authentication

package
v0.0.0-...-29ec7e5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2017 License: Apache-2.0 Imports: 22 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAuthContext 

func NewAuthContext(ctx context.Context, a *AuthState) context.Context

NewAuthContext creates a new context appending authentication information.

func Sha256FingerprintHex 

func Sha256FingerprintHex(cert *x509.Certificate) string

Types

type Auth 

type Auth interface {
	srpc.ServerModule
	PeerCerts() *PeerCertMgr
}

type AuthState 

type AuthState struct {
	ID       PeerID
	Addr     net.Addr
	Verified bool
}

AuthState contains the information about the succeeded (or failed) client authentication.

func FromAuthContext 

func FromAuthContext(ctx context.Context) (a *AuthState, ok bool)

FromAuthContext returns the authentication details from ctx if exists.

type CertFingerprint 

type CertFingerprint string

func Sha256Fingerprint 

func Sha256Fingerprint(cert *x509.Certificate) CertFingerprint

type CertRole 

type CertRole uint8

CertRole defines the scope a certificate is valid for 

const (
	// Revoked indicates that the referenced certificate is not valid for any
	// action. On client-side, it should refuse a server connection.
	// On server-side, a connection should be aborted as early as possible.
	Revoked CertRole = iota
	// Inactive is the default status for a new certificate. It describes
	// that it is currently not used or associated. Therefore, it is not
	// valid for any server-side actions. Most of the time, this will change
	// later on.
	Inactive
	// Primary indicates this is the primary certificate.
	Primary
	// Backup indicates that all previously declared certs are invalidated.
	// A certificate with this option set allows to replace any of peer's certificates.
	Backup
)

type ClientAuth 

type ClientAuth struct {
	// contains filtered or unexported fields
}

func NewClientAuth 

func NewClientAuth() ClientAuth

func (*ClientAuth) InterceptMethods 

func (ca *ClientAuth) InterceptMethods() []srpc.UnaryInterceptInfo

func (*ClientAuth) PeerCerts 

func (ca *ClientAuth) PeerCerts() *PeerCertMgr

func (*ClientAuth) RegisterServer 

func (ca *ClientAuth) RegisterServer(g *grpc.Server)

type ContextualServerStream 

type ContextualServerStream struct {
	// Embed ServerStream
	grpc.ServerStream
	// Additional context
	Ctx context.Context
}

func NewContextualServerStream 

func NewContextualServerStream(ss grpc.ServerStream) *ContextualServerStream

NewContextualServerStream wraps gRPC's ServerStream and attaches a mutable context.

func (*ContextualServerStream) Context 

func (cs *ContextualServerStream) Context() context.Context

Context returns the embedded context associated with a gRPC ServerStream. It overwrites the Context() from the embedded ServerStream instance. By this, we can alter the context and pass additional information for authentication.

type PeerCert 

type PeerCert struct {
	Certificate *x509.Certificate `json:"-"`
	Role        CertRole          `json:"certRole"`
	Created     time.Time         `json:"created"`
}

type PeerCertMgr 

type PeerCertMgr struct {
	ManagedCertPool *x509.CertPool
	// contains filtered or unexported fields
}

func NewPeerCertMgr 

func NewPeerCertMgr() *PeerCertMgr

NewCertManager creates a new instance to manage our own and peers' certificates

func (*PeerCertMgr) ActivePeerCertificates 

func (cm *PeerCertMgr) ActivePeerCertificates(cn string) int

func (*PeerCertMgr) AddCert 

func (cm *PeerCertMgr) AddCert(cert *x509.Certificate, role CertRole, created time.Time) (CertFingerprint, error)

AddCert adds a new certificate and associates it with the peer's CN.

If a peer with the same CN exists, it is associated with this peer. The application should check before whether a peer exists if this variant is not desired.

func (*PeerCertMgr) LoadFromPath 

func (cm *PeerCertMgr) LoadFromPath(dirpath string) error

LoadFromPath imports certificates from `peer_certificates.pem` into the local certificate pool. If a certificate in the pool is the same as one of the imported ones, it is skipped. Note: only certificates described by `peer_certificates.meta.json`, are 

candidates for import.

func (*PeerCertMgr) RevokeCert 

func (cm *PeerCertMgr) RevokeCert(cert *x509.Certificate)

func (*PeerCertMgr) Role 

func (cm *PeerCertMgr) Role(cert *x509.Certificate) CertRole

func (*PeerCertMgr) StoreToPath 

func (cm *PeerCertMgr) StoreToPath(dirpath string) error

StoreToPath exports all managed certificates accompanied by a JSON meta file for additional properties, such as its role or issue time.

func (*PeerCertMgr) UpdateCert 

func (cm *PeerCertMgr) UpdateCert(cert *x509.Certificate, role CertRole)

func (*PeerCertMgr) VerifyPeerIdentity 

func (cm *PeerCertMgr) VerifyPeerIdentity(remote *x509.Certificate) (*PeerCert, error)

type PeerID 

type PeerID string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.