Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CAPEM = `` /* 618-byte string literal not displayed */

	CAKeyPEM = `` /* 226-byte string literal not displayed */

	PrivateKeyPEM = `` /* 226-byte string literal not displayed */

	PublicPEM = `` /* 647-byte string literal not displayed */

)

    Certs

    Functions

    func CreateTxtToken

    func CreateTxtToken() []byte

      CreateTxtToken creates a transmitter token

      Types

      type CompactPKI

      type CompactPKI struct {
      	PrivateKeyPEM []byte
      	PublicKeyPEM  []byte
      	AuthorityPEM  []byte
      	TokenKeyPEMs  [][]byte
      	Compressed    claimsheader.CompressionType
      	// contains filtered or unexported fields
      }

        CompactPKI holds all PKI information

        func NewCompactPKI

        func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

          NewCompactPKI creates new secrets for PKI implementation based on compact encoding

          func NewCompactPKIWithTokenCA

          func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

            NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding

            func (*CompactPKI) AckSize

            func (p *CompactPKI) AckSize() uint32

              AckSize returns the default size of an ACK packet

              func (*CompactPKI) AuthPEM

              func (p *CompactPKI) AuthPEM() []byte

                AuthPEM returns the Certificate Authority PEM

                func (*CompactPKI) DecodingKey

                func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

                  DecodingKey returns the public key

                  func (*CompactPKI) EncodingKey

                  func (p *CompactPKI) EncodingKey() interface{}

                    EncodingKey returns the private key

                    func (*CompactPKI) EncodingPEM

                    func (p *CompactPKI) EncodingPEM() []byte

                      EncodingPEM returns the certificate PEM that is used for encoding

                      func (*CompactPKI) PublicKey

                      func (p *CompactPKI) PublicKey() interface{}

                        PublicKey returns the public key

                        func (*CompactPKI) PublicSecrets

                        func (p *CompactPKI) PublicSecrets() PublicSecrets

                          PublicSecrets returns the secrets that are marshallable over the RPC interface.

                          func (*CompactPKI) TokenPEMs

                          func (p *CompactPKI) TokenPEMs() [][]byte

                            TokenPEMs returns the Token Certificate Authorities

                            func (*CompactPKI) TransmittedKey

                            func (p *CompactPKI) TransmittedKey() []byte

                              TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                              func (*CompactPKI) TransmittedPEM

                              func (p *CompactPKI) TransmittedPEM() []byte

                                TransmittedPEM returns the PEM certificate that is transmitted

                                func (*CompactPKI) Type

                                func (p *CompactPKI) Type() PrivateSecretsType

                                  Type implements the interface Secrets

                                  func (*CompactPKI) VerifyPublicKey

                                  func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

                                    VerifyPublicKey verifies if the inband public key is correct.

                                    type CompactPKIPublicSecrets

                                    type CompactPKIPublicSecrets struct {
                                    	Type        PrivateSecretsType
                                    	Key         []byte
                                    	Certificate []byte
                                    	CA          []byte
                                    	TokenCAs    [][]byte
                                    	Token       []byte
                                    	Compressed  claimsheader.CompressionType
                                    }

                                      CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                      func (*CompactPKIPublicSecrets) CertAuthority

                                      func (p *CompactPKIPublicSecrets) CertAuthority() []byte

                                        CertAuthority returns the cert authority

                                        func (*CompactPKIPublicSecrets) SecretsType

                                          SecretsType returns the type of secrets.

