cot

package
v0.0.0-...-4cf50c0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2019 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultJwtTTL             = 60   // 1 minute
	NotificationTTL           = 600  // 10 minutes
	MaxJwtTTL                 = 1800 // 30 minutes, maximum time a Jwt can live. Not configurable
	DefaultBitSize            = 2048
	DefaultRequestTokenTTL    = 1800
	LogLevelDebug             = "debug"
	LogLevelError             = "error"
	LogLevelInfo              = "info"
	LogLevelWarn              = "warn"
	JwtIssuerClaim            = "iss"
	JwtExpiresAtClaim         = "exp"
	JwtKeyIDHeader            = "kid"
	TopicTrustChange          = "trust_change"
	TopicKeyPairChange        = "key_pair_change"
	TopicGrantTokenChange     = "grant_token_change"
	EventTrustPut             = "trust_put"
	EventTrustDelete          = "trust_delete"
	EventKeyPairPut           = "keypair_put"
	EventKeyPairDelete        = "keypair_delete"
	EventGrantTokenPut        = "grant_token_put"
	EventGrantTokenDelete     = "grant_token_delete"
	EventGrantTokenBulkDelete = "grant_token_bulk_delete"
)

keys

View Source 
const (
	JwkUseSig = "sig"
)

JWK constants

Variables

View Source 
var (
	ErrNoClientStore   = errors.New("no client store configured")
	ErrNoClientKeyPair = errors.New("no client key pair found in the store")
	ErrNotFound        = errors.New("not found")
)

vars

Functions

func ContainsString 

func ContainsString(list []string, value string) bool

ContainsString returns trust if the list contains the string

func EncodeToString 

func EncodeToString(src []byte) string

EncodeToString encodes to string

func EncodeUint64ToString 

func EncodeUint64ToString(v uint64) string

EncodeUint64ToString .

func GenerateRSAKeyPair 

func GenerateRSAKeyPair(keySize ...int) ([]byte, []byte, error)

GenerateRSAKeyPair generates a key pair

func GetJwtFromRequest 

func GetJwtFromRequest(r *http.Request, cookieName string) (string, error)

GetJwtFromRequest gets a jwt from the request accepts Authroization headers for Bearer and JWT also accepts Cookie with JWT

func ParseRS256 

func ParseRS256(publicKeyPEM []byte, tokenString string) (*jwt.Token, error)

ParseRS256 parses an RS256 tokenString

func SignRS256WithClaims 

func SignRS256WithClaims(privateKeyPEM []byte, claims jwt.MapClaims, header map[string]interface{}) (string, error)

SignRS256WithClaims signs claims with RS256

func UniqueStringList 

func UniqueStringList(list []string) []string

UniqueStringList creates a unique list of strings

Types

type JSONWebKey 

type JSONWebKey struct {
	Alg      string   `json:"alg,omitempty"`
	Kty      string   `json:"kty,omitempty"`
	Use      string   `json:"use,omitempty"`
	X5c      []string `json:"x5c,omitempty"`
	N        string   `json:"n,omitempty"`
	E        string   `json:"e,omitempty"`
	Kid      string   `json:"kid,omitempty"`
	X5t      string   `json:"x5t,omitempty"`
	X5t256   string   `json:"x5t#S256,omitempty"`
	Subject  string   `json:"sub,omitempty"`
	Audience string   `json:"aud,omitempty"`
	Issuer   string   `json:"iss,omitempty"`
}

JSONWebKey a JSON web key

func NewRS256JSONWebKey 

func NewRS256JSONWebKey(publicKey *rsa.PublicKey, kid, use, issuer string) (*JSONWebKey, error)

NewRS256JSONWebKey creates a new RS256 JSON web key

func (*JSONWebKey) PublicKey 

func (c *JSONWebKey) PublicKey() (interface{}, error)

PublicKey returns the public key

type JSONWebKeySet 

type JSONWebKeySet struct {
	Keys []*JSONWebKey `json:"keys"`
}

JSONWebKeySet a JSON web key set

func (*JSONWebKeySet) GetKey 

func (c *JSONWebKeySet) GetKey(kid string) *JSONWebKey

GetKey gets a specific key from the JWKS

type LogFunc 

type LogFunc func(level, message string, err error)

