tokens

package

v11.0.0-rc9 Latest Latest Go to latest Published: Feb 4, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Documentation ¶

Index ¶

Constants
func CodeFromErr(err error) string
type BinaryJWTClaims
- func ConvertToBinaryClaims(j *ConnectionClaims, validity time.Duration) *BinaryJWTClaims
- func (x *BinaryJWTClaims) CodecDecodeSelf(d *codec1978.Decoder)
- func (x *BinaryJWTClaims) CodecEncodeSelf(e *codec1978.Encoder)
type BinaryJWTConfig
- func NewBinaryJWT(validity time.Duration, issuer string, s secrets.Secrets) (*BinaryJWTConfig, error)
type ConnectionClaims
type ErrToken
- func (e *ErrToken) Code() string
- func (e *ErrToken) Error() string
type JWTClaims
- func ConvertToJWTClaims(b *BinaryJWTClaims, header claimsheader.HeaderBytes) *JWTClaims
type JWTConfig
- func NewJWT(validity time.Duration, issuer string, s secrets.Secrets) (*JWTConfig, error)
type TokenEngine

Constants ¶

View Source

const (
	// MaxServerName must be of UUID size maximum
	MaxServerName = 24
	// NonceLength is the length of the Nonce to be used in the secrets
	NonceLength = 16
)

Variables ¶

This section is empty.

Functions ¶

func CodeFromErr ¶

func CodeFromErr(err error) string

CodeFromErr returns the collector code from ErrToken

Types ¶

type BinaryJWTClaims ¶

type BinaryJWTClaims struct {
	// Tags
	T []string `codec:",omitempty"`
	// Compressed tags
	CT []string `codec:",omitempty"`
	// RMT is the nonce of the remote that has to be signed in the JWT
	RMT []byte `codec:",omitempty"`
	// LCL is the nonce of the local node that has to be signed
	LCL []byte `codec:",omitempty"`
	// EK is the ephemeral EC key for encryption
	EK []byte `codec:",omitempty"`
	// ID is the source PU ID
	ID string `codec:",omitempty"`
	// Expiration time
	ExpiresAt int64 `codec:",omitempty"`
	// SignerKey
	SignerKey []byte `codec:",omitempty"`
}

BinaryJWTClaims captures all the custom clains

func ConvertToBinaryClaims ¶

func ConvertToBinaryClaims(j *ConnectionClaims, validity time.Duration) *BinaryJWTClaims

ConvertToBinaryClaims coverts back,

func (*BinaryJWTClaims) CodecDecodeSelf ¶

func (x *BinaryJWTClaims) CodecDecodeSelf(d *codec1978.Decoder)

func (*BinaryJWTClaims) CodecEncodeSelf ¶

func (x *BinaryJWTClaims) CodecEncodeSelf(e *codec1978.Encoder)

type BinaryJWTConfig ¶

type BinaryJWTConfig struct {
	// ValidityPeriod  period of the JWT
	ValidityPeriod time.Duration
	// Issuer is the server that issues the JWT
	Issuer string
	// contains filtered or unexported fields
}

BinaryJWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

func NewBinaryJWT ¶

func NewBinaryJWT(validity time.Duration, issuer string, s secrets.Secrets) (*BinaryJWTConfig, error)

NewBinaryJWT creates a new JWT token processor

func (*BinaryJWTConfig) CreateAndSign ¶

func (c *BinaryJWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, header *claimsheader.ClaimsHeader) (token []byte, err error)

CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

func (*BinaryJWTConfig) Decode ¶

func (c *BinaryJWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

func (*BinaryJWTConfig) Randomize ¶

func (c *BinaryJWTConfig) Randomize(token []byte, nonce []byte) (err error)

Randomize adds a nonce to an existing token. Returns the nonce

type ConnectionClaims ¶

type ConnectionClaims struct {
	T *policy.TagStore `json:",omitempty"`
	// RMT is the nonce of the remote that has to be signed in the JWT
	RMT []byte `json:",omitempty"`
	// LCL is the nonce of the local node that has to be signed
	LCL []byte `json:",omitempty"`
	// EK is the ephemeral EC key for encryption
	EK []byte `json:",omitempty"`
	// C is the compressed tags in one string
	CT *policy.TagStore `json:",omitempty"`
	// ID is the source PU ID
	ID string `json:",omitempty"`
	// RemoteID is the ID of the remote if known.
	RemoteID string `json:",omitempty"`
	// H is the claims header
	H claimsheader.HeaderBytes `json:",omitempty"`
}

ConnectionClaims captures all the claim information

type ErrToken ¶

type ErrToken struct {
	// contains filtered or unexported fields
}

ErrToken holds error message in string

func (*ErrToken) Code ¶

func (e *ErrToken) Code() string

Code returns collector reason

func (*ErrToken) Error ¶

func (e *ErrToken) Error() string

Error returns error in string

type JWTClaims ¶

type JWTClaims struct {
	*ConnectionClaims
	jwt.StandardClaims
}

JWTClaims captures all the custom clains

func ConvertToJWTClaims ¶

func ConvertToJWTClaims(b *BinaryJWTClaims, header claimsheader.HeaderBytes) *JWTClaims

ConvertToJWTClaims converts to old claims

type JWTConfig ¶

type JWTConfig struct {
	// ValidityPeriod  period of the JWT
	ValidityPeriod time.Duration
	// Issuer is the server that issues the JWT
	Issuer string
	// contains filtered or unexported fields
}

JWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

func NewJWT ¶

func NewJWT(validity time.Duration, issuer string, s secrets.Secrets) (*JWTConfig, error)

NewJWT creates a new JWT token processor

func (*JWTConfig) CreateAndSign ¶

func (c *JWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)

CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

func (*JWTConfig) Decode ¶

func (c *JWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

func (*JWTConfig) Randomize ¶

func (c *JWTConfig) Randomize(token []byte, nonce []byte) (err error)

Randomize adds a nonce to an existing token. Returns the nonce

type TokenEngine ¶

type TokenEngine interface {
	// CreteAndSign creates a token, signs it and produces the final byte string
	CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)
	// Decode decodes an incoming buffer and returns the claims and the sender certificate
	Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)
	// Randomize inserts a source nonce in an existing token - New nonce will be
	// create every time the token is transmitted as a challenge to the other side
	// even when the token is cached. There should be space in the token already.
	// Returns an error if there is no space
	Randomize([]byte, []byte) (err error)
}

TokenEngine is the interface to the different implementations of tokens

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL