Documentation ¶
Index ¶
- type CryptoKey
- type CryptoKeyConfig
- type CryptoKeyOperator
- type CryptoKeyStore
- func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
- func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
- func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
- func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
- func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
- func (ks *CryptoKeyStore) HasSignKeys() error
- func (ks *CryptoKeyStore) HasVerifyKeys() error
- func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
- func (ks *CryptoKeyStore) SignToken(tokenName, signMethod interface{}, usr *user.User) error
- type CryptoKeyTokenOperator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CryptoKey ¶
type CryptoKey struct { Config *CryptoKeyConfig Sign *CryptoKeyOperator Verify *CryptoKeyOperator }
CryptoKey contains a crypto graphic key and associated metadata.
func GetKeysFromConfig ¶
func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfig loads keys from a single key config.
func GetKeysFromConfigs ¶
func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfigs loads keys from one or more key configs.
func (*CryptoKey) ProvideKey ¶
ProvideKey returns the appropriate encryption key.
type CryptoKeyConfig ¶
type CryptoKeyConfig struct { // Seq is the order in which a key would be processed. Seq int // ID is the key ID, aka kid. ID string // Usage is the intended key usage. The values are: sign, verify, both, // or auto. Usage string // TokenName is the token name associated with the key. TokenName string // Source is either config or env. Source string // Algorithm is either hmac, rsa, or ecdsa. Algorithm string // EnvVarName is the name of environment variables holding either the value of // a key or the path a directory or file containing a key. EnvVarName string // EnvVarType indicates how to interpret the value found in the EnvVarName. If // it is blank, then the assumption is the environment variable value // contains either public or private key. EnvVarType string // EnvVarValue is the value associated with the environment variable set by EnvVarName. EnvVarValue string // FilePath is the path of a file containing either private or public key. FilePath string // DirPath is the path to a directory containing crypto keys. DirPath string // TokenLifetime is the expected token grant lifetime in seconds. TokenLifetime int // Secret is the shared key used with HMAC algorithm. Secret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"` // PreferredSignMethod is the preferred method to sign tokens, e.g. // all HMAC keys could use HS256, HS384, and HS512 methods. By default, // the preferred method is HS512. However, one may prefer using HS256. PreferredSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"` // EvalExpr is a list of expressions evaluated whether a specific key // should be used for signing and verification. EvalExpr []string `json:"token_eval_expr,omitempty" xml:"token_eval_expr" yaml:"token_eval_expr"` // contains filtered or unexported fields }
CryptoKeyConfig is common token-related configuration settings.
func ParseCryptoKeyConfigs ¶
func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)
ParseCryptoKeyConfigs parses crypto key configurations.
func (*CryptoKeyConfig) ToString ¶
func (k *CryptoKeyConfig) ToString() string
ToString returns string representation of a crypto key config.
type CryptoKeyOperator ¶
type CryptoKeyOperator struct { Token *CryptoKeyTokenOperator Secret interface{} Capable bool }
CryptoKeyOperator represents CryptoKey operator.
func NewCryptoKeyOperator ¶
func NewCryptoKeyOperator() *CryptoKeyOperator
NewCryptoKeyOperator returns an instance of CryptoKeyOperator.
type CryptoKeyStore ¶
type CryptoKeyStore struct {
// contains filtered or unexported fields
}
CryptoKeyStore constains keys assembled for a specific purpose, i.e. signing or validation.
func NewCryptoKeyStore ¶
func NewCryptoKeyStore() *CryptoKeyStore
NewCryptoKeyStore returns a new instance of CryptoKeyStore
func (*CryptoKeyStore) AddKey ¶
func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
AddKey adds CryptoKey instance to CryptoKeyStore.
func (*CryptoKeyStore) AddKeys ¶
func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
AddKeys adds CryptoKey instances to CryptoKeyStore.
func (*CryptoKeyStore) AddKeysWithConfigs ¶
func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
AddKeysWithConfigs adds CryptoKey instances by providing their configurations to CryptoKeyStore.
func (*CryptoKeyStore) AutoGenerate ¶
func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
AutoGenerate auto-generates public-private key pair capable of both signing and verifying tokens.
func (*CryptoKeyStore) GetKeys ¶
func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
GetKeys returns CryptoKey instances from CryptoKeyStore.
func (*CryptoKeyStore) GetSignKeys ¶
func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
GetSignKeys returns CryptoKey instances with key signing capabilities from CryptoKeyStore.
func (*CryptoKeyStore) GetVerifyKeys ¶
func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
GetVerifyKeys returns CryptoKey instances with key verification capabilities from CryptoKeyStore.
func (*CryptoKeyStore) HasSignKeys ¶
func (ks *CryptoKeyStore) HasSignKeys() error
HasSignKeys returns true if CryptoKeyStore has key signing capabilities.
func (*CryptoKeyStore) HasVerifyKeys ¶
func (ks *CryptoKeyStore) HasVerifyKeys() error
HasVerifyKeys returns true if CryptoKeyStore has key verification capabilities.
func (*CryptoKeyStore) ParseToken ¶
func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
ParseToken parses JWT token and returns User instance.
type CryptoKeyTokenOperator ¶
type CryptoKeyTokenOperator struct { ID string Name string MaxLifetime int Methods map[string]interface{} PreferredMethods []string DefaultMethod string Capable bool // contains filtered or unexported fields }
CryptoKeyTokenOperator represents CryptoKeyOperator token operator.
func NewCryptoKeyTokenOperator ¶
func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator
NewCryptoKeyTokenOperator returns an instance of CryptoKeyTokenOperator.