Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CompactPKI

type CompactPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
	TokenKeyPEMs  [][]byte
	Compressed    constants.CompressionType
	// contains filtered or unexported fields
}

    CompactPKI holds all PKI information

    func NewCompactPKI

    func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress constants.CompressionType) (*CompactPKI, error)

      NewCompactPKI creates new secrets for PKI implementation based on compact encoding

      func NewCompactPKIWithTokenCA

      func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress constants.CompressionType) (*CompactPKI, error)

        NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding

        func (*CompactPKI) AckSize

        func (p *CompactPKI) AckSize() uint32

          AckSize returns the default size of an ACK packet

          func (*CompactPKI) AuthPEM

          func (p *CompactPKI) AuthPEM() []byte

            AuthPEM returns the Certificate Authority PEM

            func (*CompactPKI) DecodingKey

            func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

              DecodingKey returns the public key

              func (*CompactPKI) EncodingKey

              func (p *CompactPKI) EncodingKey() interface{}

                EncodingKey returns the private key

                func (*CompactPKI) EncodingPEM

                func (p *CompactPKI) EncodingPEM() []byte

                  EncodingPEM returns the certificate PEM that is used for encoding

                  func (*CompactPKI) PublicKey

                  func (p *CompactPKI) PublicKey() interface{}

                    PublicKey returns the public key

                    func (*CompactPKI) PublicSecrets

                    func (p *CompactPKI) PublicSecrets() PublicSecrets

                      PublicSecrets returns the secrets that are marshallable over the RPC interface.

                      func (*CompactPKI) TokenPEMs

                      func (p *CompactPKI) TokenPEMs() [][]byte

                        TokenPEMs returns the Token Certificate Authorities

                        func (*CompactPKI) TransmittedKey

                        func (p *CompactPKI) TransmittedKey() []byte

                          TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                          func (*CompactPKI) TransmittedPEM

                          func (p *CompactPKI) TransmittedPEM() []byte

                            TransmittedPEM returns the PEM certificate that is transmitted

                            func (*CompactPKI) Type

                            func (p *CompactPKI) Type() PrivateSecretsType

                              Type implements the interface Secrets

                              func (*CompactPKI) VerifyPublicKey

                              func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

                                VerifyPublicKey verifies if the inband public key is correct.

                                type CompactPKIPublicSecrets

                                type CompactPKIPublicSecrets struct {
                                	Type        PrivateSecretsType
                                	Key         []byte
                                	Certificate []byte
                                	CA          []byte
                                	TokenCAs    [][]byte
                                	Token       []byte
                                	Compressed  constants.CompressionType
                                }

                                  CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                  func (*CompactPKIPublicSecrets) CertAuthority

                                  func (p *CompactPKIPublicSecrets) CertAuthority() []byte

                                    CertAuthority returns the cert authority

                                    func (*CompactPKIPublicSecrets) SecretsType

                                      SecretsType returns the type of secrets.

                                      type NullPKI

                                      type NullPKI struct {
                                      	PrivateKeyPEM []byte
                                      	PublicKeyPEM  []byte
                                      	AuthorityPEM  []byte
                                      }

                                        NullPKI holds all PKI information

                                        func NewNullPKI

                                        func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

                                          NewNullPKI creates new secrets for PKI implementation based on compact encoding

                                          func (*NullPKI) AckSize

                                          func (p *NullPKI) AckSize() uint32

                                            AckSize returns the default size of an ACK packet

                                            func (*NullPKI) AuthPEM

                                            func (p *NullPKI) AuthPEM() []byte

                                              AuthPEM returns the Certificate Authority PEM

                                              func (*NullPKI) DecodingKey

                                              func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

                                                DecodingKey returns the public key

                                                func (*NullPKI) EncodingKey

                                                func (p *NullPKI) EncodingKey() interface{}

                                                  EncodingKey returns the private key

                                                  func (*NullPKI) EncodingPEM

                                                  func (p *NullPKI) EncodingPEM() []byte

                                                    EncodingPEM returns the certificate PEM that is used for encoding

                                                    func (*NullPKI) PublicKey

                                                    func (p *NullPKI) PublicKey() interface{}

                                                      PublicKey returns nil in this case

                                                      func (*NullPKI) PublicSecrets

                                                      func (p *NullPKI) PublicSecrets() PublicSecrets

                                                        PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                        func (*NullPKI) TransmittedKey

                                                        func (p *NullPKI) TransmittedKey() []byte

                                                          TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                                                          func (*NullPKI) TransmittedPEM

                                                          func (p *NullPKI) TransmittedPEM() []byte

                                                            TransmittedPEM returns the PEM certificate that is transmitted

                                                            func (*NullPKI) Type

                                                            func (p *NullPKI) Type() PrivateSecretsType

                                                              Type implements the interface Secrets

                                                              func (*NullPKI) VerifyPublicKey

                                                              func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                VerifyPublicKey verifies if the inband public key is correct.

                                                                type NullPublicSecrets

                                                                type NullPublicSecrets struct {
                                                                	Type PrivateSecretsType
                                                                }

                                                                  NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                  func (*NullPublicSecrets) CertAuthority

                                                                  func (p *NullPublicSecrets) CertAuthority() []byte

                                                                    CertAuthority returns the cert authority - N/A to PSK

                                                                    func (*NullPublicSecrets) SecretsType

                                                                    func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

                                                                      SecretsType returns the type of secrets.

                                                                      type PKIPublicSecrets

                                                                      type PKIPublicSecrets struct {
                                                                      	Type        PrivateSecretsType
                                                                      	Key         []byte
                                                                      	Certificate []byte
                                                                      	CA          []byte
                                                                      }

                                                                        PKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                        func (*PKIPublicSecrets) CertAuthority

                                                                        func (p *PKIPublicSecrets) CertAuthority() []byte

                                                                          CertAuthority returns the cert authority

                                                                          func (*PKIPublicSecrets) SecretsType

                                                                          func (p *PKIPublicSecrets) SecretsType() PrivateSecretsType

                                                                            SecretsType returns the type of secrets.

                                                                            type PKISecrets

                                                                            type PKISecrets struct {
                                                                            	PrivateKeyPEM    []byte
                                                                            	PublicKeyPEM     []byte
                                                                            	AuthorityPEM     []byte
                                                                            	CertificateCache map[string]*ecdsa.PublicKey
                                                                            	// contains filtered or unexported fields
                                                                            }

                                                                              PKISecrets holds all PKI information

                                                                              func NewPKISecrets

                                                                              func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)

                                                                                NewPKISecrets creates new secrets for PKI implementations

                                                                                func (*PKISecrets) AckSize

                                                                                func (p *PKISecrets) AckSize() uint32

                                                                                  AckSize returns the default size of an ACK packet

                                                                                  func (*PKISecrets) AuthPEM

                                                                                  func (p *PKISecrets) AuthPEM() []byte

                                                                                    AuthPEM returns the Certificate Authority PEM

                                                                                    func (*PKISecrets) DecodingKey

                                                                                    func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

                                                                                      DecodingKey returns the public key

                                                                                      func (*PKISecrets) EncodingKey

                                                                                      func (p *PKISecrets) EncodingKey() interface{}

                                                                                        EncodingKey returns the private key

                                                                                        func (*PKISecrets) EncodingPEM

                                                                                        func (p *PKISecrets) EncodingPEM() []byte

                                                                                          EncodingPEM returns the certificate PEM that is used for encoding

                                                                                          func (*PKISecrets) PublicKey

                                                                                          func (p *PKISecrets) PublicKey() interface{}

                                                                                            PublicKey returns the public key

                                                                                            func (*PKISecrets) PublicKeyAdd

                                                                                            func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

                                                                                              PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

                                                                                              func (*PKISecrets) PublicSecrets

                                                                                              func (p *PKISecrets) PublicSecrets() PublicSecrets

                                                                                                PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                                                                func (*PKISecrets) TransmittedKey

                                                                                                func (p *PKISecrets) TransmittedKey() []byte

                                                                                                  TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

                                                                                                  func (*PKISecrets) TransmittedPEM

                                                                                                  func (p *PKISecrets) TransmittedPEM() []byte

                                                                                                    TransmittedPEM returns the PEM certificate that is transmitted

                                                                                                    func (*PKISecrets) Type

                                                                                                    func (p *PKISecrets) Type() PrivateSecretsType

                                                                                                      Type implements the interface Secrets

                                                                                                      func (*PKISecrets) VerifyPublicKey

                                                                                                      func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                                                        VerifyPublicKey verifies if the inband public key is correct.

                                                                                                        type PSKPublicSecrets

                                                                                                        type PSKPublicSecrets struct {
                                                                                                        	Type      PrivateSecretsType
                                                                                                        	SharedKey []byte
                                                                                                        }

                                                                                                          PSKPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

                                                                                                          func (*PSKPublicSecrets) CertAuthority

                                                                                                          func (p *PSKPublicSecrets) CertAuthority() []byte

                                                                                                            CertAuthority returns the cert authority - N/A to PSK

                                                                                                            func (*PSKPublicSecrets) SecretsType

                                                                                                            func (p *PSKPublicSecrets) SecretsType() PrivateSecretsType

                                                                                                              SecretsType returns the type of secrets.

                                                                                                              type PSKSecrets

                                                                                                              type PSKSecrets struct {
                                                                                                              	SharedKey []byte
                                                                                                              }

                                                                                                                PSKSecrets holds the shared key.

                                                                                                                func NewPSKSecrets

                                                                                                                func NewPSKSecrets(psk []byte) *PSKSecrets

                                                                                                                  NewPSKSecrets creates new PSK Secrets.

                                                                                                                  func (*PSKSecrets) AckSize

                                                                                                                  func (p *PSKSecrets) AckSize() uint32

                                                                                                                    AckSize returns the expected size of ack packets.

                                                                                                                    func (*PSKSecrets) AuthPEM

                                                                                                                    func (p *PSKSecrets) AuthPEM() []byte

                                                                                                                      AuthPEM returns the Certificate Authority PEM.

                                                                                                                      func (*PSKSecrets) DecodingKey

                                                                                                                      func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

                                                                                                                        DecodingKey returns the preshared key.

                                                                                                                        func (*PSKSecrets) EncodingKey

                                                                                                                        func (p *PSKSecrets) EncodingKey() interface{}

                                                                                                                          EncodingKey returns the pre-shared key.

                                                                                                                          func (*PSKSecrets) EncodingPEM

                                                                                                                          func (p *PSKSecrets) EncodingPEM() []byte

                                                                                                                            EncodingPEM returns the certificate PEM that is used for encoding.

                                                                                                                            func (*PSKSecrets) PublicKey

                                                                                                                            func (p *PSKSecrets) PublicKey() interface{}

                                                                                                                              PublicKey returns the public key

                                                                                                                              func (*PSKSecrets) PublicSecrets

                                                                                                                              func (p *PSKSecrets) PublicSecrets() PublicSecrets

                                                                                                                                PublicSecrets returns the secrets that are marshallable over the RPC interface.

                                                                                                                                func (*PSKSecrets) TransmittedKey

                                                                                                                                func (p *PSKSecrets) TransmittedKey() []byte

                                                                                                                                  TransmittedKey returns nil in the case of pre-shared key.

                                                                                                                                  func (*PSKSecrets) TransmittedPEM

                                                                                                                                  func (p *PSKSecrets) TransmittedPEM() []byte

                                                                                                                                    TransmittedPEM returns the PEM certificate that is transmitted.

                                                                                                                                    func (*PSKSecrets) Type

                                                                                                                                    func (p *PSKSecrets) Type() PrivateSecretsType

                                                                                                                                      Type implements the Secrets interface.

                                                                                                                                      func (*PSKSecrets) VerifyPublicKey

                                                                                                                                      func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

                                                                                                                                        VerifyPublicKey always returns nil for pre-shared secrets.

                                                                                                                                        type PrivateSecretsType

                                                                                                                                        type PrivateSecretsType int

                                                                                                                                          PrivateSecretsType identifies the different secrets that are supported

                                                                                                                                          const (
                                                                                                                                          	// PKIType  for asymmetric signing
                                                                                                                                          	PKIType PrivateSecretsType = iota
                                                                                                                                          	// PSKType  for symetric signing
                                                                                                                                          	PSKType
                                                                                                                                          	// PKICompactType is for asymetric signing using compact JWTs on the wire
                                                                                                                                          	PKICompactType
                                                                                                                                          	// PKINull is for debugging
                                                                                                                                          	PKINull
                                                                                                                                          )

                                                                                                                                          type PublicKeyAdder

                                                                                                                                          type PublicKeyAdder interface {
                                                                                                                                          
                                                                                                                                          	// PublicKeyAdd adds the given cert for the given host.
                                                                                                                                          	PublicKeyAdd(host string, cert []byte) error
                                                                                                                                          }

                                                                                                                                            PublicKeyAdder register a publicKey for a Node.

                                                                                                                                            type PublicSecrets

                                                                                                                                            type PublicSecrets interface {
                                                                                                                                            	SecretsType() PrivateSecretsType
                                                                                                                                            	CertAuthority() []byte
                                                                                                                                            }

                                                                                                                                              PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

                                                                                                                                              type Secrets

                                                                                                                                              type Secrets interface {
                                                                                                                                              	// Type must return the type of the secrets as defined in the PrivateSecretsType
                                                                                                                                              	Type() PrivateSecretsType
                                                                                                                                              	// EncodingKey returns the key used to encode the tokens.
                                                                                                                                              	EncodingKey() interface{}
                                                                                                                                              	// DecodingKey is the key used to decode the tokens.
                                                                                                                                              	DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
                                                                                                                                              	// PublicKey returns the public ket of the secrets.
                                                                                                                                              	PublicKey() interface{}
                                                                                                                                              	// TransmittedKey returns the public key as a byte slice and as it is transmitted
                                                                                                                                              	// on the wire.
                                                                                                                                              	TransmittedKey() []byte
                                                                                                                                              	// VerifyPublicKey will verify a public key and whether it is signed by a trusted
                                                                                                                                              	// authority.
                                                                                                                                              	VerifyPublicKey(pkey []byte) (interface{}, error)
                                                                                                                                              	// AckSize calculates the size of the ACK packet based on the keys.
                                                                                                                                              	AckSize() uint32
                                                                                                                                              	// PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
                                                                                                                                              	PublicSecrets() PublicSecrets
                                                                                                                                              }

                                                                                                                                                Secrets is an interface implementing secrets

                                                                                                                                                func NewSecrets

                                                                                                                                                func NewSecrets(s PublicSecrets) (Secrets, error)

                                                                                                                                                  NewSecrets creates a new set of secrets based on the type.