key

Documentation

Overview

SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0

SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0

SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0

SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0

SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0

Index

• Constants
• Variables
• func MarshalPKIXPublicKeyToPEM(key interface{}) ([]byte, error)
• func NewEndpoint(r Registry) endpoint.Endpoint
• type Descriptor
• type Handler
  • func NewHandler(e endpoint.Endpoint) Handler
  • func NewHandlerJWK(e endpoint.Endpoint) Handler
• type HandlerJWK
• type KeyIn
• type KeyNotFoundError
  • func (knfe KeyNotFoundError) Error() string
  • func (knfe KeyNotFoundError) StatusCode() int
• type KeyOut
  • func Provide(in KeyIn) KeyOut
• type Pair
  • func GenerateECDSAPair(kid string, random io.Reader, bits int) (Pair, error)
  • func GenerateRSAPair(kid string, random io.Reader, bits int) (Pair, error)
  • func GenerateSecretPair(kid string, random io.Reader, bits int) (Pair, error)
  • func NewPair(kid string, key interface{}) (Pair, error)
  • func ReadPair(kid string, file string) (Pair, error)
  • func ReadPairBytes(kid string, data []byte) (Pair, error)
• type Registry
  • func NewRegistry(random io.Reader) Registry

Constants

const (
	ContentTypePEM = "application/x-pem-file"
	ContentTypeJWK = "application/json"
)

const (
	DefaultRSABits    = 1024
	DefaultSecretBits = 512
)

const (
	KeyTypeRSA    = "rsa"
	KeyTypeECDSA  = "ecdsa"
	KeyTypeSecret = "secret"
)

Variables

var (
	ErrUnrecognizedKeyData = errors.New("unable to read key data")

	DefaultCurve = elliptic.P384()
)

var (
	ErrNoKidVariable = errors.New("no kid variable in URI definition")
)

Functions

func MarshalPKIXPublicKeyToPEM

func MarshalPKIXPublicKeyToPEM(key interface{}) ([]byte, error)

MarshalPKIXPublicKeyToPEM handles marshaling a public key in PKIX format which is then encoded as a PEM block

func NewEndpoint

func NewEndpoint(r Registry) endpoint.Endpoint

Types

type Descriptor

type Descriptor struct {
	// Kid is the key id to use initially.  If unset, the name of the key is used.  Note that the kid can
	// change is the key is rotated or updated during application execution.
	Kid string

	// Type indicates the type of key.  This field dictates both how the key File is read or how the key
	// is generated.  The default is "rsa".
	Type string

	// Bits indicates the bit size for a generated key
	Bits int

	// File is the system path to a file where the key is stored.  If set, this file must exist and contain
	// either a secret or a PEM-encoded key pair.  If this field is not set, a key is generated.
	File string
}

Descriptor holds the configurable options for a key Pair

type Handler

type Handler http.Handler

func NewHandler

func NewHandler(e endpoint.Endpoint) Handler

func NewHandlerJWK

func NewHandlerJWK(e endpoint.Endpoint) Handler

type HandlerJWK

type HandlerJWK http.Handler

type KeyIn

type KeyIn struct {
	fx.In

	// Random is the optional source of randomness.  If not present in the container,
	// crypto/rand.Reader is used.
	Random io.Reader `optional:"true"`
}

KeyIn is the set of dependencies for this package's components

type KeyNotFoundError

type KeyNotFoundError struct {
	Kid string
}

func (KeyNotFoundError) Error

func (knfe KeyNotFoundError) Error() string

func (KeyNotFoundError) StatusCode

func (knfe KeyNotFoundError) StatusCode() int

type KeyOut

type KeyOut struct {
	fx.Out

	// Registry is the fully configured token Registry
	Registry Registry

	// Handler is the http.Handler which can serve key requests to the Registry
	Handler Handler

	HandlerJWK HandlerJWK
}

KeyOut is the set of components emitted by this package

func Provide

func Provide(in KeyIn) KeyOut

Provide is an uber/fx style provider for this package's components

type Pair

type Pair interface {
	// KID is the key identifier for this Pair
	KID() string

	// Sign returns the signing key for generating signed JWT tokens.
	Sign() interface{}

	// WriteVerifyPEMto writes the PEM-encoded verify key to an arbitrary output sink.
	WriteVerifyPEMTo(io.Writer) (int64, error)

	WriteJWK(io.Writer) (int64, error)
}

func GenerateECDSAPair

func GenerateECDSAPair(kid string, random io.Reader, bits int) (Pair, error)

func GenerateRSAPair

func GenerateRSAPair(kid string, random io.Reader, bits int) (Pair, error)

func GenerateSecretPair

func GenerateSecretPair(kid string, random io.Reader, bits int) (Pair, error)

func NewPair

func NewPair(kid string, key interface{}) (Pair, error)

func ReadPair

func ReadPair(kid string, file string) (Pair, error)

func ReadPairBytes

func ReadPairBytes(kid string, data []byte) (Pair, error)

type Registry

type Registry interface {
	// Get returns the Pair associated with a given key identifier
	Get(kid string) (Pair, bool)

	// Register creates a new Pair from a Descriptor and stores it in this registry
	Register(Descriptor) (Pair, error)
}

Registry holds zero or more key Pairs

func NewRegistry

func NewRegistry(random io.Reader) Registry

NewRegistry creates a new key Registry backed by a given source of randomness for generation. If random is nil, crypto/rand.Reader is used.