identity

package
v0.0.0-...-39628cf Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2024 License: AGPL-3.0 Imports: 20 Imported by: 1

Documentation

Index

Constants

View Source 
const Self = "."

Self use this to indicate self signing as the issuer.

Variables

View Source 
var ErrAlreadyInitialized = errors.New("already initialized")

ErrAlreadyInitialized is returned if Init() is called when the KeyStore is already initialized.

Functions

func MakeSureInit 

func MakeSureInit(core Core, config *CoreConfig) error

MakeSureInit initializes the core if it is not already initialized.

func NewJWTSigner 

func NewJWTSigner(signer Signer) jwt.Signer

NewJWTSigner returns a JWT signer with given signer.

func NewJWTVerifier 

func NewJWTVerifier(card Card) jwt.Verifier

NewJWTVerifier returns a new JWT verifier using the identity card.

func NewService 

func NewService(card Card) aries.Service

NewService creates a new identity service stub

func SignSelf 

func SignSelf(ctx context.Context, s Signer, user, domain string, t time.Time) (
	string, error,
)

SignSelf creates a self token.

func SignToken 

func SignToken(ctx context.Context, signer Signer, config *SignConfig) (
	string, error,
)

SignToken signs a self token or an access token.

func UserAtDomain 

func UserAtDomain(user, domain string) string

UserAtDomain returns the string of user@domain.

func VerifySelfToken 

func VerifySelfToken(
	ctx context.Context, token, user, host string, card Card, t time.Time,
) (*jwt.Token, error)

VerifySelfToken verifies a self-signed ID token that is presented to its owner host.

Types

type Card 

type Card interface {
	// Identity fetches the identity of the service.
	Identity(ctx context.Context) (*Identity, error)
}

Card provides the Identity of an entity.

type Core 

type Core interface {
	// Init initializes the identity with the given config.
	Init(c *CoreConfig) (*Identity, error)

	// AddKey adds a new identity key.
	AddKey(c *KeyConfig) (*PublicKey, error)

	// RemoveKey removes an identity key.
	RemoveKey(id string) error

	Signer
}

Core is an identity core that can save the identity keys.

func NewMemCore 

func NewMemCore(t func() time.Time) Core

NewMemCore creates a new simple core that saves states in memory. It is useful for temporary testing.

func NewSimpleCore 

func NewSimpleCore(store SimpleStore, t func() time.Time) Core

NewSimpleCore creates a new simple core using the given store. simple store only support RS256 signing.

type CoreConfig 

type CoreConfig struct {
	Keys []*KeyConfig
}

CoreConfig is the configuration for initialiazation of the identity.

func SingleKeyCoreConfig 

func SingleKeyCoreConfig(expire time.Time) *CoreConfig

SingleKeyCoreConfig creates a simple CoreConfig that creates one single key that expires at expire.

type GetIDRequest 

type GetIDRequest struct{}

GetIDRequest is the request for getting an identity.

type Identity 

type Identity struct {
	PublicKeys []*PublicKey `json:",omitempty"`
}

Identity is the identity of a service or a robot.

func (*Identity) Identity 

func (id *Identity) Identity(_ context.Context) (*Identity, error)

Identity returns itself, so it implements the Card interface.

type KeyConfig 

type KeyConfig struct {
	Type           string // Optional
	NotValidAfter  int64
	NotValidBefore int64
	Comment        string
}

KeyConfig is the configuration for a new key.

type PublicKey 

type PublicKey struct {
	ID             string
	Type           string
	Alg            string // Signing alghorithm,must use JWT alg codes.
	Key            string // Key content.
	NotValidAfter  int64
	NotValidBefore int64  `json:",omitempty"`
	Comment        string `json:",omitempty"`
}

PublicKey is the public key of an identity.

func FindPublicKey 

func FindPublicKey(id *Identity, keyID string) *PublicKey

FindPublicKey finds the public key of the given ID. Returns nil if not found.

type RemoteCard 

type RemoteCard struct {
	// contains filtered or unexported fields
}

RemoteCard is a remote identity.

func NewRemoteCard 

func NewRemoteCard(u *url.URL) *RemoteCard

NewRemoteCard creates a new remote card

func (*RemoteCard) Identity 

func (c *RemoteCard) Identity(ctx context.Context) (*Identity, error)

Identity returns the identity that is fetched from the remote API endpoint.

func (*RemoteCard) Refresh 

func (c *RemoteCard) Refresh(ctx context.Context) error

Refresh forces a refresh of the cached identity. The context is currently ignored.

type SignConfig 

type SignConfig struct {
	User   string
	Domain string

	// Optional; when empty, Domain is the issuer.
	Issuer string

	// Optional; when empty, Domain is the audience.
	Audience string

	Time   time.Time
	Expiry time.Duration // Optional; default 5 minute.
}

SignConfig provides the configuration to sign an ID token.

type Signature 

type Signature struct {
	KeyID string
	Sig   []byte
}

Signature is the result of signing.

type Signer 

type Signer interface {
	Card

	// Sign signs a blob of data using the given identity key.
	// When key is an empty string, it might use any key to sign.
	Sign(ctx context.Context, key string, blob []byte) (*Signature, error)
}

Signer provides a read-only interface for signing stuff.

type SimpleStore 

type SimpleStore interface {
	// Check checks if some data has saved yet.
	Check() (bool, error)

	// Save saves the data.
	Save(v interface{}) error

	// Load loads the data.
	Load(v interface{}) error
}

SimpleStore is a simple store for saving / loading data. This can be used to implement a simple identity core.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.