Documentation
¶
Index ¶
- func ParseCryptoKeyStoreConfig(cfg string) (map[string]interface{}, error)
- type CryptoKey
- type CryptoKeyConfig
- type CryptoKeyOperator
- type CryptoKeyStore
- func (ks *CryptoKeyStore) AddDefaults(m map[string]interface{}) error
- func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
- func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
- func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
- func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
- func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetTokenLifetime(tokenName, signMethod interface{}) int
- func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
- func (ks *CryptoKeyStore) HasSignKeys() error
- func (ks *CryptoKeyStore) HasVerifyKeys() error
- func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
- func (ks *CryptoKeyStore) SetLogger(logger *zap.Logger)
- func (ks *CryptoKeyStore) SignToken(tokenName, signMethod interface{}, usr *user.User) error
- type CryptoKeyTokenOperator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseCryptoKeyStoreConfig ¶
ParseCryptoKeyStoreConfig parses crypto key store default configuration, e.g. default token name and configuration.
Types ¶
type CryptoKey ¶
type CryptoKey struct {
Config *CryptoKeyConfig `json:"config,omitempty" xml:"config,omitempty" yaml:"config,omitempty"`
Sign *CryptoKeyOperator `json:"sign,omitempty" xml:"sign,omitempty" yaml:"sign,omitempty"`
Verify *CryptoKeyOperator `json:"verify,omitempty" xml:"verify,omitempty" yaml:"verify,omitempty"`
}
CryptoKey contains a crypto graphic key and associated metadata.
func GetKeysFromConfig ¶
func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfig loads keys from a single key config.
func GetKeysFromConfigs ¶
func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfigs loads keys from one or more key configs.
func (*CryptoKey) ProvideKey ¶
ProvideKey returns the appropriate encryption key.
type CryptoKeyConfig ¶
type CryptoKeyConfig struct {
// Seq is the order in which a key would be processed.
Seq int `json:"seq,omitempty" xml:"seq,omitempty" yaml:"seq,omitempty"`
// ID is the key ID, aka kid.
ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
// Usage is the intended key usage. The values are: sign, verify, both,
// or auto.
Usage string `json:"usage,omitempty" xml:"usage,omitempty" yaml:"usage,omitempty"`
// TokenName is the token name associated with the key.
TokenName string `json:"token_name,omitempty" xml:"token_name,omitempty" yaml:"token_name,omitempty"`
// Source is either config or env.
Source string `json:"source,omitempty" xml:"source,omitempty" yaml:"source,omitempty"`
// Algorithm is either hmac, rsa, or ecdsa.
Algorithm string `json:"algorithm,omitempty" xml:"algorithm,omitempty" yaml:"algorithm,omitempty"`
// EnvVarName is the name of environment variables holding either the value of
// a key or the path a directory or file containing a key.
EnvVarName string `json:"env_var_name,omitempty" xml:"env_var_name,omitempty" yaml:"env_var_name,omitempty"`
// EnvVarType indicates how to interpret the value found in the EnvVarName. If
// it is blank, then the assumption is the environment variable value
// contains either public or private key.
EnvVarType string `json:"env_var_type,omitempty" xml:"env_var_type,omitempty" yaml:"env_var_type,omitempty"`
// EnvVarValue is the value associated with the environment variable set by EnvVarName.
EnvVarValue string `json:"env_var_value,omitempty" xml:"env_var_value,omitempty" yaml:"env_var_value,omitempty"`
// FilePath is the path of a file containing either private or public key.
FilePath string `json:"file_path,omitempty" xml:"file_path,omitempty" yaml:"file_path,omitempty"`
// DirPath is the path to a directory containing crypto keys.
DirPath string `json:"dir_path,omitempty" xml:"dir_path,omitempty" yaml:"dir_path,omitempty"`
// TokenLifetime is the expected token grant lifetime in seconds.
TokenLifetime int `json:"token_lifetime,omitempty" xml:"token_lifetime,omitempty" yaml:"token_lifetime,omitempty"`
// Secret is the shared key used with HMAC algorithm.
Secret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"`
// PreferredSignMethod is the preferred method to sign tokens, e.g.
// all HMAC keys could use HS256, HS384, and HS512 methods. By default,
// the preferred method is HS512. However, one may prefer using HS256.
PreferredSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"`
// EvalExpr is a list of expressions evaluated whether a specific key
// should be used for signing and verification.
EvalExpr []string `json:"token_eval_expr,omitempty" xml:"token_eval_expr" yaml:"token_eval_expr"`
// contains filtered or unexported fields
}
CryptoKeyConfig is common token-related configuration settings.
func ParseCryptoKeyConfigs ¶
func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)
ParseCryptoKeyConfigs parses crypto key configurations.
func (*CryptoKeyConfig) ToString ¶
func (k *CryptoKeyConfig) ToString() string
ToString returns string representation of a crypto key config.
type CryptoKeyOperator ¶
type CryptoKeyOperator struct {
Token *CryptoKeyTokenOperator `json:"token,omitempty" xml:"token,omitempty" yaml:"token,omitempty"`
Secret interface{} `json:"secret,omitempty" xml:"secret,omitempty" yaml:"secret,omitempty"`
Capable bool `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"`
}
CryptoKeyOperator represents CryptoKey operator.
func NewCryptoKeyOperator ¶
func NewCryptoKeyOperator() *CryptoKeyOperator
NewCryptoKeyOperator returns an instance of CryptoKeyOperator.
type CryptoKeyStore ¶
type CryptoKeyStore struct {
// contains filtered or unexported fields
}
CryptoKeyStore constains keys assembled for a specific purpose, i.e. signing or validation.
func NewCryptoKeyStore ¶
func NewCryptoKeyStore() *CryptoKeyStore
NewCryptoKeyStore returns a new instance of CryptoKeyStore
func (*CryptoKeyStore) AddDefaults ¶
func (ks *CryptoKeyStore) AddDefaults(m map[string]interface{}) error
AddDefaults adds default settings to CryptoKeyStore.
func (*CryptoKeyStore) AddKey ¶
func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
AddKey adds CryptoKey instance to CryptoKeyStore.
func (*CryptoKeyStore) AddKeys ¶
func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
AddKeys adds CryptoKey instances to CryptoKeyStore.
func (*CryptoKeyStore) AddKeysWithConfigs ¶
func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
AddKeysWithConfigs adds CryptoKey instances by providing their configurations to CryptoKeyStore.
func (*CryptoKeyStore) AutoGenerate ¶
func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
AutoGenerate auto-generates public-private key pair capable of both signing and verifying tokens.
func (*CryptoKeyStore) GetKeys ¶
func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
GetKeys returns CryptoKey instances from CryptoKeyStore.
func (*CryptoKeyStore) GetSignKeys ¶
func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
GetSignKeys returns CryptoKey instances with key signing capabilities from CryptoKeyStore.
func (*CryptoKeyStore) GetTokenLifetime ¶
func (ks *CryptoKeyStore) GetTokenLifetime(tokenName, signMethod interface{}) int
GetTokenLifetime returns lifetime for a signed token.
func (*CryptoKeyStore) GetVerifyKeys ¶
func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
GetVerifyKeys returns CryptoKey instances with key verification capabilities from CryptoKeyStore.
func (*CryptoKeyStore) HasSignKeys ¶
func (ks *CryptoKeyStore) HasSignKeys() error
HasSignKeys returns true if CryptoKeyStore has key signing capabilities.
func (*CryptoKeyStore) HasVerifyKeys ¶
func (ks *CryptoKeyStore) HasVerifyKeys() error
HasVerifyKeys returns true if CryptoKeyStore has key verification capabilities.
func (*CryptoKeyStore) ParseToken ¶
func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
ParseToken parses JWT token and returns User instance.
func (*CryptoKeyStore) SetLogger ¶
func (ks *CryptoKeyStore) SetLogger(logger *zap.Logger)
SetLogger adds a logger to CryptoKeyStore.
type CryptoKeyTokenOperator ¶
type CryptoKeyTokenOperator struct {
ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
MaxLifetime int `json:"max_lifetime,omitempty" xml:"max_lifetime,omitempty" yaml:"max_lifetime,omitempty"`
Methods map[string]interface{} `json:"methods,omitempty" xml:"methods,omitempty" yaml:"methods,omitempty"`
PreferredMethods []string `json:"preferred_methods,omitempty" xml:"preferred_methods,omitempty" yaml:"preferred_methods,omitempty"`
DefaultMethod string `json:"default_method,omitempty" xml:"default_method,omitempty" yaml:"default_method,omitempty"`
Capable bool `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"`
// contains filtered or unexported fields
}
CryptoKeyTokenOperator represents CryptoKeyOperator token operator.
func NewCryptoKeyTokenOperator ¶
func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator
NewCryptoKeyTokenOperator returns an instance of CryptoKeyTokenOperator.
Source Files
Click to show internal directories.
Click to hide internal directories.