                                          type NullPKI

                                          type NullPKI struct {
                                          	PrivateKeyPEM []byte
                                          	PublicKeyPEM  []byte
                                          	AuthorityPEM  []byte
                                          }

                                            NullPKI holds all PKI information

                                            func NewNullPKI

                                            func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

                                              NewNullPKI creates new secrets for PKI implementation based on compact encoding

                                              func (*NullPKI) AckSize

                                              func (p *NullPKI) AckSize() uint32

                                                AckSize returns the default size of an ACK packet

                                                func (*NullPKI) AuthPEM

                                                func (p *NullPKI) AuthPEM() []byte

                                                  AuthPEM returns the Certificate Authority PEM

                                                  func (*NullPKI) DecodingKey

                                                  func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

                                                    DecodingKey returns the public key

                                                    func (*NullPKI) EncodingKey

                                                    func (p *NullPKI) EncodingKey() interface{}

                                                      EncodingKey returns the private key

                                                      func (*NullPKI) EncodingPEM

                                                      func (p *NullPKI) EncodingPEM() []byte

                                                        EncodingPEM returns the certificate PEM that is used for encoding

                                                        func (*NullPKI) PublicKey

                                                        func (p *NullPKI) PublicKey() interface{}

                                                          PublicKey returns nil in this case

                                                          func (*NullPKI) PublicSecrets

                                                          func (p *NullPKI) PublicSecrets() PublicSecrets

                                                            PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                            func (*NullPKI) TransmittedKey

                                                            func (p *NullPKI) TransmittedKey() []byte

                                                              TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                                                              func (*NullPKI) TransmittedPEM

                                                              func (p *NullPKI) TransmittedPEM() []byte

                                                                TransmittedPEM returns the PEM certificate that is transmitted

                                                                func (*NullPKI) Type

                                                                func (p *NullPKI) Type() PrivateSecretsType

                                                                  Type implements the interface Secrets

                                                                  func (*NullPKI) VerifyPublicKey

                                                                  func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                    VerifyPublicKey verifies if the inband public key is correct.

                                                                    type NullPublicSecrets

                                                                    type NullPublicSecrets struct {
                                                                    	Type PrivateSecretsType
                                                                    }

                                                                      NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                      func (*NullPublicSecrets) CertAuthority

                                                                      func (p *NullPublicSecrets) CertAuthority() []byte

                                                                        CertAuthority returns the cert authority - N/A to PSK

                                                                        func (*NullPublicSecrets) SecretsType

                                                                        func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

                                                                          SecretsType returns the type of secrets.

                                                                          type PKIPublicSecrets

                                                                          type PKIPublicSecrets struct {
                                                                          	Type        PrivateSecretsType
                                                                          	Key         []byte
                                                                          	Certificate []byte
                                                                          	CA          []byte
                                                                          }

                                                                            PKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                            func (*PKIPublicSecrets) CertAuthority

                                                                            func (p *PKIPublicSecrets) CertAuthority() []byte

                                                                              CertAuthority returns the cert authority

                                                                              func (*PKIPublicSecrets) SecretsType

                                                                              func (p *PKIPublicSecrets) SecretsType() PrivateSecretsType

                                                                                SecretsType returns the type of secrets.

                                                                                type PKISecrets

                                                                                type PKISecrets struct {
                                                                                	PrivateKeyPEM    []byte
                                                                                	PublicKeyPEM     []byte
                                                                                	AuthorityPEM     []byte
                                                                                	CertificateCache map[string]*ecdsa.PublicKey
                                                                                	// contains filtered or unexported fields
                                                                                }

                                                                                  PKISecrets holds all PKI information

                                                                                  func NewPKISecrets

                                                                                  func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)

