jvscrypto

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2024 License: Apache-2.0 Imports: 21 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	PrimaryKey         = "primary"
	PrimaryLabelPrefix = "ver_"
)

Variables

This section is empty.

Functions

func CryptoKeyVersionsFor added in v0.0.2 

func CryptoKeyVersionsFor(ctx context.Context, client *kms.KeyManagementClient, parentKeys []string) ([]string, error)

CryptoKeyVersionsFor returns the list of cryptoKeyVersions for all the given parent keys.

func GetPrimary added in v0.0.2 

func GetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key string) (string, error)

GetPrimary gets the key version name marked as primary in the key labels.

func PublicKeysFor added in v0.0.2 

func PublicKeysFor(ctx context.Context, client *kms.KeyManagementClient, keyVersions []string) (map[string]crypto.PublicKey, error)

PublicKeysFor returns a map of a Cloud KMS key version name to the public key PEM for that key version for all the parent keys. It only returns keys that are enabled.

func SetPrimary 

func SetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key, versionName string) error

SetPrimary sets the key version name as primary in the key labels. 'Primary' field will be omitted for keys with purpose other than ENCRYPT_DECRYPT(https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys). Therefore, use `Labels` filed to set the primary key version name with format `ver_[CRYPTO_KEY_Version_ID]`. For example, "ver_1".

Types

type Action 

type Action int8
const (
	ActionCreateNew           Action = iota // New version should be created. Will be marked as new in StateStore (SS).
	ActionCreateNewAndPromote               // New version should be created. Will be marked as primary in SS.
	ActionPromote                           // Mark version as primary in SS.
	ActionDisable                           // Disable version. Will be removed from SS.
	ActionDestroy                           // Destroy version.
)

type CertificateActionService 

type CertificateActionService struct {
	jvspb.CertificateActionServiceServer
	Handler   *RotationHandler
	KMSClient *kms.KeyManagementClient
}

CertificateActionService allows for performing manual actions on certificate versions.

func (*CertificateActionService) CertificateAction 

func (p *CertificateActionService) CertificateAction(ctx context.Context, request *jvspb.CertificateActionRequest) (*jvspb.CertificateActionResponse, error)

CertificateAction implements the certificate action API which performs manual actions on cert versions. this wraps certificateAction and adds a blank response.

type JWKSet added in v0.0.2 

type JWKSet struct {
	Keys []jwk.Key `json:"keys"`
}

JWKSet represents a set of JWK keys. The lestrrat-go/jwx/v2/jwk library has a jwk.Set, but it sorts keys by the key material, but we want to maintain our own, deterministic sort order. The jwk.Set is also an interface that is somewhat difficult to work with.

func JWKSFromPublicKeys added in v0.0.2 

func JWKSFromPublicKeys(publicKeys map[string]crypto.PublicKey) (*JWKSet, error)

JWKSFromPublicKeys converts the public keys to a JWK set. The keys are inserted in lexographical order by the key version name and returned in JSON format.

type KeyServer 

type KeyServer struct {
	// contains filtered or unexported fields
}

KeyServer provides all valid and active public keys in a JWKS format.

func NewKeyServer added in v0.0.4 

func NewKeyServer(ctx context.Context, kmsClient *kms.KeyManagementClient, cfg *config.PublicKeyConfig, h *renderer.Renderer) *KeyServer

NewKeyServer creates a new server. See KeyServer for more information.

func (*KeyServer) ServeHTTP 

func (k *KeyServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP returns the public keys in JWK format.

type RotationHandler 

type RotationHandler struct {
	// contains filtered or unexported fields
}

RotationHandler handles all necessary rotation actions for asymmetric keys based off a provided configuration.

func NewRotationHandler added in v0.0.4 

func NewRotationHandler(ctx context.Context, kmsClient *kms.KeyManagementClient, cfg *config.CertRotationConfig) *RotationHandler

NewRotationHandler creates a handler for rotating keys.

func (*RotationHandler) RotateKey 

func (h *RotationHandler) RotateKey(ctx context.Context, key string) error

RotateKey is called to determine and perform rotation actions on versions for a key. key is the full resource name: `projects/*/locations/*/keyRings/*/cryptoKeys/*` https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey

func (*RotationHandler) RotateKeys added in v0.0.4 

func (h *RotationHandler) RotateKeys(ctx context.Context) (merr error)

RotateKeys rotates all keys.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.