zmssvctoken

package
v1.7.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 5, 2017 License: Apache-2.0 Imports: 21 Imported by: 14

README

zmssvctoken

Go library to generate/validate Athenz NTokens given private/public keys.

GoDoc

Mirrors the functionality of the Java token signer. It supports RSA and ECDSA keys

See the zms-svctoken utility source for example use.

License

Copyright 2016 Yahoo Inc.

Licensed under the Apache License, Version 2.0

Documentation

Overview

Package svctoken produces and validates ntokens given appropriate keys. It can only produce service tokens but can validate any principal token

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type NToken

type NToken struct {
	Version        string    // the token version e.g. S1, U1
	Domain         string    // domain for which token is valid
	Name           string    // local principal name
	KeyVersion     string    // key version as registered in Athenz
	Hostname       string    // optional hostname
	IPAddress      string    // optional I/P address
	GenerationTime time.Time // time token was generated
	ExpiryTime     time.Time // time token expires
}

NToken provides access to useful fields in an ntoken

func (*NToken) IsExpired

func (n *NToken) IsExpired() bool

IsExpired is a convenience function to check token expiry

func (*NToken) PrincipalName

func (n *NToken) PrincipalName() string

PrincipalName returns the fully qualified principal name for the token

func (*NToken) String

func (n *NToken) String() string

type Token

type Token interface {
	// Value returns the value of the current token or
	// an error if it couldn't be generated for any reason
	Value() (string, error)
}

Token is a mechanism to get an ntoken as a string. It guarantees that the returned token has not expired

type TokenBuilder

type TokenBuilder interface {
	// SetExpiration sets the duration for which the token is valid (default=1h)
	SetExpiration(t time.Duration)
	// SetHostname sets the hostname for the token (default=current hostname)
	SetHostname(h string)
	// SetIPAddress sets the I/P address for the token (default=host I/P address)
	SetIPAddress(ip string)
	// Token returns a Token instance with the fields correctly set for
	// the current token
	Token() Token
}

TokenBuilder provides a mechanism to set optional ntoken attributes and a means to get the token value with efficient auto-refresh

func NewTokenBuilder

func NewTokenBuilder(domain, name string, privateKeyPEM []byte, keyVersion string) (TokenBuilder, error)

NewTokenBuilder returns a TokenBuilder implementation for the specified domain/ name, with a private key (PEM format) and its key-version. The key-version should be the same string that was used to register the key with Athenz

type TokenValidator

type TokenValidator interface {
	// Validate returns an unexpired NToken object from its
	// string representation.
	Validate(token string) (*NToken, error)
}

TokenValidator provides a mechanism to validate tokens

func NewPubKeyTokenValidator

func NewPubKeyTokenValidator(publicKeyPEM []byte) (TokenValidator, error)

NewPubKeyTokenValidator returns NToken objects from signed token strings given a public key to verify signatures

func NewTokenValidator

func NewTokenValidator(config ...ValidationConfig) TokenValidator

NewTokenValidator returns NToken objects from signed token strings. It automatically fetches the required public key for validation from ZTS based on the token contents. You can optionally pass in a validation config object to change runtime parameters from the default values.

type ValidationConfig

type ValidationConfig struct {
	ZTSBaseUrl            string        // the ZTS base url including the /zts/v1 version path, default
	PublicKeyFetchTimeout time.Duration // timeout for fetching the public key from ZTS, default: 5s
	CacheTTL              time.Duration // TTL for cached public keys, default: 10 minutes
	// contains filtered or unexported fields
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL