crypto

package

v0.0.0-...-f456f9b Latest Latest Go to latest Published: Apr 29, 2024 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nais/digdirator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ConvertPEMChainToX509Chain(pemChain []byte) ([]*x509.Certificate, error)
func GenerateJwk() (*jose.JSONWebKey, error)
func GenerateJwt(signer jose.Signer, claims interface{}) (string, error)
func GenerateRSAKey() (*rsa.PrivateKey, error)
func GetPreviousJwkFromSecret(managedSecrets *kubernetes.SecretLists, secretKey string) (*jose.JSONWebKey, error)
func KeyIDsFromJwks(jwks *jose.JSONWebKeySet) []string
func MergeJwks(jwk jose.JSONWebKey, secretsInUse v1.SecretList, secretKey string) (*jose.JSONWebKeySet, error)
func NewKmsSigner(certChain []byte, kmsConfig config.KMS, ctx context.Context) (jose.Signer, error)
func SetupSignerOptions(pemChain []byte) (*jose.SignerOptions, error)
func X5tS256(cert *x509.Certificate) string
type ByteSigner
type ConfigurableSigner
- func (ctx ConfigurableSigner) Options() jose.SignerOptions
- func (ctx ConfigurableSigner) Sign(payload []byte) (*jose.JSONWebSignature, error)
type KmsByteSigner
- func (k KmsByteSigner) SignBytes(payload []byte) ([]byte, error)
type KmsKeyPath
type KmsOptions

Constants ¶

View Source

const (
	KeyUseSignature string = "sig"
	KeyAlgorithm    string = "RS256"
)

View Source

const SigningAlg = jose.RS256

Variables ¶

This section is empty.

Functions ¶

func ConvertPEMChainToX509Chain ¶

func ConvertPEMChainToX509Chain(pemChain []byte) ([]*x509.Certificate, error)

func GenerateJwk ¶

func GenerateJwk() (*jose.JSONWebKey, error)

func GenerateJwt ¶

func GenerateJwt(signer jose.Signer, claims interface{}) (string, error)

func GenerateRSAKey ¶

func GenerateRSAKey() (*rsa.PrivateKey, error)

func GetPreviousJwkFromSecret ¶

func GetPreviousJwkFromSecret(managedSecrets *kubernetes.SecretLists, secretKey string) (*jose.JSONWebKey, error)

func KeyIDsFromJwks ¶

func KeyIDsFromJwks(jwks *jose.JSONWebKeySet) []string

func MergeJwks ¶

func MergeJwks(jwk jose.JSONWebKey, secretsInUse v1.SecretList, secretKey string) (*jose.JSONWebKeySet, error)

func NewKmsSigner ¶

func NewKmsSigner(certChain []byte, kmsConfig config.KMS, ctx context.Context) (jose.Signer, error)

func SetupSignerOptions ¶

func SetupSignerOptions(pemChain []byte) (*jose.SignerOptions, error)

func X5tS256 ¶

func X5tS256(cert *x509.Certificate) string

X5tS256 creates a base64url-encoded SHA-256 thumbprint of the given input certificate, as described in RFC 7517 section 4.9, i.e. the "x5t#S256" property.

Types ¶

type ByteSigner ¶

type ByteSigner interface {
	SignBytes(payload []byte) ([]byte, error)
}

type ConfigurableSigner ¶

type ConfigurableSigner struct {
	SignerOptions *jose.SignerOptions
	ByteSigner    ByteSigner
}

func (ConfigurableSigner) Options ¶

func (ctx ConfigurableSigner) Options() jose.SignerOptions

func (ConfigurableSigner) Sign ¶

func (ctx ConfigurableSigner) Sign(payload []byte) (*jose.JSONWebSignature, error)

type KmsByteSigner ¶

type KmsByteSigner struct {
	Client        *kms.KeyManagementClient
	Ctx           context.Context
	SignerOptions *jose.SignerOptions
	KmsKeyPath    KmsKeyPath
}

func (KmsByteSigner) SignBytes ¶

func (k KmsByteSigner) SignBytes(payload []byte) ([]byte, error)

type KmsKeyPath ¶

type KmsKeyPath string

type KmsOptions ¶

type KmsOptions struct {
	Client    *kms.KeyManagementClient
	Ctx       context.Context
	KmsConfig config.KMS
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL