securitymanager

package

v0.1.2 Latest Latest Go to latest Published: Oct 1, 2020 License: Apache-2.0 Imports: 4 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dermesser/clusterrpc

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ClientSecurityManager
- func NewClientSecurityManager() *ClientSecurityManager
type ServerSecurityManager
- func NewServerSecurityManager() *ServerSecurityManager

Constants ¶

View Source

const DONOTREAD = "___donotread_key_from_file"

DONOTREAD can be used as file name if you don't want the key read from disk.

View Source

const DONOTWRITE = "___donotwrite_key_to_file"

DONOTWRITE can be used as file name if you don't want the key written to disk.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientSecurityManager ¶

type ClientSecurityManager struct {
	// contains filtered or unexported fields
}

ClientSecurityManager manages encryption for client sockets.

func NewClientSecurityManager ¶

func NewClientSecurityManager() *ClientSecurityManager

NewClientSecurityManager sets up the manager and generates a new client key pair.

In order to connect to a server, the server's public key must be set before creating a client. Otherwise, the connection will not succeed.

func (*ClientSecurityManager) ApplyToClientSocket ¶

func (mgr *ClientSecurityManager) ApplyToClientSocket(sock *zmq4.Socket) error

For internal use: ApplyToClientSocket sets up a client socket for CURVE security. If called on nil, does nothing. This function must be called before calling Connect() on the socket!

func (ClientSecurityManager) LoadKeys ¶

func (mgr ClientSecurityManager) LoadKeys(publicFile, privateFile string) error

Loads private and public key from the specified files. Does not initialize a key when the file name is server.DONOTREAD (for example when you only want to read the private key from disk -- use SetKeys() with an empty private key and then LoadKeys() with publicFile as DONOTREAD, leaving the public key untouched)

func (*ClientSecurityManager) LoadServerPubkey ¶

func (mgr *ClientSecurityManager) LoadServerPubkey(keyfile string) error

LoadServerPubkey loads the public key of the server from the specified file.

func (*ClientSecurityManager) SetKeys ¶

func (mgr *ClientSecurityManager) SetKeys(public, private string)

SetKeys sets the client key pair to the specified keys.

func (*ClientSecurityManager) SetServerPubkey ¶

func (mgr *ClientSecurityManager) SetServerPubkey(key string)

SetServerPubkey sets the public key of the server. This is required to be able to connect to a server using a secure connection.

func (ClientSecurityManager) WriteKeys ¶

func (mgr ClientSecurityManager) WriteKeys(publicFile, privateFile string) error

Writes a keypair to the supplied files. If one of the file names is the constant DONOTWRITE, the function will not write to that file. e.g. mgr.WriteKeys("pubkey.txt", server.DONOTWRITE) writes only the public key.

type ServerSecurityManager ¶

type ServerSecurityManager struct {
	// contains filtered or unexported fields
}

ServerSecurityManager can be supplied to NewServer(). It then sets up encryption and authentication. A keypair is generated by NewServerSecurityManager(). Supplying an initialized ServerSecurityManager to an RPC server will cause any unencrypted connections to be refused.

The security manager is very easy to use and enables both cryptographic/CURVE security and authentication and additionally IP authentication.

func NewServerSecurityManager ¶

func NewServerSecurityManager() *ServerSecurityManager

NewServerSecurityManager sets up a key manager and generates a new key pair.

func (*ServerSecurityManager) AddClientKeys ¶

func (mgr *ServerSecurityManager) AddClientKeys(keys ...string)

AddClientKeys adds permitted client keys. Can be called several times.

func (*ServerSecurityManager) ApplyToServerSocket ¶

func (mgr *ServerSecurityManager) ApplyToServerSocket(sock *zmq4.Socket) error

Only for internal use: ApplyToServerSocket applies the internal keys to the server. This must be called before applying Bind() on the socket! Safe to call on a nil manager (nothing happens in that case).

func (*ServerSecurityManager) BlacklistClients ¶

func (mgr *ServerSecurityManager) BlacklistClients(addrs ...string)

BlacklistClients adds clients to the blacklist (IP addresses or ranges) to the blacklist. A blacklist is mutually exclusive with a whitelist, meaning that all whitelisted clients are removed when calling this function. The blacklist can only be set before the server is started.

func (*ServerSecurityManager) DisableCURVE ¶ added in v0.1.2

func (mgr *ServerSecurityManager) DisableCURVE()

Disable CURVE authentication, only apply IP protection.

func (*ServerSecurityManager) GetPublicKey ¶

func (mgr *ServerSecurityManager) GetPublicKey() string

GetPublicKey returns the public key of the server.

func (ServerSecurityManager) LoadKeys ¶

func (mgr ServerSecurityManager) LoadKeys(publicFile, privateFile string) error

Loads private and public key from the specified files. Does not initialize a key when the file name is server.DONOTREAD (for example when you only want to read the private key from disk -- use SetKeys() with an empty private key and then LoadKeys() with publicFile as DONOTREAD, leaving the public key untouched)

func (*ServerSecurityManager) ResetBlackWhiteLists ¶

func (mgr *ServerSecurityManager) ResetBlackWhiteLists()

ResetBlackWhiteLists removes all clients from the blacklist, effectively enforcing an OPEN IP policy

func (*ServerSecurityManager) ResetClientKeys ¶

func (mgr *ServerSecurityManager) ResetClientKeys()

ResetClientKeys removes all clients from the whitelist, effectively enforcing an OPEN IP policy

func (*ServerSecurityManager) SetKeys ¶

func (mgr *ServerSecurityManager) SetKeys(public, private string)

SetKeys sets the public and private keys of the server.

func (*ServerSecurityManager) StopManager ¶

func (mgr *ServerSecurityManager) StopManager()

StopManager tears down all resources associated with authentication

func (*ServerSecurityManager) WhitelistClients ¶

func (mgr *ServerSecurityManager) WhitelistClients(addrs ...string)

WhitelistClients adds clients (IP addresses or ranges) to the whitelist. A whitelist is mutually exclusive with a blacklist, meaning that all blacklisted clients are removed when calling this function. The whitelist can only be set once, before the server starts.

func (ServerSecurityManager) WriteKeys ¶

func (mgr ServerSecurityManager) WriteKeys(publicFile, privateFile string) error

Writes a keypair to the supplied files. If one of the file names is the constant DONOTWRITE, the function will not write to that file. e.g. mgr.WriteKeys("pubkey.txt", server.DONOTWRITE) writes only the public key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL