Documentation

Index

Constants

View Source
const (
	// MaxServerName must be of UUID size maximum
	MaxServerName = 24
	// NonceLength is the length of the Nonce to be used in the secrets
	NonceLength = 16
)

Variables

This section is empty.

Functions

func CodeFromErr

func CodeFromErr(err error) string

    CodeFromErr returns the collector code from ErrToken

    Types

    type BinaryJWTClaims

    type BinaryJWTClaims struct {
    	// Tags
    	T []string `codec:",omitempty"`
    	// Compressed tags
    	CT []string `codec:",omitempty"`
    	// RMT is the nonce of the remote that has to be signed in the JWT
    	RMT []byte `codec:",omitempty"`
    	// LCL is the nonce of the local node that has to be signed
    	LCL []byte `codec:",omitempty"`
    	// EK is the ephemeral EC key for encryption
    	EK []byte `codec:",omitempty"`
    	// ID is the source PU ID
    	ID string `codec:",omitempty"`
    	// Expiration time
    	ExpiresAt int64 `codec:",omitempty"`
    	// SignerKey
    	SignerKey []byte `codec:",omitempty"`
    }

      BinaryJWTClaims captures all the custom clains

      func ConvertToBinaryClaims

      func ConvertToBinaryClaims(j *ConnectionClaims, validity time.Duration) *BinaryJWTClaims

        ConvertToBinaryClaims coverts back,

        func (*BinaryJWTClaims) CodecDecodeSelf

        func (x *BinaryJWTClaims) CodecDecodeSelf(d *codec1978.Decoder)

        func (*BinaryJWTClaims) CodecEncodeSelf

        func (x *BinaryJWTClaims) CodecEncodeSelf(e *codec1978.Encoder)

        type BinaryJWTConfig

        type BinaryJWTConfig struct {
        	// ValidityPeriod  period of the JWT
        	ValidityPeriod time.Duration
        	// Issuer is the server that issues the JWT
        	Issuer string
        	// contains filtered or unexported fields
        }

          BinaryJWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

          func NewBinaryJWT

          func NewBinaryJWT(validity time.Duration, issuer string, s secrets.Secrets) (*BinaryJWTConfig, error)

            NewBinaryJWT creates a new JWT token processor

            func (*BinaryJWTConfig) CreateAndSign

            func (c *BinaryJWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, header *claimsheader.ClaimsHeader) (token []byte, err error)

              CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

              func (*BinaryJWTConfig) Decode

              func (c *BinaryJWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

                Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

                func (*BinaryJWTConfig) Randomize

                func (c *BinaryJWTConfig) Randomize(token []byte, nonce []byte) (err error)

                  Randomize adds a nonce to an existing token. Returns the nonce

                  type ConnectionClaims

                  type ConnectionClaims struct {
                  	T *policy.TagStore `json:",omitempty"`
                  	// RMT is the nonce of the remote that has to be signed in the JWT
                  	RMT []byte `json:",omitempty"`
                  	// LCL is the nonce of the local node that has to be signed
                  	LCL []byte `json:",omitempty"`
                  	// EK is the ephemeral EC key for encryption
                  	EK []byte `json:",omitempty"`
                  	// C is the compressed tags in one string
                  	CT *policy.TagStore `json:",omitempty"`
                  	// ID is the source PU ID
                  	ID string `json:",omitempty"`
                  	// RemoteID is the ID of the remote if known.
                  	RemoteID string `json:",omitempty"`
                  	// H is the claims header
                  	H claimsheader.HeaderBytes `json:",omitempty"`
                  }

                    ConnectionClaims captures all the claim information

                    type ErrToken

                    type ErrToken struct {
                    	// contains filtered or unexported fields
                    }

                      ErrToken holds error message in string

                      func (*ErrToken) Code

                      func (e *ErrToken) Code() string

                        Code returns collector reason

                        func (*ErrToken) Error

                        func (e *ErrToken) Error() string

                          Error returns error in string

                          type JWTClaims

                          type JWTClaims struct {
                          	*ConnectionClaims
                          	jwt.StandardClaims
                          }

                            JWTClaims captures all the custom clains

                            func ConvertToJWTClaims

                            func ConvertToJWTClaims(b *BinaryJWTClaims, header claimsheader.HeaderBytes) *JWTClaims

                              ConvertToJWTClaims converts to old claims

                              type JWTConfig

                              type JWTConfig struct {
                              	// ValidityPeriod  period of the JWT
                              	ValidityPeriod time.Duration
                              	// Issuer is the server that issues the JWT
                              	Issuer string
                              	// contains filtered or unexported fields
                              }

                                JWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

                                func NewJWT

                                func NewJWT(validity time.Duration, issuer string, s secrets.Secrets) (*JWTConfig, error)

                                  NewJWT creates a new JWT token processor

                                  func (*JWTConfig) CreateAndSign

                                  func (c *JWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)

                                    CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

                                    func (*JWTConfig) Decode

                                    func (c *JWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

                                      Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

                                      func (*JWTConfig) Randomize

                                      func (c *JWTConfig) Randomize(token []byte, nonce []byte) (err error)

                                        Randomize adds a nonce to an existing token. Returns the nonce

                                        type TokenEngine

                                        type TokenEngine interface {
                                        	// CreteAndSign creates a token, signs it and produces the final byte string
                                        	CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)
                                        	// Decode decodes an incoming buffer and returns the claims and the sender certificate
                                        	Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)
                                        	// Randomize inserts a source nonce in an existing token - New nonce will be
                                        	// create every time the token is transmitted as a challenge to the other side
                                        	// even when the token is cached. There should be space in the token already.
                                        	// Returns an error if there is no space
                                        	Randomize([]byte, []byte) (err error)
                                        }

                                          TokenEngine is the interface to the different implementations of tokens