Add jws encoding built-in functions

fixes open-policy-agent#1174 Signed-off-by: repenno <[email protected]>
proofpoint · Jul 16, 2019 · a4b1a12 · a4b1a12
1 parent 15725be
commit a4b1a12
Show file tree

Hide file tree

Showing 50 changed files with 54 additions and 167 deletions.
diff --git a/glide.yaml b/glide.yaml
@@ -27,4 +27,4 @@ import:
 - package: golang.org/x/lint
   subpackages:
   - golint
-- package: github.com/repenno/jwx-opa
+  -
diff --git a/vendor/github.com/repenno/jwx-opa/.gitignore → topdown/internal/jwx/.gitignore b/vendor/github.com/repenno/jwx-opa/.gitignore → topdown/internal/jwx/.gitignore
diff --git a/vendor/github.com/repenno/jwx-opa/Makefile → topdown/internal/jwx/Makefile b/vendor/github.com/repenno/jwx-opa/Makefile → topdown/internal/jwx/Makefile
diff --git a/...thub.com/repenno/jwx-opa/buffer/buffer.go → topdown/internal/jwx/buffer/buffer.go b/...thub.com/repenno/jwx-opa/buffer/buffer.go → topdown/internal/jwx/buffer/buffer.go
diff --git a/...com/repenno/jwx-opa/buffer/buffer_test.go → topdown/internal/jwx/buffer/buffer_test.go b/...com/repenno/jwx-opa/buffer/buffer_test.go → topdown/internal/jwx/buffer/buffer_test.go
diff --git a/...ithub.com/repenno/jwx-opa/jwa/elliptic.go → topdown/internal/jwx/jwa/elliptic.go b/...ithub.com/repenno/jwx-opa/jwa/elliptic.go → topdown/internal/jwx/jwa/elliptic.go
diff --git a/...ithub.com/repenno/jwx-opa/jwa/key_type.go → topdown/internal/jwx/jwa/key_type.go b/...ithub.com/repenno/jwx-opa/jwa/key_type.go → topdown/internal/jwx/jwa/key_type.go
diff --git a/...hub.com/repenno/jwx-opa/jwa/parameters.go → topdown/internal/jwx/jwa/parameters.go b/...hub.com/repenno/jwx-opa/jwa/parameters.go → topdown/internal/jwx/jwa/parameters.go
@@ -2,7 +2,7 @@ package jwa
 
 import (
 	"crypto/elliptic"
-	"github.com/repenno/jwx-opa/buffer"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/buffer"
 )
 
 // EllipticCurve provides a indirect type to standard elliptic curve such that we can

diff --git a/...thub.com/repenno/jwx-opa/jwa/signature.go → topdown/internal/jwx/jwa/signature.go b/...thub.com/repenno/jwx-opa/jwa/signature.go → topdown/internal/jwx/jwa/signature.go
diff --git a/...r/github.com/repenno/jwx-opa/jwk/ecdsa.go → topdown/internal/jwx/jwk/ecdsa.go b/...r/github.com/repenno/jwx-opa/jwk/ecdsa.go → topdown/internal/jwx/jwk/ecdsa.go
@@ -5,8 +5,8 @@ import (
 	"crypto/elliptic"
 	"math/big"
 
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 func newECDSAPublicKey(key *ecdsa.PublicKey) (*ECDSAPublicKey, error) {

diff --git a/...hub.com/repenno/jwx-opa/jwk/ecdsa_test.go → topdown/internal/jwx/jwk/ecdsa_test.go b/...hub.com/repenno/jwx-opa/jwk/ecdsa_test.go → topdown/internal/jwx/jwk/ecdsa_test.go
@@ -6,12 +6,11 @@ import (
 	"crypto/rand"
 	"encoding/json"
 	"fmt"
-	"github.com/repenno/jwx-opa/buffer"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/buffer"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
 	"reflect"
 	"testing"
-
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jwk"
 )
 
 func TestECDSA(t *testing.T) {

diff --git a/...github.com/repenno/jwx-opa/jwk/headers.go → topdown/internal/jwx/jwk/headers.go b/...github.com/repenno/jwx-opa/jwk/headers.go → topdown/internal/jwx/jwk/headers.go
@@ -1,8 +1,8 @@
 package jwk
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 // Convenience constants for common JWK parameters

diff --git a/...b.com/repenno/jwx-opa/jwk/headers_test.go → topdown/internal/jwx/jwk/headers_test.go b/...b.com/repenno/jwx-opa/jwk/headers_test.go → topdown/internal/jwx/jwk/headers_test.go
@@ -1,11 +1,10 @@
 package jwk_test
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
 	"reflect"
 	"testing"
-
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jwk"
 )
 
 func TestHeader(t *testing.T) {

diff --git a/...thub.com/repenno/jwx-opa/jwk/interface.go → topdown/internal/jwx/jwk/interface.go b/...thub.com/repenno/jwx-opa/jwk/interface.go → topdown/internal/jwx/jwk/interface.go
@@ -3,7 +3,7 @@ package jwk
 import (
 	"crypto/ecdsa"
 	"crypto/rsa"
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 )
 
 // Set is a convenience struct to allow generating and parsing

diff --git a/vendor/github.com/repenno/jwx-opa/jwk/jwk.go → topdown/internal/jwx/jwk/jwk.go b/vendor/github.com/repenno/jwx-opa/jwk/jwk.go → topdown/internal/jwx/jwk/jwk.go
@@ -5,8 +5,9 @@ import (
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"encoding/json"
+
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 // GetPublicKey returns the public key based on the private key type.

diff --git a/...ithub.com/repenno/jwx-opa/jwk/jwk_test.go → topdown/internal/jwx/jwk/jwk_test.go b/...ithub.com/repenno/jwx-opa/jwk/jwk_test.go → topdown/internal/jwx/jwk/jwk_test.go
@@ -3,7 +3,7 @@ package jwk_test
 import (
 	"testing"
 
-	"github.com/repenno/jwx-opa/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
 )
 
 func TestNew(t *testing.T) {

diff --git a/...github.com/repenno/jwx-opa/jwk/key_ops.go → topdown/internal/jwx/jwk/key_ops.go b/...github.com/repenno/jwx-opa/jwk/key_ops.go → topdown/internal/jwx/jwk/key_ops.go
@@ -38,6 +38,7 @@ const (
 	KeyOpDeriveBits              = "deriveBits" // (derive bits not to be used as a key)
 )
 
+// Accept determines if Key Operation is valid
 func (keyOperationList *KeyOperationList) Accept(v interface{}) error {
 	switch x := v.(type) {
 	case KeyOperationList:

diff --git a/vendor/github.com/repenno/jwx-opa/jwk/rsa.go → topdown/internal/jwx/jwk/rsa.go b/vendor/github.com/repenno/jwx-opa/jwk/rsa.go → topdown/internal/jwx/jwk/rsa.go
@@ -4,8 +4,8 @@ import (
 	"crypto/rsa"
 	"math/big"
 
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 func newRSAPublicKey(key *rsa.PublicKey) (*RSAPublicKey, error) {

diff --git a/...ithub.com/repenno/jwx-opa/jwk/rsa_test.go → topdown/internal/jwx/jwk/rsa_test.go b/...ithub.com/repenno/jwx-opa/jwk/rsa_test.go → topdown/internal/jwx/jwk/rsa_test.go
@@ -4,10 +4,10 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/repenno/jwx-opa/jwa"
 	"testing"
 
-	"github.com/repenno/jwx-opa/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
 )
 
 func TestRSA(t *testing.T) {

diff --git a/...thub.com/repenno/jwx-opa/jwk/symmetric.go → topdown/internal/jwx/jwk/symmetric.go b/...thub.com/repenno/jwx-opa/jwk/symmetric.go → topdown/internal/jwx/jwk/symmetric.go
@@ -1,8 +1,8 @@
 package jwk
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 func newSymmetricKey(key []byte) (*SymmetricKey, error) {

diff --git a/...com/repenno/jwx-opa/jwk/symmetric_test.go → topdown/internal/jwx/jwk/symmetric_test.go b/...com/repenno/jwx-opa/jwk/symmetric_test.go → topdown/internal/jwx/jwk/symmetric_test.go
@@ -8,8 +8,8 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
 )
 
 func TestSymmetric(t *testing.T) {

diff --git a/...github.com/repenno/jwx-opa/jws/headers.go → topdown/internal/jwx/jws/headers.go b/...github.com/repenno/jwx-opa/jws/headers.go → topdown/internal/jwx/jws/headers.go
@@ -1,8 +1,8 @@
 package jws
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 // Constants for JWS Common parameters

diff --git a/...b.com/repenno/jwx-opa/jws/headers_test.go → topdown/internal/jwx/jws/headers_test.go b/...b.com/repenno/jwx-opa/jws/headers_test.go → topdown/internal/jwx/jws/headers_test.go
@@ -2,10 +2,11 @@ package jws_test
 
 import (
 	"encoding/json"
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jws"
 	"reflect"
 	"testing"
+
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws"
 )
 
 func TestHeader(t *testing.T) {

diff --git a/...thub.com/repenno/jwx-opa/jws/interface.go → topdown/internal/jwx/jws/interface.go b/...thub.com/repenno/jwx-opa/jws/interface.go → topdown/internal/jwx/jws/interface.go
diff --git a/vendor/github.com/repenno/jwx-opa/jws/jws.go → topdown/internal/jwx/jws/jws.go b/vendor/github.com/repenno/jwx-opa/jws/jws.go → topdown/internal/jwx/jws/jws.go
@@ -23,13 +23,13 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/sign"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/verify"
 	"strings"
 
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jwk"
-	"github.com/repenno/jwx-opa/jws/sign"
-	"github.com/repenno/jwx-opa/jws/verify"
 )
 
 // SignLiteral generates a Signature for the given Payload and Headers, and serializes

diff --git a/...ithub.com/repenno/jwx-opa/jws/jws_test.go → topdown/internal/jwx/jws/jws_test.go b/...ithub.com/repenno/jwx-opa/jws/jws_test.go → topdown/internal/jwx/jws/jws_test.go
@@ -8,15 +8,14 @@ import (
 	"crypto/sha512"
 	"encoding/base64"
 	"encoding/json"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/sign"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/verify"
 	"math/big"
 	"strings"
 	"testing"
-
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jwk"
-	"github.com/repenno/jwx-opa/jws"
-	"github.com/repenno/jwx-opa/jws/sign"
-	"github.com/repenno/jwx-opa/jws/verify"
 )
 
 const examplePayload = `{"iss":"joe",` + "\r\n" + ` "exp":1300819380,` + "\r\n" + ` "http://example.com/is_root":true}`

diff --git a/...github.com/repenno/jwx-opa/jws/message.go → topdown/internal/jwx/jws/message.go b/...github.com/repenno/jwx-opa/jws/message.go → topdown/internal/jwx/jws/message.go
diff --git a/...hub.com/repenno/jwx-opa/jws/sign/ecdsa.go → topdown/internal/jwx/jws/sign/ecdsa.go b/...hub.com/repenno/jwx-opa/jws/sign/ecdsa.go → topdown/internal/jwx/jws/sign/ecdsa.go
@@ -4,9 +4,9 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 var ecdsaSignFuncs = map[jwa.SignatureAlgorithm]ecdsaSignFunc{}
@@ -29,7 +29,7 @@ func makeECDSASignFunc(hash crypto.Hash) ecdsaSignFunc {
 		keyBytes := curveBits / 8
 		// Curve bits do not need to be a multiple of 8.
 		if curveBits%8 > 0 {
-			keyBytes += 1
+			keyBytes++
 		}
 		h := hash.New()
 		h.Write(payload)

diff --git a/...om/repenno/jwx-opa/jws/sign/ecdsa_test.go → topdown/internal/jwx/jws/sign/ecdsa_test.go b/...om/repenno/jwx-opa/jws/sign/ecdsa_test.go → topdown/internal/jwx/jws/sign/ecdsa_test.go
@@ -1,7 +1,7 @@
 package sign
 
 import (
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"testing"
 )
 

diff --git a/...thub.com/repenno/jwx-opa/jws/sign/hmac.go → topdown/internal/jwx/jws/sign/hmac.go b/...thub.com/repenno/jwx-opa/jws/sign/hmac.go → topdown/internal/jwx/jws/sign/hmac.go
@@ -4,10 +4,10 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"crypto/sha512"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"hash"
 
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 var hmacSignFuncs = map[jwa.SignatureAlgorithm]hmacSignFunc{}

diff --git a/...com/repenno/jwx-opa/jws/sign/hmac_test.go → topdown/internal/jwx/jws/sign/hmac_test.go b/...com/repenno/jwx-opa/jws/sign/hmac_test.go → topdown/internal/jwx/jws/sign/hmac_test.go
@@ -1,7 +1,7 @@
 package sign
 
 import (
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"testing"
 )
 

diff --git a/...com/repenno/jwx-opa/jws/sign/interface.go → topdown/internal/jwx/jws/sign/interface.go b/...com/repenno/jwx-opa/jws/sign/interface.go → topdown/internal/jwx/jws/sign/interface.go
@@ -3,8 +3,7 @@ package sign
 import (
 	"crypto/ecdsa"
 	"crypto/rsa"
-
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 )
 
 // Signer provides a common interface for supported alg signing methods

diff --git a/...ithub.com/repenno/jwx-opa/jws/sign/rsa.go → topdown/internal/jwx/jws/sign/rsa.go b/...ithub.com/repenno/jwx-opa/jws/sign/rsa.go → topdown/internal/jwx/jws/sign/rsa.go
@@ -4,9 +4,9 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 var rsaSignFuncs = map[jwa.SignatureAlgorithm]rsaSignFunc{}

diff --git a/...thub.com/repenno/jwx-opa/jws/sign/sign.go → topdown/internal/jwx/jws/sign/sign.go b/...thub.com/repenno/jwx-opa/jws/sign/sign.go → topdown/internal/jwx/jws/sign/sign.go
@@ -1,8 +1,8 @@
 package sign
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 // New creates a signer that signs payloads using the given signature algorithm.

diff --git a/...b.com/repenno/jwx-opa/jws/verify/ecdsa.go → topdown/internal/jwx/jws/verify/ecdsa.go b/...b.com/repenno/jwx-opa/jws/verify/ecdsa.go → topdown/internal/jwx/jws/verify/ecdsa.go
@@ -5,8 +5,8 @@ import (
 	"crypto/ecdsa"
 	"math/big"
 
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 var ecdsaVerifyFuncs = map[jwa.SignatureAlgorithm]ecdsaVerifyFunc{}

diff --git a/.../repenno/jwx-opa/jws/verify/ecdsa_test.go → ...own/internal/jwx/jws/verify/ecdsa_test.go b/.../repenno/jwx-opa/jws/verify/ecdsa_test.go → ...own/internal/jwx/jws/verify/ecdsa_test.go
@@ -1,7 +1,7 @@
 package verify
 
 import (
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"testing"
 )
 

diff --git a/...ub.com/repenno/jwx-opa/jws/verify/hmac.go → topdown/internal/jwx/jws/verify/hmac.go b/...ub.com/repenno/jwx-opa/jws/verify/hmac.go → topdown/internal/jwx/jws/verify/hmac.go
@@ -2,9 +2,9 @@ package verify
 
 import (
 	"crypto/hmac"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/sign"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
-	"github.com/repenno/jwx-opa/jws/sign"
 )
 
 func newHMAC(alg jwa.SignatureAlgorithm) (*HMACVerifier, error) {

diff --git a/...m/repenno/jwx-opa/jws/verify/hmac_test.go → topdown/internal/jwx/jws/verify/hmac_test.go b/...m/repenno/jwx-opa/jws/verify/hmac_test.go → topdown/internal/jwx/jws/verify/hmac_test.go
@@ -1,7 +1,7 @@
 package verify
 
 import (
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"testing"
 )
 

diff --git a/...m/repenno/jwx-opa/jws/verify/interface.go → topdown/internal/jwx/jws/verify/interface.go b/...m/repenno/jwx-opa/jws/verify/interface.go → topdown/internal/jwx/jws/verify/interface.go
@@ -3,8 +3,7 @@ package verify
 import (
 	"crypto/ecdsa"
 	"crypto/rsa"
-
-	"github.com/repenno/jwx-opa/jws/sign"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws/sign"
 )
 
 // Verifier provides a common interface for supported alg verification methods

diff --git a/...hub.com/repenno/jwx-opa/jws/verify/rsa.go → topdown/internal/jwx/jws/verify/rsa.go b/...hub.com/repenno/jwx-opa/jws/verify/rsa.go → topdown/internal/jwx/jws/verify/rsa.go
@@ -3,9 +3,9 @@ package verify
 import (
 	"crypto"
 	"crypto/rsa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 var rsaVerifyFuncs = map[jwa.SignatureAlgorithm]rsaVerifyFunc{}

diff --git a/...om/repenno/jwx-opa/jws/verify/rsa_test.go → topdown/internal/jwx/jws/verify/rsa_test.go b/...om/repenno/jwx-opa/jws/verify/rsa_test.go → topdown/internal/jwx/jws/verify/rsa_test.go
@@ -1,7 +1,7 @@
 package verify
 
 import (
-	"github.com/repenno/jwx-opa/jwa"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"testing"
 )
 

diff --git a/....com/repenno/jwx-opa/jws/verify/verify.go → topdown/internal/jwx/jws/verify/verify.go b/....com/repenno/jwx-opa/jws/verify/verify.go → topdown/internal/jwx/jws/verify/verify.go
@@ -1,8 +1,8 @@
 package verify
 
 import (
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwa"
 	"github.com/pkg/errors"
-	"github.com/repenno/jwx-opa/jwa"
 )
 
 // New creates a new JWS verifier using the specified algorithm

diff --git a/...repenno/jwx-opa/jws/verify/verify_test.go → ...wn/internal/jwx/jws/verify/verify_test.go b/...repenno/jwx-opa/jws/verify/verify_test.go → ...wn/internal/jwx/jws/verify/verify_test.go
diff --git a/topdown/tokens.go b/topdown/tokens.go
@@ -15,8 +15,6 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
-	"github.com/repenno/jwx-opa/jwk"
-	"github.com/repenno/jwx-opa/jws"
 	"math/big"
 	"strconv"
 	"strings"
@@ -26,6 +24,8 @@ import (
 
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/topdown/builtins"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jwk"
+	"github.com/open-policy-agent/opa/topdown/internal/jwx/jws"
 )
 
 var (