LogFunc a logging function

type Node 

type Node struct {
	// contains filtered or unexported fields
}

Node a circle of trust node

func NewNode 

func NewNode(opts *NodeOptions) *Node

NewNode creates a new node

func (*Node) BreakTrust 

func (c *Node) BreakTrust(grantorAddr string) error

BreakTrust requests a trust break

func (*Node) EnsureKeyPair 

func (c *Node) EnsureKeyPair(issuer string, rotate bool) (*types.KeyPair, error)

EnsureKeyPair creates a keypair if it does not exist and returns it once it does

func (*Node) GenerateJWKS 

func (c *Node) GenerateJWKS() (*JSONWebKeySet, error)

GenerateJWKS generates a JWKS

func (*Node) ListKeyPairs 

func (c *Node) ListKeyPairs() ([]*types.KeyPair, error)

ListKeyPairs lists all trusts

func (*Node) ListTrustGrantTokens 

func (c *Node) ListTrustGrantTokens() ([]*types.TrustGrantToken, error)

ListTrustGrantTokens lists all trusts

func (*Node) ListTrusts 

func (c *Node) ListTrusts() ([]*types.Trust, error)

ListTrusts lists all trusts

func (*Node) NewGrantToken 

func (c *Node) NewGrantToken(issuer string) (*types.TrustGrantToken, error)

NewGrantToken creates and stores a grant token

func (*Node) NewKeyPair 

func (c *Node) NewKeyPair(issuer string, rotateIfExists bool) (*types.KeyPair, error)

NewKeyPair creates a new key pair for the issuer if the issuer key pair exists it rotates the key pair

func (*Node) NewNotification 

func (c *Node) NewNotification(topic, event, data string) *types.Notification

NewNotification creates a new notification

func (*Node) RefreshAllTrusts 

func (c *Node) RefreshAllTrusts() error

RefreshAllTrusts refresh the trust cache

func (*Node) RequestTrust 

func (c *Node) RequestTrust(issuer, grantorAddr, grantToken string) error

RequestTrust requests a trust from the grantor using a grant token

func (*Node) RotateKeyPair 

func (c *Node) RotateKeyPair(issuer string) error

RotateKeyPair rotates the trustee keypair

func (*Node) Serve 

func (c *Node) Serve() error

Serve initializes the node and starts serving

func (*Node) Sign 

func (c *Node) Sign(claims jwt.MapClaims, ttl ...int) (string, error)

Sign signs the claims with the client key

func (*Node) Verify 

func (c *Node) Verify(tokenString string) (*jwt.Token, error)

Verify parses the token and attempts to verify it with its cached jwks

type NodeOptions 

type NodeOptions struct {
	KeySize              int
	RequestTimeout       int
	RegistrationTokenTTL int
	Insecure             bool
	CLIMode              bool
	RPCAddr              string
	JWTCookieName        string
	EncryptionKey        string
	Peers                []string
	LogFunc              LogFunc
	NotifyFunc           NotifyFunc
	Store                store.Store
	AdditionalJWKFunc    func() []*JSONWebKey
	ContentEncryption    jose.ContentEncryption
	KeyAlgorithm         jose.KeyAlgorithm
}

NodeOptions options for a node

type NodeRPC 

type NodeRPC struct {
	// contains filtered or unexported fields
}

NodeRPC node rpc server

func (*NodeRPC) BreakTrust 

func (c *NodeRPC) BreakTrust(tokenString *string, reply *bool) error

BreakTrust breaks the trust by removing it

func (*NodeRPC) GetJWK 

func (c *NodeRPC) GetJWK(keyID *string, reply *JSONWebKey) error

GetJWK gets a jwk for the specified key id

func (*NodeRPC) GrantTrust 

func (c *NodeRPC) GrantTrust(request *types.TrustRequest, reply *bool) error

GrantTrust grants a trust request if it is valid

func (*NodeRPC) IssueGrantToken 

func (c *NodeRPC) IssueGrantToken(tokenString *string, reply *types.TrustGrantToken) error

IssueGrantToken issues a grant token the token is automatically assigned the same issuer as the requesting token

func (*NodeRPC) OnNotify 

func (c *NodeRPC) OnNotify(notification *types.Notification, reply *bool) error

OnNotify handles a notify rpc

type NotifyFunc 

type NotifyFunc func(node *Node, notification *types.Notification)

NotifyFunc a function called to notify other nodes of an update

Source Files

View all Source files

Directories

Path Synopsis
boltdb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.