kms

package

v1.2.10 Latest Latest Go to latest Published: May 19, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/otaku/caddy-auth-jwt

Documentation ¶

Index ¶

type CryptoKey
- func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)
- func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)
- func (k *CryptoKey) ProvideKey(token *jwtlib.Token) (interface{}, error)
- func (k *CryptoKey) SignToken(signMethod interface{}, usr *user.User) error
type CryptoKeyConfig
- func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)
- func (k *CryptoKeyConfig) ToString() string
type CryptoKeyOperator
- func NewCryptoKeyOperator() *CryptoKeyOperator
type CryptoKeyStore
- func NewCryptoKeyStore() *CryptoKeyStore
type CryptoKeyTokenOperator
- func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CryptoKey ¶

type CryptoKey struct {
	Config *CryptoKeyConfig
	Sign   *CryptoKeyOperator
	Verify *CryptoKeyOperator
}

CryptoKey contains a crypto graphic key and associated metadata.

func GetKeysFromConfig ¶

func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)

GetKeysFromConfig loads keys from a single key config.

func GetKeysFromConfigs ¶

func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)

GetKeysFromConfigs loads keys from one or more key configs.

func (*CryptoKey) ProvideKey ¶

func (k *CryptoKey) ProvideKey(token *jwtlib.Token) (interface{}, error)

ProvideKey returns the appropriate encryption key.

func (*CryptoKey) SignToken ¶

func (k *CryptoKey) SignToken(signMethod interface{}, usr *user.User) error

SignToken signs data using the requested method and returns it as string.

type CryptoKeyConfig ¶

type CryptoKeyConfig struct {
	// Seq is the order in which a key would be processed.
	Seq int
	// ID is the key ID, aka kid.
	ID string
	// Usage is the intended key usage. The values are: sign, verify, both,
	// or auto.
	Usage string
	// TokenName is the token name associated with the key.
	TokenName string
	// Source is either config or env.
	Source string
	// Algorithm is either hmac, rsa, or ecdsa.
	Algorithm string
	// EnvVarName is the name of environment variables holding either the value of
	// a key or the path a directory or file containing a key.
	EnvVarName string
	// EnvVarType indicates how to interpret the value found in the EnvVarName. If
	// it is blank, then the assumption is the environment variable value
	// contains either public or private key.
	EnvVarType string
	// EnvVarValue is the value associated with the environment variable set by EnvVarName.
	EnvVarValue string
	// FilePath is the path of a file containing either private or public key.
	FilePath string
	// DirPath is the path to a directory containing crypto keys.
	DirPath string
	// TokenLifetime is the expected token grant lifetime in seconds.
	TokenLifetime int
	// Secret is the shared key used with HMAC algorithm.
	Secret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"`
	// PreferredSignMethod is the preferred method to sign tokens, e.g.
	// all HMAC keys could use HS256, HS384, and HS512 methods. By default,
	// the preferred method is HS512. However, one may prefer using HS256.
	PreferredSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"`
	// EvalExpr is a list of expressions evaluated whether a specific key
	// should be used for signing and verification.
	EvalExpr []string `json:"token_eval_expr,omitempty" xml:"token_eval_expr" yaml:"token_eval_expr"`
	// contains filtered or unexported fields
}

CryptoKeyConfig is common token-related configuration settings.

func ParseCryptoKeyConfigs ¶

func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)

ParseCryptoKeyConfigs parses crypto key configurations.

func (*CryptoKeyConfig) ToString ¶

func (k *CryptoKeyConfig) ToString() string

ToString returns string representation of a crypto key config.

type CryptoKeyOperator ¶

type CryptoKeyOperator struct {
	Token   *CryptoKeyTokenOperator
	Secret  interface{}
	Capable bool
}

CryptoKeyOperator represents CryptoKey operator.

func NewCryptoKeyOperator ¶

func NewCryptoKeyOperator() *CryptoKeyOperator

NewCryptoKeyOperator returns an instance of CryptoKeyOperator.

type CryptoKeyStore ¶

type CryptoKeyStore struct {
	// contains filtered or unexported fields
}

CryptoKeyStore constains keys assembled for a specific purpose, i.e. signing or validation.

func NewCryptoKeyStore ¶

func NewCryptoKeyStore() *CryptoKeyStore

NewCryptoKeyStore returns a new instance of CryptoKeyStore

func (*CryptoKeyStore) AddKey ¶

func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error

AddKey adds CryptoKey instance to CryptoKeyStore.

func (*CryptoKeyStore) AddKeys ¶

func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error

AddKeys adds CryptoKey instances to CryptoKeyStore.

func (*CryptoKeyStore) AddKeysWithConfigs ¶

func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error

AddKeysWithConfigs adds CryptoKey instances by providing their configurations to CryptoKeyStore.

func (*CryptoKeyStore) AutoGenerate ¶

func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error

AutoGenerate auto-generates public-private key pair capable of both signing and verifying tokens.

func (*CryptoKeyStore) GetKeys ¶

func (ks *CryptoKeyStore) GetKeys() []*CryptoKey

GetKeys returns CryptoKey instances from CryptoKeyStore.

func (*CryptoKeyStore) GetSignKeys ¶

func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey

GetSignKeys returns CryptoKey instances with key signing capabilities from CryptoKeyStore.

func (*CryptoKeyStore) GetVerifyKeys ¶

func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey

GetVerifyKeys returns CryptoKey instances with key verification capabilities from CryptoKeyStore.

func (*CryptoKeyStore) HasSignKeys ¶

func (ks *CryptoKeyStore) HasSignKeys() error

HasSignKeys returns true if CryptoKeyStore has key signing capabilities.

func (*CryptoKeyStore) HasVerifyKeys ¶

func (ks *CryptoKeyStore) HasVerifyKeys() error

HasVerifyKeys returns true if CryptoKeyStore has key verification capabilities.

func (*CryptoKeyStore) ParseToken ¶

func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)

ParseToken parses JWT token and returns User instance.

func (*CryptoKeyStore) SignToken ¶

func (ks *CryptoKeyStore) SignToken(tokenName, signMethod interface{}, usr *user.User) error

SignToken signs user claims and add signed token to user identity.

type CryptoKeyTokenOperator ¶

type CryptoKeyTokenOperator struct {
	ID               string
	Name             string
	MaxLifetime      int
	Methods          map[string]interface{}
	PreferredMethods []string
	DefaultMethod    string
	Capable          bool
	// contains filtered or unexported fields
}

CryptoKeyTokenOperator represents CryptoKeyOperator token operator.

func NewCryptoKeyTokenOperator ¶

func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator

NewCryptoKeyTokenOperator returns an instance of CryptoKeyTokenOperator.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL