util

package
v0.0.0-...-1e47281 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2023 License: Apache-2.0 Imports: 27 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ListenAddr is the http server listen address
	ListenAddr string

	// ListenPort is the http server listen port
	ListenPort string

	// CertificatePath is the SSL certificate path used by HTTPS listener
	CertificatePath string

	// PrivateKeyPath is the private key path used by HTTPS listener
	PrivateKeyPath string

	// ServeTLS is true when CertificatePath and PrivateKeyPath are valid
	ServeTLS bool
)

gin configuration vars

View Source 
var (

	// JWTApplicationClaimsKey is the key within the JWT payload where application-specific claims are encoded
	JWTApplicationClaimsKey string

	// JWTAuthorizationAudience is the audience who will consume the JWT; this will be set as the JWT "aud" claim
	JWTAuthorizationAudience string

	// JWTAlternativeAuthorizationAudiences are additional valid audiences who will consume signed JWTs, keyed on a scope; these will be allowed to be set as the JWT "aud" claim
	JWTAlternativeAuthorizationAudiences map[string]interface{}

	// JWTAuthorizationIssuer is the common name of the operator of the token vending machine; this will be set as the JWT "iss" claim
	JWTAuthorizationIssuer string

	// JWTAuthorizationTTL is the ttl in milliseconds for new token authorizations, calculated from the issued at timestamp ("iat" claim)
	JWTAuthorizationTTL time.Duration

	// JWTNatsClaimsKey is the key within the JWT claims payload where NATS-specific claims are encoded
	JWTNatsClaimsKey string

	// JWTNatsAuthorizationAudience is the audience who will consume the NATS bearer authorization JWT; this will be set as the JWT "aud" claim
	JWTNatsAuthorizationAudience string

	// Vault is the vault instance
	Vault *vault.Vault
)
View Source 
var (
	// DefaultVaultAccessJWT for the default vault context
	DefaultVaultAccessJWT string
)

Functions

func AuthorizedSubjectDID 

func AuthorizedSubjectDID(c *gin.Context, subject string) *string

func AuthorizedSubjectID 

func AuthorizedSubjectID(c *gin.Context, subject string) *uuid.UUID

AuthorizedSubjectID returns the requested JWT subject if it matches

func ParseBearerAuthorizationHeader 

func ParseBearerAuthorizationHeader(authorization string, keyfunc *func(_jwtToken *jwt.Token) (interface{}, error)) (*jwt.Token, error)

ParseBearerAuthorizationHeader parses the given bearer authorization token; returns the parsed JWT token if valid

func RequireGin 

func RequireGin()

RequireGin initializes the gin configuration

func RequireJWT 

func RequireJWT() map[string]*JWTKeypair

RequireJWT allows a package to conditionally require a valid JWT configuration in the ident environment; at least one RS256 keypair must be configured using the JWT_SIGNER_PRIVATE_KEY and JWT_SIGNER_PUBLIC_KEY environment variables

func RequireJWTVerifiers 

func RequireJWTVerifiers() map[string]*JWTKeypair

RequireJWTVerifiers allows a package to conditionally require RS256 signature verification in the configured environment via JWT_SIGNER_PUBLIC_KEY; the use-case for this support is when another microservice is depending on the token authorization middleware provided in this package

func RequireVault 

func RequireVault()

RequireVault panics if the VAULT_REFRESH_TOKEN is not given or an access token is otherwise unable to be obtained; attepts to unseal the vault if possible

func ResolveCapabilitiesManifest 

func ResolveCapabilitiesManifest() (map[string]interface{}, error)

ResolveCapabilitiesManifest attempts to resolve the capabilities manifest from S3

func ResolveJWTKeypair 

func ResolveJWTKeypair(fingerprint *string) (*rsa.PublicKey, *rsa.PrivateKey, *vault.Key, *string)

ResolveJWTKeypair returns the configured public/private signing keypair and its fingerprint, if one has been configured; this impl will be upgraded soon to allow many key to be configured

func SealVault 

func SealVault() error

SealVault seals the configured vault context

func TrackAPICalls 

func TrackAPICalls() gin.HandlerFunc

TrackAPICalls returns gin middleware for tracking API calls

func UnsealVault 

func UnsealVault() error

UnsealVault unseals the configured vault context

Types

type JWTKeypair 

type JWTKeypair struct {
	Fingerprint  string
	PublicKey    rsa.PublicKey
	PublicKeyPEM *string
	PrivateKey   *rsa.PrivateKey
	SSHPublicKey *ssh.PublicKey
	VaultKey     *vault.Key
}

JWTKeypair enables private key or vault-based JWT signing and verification

func (*JWTKeypair) SSHSigner 

func (j *JWTKeypair) SSHSigner() ssh.Signer

PublicKey returns an associated PublicKey instance.

type JWTKeypairSSHSigner 

type JWTKeypairSSHSigner struct {
	// contains filtered or unexported fields
}

func (*JWTKeypairSSHSigner) PublicKey 

func (j *JWTKeypairSSHSigner) PublicKey() ssh.PublicKey

PublicKey returns an associated PublicKey instance.

func (*JWTKeypairSSHSigner) Sign 

func (j *JWTKeypairSSHSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

Sign returns raw signature for the given data. This method will apply the hash specified for the keytype to the data.

type SigningMethodEdDSA 

type SigningMethodEdDSA struct{}

SigningMethodEdDSA enables Ed25519

func (*SigningMethodEdDSA) Alg 

func (m *SigningMethodEdDSA) Alg() string

Alg returns EdDSA

func (*SigningMethodEdDSA) Sign 

func (m *SigningMethodEdDSA) Sign(signingString string, key interface{}) (str string, err error)

Sign the jwt using Ed25519

func (*SigningMethodEdDSA) Verify 

func (m *SigningMethodEdDSA) Verify(signingString string, signature string, key interface{}) error

Verify the Ed25519 jwt

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.