public generic functions

I
invalid-key-data: Public generic functions
invalid-key-data: Public generic functions
invalid-key-message: Public generic functions
invalid-key-message: Public generic functions

J
jwk-alg: Public generic functions
jwk-alg: Public generic functions
jwk-key: Public generic functions
jwk-key: Public generic functions
jwk-key-ops: Public generic functions
jwk-key-ops: Public generic functions
jwk-kid: Public generic functions
jwk-kid: Public generic functions
jwk-kty: Public generic functions
jwk-kty: Public generic functions
jwk-use: Public generic functions
jwk-use: Public generic functions

K
keywordize: Public ordinary functions

M
make-api-uri: Public generic functions
make-api-uri: Public generic functions
make-client: Public ordinary functions
Method, (setf client-api-prefix): Public generic functions
Method, (setf client-hostname): Public generic functions
Method, (setf client-port): Public generic functions
Method, (setf client-scheme): Public generic functions
Method, client-api-prefix: Public generic functions
Method, client-hostname: Public generic functions
Method, client-port: Public generic functions
Method, client-scheme: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, decode: Public generic functions
Method, invalid-key-data: Public generic functions
Method, invalid-key-message: Public generic functions
Method, jwk-alg: Public generic functions
Method, jwk-key: Public generic functions
Method, jwk-key-ops: Public generic functions
Method, jwk-kid: Public generic functions
Method, jwk-kty: Public generic functions
Method, jwk-use: Public generic functions
Method, make-api-uri: Public generic functions
Method, openid-provider-metadata: Public generic functions
Method, public-keys: Public generic functions
Method, verify-token: Public generic functions
Method, verify-token: Public generic functions

O
openid-provider-metadata: Public generic functions
openid-provider-metadata: Public generic functions

P
public-keys: Public generic functions
public-keys: Public generic functions

V
verify-token: Public generic functions
verify-token: Public generic functions
verify-token: Public generic functions