                                                                                    NewPKISecrets creates new secrets for PKI implementations

                                                                                    func (*PKISecrets) AckSize

                                                                                    func (p *PKISecrets) AckSize() uint32

                                                                                      AckSize returns the default size of an ACK packet

                                                                                      func (*PKISecrets) AuthPEM

                                                                                      func (p *PKISecrets) AuthPEM() []byte

                                                                                        AuthPEM returns the Certificate Authority PEM

                                                                                        func (*PKISecrets) DecodingKey

                                                                                        func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

                                                                                          DecodingKey returns the public key

                                                                                          func (*PKISecrets) EncodingKey

                                                                                          func (p *PKISecrets) EncodingKey() interface{}

                                                                                            EncodingKey returns the private key

                                                                                            func (*PKISecrets) EncodingPEM

                                                                                            func (p *PKISecrets) EncodingPEM() []byte

                                                                                              EncodingPEM returns the certificate PEM that is used for encoding

                                                                                              func (*PKISecrets) PublicKey

                                                                                              func (p *PKISecrets) PublicKey() interface{}

                                                                                                PublicKey returns the public key

                                                                                                func (*PKISecrets) PublicKeyAdd

                                                                                                func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

                                                                                                  PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

                                                                                                  func (*PKISecrets) PublicSecrets

                                                                                                  func (p *PKISecrets) PublicSecrets() PublicSecrets

                                                                                                    PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                                                                    func (*PKISecrets) TransmittedKey

                                                                                                    func (p *PKISecrets) TransmittedKey() []byte

                                                                                                      TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                                                                                                      func (*PKISecrets) TransmittedPEM

                                                                                                      func (p *PKISecrets) TransmittedPEM() []byte

                                                                                                        TransmittedPEM returns the PEM certificate that is transmitted

                                                                                                        func (*PKISecrets) Type

                                                                                                        func (p *PKISecrets) Type() PrivateSecretsType

                                                                                                          Type implements the interface Secrets

                                                                                                          func (*PKISecrets) VerifyPublicKey

                                                                                                          func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                                                            VerifyPublicKey verifies if the inband public key is correct.

                                                                                                            type PSKPublicSecrets

                                                                                                            type PSKPublicSecrets struct {
                                                                                                            	Type      PrivateSecretsType
                                                                                                            	SharedKey []byte
                                                                                                            }

                                                                                                              PSKPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                                                              func (*PSKPublicSecrets) CertAuthority

                                                                                                              func (p *PSKPublicSecrets) CertAuthority() []byte

                                                                                                                CertAuthority returns the cert authority - N/A to PSK

                                                                                                                func (*PSKPublicSecrets) SecretsType

                                                                                                                func (p *PSKPublicSecrets) SecretsType() PrivateSecretsType

                                                                                                                  SecretsType returns the type of secrets.

                                                                                                                  type PSKSecrets

                                                                                                                  type PSKSecrets struct {
                                                                                                                  	SharedKey []byte
                                                                                                                  }

                                                                                                                    PSKSecrets holds the shared key.

                                                                                                                    func NewPSKSecrets

                                                                                                                    func NewPSKSecrets(psk []byte) *PSKSecrets

                                                                                                                      NewPSKSecrets creates new PSK Secrets.

                                                                                                                      func (*PSKSecrets) AckSize

                                                                                                                      func (p *PSKSecrets) AckSize() uint32

                                                                                                                        AckSize returns the expected size of ack packets.

                                                                                                                        func (*PSKSecrets) AuthPEM

                                                                                                                        func (p *PSKSecrets) AuthPEM() []byte

                                                                                                                          AuthPEM returns the Certificate Authority PEM.

                                                                                                                          func (*PSKSecrets) DecodingKey

                                                                                                                          func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

                                                                                                                            DecodingKey returns the preshared key.

                                                                                                                            func (*PSKSecrets) EncodingKey

                                                                                                                            func (p *PSKSecrets) EncodingKey() interface{}

                                                                                                                              EncodingKey returns the pre-shared key.

                                                                                                                              func (*PSKSecrets) EncodingPEM

                                                                                                                              func (p *PSKSecrets) EncodingPEM() []byte

                                                                                                                                EncodingPEM returns the certificate PEM that is used for encoding.

                                                                                                                                func (*PSKSecrets) PublicKey

                                                                                                                                func (p *PSKSecrets) PublicKey() interface{}

                                                                                                                                  PublicKey returns the public key

                                                                                                                                  func (*PSKSecrets) PublicSecrets

                                                                                                                                  func (p *PSKSecrets) PublicSecrets() PublicSecrets

                                                                                                                                    PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                                                                                                    func (*PSKSecrets) TransmittedKey

                                                                                                                                    func (p *PSKSecrets) TransmittedKey() []byte

                                                                                                                                      TransmittedKey returns nil in the case of pre-shared key.

                                                                                                                                      func (*PSKSecrets) TransmittedPEM

                                                                                                                                      func (p *PSKSecrets) TransmittedPEM() []byte

                                                                                                                                        TransmittedPEM returns the PEM certificate that is transmitted.

                                                                                                                                        func (*PSKSecrets) Type

                                                                                                                                        func (p *PSKSecrets) Type() PrivateSecretsType

                                                                                                                                          Type implements the Secrets interface.

                                                                                                                                          func (*PSKSecrets) VerifyPublicKey

                                                                                                                                          func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                                                                                            VerifyPublicKey always returns nil for pre-shared secrets.

                                                                                                                                            type PrivateSecretsType

                                                                                                                                            type PrivateSecretsType int

                                                                                                                                              PrivateSecretsType identifies the different secrets that are supported

                                                                                                                                              const (
                                                                                                                                              	// PKIType  for asymmetric signing
                                                                                                                                              	PKIType PrivateSecretsType = iota
                                                                                                                                              	// PSKType  for symetric signing
                                                                                                                                              	PSKType
                                                                                                                                              	// PKICompactType is for asymetric signing using compact JWTs on the wire
                                                                                                                                              	PKICompactType
                                                                                                                                              	// PKINull is for debugging
                                                                                                                                              	PKINull
                                                                                                                                              )

                                                                                                                                              type PublicKeyAdder

                                                                                                                                              type PublicKeyAdder interface {
                                                                                                                                              
                                                                                                                                              	// PublicKeyAdd adds the given cert for the given host.
                                                                                                                                              	PublicKeyAdd(host string, cert []byte) error
                                                                                                                                              }

                                                                                                                                                PublicKeyAdder register a publicKey for a Node.

                                                                                                                                                type PublicSecrets

                                                                                                                                                type PublicSecrets interface {
                                                                                                                                                	SecretsType() PrivateSecretsType
                                                                                                                                                	CertAuthority() []byte
                                                                                                                                                }

                                                                                                                                                  PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

                                                                                                                                                  type Secrets

                                                                                                                                                  type Secrets interface {
                                                                                                                                                  	// Type must return the type of the secrets as defined in the PrivateSecretsType
                                                                                                                                                  	Type() PrivateSecretsType
                                                                                                                                                  	// EncodingKey returns the key used to encode the tokens.
                                                                                                                                                  	EncodingKey() interface{}
                                                                                                                                                  	// DecodingKey is the key used to decode the tokens.
                                                                                                                                                  	DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
                                                                                                                                                  	// PublicKey returns the public ket of the secrets.
                                                                                                                                                  	PublicKey() interface{}
                                                                                                                                                  	// TransmittedKey returns the public key as a byte slice and as it is transmitted
                                                                                                                                                  	// on the wire.
                                                                                                                                                  	TransmittedKey() []byte
                                                                                                                                                  	// VerifyPublicKey will verify a public key and whether it is signed by a trusted
                                                                                                                                                  	// authority.
                                                                                                                                                  	VerifyPublicKey(pkey []byte) (interface{}, error)
                                                                                                                                                  	// AckSize calculates the size of the ACK packet based on the keys.
                                                                                                                                                  	AckSize() uint32
                                                                                                                                                  	// PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
                                                                                                                                                  	PublicSecrets() PublicSecrets
                                                                                                                                                  }

                                                                                                                                                    Secrets is an interface implementing secrets

                                                                                                                                                    func NewSecrets

                                                                                                                                                    func NewSecrets(s PublicSecrets) (Secrets, error)

                                                                                                                                                      NewSecrets creates a new set of secrets based on the type.