crypto

package
v0.0.0-...-6834a60 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 20, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ProducerCryptoFailureActionFail this is the default option to fail send if crypto operation fails.
	ProducerCryptoFailureActionFail = iota

	// ProducerCryptoFailureActionSend ignore crypto failure and proceed with sending unencrypted message.
	ProducerCryptoFailureActionSend
)
View Source
const (
	// ConsumerCryptoFailureActionFail this is the default option to fail consume messages until crypto succeeds.
	ConsumerCryptoFailureActionFail = iota

	// ConsumerCryptoFailureActionDiscard  message is silently acknowledged and not delivered to the application
	ConsumerCryptoFailureActionDiscard

	// ConsumerCryptoFailureActionConsume deliver the encrypted message to the application.
	// It's the application's responsibility to decrypt the message.
	// if message is also compressed, decompression will fail.
	// If message contain batch messages, client will not be able to retrieve
	// individual messages in the batch.
	// delivered encrypted message contains EncryptionContext which contains encryption
	// and compression information in it using which application can decrypt the payload.
	ConsumerCryptoFailureActionConsume
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DefaultMessageCrypto

type DefaultMessageCrypto struct {
	// contains filtered or unexported fields
}

DefaultMessageCrypto implementation of the interface MessageCryto

func NewDefaultMessageCrypto

func NewDefaultMessageCrypto(logCtx string, keyGenNeeded bool, logger log.Logger) (*DefaultMessageCrypto, error)

NewDefaultMessageCrypto get the instance of message crypto

func (*DefaultMessageCrypto) AddPublicKeyCipher

func (d *DefaultMessageCrypto) AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

AddPublicKeyCipher encrypt data key using keyCrypto and cache

func (*DefaultMessageCrypto) Decrypt

func (d *DefaultMessageCrypto) Decrypt(msgMetadata MessageMetadataSupplier,
	payload []byte,
	keyReader KeyReader) ([]byte, error)

Decrypt the payload using decrypted data key. Here data key is read from the message metadata and decrypted using private key.

func (*DefaultMessageCrypto) Encrypt

func (d *DefaultMessageCrypto) Encrypt(encKeys []string,
	keyReader KeyReader,
	msgMetadata MessageMetadataSupplier,
	payload []byte) ([]byte, error)

Encrypt payload using encryption keys and add encrypted data key to message metadata. Here data key is encrypted using public key

func (*DefaultMessageCrypto) RemoveKeyCipher

func (d *DefaultMessageCrypto) RemoveKeyCipher(keyName string) bool

RemoveKeyCipher remove encrypted data key from cache

type EncryptionKeyInfo

type EncryptionKeyInfo struct {
	// contains filtered or unexported fields
}

EncryptionKeyInfo

func NewEncryptionKeyInfo

func NewEncryptionKeyInfo(name string, key []byte, metadata map[string]string) *EncryptionKeyInfo

NewEncryptionKeyInfo create a new EncryptionKeyInfo

func (*EncryptionKeyInfo) Key

func (eci *EncryptionKeyInfo) Key() []byte

Key get the key data

func (*EncryptionKeyInfo) Metadata

func (eci *EncryptionKeyInfo) Metadata() map[string]string

Metadata get key metadata

func (*EncryptionKeyInfo) Name

func (eci *EncryptionKeyInfo) Name() string

Name get the name of the key

type FileKeyReader

type FileKeyReader struct {
	// contains filtered or unexported fields
}

FileKeyReader default implementation of KeyReader

func NewFileKeyReader

func NewFileKeyReader(publicKeyPath, privateKeyPath string) *FileKeyReader

func (*FileKeyReader) PrivateKey

func (d *FileKeyReader) PrivateKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PrivateKey read private key from the given path

func (*FileKeyReader) PublicKey

func (d *FileKeyReader) PublicKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PublicKey read public key from the given path

type KeyReader

type KeyReader interface {
	// PublicKey get public key that is be used by the producer to encrypt data key
	PublicKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)

	// PrivateKey get private key that is used by the consumer to decrypt data key
	PrivateKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)
}

KeyReader implement this interface to read and provide public & private keys key pair can be RSA, ECDSA

type MessageCrypto

type MessageCrypto interface {

	// AddPublicKeyCipher encrypt data using the public key(s) in the argument.
	// If more than one key name is specified, data key is encrypted using each of those keys.
	// If the public key is expired or changed, application is responsible to remove
	// the old key and add the new key.
	AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

	// RemoveKeyCipher remove the key from the list
	RemoveKeyCipher(keyName string) bool

	// Encrypt the payload using the data key and update
	// message metadata with the key and encrypted data key
	Encrypt(encKeys []string, KeyReader KeyReader, msgMetadata MessageMetadataSupplier, payload []byte) ([]byte, error)

	// Decrypt the payload using the data key.
	// Keys used to encrypt the data key can be retrieved from msgMetadata
	Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, KeyReader KeyReader) ([]byte, error)
}

MessageCrypto implement this interface to encrypt and decrypt messages

type MessageMetadata

type MessageMetadata struct {
	// contains filtered or unexported fields
}

func (*MessageMetadata) EncryptionKeys

func (m *MessageMetadata) EncryptionKeys() []EncryptionKeyInfo

func (*MessageMetadata) EncryptionParam

func (m *MessageMetadata) EncryptionParam() []byte

func (*MessageMetadata) SetEncryptionParam

func (m *MessageMetadata) SetEncryptionParam(param []byte)

func (*MessageMetadata) UpsertEncryptionKey

func (m *MessageMetadata) UpsertEncryptionKey(keyInfo EncryptionKeyInfo)

type MessageMetadataSupplier

type MessageMetadataSupplier interface {
	// EncryptionKeys read all the encryption keys from the MessageMetadata
	EncryptionKeys() []EncryptionKeyInfo

	// UpsertEncryptionKey add new or update existing EncryptionKeys in to the MessageMetadata
	UpsertEncryptionKey(EncryptionKeyInfo)

	// EncryptionParam read the ecryption parameter from the MessageMetadata
	EncryptionParam() []byte

	// SetEncryptionParam set encryption parameter in to the MessageMetadata
	SetEncryptionParam([]byte)
}

MessageMetadataSupplier wrapper implementation around message metadata

func NewMessageMetadataSupplier

func NewMessageMetadataSupplier(messageMetadata *pb.MessageMetadata) MessageMetadataSupplier

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL