options

package
v0.0.0-...-e9cdb6e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package options defines options for KMS clients

Package options contains functional options for the various SignerVerifiers

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type NoOpOptionImpl

type NoOpOptionImpl struct{}

NoOpOptionImpl implements the RPCOption, SignOption, VerifyOption interfaces as no-ops.

func (NoOpOptionImpl) ApplyContext

func (NoOpOptionImpl) ApplyContext(_ *context.Context)

ApplyContext is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyCryptoSignerOpts

func (NoOpOptionImpl) ApplyCryptoSignerOpts(_ *crypto.SignerOpts)

ApplyCryptoSignerOpts is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyDigest

func (NoOpOptionImpl) ApplyDigest(_ *[]byte)

ApplyDigest is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyED25519ph

func (NoOpOptionImpl) ApplyED25519ph(_ *bool)

ApplyED25519ph is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyHash

func (NoOpOptionImpl) ApplyHash(_ *crypto.Hash)

ApplyHash is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyKeyVersion

func (NoOpOptionImpl) ApplyKeyVersion(_ *string)

ApplyKeyVersion is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyKeyVersionUsed

func (NoOpOptionImpl) ApplyKeyVersionUsed(_ **string)

ApplyKeyVersionUsed is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRPCAuthOpts

func (NoOpOptionImpl) ApplyRPCAuthOpts(_ *RPCAuth)

ApplyRPCAuthOpts is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRSAPSS

func (NoOpOptionImpl) ApplyRSAPSS(_ **rsa.PSSOptions)

ApplyRSAPSS is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRand

func (NoOpOptionImpl) ApplyRand(_ *io.Reader)

ApplyRand is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRemoteVerification

func (NoOpOptionImpl) ApplyRemoteVerification(_ *bool)

ApplyRemoteVerification is a no-op required to fully implement the requisite interfaces

type RPCAuth

type RPCAuth struct {
	Address string // address is the remote server address, e.g. https://vault:8200
	Path    string // path for the RPC, in vault this is the transit path which default to "transit"
	Token   string // token used for RPC, in vault this is the VAULT_TOKEN value
	OIDC    RPCAuthOIDC
}

RPCAuth provides credentials for RPC calls, empty fields are ignored

type RPCAuthOIDC

type RPCAuthOIDC struct {
	Path  string // path defaults to "jwt" for vault
	Role  string // role is required for jwt logins
	Token string // token is a jwt with vault
}

RPCAuthOIDC is used to perform the RPC login using OIDC instead of a fixed token

type RPCAuthOpts

type RPCAuthOpts struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RPCAuthOpts includes authentication settings for RPC calls

func WithRPCAuthOpts

func WithRPCAuthOpts(opts RPCAuth) RPCAuthOpts

WithRPCAuthOpts specifies RPCAuth settings to be used with RPC logins

func (RPCAuthOpts) ApplyRPCAuthOpts

func (r RPCAuthOpts) ApplyRPCAuthOpts(opts *RPCAuth)

ApplyRPCAuthOpts sets the RPCAuth as a function option

type RequestContext

type RequestContext struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestContext implements the functional option pattern for including a context during RPC

func WithContext

func WithContext(ctx context.Context) RequestContext

WithContext specifies that the given context should be used in RPC to external services

func (RequestContext) ApplyContext

func (r RequestContext) ApplyContext(ctx *context.Context)

ApplyContext sets the specified context as the functional option

type RequestCryptoSignerOpts

type RequestCryptoSignerOpts struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestCryptoSignerOpts implements the functional option pattern for supplying crypto.SignerOpts when signing or verifying

func WithCryptoSignerOpts

func WithCryptoSignerOpts(opts crypto.SignerOpts) RequestCryptoSignerOpts

WithCryptoSignerOpts specifies that provided crypto.SignerOpts be used during signing and verification operations

func (RequestCryptoSignerOpts) ApplyCryptoSignerOpts

func (r RequestCryptoSignerOpts) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)

