auth

package
v1.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 10, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultApiKeySaveOnCreate specifies whether a created API key will be saved. This is useful to turn of in unit tests, where
	// we only want a temporary key.
	DefaultApiKeySaveOnCreate = true

	// DefaultApiKeyPassword is the default password to protect the API key
	DefaultApiKeyPassword = "changeme"

	// DefaultApiKeyPath is the default path for the API private key
	DefaultApiKeyPath = DefaultConfigDirectory + "/api.key"

	// DefaultConfigDirectory is the default path for the clouditor configuration, such as keys
	DefaultConfigDirectory = "~/.clouditor"
)

Variables

View Source
var ErrNotECPrivateKey = errors.New("key is not a valid EC private key")

Functions

func DecryptPEMBlock

func DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock is a drop-in replacement for x509.DecryptPEMBlock which only supports state-of-the art algorithms such as PBES2.

func EncryptPEMBlock

func EncryptPEMBlock(rand io.Reader, data, password []byte) (block *pem.Block, err error)

EncryptPEMBlock encrypts a private key contain in data into a PEM block according to PKCS#8.

func LoadSigningKeys

func LoadSigningKeys(path string, password string, saveOnCreate bool) map[int]*ecdsa.PrivateKey

LoadSigningKeys implements a singing keys func for our internal authorization server

func MarshalECPrivateKeyWithPassword

func MarshalECPrivateKeyWithPassword(key *ecdsa.PrivateKey, password []byte) (data []byte, err error)

MarshalECPrivateKeyWithPassword marshals an ECDSA private key protected with a password according to PKCS#8 into a byte array

func ParseECPrivateKeyFromPEMWithPassword

func ParseECPrivateKeyFromPEMWithPassword(data []byte, password []byte) (key *ecdsa.PrivateKey, err error)

ParseECPrivateKeyFromPEMWithPassword ready an ECDSA private key protected with a password according to PKCS#8 from a byte array.

Types

type EncryptedPrivateKeyInfo

type EncryptedPrivateKeyInfo struct {
	EncryptionAlgorithm EncryptionAlgorithmIdentifier
	EncryptedData       []byte
}

EncryptedPrivateKeyInfo contains meta-info about the encrypted private key. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.

type EncryptionAlgorithmIdentifier

type EncryptionAlgorithmIdentifier struct {
	Algorithm asn1.ObjectIdentifier
	Params    PBES2Params
}

EncryptionAlgorithmIdentifier is the identifier for the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.

type EncryptionScheme

type EncryptionScheme struct {
	EncryptionAlgorithm asn1.ObjectIdentifier
	IV                  []byte
}

EncryptionScheme is part of PBES2 and specifies the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.

type KeyDerivationFunc

type KeyDerivationFunc struct {
	Algorithm    asn1.ObjectIdentifier
	PBKDF2Params PBKDF2Params
}

KeyDerivationFunc is part of PBES2 and specify the key derivation function. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.

type PBES2Params

type PBES2Params struct {
	KeyDerivationFunc KeyDerivationFunc
	EncryptionScheme  EncryptionScheme
}

PBES2Params are parameters for PBES2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.

type PBKDF2Params

type PBKDF2Params struct {
	Salt           []byte
	IterationCount int
	PRF            asn1.ObjectIdentifier `asn1:"optional"`
}

PBKDF2Params are parameters for PBKDF2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.2.

type UserClaims

type UserClaims struct {
	jwt.RegisteredClaims
	FullName string `json:"full_name"`
	EMail    string `json:"email"`
}

UserClaims extend jwt.StandardClaims with more detailed claims about a user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL