Documentation ¶
Index ¶
- Constants
- Variables
- func MakeSureInit(core Core, config *CoreConfig) error
- func NewJWTSigner(signer Signer) jwt.Signer
- func NewJWTVerifier(card Card) jwt.Verifier
- func NewService(card Card) aries.Service
- func SignSelf(ctx context.Context, s Signer, user, domain string, t time.Time) (string, error)
- func SignToken(ctx context.Context, signer Signer, config *SignConfig) (string, error)
- func UserAtDomain(user, domain string) string
- func VerifySelfToken(ctx context.Context, token, user, host string, card Card, t time.Time) (*jwt.Token, error)
- type Card
- type Core
- type CoreConfig
- type GetIDRequest
- type Identity
- type KeyConfig
- type PublicKey
- type RemoteCard
- type SignConfig
- type Signature
- type Signer
- type SimpleStore
Constants ¶
const Self = "."
Self use this to indicate self signing as the issuer.
Variables ¶
var ErrAlreadyInitialized = errors.New("already initialized")
ErrAlreadyInitialized is returned if Init() is called when the KeyStore is already initialized.
Functions ¶
func MakeSureInit ¶
func MakeSureInit(core Core, config *CoreConfig) error
MakeSureInit initializes the core if it is not already initialized.
func NewJWTSigner ¶
NewJWTSigner returns a JWT signer with given signer.
func NewJWTVerifier ¶
NewJWTVerifier returns a new JWT verifier using the identity card.
func NewService ¶
NewService creates a new identity service stub
func UserAtDomain ¶
UserAtDomain returns the string of user@domain.
Types ¶
type Card ¶
type Card interface { // Identity fetches the identity of the service. Identity(ctx context.Context) (*Identity, error) }
Card provides the Identity of an entity.
type Core ¶
type Core interface { // Init initializes the identity with the given config. Init(c *CoreConfig) (*Identity, error) // AddKey adds a new identity key. AddKey(c *KeyConfig) (*PublicKey, error) // RemoveKey removes an identity key. RemoveKey(id string) error Signer }
Core is an identity core that can save the identity keys.
func NewMemCore ¶
NewMemCore creates a new simple core that saves states in memory. It is useful for temporary testing.
func NewSimpleCore ¶
func NewSimpleCore(store SimpleStore, t func() time.Time) Core
NewSimpleCore creates a new simple core using the given store. simple store only support RS256 signing.
type CoreConfig ¶
type CoreConfig struct {
Keys []*KeyConfig
}
CoreConfig is the configuration for initialiazation of the identity.
func SingleKeyCoreConfig ¶
func SingleKeyCoreConfig(expire time.Time) *CoreConfig
SingleKeyCoreConfig creates a simple CoreConfig that creates one single key that expires at expire.
type Identity ¶
type Identity struct {
PublicKeys []*PublicKey `json:",omitempty"`
}
Identity is the identity of a service or a robot.
type KeyConfig ¶
type KeyConfig struct { Type string // Optional NotValidAfter int64 NotValidBefore int64 Comment string }
KeyConfig is the configuration for a new key.
type PublicKey ¶
type PublicKey struct { ID string Type string Alg string // Signing alghorithm,must use JWT alg codes. Key string // Key content. NotValidAfter int64 NotValidBefore int64 `json:",omitempty"` Comment string `json:",omitempty"` }
PublicKey is the public key of an identity.
func FindPublicKey ¶
FindPublicKey finds the public key of the given ID. Returns nil if not found.
type RemoteCard ¶
type RemoteCard struct {
// contains filtered or unexported fields
}
RemoteCard is a remote identity.
func NewRemoteCard ¶
func NewRemoteCard(u *url.URL) *RemoteCard
NewRemoteCard creates a new remote card
type SignConfig ¶
type SignConfig struct { User string Domain string // Optional; when empty, Domain is the issuer. Issuer string // Optional; when empty, Domain is the audience. Audience string Time time.Time Expiry time.Duration // Optional; default 5 minute. }
SignConfig provides the configuration to sign an ID token.
type Signer ¶
type Signer interface { Card // Sign signs a blob of data using the given identity key. // When key is an empty string, it might use any key to sign. Sign(ctx context.Context, key string, blob []byte) (*Signature, error) }
Signer provides a read-only interface for signing stuff.
type SimpleStore ¶
type SimpleStore interface { // Check checks if some data has saved yet. Check() (bool, error) // Save saves the data. Save(v interface{}) error // Load loads the data. Load(v interface{}) error }
SimpleStore is a simple store for saving / loading data. This can be used to implement a simple identity core.