tokens

package
v0.0.0-...-36f1a77 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 1, 2016 License: GPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MaxServerName must be of UUID size maximum
	MaxServerName = 36
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ConnectionClaims 

type ConnectionClaims struct {
	T   map[string]string
	LCL []byte
	RMT []byte
	EK  []byte
}

ConnectionClaims captures all the claim information

type CustomTokenConfig 

type CustomTokenConfig struct {

	// ValidityPeriod for the signed token
	ValidityPeriod time.Duration

	// Issuer is the server that signs the request
	Issuer string

	// SignMethod is the method to use for signing the labels
	SignMethod CustomTokenSignMethod

	// Key is an interface for either the Private Key or the Preshared Key
	Key interface{}
	// CA is the certificate of the CA that has signed the server keys
	CA *x509.Certificate
	// Cert is the certificate of the server
	Cert *x509.Certificate
	// CertPEM is a buffer of the PEM file that is send to other servers - Cached for efficieny
	CertPEM []byte
	// IncludeCert instructs the engine to transmit the certificate with each token
	IncludeCert bool
	// CertPool is pool of certificates that are already distributed out of band
	PublicKeyCache map[string]*ecdsa.PublicKey
}

CustomTokenConfig configures the custom token generator with the standard parameters

func NewPSKCustomToken 

func NewPSKCustomToken(validity time.Duration, issuer string, psk []byte) *CustomTokenConfig

NewPSKCustomToken creates a new token generator for custom tokens

func (*CustomTokenConfig) CreateAndSign 

func (c *CustomTokenConfig) CreateAndSign(isAck bool, claims *ConnectionClaims) []byte

CreateAndSign creates a buffer for a new custom token and signs the token. Format is Signature, Random Local, Random Remote, Tags separated by the spaces

func (*CustomTokenConfig) Decode 

func (c *CustomTokenConfig) Decode(isAck bool, data []byte, cert *x509.Certificate) (*ConnectionClaims, *x509.Certificate)

Decode decodes a string into the data structures for a custom token

type CustomTokenSignMethod 

type CustomTokenSignMethod int

CustomTokenSignMethod describes the sign methods for the custome tokens 

const (
	// PreSharedKey defines a pre-shared key implementation
	PreSharedKey CustomTokenSignMethod = iota
	// PKI defines a public/private key implementation
	PKI
)

type JWTClaims 

type JWTClaims struct {
	*ConnectionClaims
	jwt.StandardClaims
}

JWTClaims captures all the custom clains

type JWTConfig 

type JWTConfig struct {
	// ValidityPeriod  period of the JWT
	ValidityPeriod time.Duration
	// Issuer is the server that issues the JWT
	Issuer string
	// contains filtered or unexported fields
}

JWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

func NewJWT 

func NewJWT(validity time.Duration, issuer string, secrets Secrets) *JWTConfig

NewJWT creates a new JWT token processor

func (*JWTConfig) CreateAndSign 

func (c *JWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims) []byte

CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It returns back the token and the private key.

func (*JWTConfig) Decode 

func (c *JWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (*ConnectionClaims, interface{})

Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

type PKISecrets 

type PKISecrets struct {
	PrivateKeyPEM    []byte
	PublicKeyPEM     []byte
	AuthorityPEM     []byte
	CertificateCache map[string]*ecdsa.PublicKey
	// contains filtered or unexported fields
}

PKISecrets holds all PKI information

func NewPKISecrets 

func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) *PKISecrets

NewPKISecrets creates new secrets for PKI implementations

func (*PKISecrets) AckSize 

func (p *PKISecrets) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*PKISecrets) DecodingKey 

func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

DecodingKey returns the public key

func (*PKISecrets) EncodingKey 

func (p *PKISecrets) EncodingKey() interface{}

EncodingKey returns the private key

func (*PKISecrets) PublicKeyAdd 

func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

func (*PKISecrets) TransmittedKey 

func (p *PKISecrets) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*PKISecrets) Type 

func (p *PKISecrets) Type() SecretsType

Type implements the interface Secrets

func (*PKISecrets) VerifyPublicKey 

func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type PSKSecrets 

type PSKSecrets struct {
	SharedKey []byte
}

PSKSecrets holds the shared key

func NewPSKSecrets 

func NewPSKSecrets(psk []byte) *PSKSecrets

NewPSKSecrets creates new PSK Secrets

func (*PSKSecrets) AckSize 

func (p *PSKSecrets) AckSize() uint32

AckSize returns the expected size of ack packets

func (*PSKSecrets) DecodingKey 

func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

DecodingKey returns the preshared key

func (*PSKSecrets) EncodingKey 

func (p *PSKSecrets) EncodingKey() interface{}

EncodingKey returns the pre-shared key

func (*PSKSecrets) TransmittedKey 

func (p *PSKSecrets) TransmittedKey() []byte

TransmittedKey returns nil in the case of pre-shared key

func (*PSKSecrets) Type 

func (p *PSKSecrets) Type() SecretsType

Type implements the Secrets interface

func (*PSKSecrets) VerifyPublicKey 

func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey always returns nil for pre-shared secrets

type Secrets 

type Secrets interface {
	Type() SecretsType
	EncodingKey() interface{}
	DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
	TransmittedKey() []byte
	VerifyPublicKey(pkey []byte) (interface{}, error)
	AckSize() uint32
}

Secrets is an interface implementing Secrets

type SecretsType 

type SecretsType int

SecretsType identifies the different secrets that are supported 

const (
	// PKIType  for assymetric signing
	PKIType SecretsType = iota
	// PSKType  for symetric signing
	PSKType
)

type TokenEngine 

type TokenEngine interface {
	// CreteAndSign creates a token, signs it and produces the final byte string
	CreateAndSign(attachCert bool, claims *ConnectionClaims) []byte
	// Decode decodes an incoming buffer and returns the claims and the sender certificate
	Decode(decodeCert bool, buffer []byte, cert interface{}) (*ConnectionClaims, interface{})
}

TokenEngine is the interface to the different implementations of tokens

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.