ApplyCryptoSignerOpts sets crypto.SignerOpts as a functional option

type RequestDigest

type RequestDigest struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestDigest implements the functional option pattern for specifying a digest value

func WithDigest

func WithDigest(digest []byte) RequestDigest

WithDigest specifies that the given digest can be used by underlying signature implementations WARNING: When verifying a digest with ECDSA, it is trivial to craft a valid signature over a random message given a public key. Do not use this unles you understand the implications and do not need to protect against malleability.

func (RequestDigest) ApplyDigest

func (r RequestDigest) ApplyDigest(digest *[]byte)

ApplyDigest sets the specified digest value as the functional option

type RequestED25519ph

type RequestED25519ph struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestED25519ph implements the functional option pattern for specifying ED25519ph (pre-hashed) should be used when loading a signer or verifier and a ED25519 key is

func WithED25519ph

func WithED25519ph() RequestED25519ph

WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used

func (RequestED25519ph) ApplyED25519ph

func (r RequestED25519ph) ApplyED25519ph(useED25519ph *bool)

ApplyED25519ph sets the ED25519ph flag as requested by the functional option

type RequestHash

type RequestHash struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestHash implements the functional option pattern for setting a Hash function when loading a signer or verifier

func WithHash

func WithHash(hash crypto.Hash) RequestHash

WithHash specifies that the given hash function should be used when loading a signer or verifier

func (RequestHash) ApplyHash

func (r RequestHash) ApplyHash(hash *crypto.Hash)

ApplyHash sets the hash as requested by the functional option

type RequestKeyVersion

type RequestKeyVersion struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestKeyVersion implements the functional option pattern for specifying the KMS key version during signing or verification

func WithKeyVersion

func WithKeyVersion(keyVersion string) RequestKeyVersion

WithKeyVersion specifies that a specific KMS key version be used during signing and verification operations; a value of 0 will use the latest version of the key (default)

func (RequestKeyVersion) ApplyKeyVersion

func (r RequestKeyVersion) ApplyKeyVersion(keyVersion *string)

ApplyKeyVersion sets the KMS's key version as a functional option

type RequestKeyVersionUsed

type RequestKeyVersionUsed struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestKeyVersionUsed implements the functional option pattern for obtaining the KMS key version used during signing

func ReturnKeyVersionUsed

func ReturnKeyVersionUsed(keyVersionUsed *string) RequestKeyVersionUsed

ReturnKeyVersionUsed specifies that the specific KMS key version that was used during signing should be stored in the pointer provided

func (RequestKeyVersionUsed) ApplyKeyVersionUsed

func (r RequestKeyVersionUsed) ApplyKeyVersionUsed(keyVersionUsed **string)

ApplyKeyVersionUsed requests to store the KMS's key version that was used as a functional option

type RequestPSSOptions

type RequestPSSOptions struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestPSSOptions implements the functional option pattern for specifying RSA PSS should be used when loading a signer or verifier and a RSA key is detected

func WithRSAPSS

func WithRSAPSS(opts *rsa.PSSOptions) RequestPSSOptions

WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used Note that the RSA PSSOptions contains an hash algorithm, which will override the hash function specified with WithHash.

func (RequestPSSOptions) ApplyRSAPSS

func (r RequestPSSOptions) ApplyRSAPSS(opts **rsa.PSSOptions)

ApplyRSAPSS sets the RSAPSS options as requested by the functional option

type RequestRand

type RequestRand struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestRand implements the functional option pattern for using a specific source of entropy

func WithRand

func WithRand(rand io.Reader) RequestRand

WithRand specifies that the given source of entropy should be used in signing operations

func (RequestRand) ApplyRand

func (r RequestRand) ApplyRand(rand *io.Reader)

ApplyRand sets the specified source of entropy as the functional option

type RequestRemoteVerification

type RequestRemoteVerification struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestRemoteVerification implements the functional option pattern for remotely verifiying signatures when possible

func WithRemoteVerification

func WithRemoteVerification(remoteVerification bool) RequestRemoteVerification

WithRemoteVerification specifies that the verification operation should be performed remotely (vs in the process of the caller)

func (RequestRemoteVerification) ApplyRemoteVerification

func (r RequestRemoteVerification) ApplyRemoteVerification(remoteVerification *bool)

ApplyRemoteVerification sets remote verification as a functional option

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL